current position:Home>The Trial Provisions of five departments on standardizing automobile data processing activities shall come into force in October

The Trial Provisions of five departments on standardizing automobile data processing activities shall come into force in October

2021-08-26 14:32:57 Netease automotive industry

8 month 20 Japan , National Internet Information Office 、 National development and reform commission 、 Ministry of industry and information technology 、 The Ministry of Public Security 、 Jointly issued by the Ministry of transport 《 Several regulations on vehicle data security management ( On a trial basis )》( hereinafter referred to as 《 Regulations 》).

According to the letter of WeChat China official account , The 《 Regulations 》 since 2021 year 10 month 1 The effective date . The relevant person in charge of the state Internet Information Office said , a 《 Regulations 》 It aims to standardize automobile data processing activities , Protect the individual 、 The legitimate rights and interests of the organization , Safeguard national security and social public interests , Promote the rational development and utilization of automobile data .《 Regulations 》 emphasize , Automobile data processors carry out important data processing activities , It shall comply with the provisions on storage in China according to law , Strengthen the security protection of important data ; Implement the requirements of risk assessment report system , Actively guard against data security risks ; Implement the requirements of the annual report system , Timely and actively submit the annual vehicle data safety management . It is really necessary to provide important data overseas due to business needs , The vehicle data processor shall implement the requirements of the data exit safety assessment system , It is not allowed to provide important data abroad in violation of the exit safety assessment conclusion , And report relevant information in the annual report .

The relevant person in charge of the state Internet Information Office also pointed out , Automobile data security management needs the government 、 Car data processor 、 Individuals and other multi subjects participate together , Network information above provincial level 、 Development and reform 、 Industry and information 、 Public Security 、 Transportation and other relevant departments in the process of vehicle data security management , Coordination and data sharing will be strengthened , Forming working force .

The following is a 《 Regulations 》 The full text

Several regulations on vehicle data security management ( On a trial basis )

Article 1 with a   In order to standardize automobile data processing activities , Protect the individual 、 The legitimate rights and interests of the organization , Safeguard national security and social public interests , Promote the rational development and utilization of automobile data , according to 《 The Chinese Network security law of the people's Republic of China 》、《 Data security law of the people's Republic of China 》 Etc 、 Administrative regulations , Make this regulation .

Second   Carry out automobile data processing activities and safety supervision within the territory of the people's Republic of China , Relevant laws should be observed 、 Requirements of administrative regulations and these provisions .

Article 3 the   The vehicle data referred to in these provisions , Including car design 、 production 、 sales 、 Use 、 Personal information data and important data involved in operation and maintenance .

Car data processing , Including the collection of automobile data 、 Storage 、 Use 、 machining 、 transmission 、 Provide 、 Open, etc .

Car data processor , It refers to the organization that carries out automobile data processing activities , Including car manufacturers 、 Parts and software suppliers 、 Distributor 、 Maintenance organizations and travel service enterprises .

Personal information , It refers to the identified or identifiable vehicle owner recorded electronically or otherwise 、 driver 、 Passengers 、 All kinds of information about people outside the vehicle , Do not include anonymous information .

Sensitive personal information , It means that once leaked or illegally used , May cause the owner to 、 driver 、 Passengers 、 People outside the vehicle are discriminated against or personal 、 Personal information whose property security is seriously endangered , Including vehicle tracks 、 Audio 、 video 、 Image and biometric information .

Important data means that once tampered with 、 damage 、 Divulge or illegally acquire 、 Illegal use of , May endanger national security 、 Public interest or personal 、 Data on the legitimate rights and interests of the organization , Include :

( One ) Military management zone 、 Geographic information of important sensitive areas such as national defense science and industry units and party and government organs above the county level 、 Personnel flow 、 Vehicle flow and other data ;

( Two ) Traffic flow 、 Logistics and other data reflecting economic operation ;

( 3、 ... and ) The operation data of car charging network ;

( Four ) Contains face information 、 License plate information, etc 、 Image data ;

( 5、 ... and ) Subjects involving personal information exceed 10 Personal information of ten thousand people ;

( 6、 ... and ) The development and reform of the national network information department and the State Council 、 Industry and information 、 Public Security 、 Other possible hazards to national security determined by transportation and other relevant departments 、 Public interest or personal 、 Data on the legitimate rights and interests of the organization .

