Opinion | In accordance with laws and regulations, build a strong defense line for automobile data security processing
In recent years, the smart car industry has developed rapidly. According to the “China Internet Development Report (2021)” released in July 2021, the sales volume of intelligent connected vehicles in my country in 2020 will be 3.032 million, a year-on-year increase of 107%. With the accelerated integration of new-generation information technology and the automotive industry, smart cars, as new mobile terminals, have become hot topics in the industry for network connection, data collection and processing. In addition, there are frequent security and privacy incidents in the field of consumption, so it has attracted much attention from the society.
On October 8, the National Information Security Standardization Technical Committee issued the “Automotive Collection Data Processing Safety Guidelines” (TC260-001) (hereinafter referred to as the “Guidelines”) to further improve the safety of vehicle collection data transmission, storage and export processing activities. out the specification. In August 2021, five departments including the Cyberspace Administration of China jointly issued the Several Provisions on the Management of Automobile Data Security (for Trial Implementation) (hereinafter referred to as the “Regulations”) to regulate automobile data processing activities, protect the legitimate rights and interests of individuals and organizations, and safeguard national security. and social and public interests, and promote the rational development and utilization of automobile data.
How do the “Guidelines for the Security of Automobile Data Processing” and “Several Provisions on the Security Management of Automobile Data (for Trial Implementation)” build a strong line of defense for automobile data network security? What are the precautions for collaborative processing of automotive data? With these questions in mind, a reporter from China Industry Network conducted an exclusive interview with Yang Jianjun, secretary-general of the National Xinan Standardization Committee, secretary of the Party Committee and vice president of the China Electronics Technology Standardization Institute.
Guidance + practice, escort car data security
For non-professionals, it is difficult to distinguish the two documents, “Guidelines for the Safety of Automobile Data Processing” and “Several Regulations on Automobile Data Security Management (Trial)”. What regulations do they make for the secure processing of car data? How are the two documents related?
In response to a question from a reporter from China Industrial Network, Yang Jianjun said that the “Several Regulations on Automotive Data Security Management (Trial)” put forward requirements and advocacy for automotive data processors, but in terms of specific application and practice, it still needs relevant technical and guidance. Sexual documents as supplementary support. The “Automotive Data Processing Safety Guidelines” is a practical guide specially compiled for automakers to support the implementation of the “Regulations”. The full text of the “Guide” has eight chapters, of which Chapters 5 to 8 provide recommended data processing rules for data transmission, storage, exit and other aspects.
Yang Jianjun introduced to reporters that the “Guide” focuses on the data collected by the car, including data such as video and images outside the car collected by the car due to the assisted driving function, data such as video and audio inside the car captured by the driving recorder, and the position track of the car itself. data, etc., provides guidance on how to handle this data securely.
Automobile data processing should strictly abide by the “bottom line” of laws and regulations
According to the “Regulations”, car manufacturers, parts and software suppliers, dealers, maintenance agencies and travel service companies are all car data processors. So, how should enterprises in different fields of identity conduct collaborative processing of automotive data under the premise of ensuring security?
Yang Jianjun believes that organizations that carry out automobile data processing activities, including automobile manufacturers, parts and software suppliers, dealers, maintenance agencies, and travel service companies, should strictly abide by laws and regulations, whether they are processed individually or collaboratively. Require. For example, car manufacturers have introduced software suppliers to co-process video and audio in order to implement car functions. In this case, the service providers can agree on their respective rights and obligations if they meet the situation of joint processing in the Personal Information Protection Law, but this agreement does not affect the individual’s request to any of the personal information processors to abide by the laws and regulations. requirements, and fulfill the obligations and responsibilities of personal information protection.
The Links: MG15J6ES1 2MBI200KB-060
