In China, with the continuous promulgation of laws and regulations related to personal information and data safety, the Chinese government has also issued the Provisions on Management of Automotive Data Security (Trial) (“Management Provisions”) on August 16th, 2021, which will take effect on October 1st, 2021.
The Management Provisions have made detailed regulations regarding the entire process of automobile data collection and use (including collection, storage, processing, transmission, outbound transfer, etc.), and put forward strict compliance requirements for operators in the automobile field in terms of personal information and important data protection.
1. What is Automobile Data?
Automobile Data includes personal information data and important data involved in the process of many different aspects, such as the design, manufacturing, sale, use, operation or maintenance of automobiles.
Personal Information refers to any type of information related to an identified or identifiable automobile owner, driver or passenger or any person outside the automobile that is electronically or otherwise recorded, excluding information that has been anonymized, which has no major differences in comparison to the corresponding provisions as set out in the Personal Information Protection Law.
At the same time, the “Management Provisions” is the first regulation which specifically mentions what kind of data is important, including:
1) Geographical information, flows of people or automobiles and other data in respect of any important sensitive area such as a military administrative zone, national defense science and technology development entity, or Party or government agency at or above the county level;
2) Traffic volume, logistics and other data that reflect the performance of the economy;
3) Operating data of the charging networks of automobiles;
4) Video or image data collected outside of an automobile including human facial information, license plate information, etc.;
5) Personal information involving more than 100,000 personal information subjects.
2. Who shall comply with the Management Provisions?
According to the Management Provisions, all the processors of automobile data shall comply with such regulation, including but not limited to automobile manufacturers, parts and software suppliers, dealers, and repair and maintenance providers, car service companies etc.
3. Basic Principles of Data Processing
The Chinese government encourages a reasonable and effective use of automobile data legally and automobile data processors shall comply with the following principles when processing automobile data:
1. The principle of in-automobile processing, unless it is necessary to provide data to a recipient outside of the automobile;
2. The principle of non-collection by default, meaning that the default setting is no collection of data unless the driver sets otherwise as decided by him/her independently;
3. The principle of appropriate accuracy and coverage, meaning that the range of coverage and resolution of any camera, radar etc. is determined based on the requirements for data accuracy by the provided functions or services; and
4. The principle of desensitization, meaning that data shall be anonymized or de-identified as best as possible.
The Data Security Law enters into force on September 1st, with the Management Provisions following suit on October 1st, and finally the Personal Information Protection Law effective from November 1st. It’s clear to see that the compliance pressure faced by companies in the automotive industry has become more and more serious in a relatively short space of time.
If companies have already created data compliance processes and personal information protection systems in the past, it is necessary to review and supplement the relevant contents again; If the aforementioned systems have not yet been established, we suggest that the relevant companies start such compliancy projects immediately.
Provisions of the New Company Law on the Dismissal and Resignation of Directors China’s new Company Law, which will come into effect on July 1, 2024, creates the following systems for the dismissal and resignation of directors: first, the shareholders’ meeting may resolve to dismiss a director, but if a director is dismissed before the
The new Company Law was amended and passed on December 29, 2023, and will come into effect on July 1, 2024. The new law shortens the deadline for subscribed capital contributions, allowing companies to adjust their registered capital according to their operational conditions. This article starts by focusing on the key provisions of the new
On March 22, 2024, the Cyberspace Administration of China officially announced the Regulations on Facilitating and Regulating Cross-border Data Flow (“Regulations”) and took effect upon the date of announcement. According to the previous regulatory requirements for data outbound transfer, there are three main methods for data outbound transfer: security assessment, standard contract, and protection certification.
#China
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.