As China's smart car industry grows rapidly, regulation is actively following it up.
The Cyberspace Administration of China announced Wednesday that it has drafted regulations on automotive data security to strengthen the protection of personal information and important data, which are available for public comment today.
According to the regulations, vehicles should not collect personal information by default, and the driver's consent authorization is only valid for the duration of a single driving session, and the authorization automatically expires after the driving is completed.
Data collectors should only collect sensitive personal information for the purpose of directly serving the driver or rider, including enhanced driving safety, assisted driving, navigation, and entertainment.
Data collectors should allow vehicle owners to easily view and query the sensitive personal information being collected. When the driver requests the operator to remove it, the operator shall do so within 2 weeks.
Personal information or important data shall be stored in China in accordance with the law, and if it is necessary to provide it outside of China, it shall pass the security assessment of the regulator.
Data collectors shall not provide personal information or important data outside of China beyond the purpose, scope, manner and type, and size of data specified in the outbound security assessment.
Data collectors that provide personal information or important data outside of the country shall receive and handle complaints from the users involved.
In response to the draft regulation, Tesla said on Weibo that it supports the development of the industry to move further towards regulation and work together to help technological innovation.
"We welcome your active input to the relevant departments to promote the healthy and orderly development of the automotive industry," the company said.
Late last month, in a draft regulation, China required that data on roads, buildings, terrain, traffic participants, and other data collected by connected vehicles from the environment outside the vehicle through cameras, radar, and other sensors, as well as data related to the vehicle's location and trajectory, shall not be sent outside the country.
Automobile companies are not allowed to conduct data processing activities that are not related to vehicle management and driving safety based on the data collected by connected vehicles and the data processed by them, according to the document titled "Information security technology - Connected vehicle - Security requirements of data", the document said.