National Network Information Office: Advocating automobile data processing and adhering to the principles of in-vehicle processing and anonymous processing.
Beijing, May 13 (Reporter Huang Anjin) The National Network Information Office reported on the 12th that in order to strengthen the protection of personal information and important data and standardize automobile data processing activities, according to the Cyber Security Law of the People’s Republic of China and other laws and regulations, the National Internet Information Office, together with relevant departments, drafted Several Provisions on Automobile Data Security Management (Draft for Comment) (hereinafter referred to as "Draft for Comment"), which is now open to the public for comments.
The exposure draft clarifies that the "operators" mentioned in the "Several Provisions on Automobile Data Security Management" refer to automobile design, manufacturing and service enterprises or institutions, including automobile manufacturers, parts and software providers, dealers, maintenance agencies, network car companies, insurance companies, etc.; Personal information includes personal information of car owners, drivers, passengers and pedestrians, as well as all kinds of information that can infer personal identity and describe personal behavior; The so-called important data include the traffic data of people and vehicles in important sensitive areas such as military administrative zones, national defense science and technology and other units involving state secrets, and party and government organs at or above the county level; Surveying and mapping data higher than the accuracy of the map published by the state; Operation data of automobile charging network; Data such as vehicle type and vehicle flow on the road; Including face, voice, license plate, etc. Other data that may affect national security and public interests as specified by the national network information department and relevant departments of the State Council.
The exposure draft advocates that operators should adhere to the principles of in-vehicle processing, anonymous processing, minimum storage period, application of precision range, and default not to collect personal information and important data.
The exposure draft pointed out that the operator should inform the person in charge of handling the user’s rights and interests of the effective contact information and the types of data collected, including vehicle location, biometric characteristics, driving habits, audio and video, etc., through the user manual, vehicle display panel or other appropriate means, and provide the trigger conditions for collecting each type of data and the methods to stop collecting; The purpose and purpose of collecting various types of data; The location and duration of data storage, or the rules for determining the location and duration of data storage; Information such as the method and steps to delete the personal information that has been provided to the outside of the car.
In view of the operator’s collection and provision of sensitive personal information outside the vehicle, the exposure draft pointed out that it should be in line with the purpose of directly serving drivers or passengers; By default, it is not collected, and the driver’s consent and authorization should be obtained every time. After the driving is over (the driver leaves the driver’s seat), this authorization will automatically become invalid; Inform drivers and passengers that sensitive personal information is being collected by means of in-vehicle display panel or voice; The driver can stop the collection at any time and conveniently; Allow car owners to easily view and structure the collected sensitive personal information; When the driver asks the operator to delete the request, the operator shall delete the request within 2 weeks.
At the same time, the exposure draft emphasizes that operators should obtain the consent of the person being collected when collecting personal information, except that personal consent is not required by laws and regulations. If it is difficult to realize in practice (such as collecting audio and video information outside the car through a camera) and it is really necessary to provide it, it should be anonymized or desensitized, including deleting pictures that can identify natural people or partially contouring faces in these pictures.
Attachment: Several Provisions on Safety Management of Automobile Data (Draft for Comment)
Article 1 These Provisions are formulated in accordance with the Cyber Security Law of the People’s Republic of China and other laws and regulations in order to strengthen the protection of personal information and important data, standardize automobile data processing activities, and safeguard national security and public interests.
Article 2 In the process of designing, producing, selling, operating and managing automobiles in People’s Republic of China (PRC), operators shall observe the requirements of relevant laws and regulations and these Provisions when collecting, analyzing, storing, transmitting, inquiring, utilizing, deleting and providing (hereinafter collectively referred to as processing) personal information or important data to overseas.
Article 3 The term "operator" as mentioned in these Provisions refers to automobile design, manufacturing and service enterprises or institutions, including automobile manufacturers, parts and software providers, dealers, maintenance agencies, car-sharing enterprises and insurance companies.
The personal information mentioned in these Provisions includes the personal information of car owners, drivers, passengers and pedestrians, as well as all kinds of information that can infer personal identity and describe personal behavior.
The important data mentioned in these Provisions include:
(a) the data of people and traffic flow in important sensitive areas such as military administrative zones, national defense science and technology and other units involving state secrets, and party and government organs at or above the county level;
(two) surveying and mapping data higher than the accuracy of the map published by the state;
(3) Operation data of automobile charging network;
(4) Data such as vehicle type and vehicle flow on the road;
(5) Outside audio and video data including faces, voices, license plates, etc.;
(six) other data that may affect national security and public interests as specified by the national network information department and the relevant departments of the State Council.
Article 4 The purpose of handling personal information or important data by operators shall be legal, specific and clear, which is directly related to the design, manufacture and service of automobiles.
Article 5 Operators shall implement the network security level protection system, strengthen the protection of personal information and important data, and fulfill their network security obligations according to law.
Article 6 Advocate operators to adhere to the following principles when handling personal information and important data:
(a) the principle of handling inside the car, unless it is really necessary not to provide it outside the car;
(two) the principle of anonymity, if it is really necessary to provide it to the outside of the car, it should be anonymized and desensitized as much as possible;
(3) The principle of minimum retention period, which determines the retention period of data according to the types of functional services provided;
(four) the principle of accuracy range, determine the coverage and resolution of cameras, radars, etc. according to the requirements of data accuracy provided by functional services;
(5) The principle of non-collection by default. Unless it is really necessary, the state of non-collection is defaulted every time driving, and the driver’s consent authorization is only valid for this driving.