Article 4.   The automobile data processor shall process the automobile data legally 、 proper 、 Specifically 、 clear , And car design 、 production 、 sales 、 Use 、 Directly related to operation and maintenance .

Article 5.   Use the Internet and other information networks to carry out automobile data processing activities , Systems such as network security level protection should be implemented , Strengthen automobile data protection , Perform data security obligations according to law .

Article 6.   The State encourages the rational and effective use of automobile data according to law , Advocate that automobile data processors adhere to the principle of :

( One ) In car handling principles , Do not provide... Outside the vehicle unless it is necessary ;

( Two ) Default not to collect principle , Unless set by the driver , The default setting is no collection state every time you drive ;

( 3、 ... and ) Accuracy range and application principle , Determine the camera according to the data accuracy requirements of the provided functional services 、 Coverage of radar, etc 、 The resolution of the ;

( Four ) Desensitization treatment principle , Anonymize as much as possible 、 De identification and other processing .

Article 7.   The automotive data processor shall process personal information through the user manual 、 On board display panel 、 voice 、 Significant ways of using relevant applications for cars , Inform individuals of the following :

( One ) Types of personal information processing , Including vehicle tracks 、 Driving habits 、 Audio 、 video 、 Image and biometric features ;

( Two ) The specific situation of collecting all kinds of personal information and the ways and means to stop collecting ;

( 3、 ... and ) The purpose of processing all kinds of personal information 、 purpose 、 The way ;

( Four ) Where personal information is kept 、 Shelf life , Or determine the storage location 、 Rules for shelf life ;

( 5、 ... and ) Look up 、 Copy their personal information and delete the inside of the car 、 Ways and means to request deletion of personal information already provided outside the vehicle ;

( 6、 ... and ) Name and contact information of the contact person for user rights and interests affairs ;

( 7、 ... and ) law 、 Other matters to be notified as prescribed by administrative regulations .

Article 8.   An automobile data processor shall obtain personal consent or comply with the law when processing personal information 、 Other circumstances stipulated by administrative regulations .

In order to ensure driving safety , Unable to obtain personal consent to collect personal information outside the vehicle and provide it outside the vehicle , Anonymization should be done , Including deleting pictures that can identify natural persons , Or local contour processing of face information in the picture .

Article 9.   Car data processors process sensitive personal information , It shall meet the following requirements or comply with the law 、 Other requirements such as administrative regulations and mandatory national standards :

( One ) With the purpose of directly serving the individual , Including enhancing driving safety 、 Intelligent driving 、 Navigation etc. ;

( Two ) Through the user manual 、 On board display panel 、 Voice and car use related applications are significant ways to inform the necessity and impact on individuals ;

( 3、 ... and ) Individual consent should be obtained , Individuals can set their own consent period ;

( Four ) On the premise of ensuring driving safety , Prompt the collection status in an appropriate way , Facilitate personal termination of collection ;

( 5、 ... and ) Personal request to delete , The vehicle data processor shall delete... Within ten working days . Vehicle data processor has the purpose and sufficient necessity to enhance driving safety , To collect fingerprints 、 A voiceprint 、 Face 、 Biometric information such as heart rhythm .

Article 10.   Automobile data processors carry out important data processing activities , Risk assessment shall be carried out as required , And to the province 、 Autonomous region 、 The Network Information Department of the municipality directly under the central government and relevant departments shall submit the risk assessment report .

The risk assessment report should include the types of important data to be processed 、 Number 、 Range 、 Place and duration of storage 、 Usage mode , Data processing activities carried out and whether they are provided to third parties , Data security risks and countermeasures .

