The Cyberspace Administration of China (CAC) and other departments recently published a document entitled “Several Provisions on Management of Automobile Data Security (Trial),” which will take effect on October 1, 2021, according to information released on CAC’s official WeChat account.
The new regulation aims to standardize the resolutions on automobile data security risks and ensure the rational and effective use of automobile data according to law.
According to this document, automobile data processors should follow the rules of in-car processing, default non-collection, applicable precision range, data masking and other practices, to reduce disorderly collection and illegal abuse of automobile data.
Regarding the collection of personal information, automobile data processors should inform car owners of the processing content, ask for their permission, and anonymize the data when necessary. Furthermore, owners should have the ability to conveniently terminate the collection of sensitive personal information.
The upcoming provisions also require that automobile data processors only collect fingerprints, vocal prints, facial scans, heart rates and other information if the data is necessary for driving safety.
In fact, problems related to automobile data security have occurred frequently in recent years, with Tesla, NIO and other vehicle brands involved. Insiders noted that the accelerating shift to smart automobiles is posing challenges to regulatory supervision.