Article 7 When handling personal information, an operator shall inform the person in charge of handling the rights and interests of users of the effective contact information and the types of data collected, including vehicle location, biometric characteristics, driving habits, audio and video, etc. through the user manual, vehicle display panel or other appropriate means, and provide the following information:
(a) the trigger conditions for collecting each type of data and the methods for stopping the collection;
(two) the purpose and purpose of collecting various types of data;
(3) the place and duration of data preservation, or the rules for determining the place and duration of data preservation;
(4) Methods and steps of deleting the personal information inside the car and requesting to delete the personal information that has been provided outside the car.
Article 8 Operators shall meet the following requirements when collecting and providing sensitive personal information outside the vehicle, including vehicle location, audio and video of drivers or passengers, and data that can be used to judge illegal driving:
(a) for the purpose of directly serving drivers or passengers, including enhancing driving safety, assisting driving, navigation and entertainment;
(2) The default is not to collect, and the driver’s consent should be obtained for authorization every time, and this authorization will automatically become invalid after driving (the driver leaves the driver’s seat);
(3) Informing drivers and passengers that sensitive personal information is being collected through in-vehicle display panel or voice;
(4) The driver can stop the collection at any time and conveniently;
(5) Allowing car owners to conveniently check and query the collected sensitive personal information in a structured way;
(6) When the driver asks the operator to delete it, the operator shall delete it within 2 weeks.
Article 9 An operator shall obtain the consent of the person being collected when collecting personal information, unless it is required by laws and regulations to obtain personal consent. If it is difficult to realize in practice (such as collecting audio and video information outside the car through a camera) and it is really necessary to provide it, it should be anonymized or desensitized, including deleting pictures that can identify natural people or partially contouring faces in these pictures.
Article 10 Biometric data such as driver’s fingerprint, voiceprint, face, heart rate, etc. can be collected only for the convenience of users and the purpose of improving the safety of vehicle electronic and information systems, and at the same time, alternative methods of biometrics should be provided.
Article 11 When handling important data, an operator shall report the data type, scale, scope, storage location and time limit, usage mode and whether to provide it to a third party to the provincial network information department and relevant departments in advance.
Article 12 Personal information or important data shall be stored in China according to law. If it is really necessary to provide it abroad, it shall pass the data exit safety assessment organized by the national network information department.
Where the treaties and agreements that China participates in or has concluded with other countries, regions and international organizations clearly stipulate the provision of personal information abroad, such provisions shall apply, except for the provisions on which China has declared reservations.
Article 13 Where an operator provides personal information or important data abroad, it shall take effective measures to clarify and supervise the recipients’ use of the data in accordance with the purpose, scope and methods agreed by both parties, so as to ensure data security.
Article 14 Where an operator provides personal information or important data overseas, it shall accept and handle the user complaints involved; If the legitimate rights and interests of users or public interests are damaged, they shall bear corresponding responsibilities according to law.
Article 15 Operators shall not provide personal information or important data abroad beyond the purpose, scope, method, data type and scale specified in the exit security assessment.
The national network information department shall, jointly with the relevant departments of the State Council, verify the types and scope of personal information or important data provided overseas by spot check, and the operators shall display them in clear text and readable form.
Article 16 Where scientific research and business partners need to inquire about and utilize personal information and important data stored in China, operators shall take effective measures to ensure data security and prevent loss; Strictly restrict the query and utilization of important data, sensitive data such as vehicle location, biological characteristics, audio and video of drivers or passengers, and data that can be used to judge illegal driving.
Article 17 Operators who handle personal information involving more than 100,000 personal information subjects or handle important data shall report the annual data security management to the provincial network information department and relevant departments before December 15th each year, including:
(a) the name and contact information of the person in charge of data security and the person in charge of handling matters related to user rights and interests;
(2) The type, scale, purpose and necessity of data processing;
(three) data security protection and management measures, including storage location, duration, etc.;
(4) Data sharing with domestic third parties;
(5) Data security incidents and their handling;
(6) The user complaints related to personal information and data and their handling;
(seven) other data security information clearly defined by the national network information department.
Article 18 In case of providing data overseas, the operator shall report the following information on the basis of Article 17 of these Provisions:
(a) the name and contact information of the recipient;
(2) Type, quantity and purpose of exit data;
(3) The location, scope and method of data storage abroad;
(four) complaints and handling of users involved in providing data overseas;
(5) Other circumstances that need to be reported when the national network information department explicitly provides data overseas.
Nineteenth national network information department in conjunction with the relevant departments of the State Council to assess the data security of operators according to the data processing situation, operators should cooperate.
Institutions and personnel participating in the safety assessment shall not disclose the business secrets and undisclosed information of operators learned in the assessment, and shall not use the information learned in the assessment for purposes other than the assessment.
Twentieth operators in violation of these provisions, the network information departments at or above the provincial level and relevant departments shall be punished in accordance with the relevant provisions of the "Network Security Law of the People’s Republic of China" and other laws and regulations. If a crime is constituted, criminal responsibility shall be investigated according to law.
Article 21 These Provisions shall come into force as of, 2021.
Reporting/feedback