Article 11   Important data shall be stored in China according to law , It is really necessary to provide overseas due to business needs , It shall pass the security assessment organized by the national network information department in conjunction with the relevant departments of the State Council . Exit safety management of personal information data not included in important data , Applicable law 、 Relevant provisions of administrative regulations .

International treaties concluded or acceded to by China 、 The agreement has different provisions , Application of the international treaty 、 agreement , Except for the clauses on which China has declared reservations .

Twelfth article   Automobile data processor provides important data to overseas , It shall not exceed the clear purpose of exit safety assessment 、 Range 、 Methods and types of data 、 Scale, etc .

The state network information department shall, in conjunction with the relevant departments under the State Council, verify the matters specified in the preceding paragraph by means of random inspection , The vehicle data processor shall cooperate , And display it in readable and other convenient ways .

Article 13   Automobile data processors carry out important data processing activities , It shall report to the provincial government before December 15 of each year 、 Autonomous region 、 The Network Information Department of the municipality directly under the central government and relevant departments shall submit the automobile data safety management in the following years :

( One ) Person in charge of vehicle data safety management 、 Name and contact information of the contact person for user rights and interests affairs ;

( Two ) Types of car data processing 、 scale 、 Purpose and necessity ;

( 3、 ... and ) Safety protection and management measures for automobile data , Including storage location 、 Duration, etc ;

( Four ) Provide vehicle data to domestic third parties ;

( 5、 ... and ) Vehicle data security incidents and disposal ;

( 6、 ... and ) Customer complaints and handling related to vehicle data ;

( 7、 ... and ) The state Internet and information technology department shall work with the State Council on industry and information technology 、 Public Security 、 Other vehicle data safety management specified by transportation and other relevant departments .

Article 14   The automobile data processor that provides important data abroad shall, on the basis of the requirements of Article 13 of these provisions , Supplementary report the following :

( One ) Basic information of the receiver ;

( Two ) Types of outbound vehicle data 、 scale 、 Purpose and necessity ;

( 3、 ... and ) Where the vehicle data is stored overseas 、 Time limit 、 Scope and manner ;

( Four ) Complaints and handling of users involved in providing vehicle data overseas ;

( 5、 ... and ) The state Internet and information technology department shall work with the State Council on industry and information technology 、 Public Security 、 Other situations that need to be reported when transportation and other relevant departments clearly provide vehicle data to overseas .

Article 15   The development and reform of the national network information department and the State Council 、 Industry and information 、 Public Security 、 Transportation and other relevant departments according to their responsibilities , Carry out data security assessment on vehicle data processor according to data processing , The vehicle data processor shall cooperate .

The institutions and personnel participating in the safety assessment shall not disclose the trade secrets of the vehicle data processor learned in the assessment 、 Unpublished information , The information obtained from the evaluation shall not be used for purposes other than the evaluation .

Article 16   The state has strengthened its intelligence ( Internet connection ) Automobile network platform construction , Develop intelligent ( Internet connection ) Automobile network operation and safety guarantee services, etc , Cooperate with automotive data processors to enhance intelligence ( Internet connection ) Automobile network and automobile data security protection .

Article 17.   Automobile data processor carries out automobile data processing activities , A complaint reporting channel should be established , Set up a convenient complaint reporting entrance , Handle user complaints and reports in time .

The legitimate rights and interests of users or public interests are damaged by carrying out automobile data processing activities , The automobile data processor shall bear corresponding responsibilities according to law .

Article 18   The vehicle data processor violates this regulation , By the network letter at or above the provincial level 、 Industry and information 、 Public Security 、 Transportation and other relevant departments shall act in accordance with 《 Network security law of the people's Republic of China 》、《 Data security law of the people's Republic of China 》 Etc 、 To be punished in accordance with the provisions of administrative regulations ; Criminal , Investigate criminal responsibility according to law .

Article 19   This regulation comes from 2021 year 10 month 1 The effective date .

copyright notice
author[Netease automotive industry],Please bring the original link to reprint, thank you.
https://caren.inotgo.com/2021/08/20210826143249988T.html

Random recommended