China announces rules on security management of auto data
Published: Aug 20, 2021 05:08 PM
Photo taken on Oct. 26, 2020 shows the Tesla China-made Model 3 vehicles at its gigafactory in Shanghai, east China. Photo: Xinhua

Photo taken on Oct. 26, 2020 shows the Tesla China-made Model 3 vehicles at its gigafactory in Shanghai, east China. Photo: Xinhua

China on Friday strengthened regulation on the security management of auto data including personal data protection and data storage, a move that is in line with the country's push for data security, especially key data that is highly related with national security.

With the accelerating integration of a new generation of information technology and the automotive industry, the rapid development of the smart car industry and artificial intelligence technology represented by assisted driving functions, the data processing capabilities of cars are growing rapidly, thus exposing increasingly prominent data security issues and hidden risks, said the Cyberspace Administration of China (CAC).

The rules are set to be implemented from October 1, 2021.

Auto data processors should fulfill their personal information protection responsibilities and fully protect the safety and legal rights of personal information, and should not handle personal information, especially sensitive information, without the user's consent, per the rules.

A recent fatal crash involving Nio's autopilot function sparked a war of words about the safety of assisted driving systems.

The Chinese electric vehicle maker said on Monday that it did not delete or modify any data, and no employee had been subpoenaed by the police after a Beijing-based law firm alleged that Nio's technical personnel had private access to the operation of the vehicle involved in the crash without the consent of the traffic police and that the employee had been summoned.

The new rules also stressed car data processors that carry out important data processing activities shall abide by the regulations on data storage in the country and implement a report system by submitting their data security management situation annually. 

For businesses that need to provide important data beyond the Chinese border, they should implement the requirements of the data outbound safety evaluation system, and shall not send important data overseas if it violates the evaluation's conclusions.

In May, US electric carmaker Tesla said that it will gradually increase local data centers in China, while reiterating that all data collected in the Chinese mainland will be stored locally, as authorities move to tighten regulations to protect data security amid growing concerns.

Separately, the Ministry of Industry and Information Technology issued new regulations early this month, requiring more efforts to strengthen the safety management of products combined with driving assistance functions and automated driving functions to ensure the safe operation of smart vehicles.