The regulations stipulate important data should be stored domestically while data exports will require security assessment approval from Chinese regulators and should comply with requirements on purpose, scope, the method of exporting, and the type and scale of the data set in the security assessment approval. The regulations defined important data as data that takes in geographic references, personnel and traffic volumes in military control areas, national defense departments and government departments above county-level, data reflecting economic performance, the operation of auto electricity charging networks, and video and image data containing facial recognition. The collection of biometric data can only be carried out if it is necessary for reinforcing driving safety.Ĭompanies that handle important data will also be subject to additional requirements such as risk-control measures, risk-control reporting to authorities about data type, scope, how it will be used, data-processing activities, annual reporting to regulators about auto data security management and security assessment approval needed for cross-border data transfers. This will extend to limiting the purposes for collecting data and facilitating the suspension of data collection upon receiving a request from an individual. The handling of sensitive personal information will be subject to stricter requirements. While handling personal information, auto data processors should brief consumers on the type of information they are collecting, scenarios for collecting information and means of stopping the collection of information, as well as seeking individuals’ consent, the regulations said.įor occasions when data is provided to external parties for the purpose of improving driving security without obtaining personal consent, the data should be anonymized. In April this year, Tesla became embroiled in a dispute about sharing data on a brake incident following a Chinese consumer’s complaint. The regulations come in the wake of emerging auto data security issues and potential risks such as excessive collection of critical data, handling sensitive personal data without consent and the export of important data without conducting a security assessment, the regulators said.
#Autodata labels software
They spell out requirements for handling personal data, personal sensitive data, important data, data localization and data security for connected cars.īuilding on the Cybersecurity Law and the Data Security Law that are already in place in China, the interim regulations set rules for auto data processing and will apply to industry players across the board, including auto manufacturers, auto parts makers, software players, wholesalers and maintenance institutes.
The Interim Regulations on Auto Data Security Management were jointly issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the National Development and Reform Commission, the Ministry of Public Security and the Ministry of Transport.
Chinese regulators unveiled interim regulations today to step up the supervision of auto data processing that is expected to come into effect in October.