Breaking news! The Cyberspace Administration of China, Ministry of Industry and Information Technology, and others jointly issued the “Several Provisions on the Management of Automotive Data Security (Trial Implementation)”

Recently, the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Ministry of Transport jointly issued the “Regulations on the Management of Automotive Data Security (Trial)” (hereinafter referred to as the “Regulations”), which will be implemented from October 1, 2021.

As China gradually enters the era of intelligent connected vehicles, the data processing capabilities of cars are increasingly enhanced, exposing increasingly prominent problems and risks in automotive data security. The “Regulations” aim to regulate the data security of automobiles, protect the rights and interests of individuals and organizations, maintain national security and social public interests, and promote the reasonable development and utilization of automotive data.

The following points are several specific requirements expressed in the “Regulations”:

1. Automotive data should follow data processing principles such as “in-vehicle processing,” “default non-collection,” “applicable accuracy range,” “de-identification processing,” and so on.

2. Individuals should be significantly informed when their relevant information is being collected. For handling sensitive personal information, automotive data processors should obtain individual consent separately. Collection of biometric identification features such as fingerprints, voiceprints, facial features, and heart rhythms is only permitted if it serves the purpose of enhancing driving safety and is deemed fully necessary.

3. Implement the requirements of the risk assessment report system and annual report system, and proactively submit annual reports on automotive data security management on time. If it is necessary to provide important data overseas due to business needs, automotive data processors should implement the data export security assessment system requirements, must not violate the conclusion of the export security assessment, and provide relevant information in the annual report.

4. The “Regulations” propose that relevant state departments shall carry out automotive data security management and protection work according to their respective responsibilities, including conducting data security assessments, checking and verifying data export matters, and constructing intelligent (connected) automotive network platforms.

The demand for automotive data security management is becoming increasingly specific, and perhaps like annual vehicle inspections, it will give rise to new industries and business opportunities.

🔗Source: Full Text of Regulations on Automotive Data Security Management (Trial), Q&A for Journalists

This article is a translation by ChatGPT of a Chinese report from 42HOW. If you have any questions about it, please email bd@42how.com.