By Wang Zheng, People’s Daily
China published a trial regulation on the management of vehicle data on August 21, aiming to standardize vehicle data processing in a bid to protect the lawful rights and interest of individuals and organizations, safeguard national security and public interest, and promote rational development and utilization of data collected from automobiles.
The trial regulation on vehicle data security, which is going to be put into force on October 1 this year, represents the country’s efforts to address security concerns triggered by certain features of intelligent connected vehicles (ICVs) in recent years.
While ICVs have increasingly won favor with car users, some safety issues related to such vehicles have attracted wide attention from their users and practitioners of the industry.
Some car owners are concerned that since they can open the door of their cars through facial recognition, their facial information collected by the camera might be abused, and some worry that when they talk about business plans over the phone in an ICV, information collected by the camera inside the vehicle will be leaked.
According to a report on China’s Internet development released in July this year, sales volume of ICVs in China rose 107 percent year on year to over 3.03 million last year, when the market penetration rate of such cars stood at around 15 percent.
In the first quarter of 2021, the market penetration rate of L2 semi-autonomous ICVs reached 17.8 percent, while that of L2 ICVs among new energy vehicles (NEVs) grew to 30.9 percent in the country, suggested the report.
Sales of L2 and L3 ICVs (with capabilities to achieve partial automatic driving operations in specific environment) are expected to make up about 50 percent of the total new car sales in China by 2025, according to the report.
A survey revealed that an ICV collects at least 10TB of data a day, with the data not only including information about the driver and passengers’ facial expressions, movements, sight, and voices, but the vehicle’s geographic position, interior and exterior environment, as well as its utilization of the Internet of Vehicles (IoV), said Huang Peng, vice chief engineer with China’s national industry information security and development research center, at the Intelligent Connected Vehicle Industry Development and Safety Forum of 2021 China Auto Forum.
“At present, vehicle data handling capacity is becoming stronger, and the scale of vehicle data is huge. At the same time, security issues and potential risks related to vehicle data seem more and more prominent,” said an executive from the Cyberspace Administration of China (CAC).
According to the official, relevant problems mainly include vehicle data processors’ collection of more important data than is actually needed, illegal processing of personal information, especially sensitive personal information, without user’s consent, and illegal export of important data without security assessment.
It’s imperative to strengthen vehicle data security management so as to prevent and resolve these security problems and potential risks, the executive said.
China’s newly issued trial regulation on vehicle data security has explicitly defined and determined the types of personal information, sensitive personal information, and important data.
Meanwhile, the document pointed out that vehicle data processors should give equal attention to data security and development, adhere to principles including “in-vehicle processing”, “no collection by default”, “proper precision” as well as “anonymization” in the processing of vehicle data, and reduce unordered collection, illegal use and abuse of vehicle data.
“In-vehicle processing” requires data processors to process data inside the vehicle and not provide data outside the vehicle unless necessary; “no collection by default” means that the default setting on the vehicle should involve no collection of data unless the driver specifically sets otherwise; “proper precision” requires automobile manufacturers and service providers to decide the coverage and resolution of relevant devices in vehicles, such as camera and radar, according to the requirements of vehicle functions and services for the accuracy of data; and “anonymization” requires processors of vehicle data to anonymize and de-identify personal information to the greatest extent, explained the CAC official.
The trial regulation stressed that vehicle data processors should abide by the provision that requires important data to be stored in China according to law when processing important data, and enhance protection of the security of important data.
Vehicle data processors that need to provide important data for overseas parties out of business necessity should go through relevant security assessments, and must not send important data overseas that exceeds the scope approved by security assessments, according to the regulation.