China issued trial guidelines on automobile data protection on Aug 20 in a move to protect drivers' privacy and safeguard national security as vehicles are becoming increasingly digitalized in the world's largest auto market.
The Ministry of Industry and Information Technology said around 15 percent of vehicles sold in the country last year had some form of autonomous functions. That means over 3 million vehicles with cameras or radar hit Chinese roads in 2020.
"The guidelines focus on security and development equally", a senior official at the Cyberspace Administration of China, one of the guidelines' drafters, said on Aug 20.
"(The aim is) to cut disorderly collection and illegal use, but encourage its efficient use to facilitate the sector's healthy development," said the official.
One highlight of the guidelines that will go into effect from Oct 1 is that carmakers and other data processors shall not collect data on trips unless they have the drivers' and passengers' consent.
Also, data collected within vehicles should be desensitized and should not be used outside vehicles unless necessary. Sensitive private data should be deleted within 10 days of drivers' and passengers' requests.
Vital data must be stored within China if it involves such things as China's military, government, traffic, and logistics information as well as electric vehicles' charging networks, said the guidelines.
Such vital data must not be exported before it passes safety appraisals by the Cyberspace Administration of China and relevant departments of the State Council, said the guidelines.
Carmakers, auto suppliers, and other data processors are also required to submit annual reports about their data-related operations, according to the guidelines.
Analysts said the supervision of data use, transmission, and storage is a challenge for regulators worldwide.
The General Data Protection Regulation, a law on privacy and data protection in the European Union and the European Economic Area, forbids data transfer outside of the region unless appropriate safeguards are imposed.
The data protection package adopted in May 2016 aims at making Europe fit for the digital age, said the European Commission on its website.
The GDPR shares many similarities with the Consumer Privacy Act in California, which went into effect in June 2018.
Chinese electric car startup Nio's founder and CEO William Li said the company's vehicles will have their data stored locally when they are available in Norway from September and in other European countries later.
United States electric carmaker Tesla said data about its vehicles sold in China as well as their local production, sales, after-service, and charging information are stored locally in the country.
"Vehicle data security is crucial. We are convinced that their uniform and standard regulation benefits the sector's long-term development. We at Tesla will observe the regulation and ensure data and personal information security," said Tesla in a statement on Aug 20.
Fu Yuwu, honorary chairman of the China Society of Automotive Engineers, said: "New things evolve. Smart and connected vehicles are undoubtedly the trend, but we need to be prudent in terms of safety supervision and technical routes."
The regulatory moves will help assure consumers and make them more willing to choose smart vehicles, said Cui Dongshu, secretary-general of the China Passenger Car Association.