On April 28th, the China Association of Automobile Manufacturers (CAAM) released a test report. This institution focuses on automotive data security and conducts inspections from four aspects: anonymous processing of facial information outside the vehicle, and default collection of cabin data.
Among them, 76 models under six new energy vehicle companies, including BYD, Ideal, NIO, and Hezhong (Nezha), have passed compliance requirements. It is worth mentioning that Tesla, which has been criticized multiple times for data security, also appears on the compliance list.
Four requirements are involved
It is understood that according to relevant regulations and in accordance with the principle of voluntary inspection by enterprises, institutions such as the China Association of Automobile Manufacturers will organize data security compliance checks on newly launched intelligent connected vehicles of automobile manufacturers from November 2022 to 2023.
From the perspective of testing standards, it mainly includes four dimensions. Firstly, anonymous processing requirements for facial information outside the vehicle; Secondly, by default, cockpit data is not collected; Thirdly, cabin data in vehicle processing; Fourthly, significant disclosure of personal information processing.
Firstly, in terms of testing regulations, it is required that external data should not be provided to the outside of the vehicle until anonymization processing is completed; At the same time, the anonymization detection rate of facial targets and car license plate targets in videos and images anonymized on the vehicle end should be greater than or equal to 90%.
In the second aspect, firstly, unless the driver sets it independently, the car should be set to a state where cabin data is not collected by default; In addition, a convenient way to terminate the collection of cabin data should be provided; At the same time, each sensitive personal information should obtain separate consent from the personal information subject; The consent period for handling sensitive personal information should not be set to "always allowed" or "permanent".
In the third aspect, except for the implementation of voice recognition, remote viewing of the situation inside the vehicle, cloud storage functions, and the transmission of data to regulatory or law enforcement agencies in accordance with relevant regulations, cars should not provide cabin data outside the vehicle.
In the fourth aspect, car data processors should inform individuals through significant means such as user manuals, onboard display panels, voice, and car usage related applications, including the types of personal information being processed, the specific context in which information is collected, the method of stopping collection, and the purpose of processing various types of personal information.
Six car companies have passed the test
From the results, it can be seen that the 76 models of six companies, including BYD, Ideal, Hezhong New Energy (Nezha Automobile), and NIO, meet the four compliance requirements for automotive data security.
Among them, BYD's Han and Tang's DM-i, DM-p, and EV versions are listed, while the Ideal L series is also included in the compliance list, and NIO's entire range of models are also listed. In addition, Lotus models have also been rated as compliant.
It is worth noting that Tesla's Model 3 and Model Y also appear on this list. Previously, Tesla frequently exposed issues related to data security. In China, Tesla models have also been banned in many places.
Compared to traditional fuel vehicles, current new energy vehicles can collect large-scale and wide-ranging vehicle data through multiple sensors such as cameras, millimeter wave radar, LiDAR, as well as in car DMS driver monitoring systems and intelligent cockpit apps.
Therefore, the issue of "data security" has also spread to the automotive industry. For new energy vehicle companies, if customer data, driving data, or data related to their own operations are leaked, it will not only directly lead to economic income loss, productivity decline, customer trust crisis, but also may face legal risks.
For example, NIO's vehicle data was stolen and extorted $2.25 million. NIO subsequently stated in a statement that the stolen data consisted of some user basic information and vehicle sales information prior to August 2021.
For Tesla, data security has always been a controversial area. Last year, Tesla also reported that up to 100G of information data had been leaked. Among them, there is not only a large amount of personal information of current and former employees, but also the social security number of CEO Musk, as well as personal information such as customer bank information, as well as 2400 customer complaints about Tesla's sudden acceleration problem.
In order to dispel domestic doubts, Tesla has previously publicly stated that it has established a data center in China to localize data storage, and will gradually add more local data centers to ensure that all data generated by selling vehicles in the Chinese Mainland market will be stored in China.
As early as August 2021, the five departments jointly issued the "Several Regulations on Automotive Data Security Management". The Regulations have been officially implemented since October 1st of that year. This regulation mainly defines the collection, transmission and use of data inside and outside the car from three aspects: cabin data, sensitive data such as facial features or license plates outside the car, and personal privacy notification. It also divides the responsibilities and rights of car data processors.
At the same time, the Regulations require intelligent connected vehicle production enterprises to collect, use, and protect personal information in accordance with the law, implement data classification and grading management, develop important data catalogs, and not disclose sensitive information related to national security.
List of notices attached:
