State Internet Information Office and four other departments: Personified interactive service providers are not allowed to provide user interaction data to third parties.

The State Internet Information Office and four other departments jointly announced the "Interim Measures for the Management of Artificial Intelligence Personalized Interactive Services". The "Measures" focus on the following regulations for personalized interactive services: 1. Clearly defining the security subject responsibility. 2. Strengthening the security management of the entire lifecycle of personalized interactive services. It requires that the security requirements of the deployment, operation, upgrade, termination of services, and other stages of personalized interactive services be clearly defined, ensuring that security measures are deployed and used synchronously with service functions to enhance security levels; strengthening security monitoring and risk assessment, promptly identifying and correcting system deviations, dealing with security incidents, etc. 3. Ensuring data security. Clearly strengthen training data management, enhance data transparency, reliability, diversity, and security; requiring the implementation of data ownership and other systems in accordance with law, adopting measures such as data encryption, access control to protect the security of user interaction data; clearly stipulating that unless otherwise provided by law or with the explicit consent of the rights holder, providers of personalized interactive services may not provide user interaction data to third parties. 4. Protecting user rights. Specifying the obligations of providers of personalized interactive services to protect users' personal information and privacy, requiring options such as copying, deleting interaction data to be provided to users, providing convenient exit pathways for personalized interactive services; specifying that if the service of personalized interactive services is to be stopped, users should be notified in advance or announcing the cessation of service in a timely manner, and establishing a sound mechanism for user appeals, public complaints, and reporting.