China Justice Observer

中司观察

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China to Regulate Automotive Data Security

Wed, 22 Sep 2021
Categories: China Legal Trends
Contributors: CJO Staff Contributors Team
Editor: Yuan Yanchao 袁燕超
Save as PDF

In August 2021, the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Ministry of Transport jointly issued the “Provisions on the Administration of Automotive Data Security (for Trial Implementation)” (hereinafter “the Provisions”, 汽车数据安全管理若干规定(试行)). The Provisions will come into force on 1 Oct. 2021.

The Provisions is aimed at regulating automotive data processing activities, protecting the legitimate rights and interests of individuals and organizations, safeguarding national security and social public interests, and promoting the reasonable development and utilization of automotive data as well.

The Provisions clarifies the following requirements for the processing of personal information: (1) Notification obligation. The automotive data processor, when processing personal information, shall inform the individuals of the type of personal information to be processed, the scenario for collection, the methods for ceasing the information collection, and other relevant information. (2) The obligation to obtain consent. The automotive data processor shall obtain the consent of the individual or be in line with other circumstances in accordance with laws and administrative regulations. (3) Anonymity requirement. Where the personal information collected is provided to others without the individual's consent for guaranteeing driving safety, the personal information that has been collected shall be anonymized.

In view of sensitive personal information, on the basis of performing the obligations of notification and obtaining the individual's separate consent, the automotive data processor shall also meet the specific requirements to define the purpose of processing, remind the individual of the collection status, and facilitate the individual to terminate the collection. In terms of biometric information such as fingerprints, voiceprints, facial information, and heart rhythms, no automotive data processor may collect such information only if it is deemed necessary to do so to enhance driving safety.

 

 

Cover Photo by Joshua Fernandez (https://unsplash.com/@joshuafernandez) on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

China Legal Trends

Related laws on China Laws Portal

Provisions on the Administration of Automotive Data Security (for Trial Implementation)

You might also like

SPP Releases Guiding Cases on Civil Adjudication Supervision

In March 2025, China’s Supreme People’s Procuratorate (SPP) released new guiding cases to strengthen supervision over civil judgments, ensuring fairness and correcting errors in court rulings, covering disputes like private loans and traffic accidents.

First Tort Suit Under China’s Anti-Foreign Sanctions Law

In March 2025, China’s Supreme People’s Court (SPC) reported the first-ever tort suit under the Anti-Foreign Sanctions Law, enabling a Chinese firm to recover over CNY 84 million after a European partner withheld payment invoking a third country’s sanctions.

ABLI-HCCH webinar: Cross-Border Commercial Dispute Resolution – Electronic Service of Documents and Remote Taking of Evidence (July 10, 2025)

The Asian Business Law Institute (ABLI) and the Hague Conference on Private International Law (HCCH) will host their fourth joint webinar on July 10, 2024 (5:00–6:10 PM SGT), focusing on electronic service of documents and remote taking of evidence under the Service and Evidence Conventions, featuring expert speakers, with an early bird discount available until June 10.

China Tightens Corporate Personal Data Audit Rules

In February 2025, China's Cyberspace Administration issued the "Measures for the Administration of Personal Information Protection Compliance Audits", effective May 1, 2025, mandating regular audits for companies, especially those processing data of over 10 million individuals, to ensure transparency and legality in personal data handling.

SPC Releases Typical Cases on Telecom Fraud Crimes

In February 2025, China's Supreme People's Court (SPC) released eight typical telecom fraud cases, exposing new criminal methods and highlighting intensified judicial efforts after handling 31,000 such cases in 2023.

SPC Targets Cyber Extortion with Typical Cases

In February 2025, China’s Supreme People’s Court (SPC) released six typical cases showcasing its crackdown on emerging cyber extortion crimes, including spreading rumors and sextortion, to encourage victims to seek legal protection.

China Issues New Rules on Foreign-Related IP Disputes

In March 2025, China issued regulations effective May 1, 2025, to enhance dispute resolution, evidence collection, and countermeasures for foreign-related intellectual property disputes, strengthening services and enterprise capabilities.

SPC Issues China’s First Anti-Anti-Suit Injunction (AASI) in IP Case

In December 2024, China’s Supreme People’s Court (SPC) issued its first anti-anti-suit injunction in a patent dispute, Huawei v. Netgear, prohibiting Netgear from obstructing Huawei’s Chinese litigation, marking a significant step in global standard-essential patent governance.