In August 2021, the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Ministry of Transport jointly issued the “Provisions on the Administration of Automotive Data Security (for Trial Implementation)” (hereinafter “the Provisions”, 汽车数据安全管理若干规定(试行)). The Provisions will come into force on 1 Oct. 2021.
The Provisions is aimed at regulating automotive data processing activities, protecting the legitimate rights and interests of individuals and organizations, safeguarding national security and social public interests, and promoting the reasonable development and utilization of automotive data as well.
The Provisions clarifies the following requirements for the processing of personal information: (1) Notification obligation. The automotive data processor, when processing personal information, shall inform the individuals of the type of personal information to be processed, the scenario for collection, the methods for ceasing the information collection, and other relevant information. (2) The obligation to obtain consent. The automotive data processor shall obtain the consent of the individual or be in line with other circumstances in accordance with laws and administrative regulations. (3) Anonymity requirement. Where the personal information collected is provided to others without the individual's consent for guaranteeing driving safety, the personal information that has been collected shall be anonymized.
In view of sensitive personal information, on the basis of performing the obligations of notification and obtaining the individual's separate consent, the automotive data processor shall also meet the specific requirements to define the purpose of processing, remind the individual of the collection status, and facilitate the individual to terminate the collection. In terms of biometric information such as fingerprints, voiceprints, facial information, and heart rhythms, no automotive data processor may collect such information only if it is deemed necessary to do so to enhance driving safety.
Cover Photo by Joshua Fernandez (https://unsplash.com/@joshuafernandez) on Unsplash
Contributors: CJO Staff Contributors Team
