China “Measures on Car-data Security Management”  Calling Comments

The draft of Measures on Car-data Security Management (hereinafter referred to as “the Regulation”), initiated by Cyberspace Administration of China, has been released to solicit public comments on May 12^th of 2021. The comments solicitation is due on June 11^th.

Bestao experts made the following Review and Analyses of this Regulation.

I.         Background

1.        The fast development of electric car industry, along with the rapid sales growth on electric cars, generates a massive data related to users and car development.

2.        More and more companies are drawn to invest/participate in this industry, which makes intelligent technologies become one of the core elements for keeping competitiveness.

3.        With the fact that many new players into this industry are internet-based, it might be a game changer for the data management which could cause more potential issues for the electric car sector.

4.        News regarding user data abuse has been frequently disclosed along with the user data boom. It raises public concerns on privacy leaking therefore more and more customer s start to worry about how the data is collected and used.

5.        China has launched a series of laws and regulations on data and personal info security on cyberspace, but no official publications regulates the field of smart car data management at present.

6.        Recent smart car safety incidents lead to an increasing public anxiety on the topic and people calls for official supervision.

7.        Legal conflicts on smart car security between manufacturers and customers has taken on a rising trend.

8.        Car manufactures collect detailed status and data on road network in high accuracy with vehicle-installed cameras and sensors. The accuracy of road network collected by the app/vehicles might trigger national security alarm, but China’s legislation remains unclear in this field.

9.        The growing need of overseas transmission of Chinese user data has caught the attention of relevant authorities as such actions become more and more regular and related to national security concerns.

II.      Current Status

The draft of Measures on Car-data Security Management (hereinafter referred to as “the Regulation”), initiated by Cyberspace Administration of China, has been released to solicit public opinion on May 12^th of 2021. The comments solicitation is due on June 11^th.

It is widely believed that the regulation is in response to the rising concerns on the security and possible privacy violation of car data. The Measurement is expected to be enacted within the year of 2021.

III.   Key Elements of the Regulation

1.        Categorize elements and players that involve in car-data as: business operators, personal information and critical data, with clear definition and scope.

2.        Define the informing responsibility to authority or customers for business operators (including carmakers, parts and software suppliers, dealers, maintenance and online car-hailing service providers etc.)

3.        Ensure the ‘right to know’ for vehicle users, and entitle them with right to decide the activation and termination on relevant data or information.

4.        Stipulate the using permission of personal information and critical data defined in the Regulation.

5.        Specify that all defined personal information and critical data shall be stored within China.

6.        Require the business operators on a security evaluation for overseas transmission of personal information and critical data.

IV.   Possible Impact

1.        Established comprehensive supervision system on car data security that covers all participants in this sector.

2.        Carmakers shall face multiple challenges on product management: operation, storage, management on car data and collection etc.

3.        Manufacturers shall face a stricter regulation on data storage location that requires a final decision: choose to build up local data infrastructure with more investment, or stick to overseas transmission under slower process due to the safety evaluation provision.

4.        Possible dilemma for car makers and users: full implementation of functions/technology, or protect user privacy.

5.        The Regulation is very likely to be a start for China’s stringent protection measurement for user privacy/data in cyberspace. Car data management might stand on the verge of a joint law enforcement from more authorities such as Cyberspace Administration of China, Ministry of Industry and Information Technology and Ministry of Natural Resources.

If you need the Englsih version of this Regualtion or need further information, please contact 

assistant@bestao-consulting.com