With the rapid growth of smart connected vehicles in China, data security is increasingly being taken seriously.
In a draft regulation released Thursday, China requires that data collected by connected vehicles from the environment outside the vehicle, such as roads, buildings, terrain and traffic participants, as well as data related to the vehicle's location and trajectory, through sensors including cameras and radar, must not be sent outside the country.
Car companies are not allowed to carry out data processing activities that are not related to vehicle management and driving safety based on the data collected by connected vehicles and the data processed by them, the document titled "Information security technology - Connected vehicle - Security requirements of data" said.
Without the individual consent, connected vehicle shall not transmit data containing personal information to the outside of the vehicle through the network, physical interface, the document said, adding that video and image data that will be converted to less than 1.2 megapixels in resolution and have erased personally identifiable information such as faces and license plates are excluded.
Connected vehicle shall not transmit the audio, video, image and other data collected in the cabin of the car and the data obtained by its processing through the network, physical interface to the outside of the car, the document said.
The vehicle location, track-related data in the vehicle storage device, telematics service platform (TSP) shall not be stored for more than seven days.
If the data is transmitted across the border by encryption, when the regulator carries out random verification, it should provide information on the format and encryption method of the transmitted data, and provide the relevant data content in explicit text as required.
The draft rule was drafted on April 28, and the public consultation began on Thursday, and any comments need to be fed back by 24:00 on May 15, 2021.