China’s New Rules on Data Security for Automobiles
#China
In China, with the continuous promulgation of laws and regulations related to personal information and data safety, the Chinese government has also issued the Provisions on Management of Automotive Data Security (Trial) (“Management Provisions”) on August 16th, 2021, which will take effect on October 1st, 2021.
The Management Provisions have made detailed regulations regarding the entire process of automobile data collection and use (including collection, storage, processing, transmission, outbound transfer, etc.), and put forward strict compliance requirements for operators in the automobile field in terms of personal information and important data protection
What is Automobile Data?
Automobile Data includes personal information data and important data involved in the process of many different aspects, such as the design, manufacturing, sale, use, operation or maintenance of automobiles.
Personal Information refers to any type of information related to an identified or identifiable automobile owner, driver or passenger or any person outside the automobile that is electronically or otherwise recorded, excluding information that has been anonymized, which has no major differences in comparison to the corresponding provisions as set out in the Personal Information Protection Law.
At the same time, the “Management Provisions” is the first regulation which specifically mentions what kind of data is important, including:
1) Geographical information, flows of people or automobiles and other data in respect of any important sensitive area such as a military administrative zone, national defense science and technology development entity, or Party or government agency at or above the county level;
2) Traffic volume, logistics and other data that reflect the performance of the economy;
3) Operating data of the charging networks of automobiles;
4) Video or image data collected outside of an automobile including human facial information, license plate information, etc.;
5) Personal information involving more than 100,000 personal information subjects;
Who Shall Comply with the Management Provisions?
According to the Management Provisions, all the processors of automobile data shall comply with such regulation, including but not limited to automobile manufacturers, parts and software suppliers, dealers, and repair and maintenance providers, car service companies etc.
Basic Principles of Data Processing
The Chinese government encourages a reasonable and effective use of automobile data legally and automobile data processors shall comply with the following principles when processing automobile data:
1) The principle of in-automobile processing, unless it is necessary to provide data to a recipient outside of the automobile;
2) The principle of non-collection by default, meaning that the default setting is no collection of data unless the driver sets otherwise as decided by him/her independently;
3) The principle of appropriate accuracy and coverage, meaning that the range of coverage and resolution of any camera, radar etc. is determined based on the requirements for data accuracy by the provided functions or services; and;
4) The principle of desensitization, meaning that data shall be anonymized or de-identified as best as possible;
Conclusion
The Data Security Law enters into force on September 1st, with the Management Provisions following suit on October 1st, and finally the Personal Information Protection Law effective from November 1st. It’s clear to see that the compliance pressure faced by companies in the automotive industry has become more and more serious in a relatively short space of time.
If companies have already created data compliance processes and personal information protection systems in the past, it is necessary to review and supplement the relevant contents again; If the aforementioned systems have not yet been established, we suggest that the relevant companies start such compliancy projects immediately.
We at D’Andrea & Partners Legal Counsel constantly monitor the latest developments in the Chinese market. Please feel free to contact us at info@dandreapartners.com for more information.
I. Introduction: Regulatory Convergence and Divergent Enforcement in Personal Data Protection In recent years, the EU General Data Protection Regulation (GDPR) has exerted a profound influence on the development of personal data protection legislation worldwide, gradually emerging as a key reference point for regulatory design across multiple jurisdictions. Building on this framework, the European Union
On October 28, 2025, the 18th Session of the Standing Committee of the 14th National People’s Congress approved the Decision of the Standing Committee of the National People’s Congress on Amending the Cybersecurity Law of the People’s Republic of China. This amendment includes 14 provisions and aims to clarify cybersecurity’s role within the broader context
With the progressive digitalization of economic activities, companies increasingly operate on an international level, managing personal data flows across multiple jurisdictions.In this article, we focus specifically on data transfers between the European union (EU) and the People’s Republic of China (PRC) – two legal systems, governed respectively by the General Data Protection Regulation (GDPR) and
#China
#Italy
##Data #AI #Luxury #F&B
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
