China tightens smart vehicle data regulation for Tesla and others
- A new expansion of China’s data protection regulations now targets the smart car market in the country.
- Existing legislation requires the personal data of citizens to remain on servers within national borders.
- Over-the-air software updates for smart cars will also need to be filed with the Ministry of Industry and Information Technology before going out.
Beginning October 1, connected vehicle makers in China – including Tesla and a number of domestic carmakers – that offer automated driving assistance and other autopilot capabilities must “clearly inform” about their vehicles’ functions and performance limitations, as well as driver responsibilities and other important data. After a public comment period that began in mid-May, China last week officially released regulations on automotive data security management.
The regulations are aimed at preventing vast amounts of personal data generated in China, the world’s largest auto market, from being leaked beyond its borders. The rules will be based on the country’s 2017 cybersecurity law, as well as its sweeping Data Security Law, which is set to take effect on Sept 1.
Data security has been a major concern for China’s regulators, and according to the Ministry of Industry and Information Technology (MIIT), data that needs to be exported abroad must pass a security assessment, reiterating previous regulations. Aside from safeguarding data, the MIIT said connected vehicle makers must increase cybersecurity efforts to fend off threats to system vulnerabilities and to standardize software upgrades.
According to reports by the Chinese media, nearly half of new cars sold in 2020 are capable of connecting to the internet. In China, the driver can open the window, adjust the inside temperature or play music or videos using voice recognition technology through the internet.
The ministry published the proposed new regulations months after electric vehicle (EV) maker Tesla initiated a recall in mainland China over a potential safety hazard. In June, the State Administration for Market Regulation said the recall covered about 285,000 electric vehicles to fix the cruise-control function, which can be activated accidentally and cause cars to suddenly accelerate.
That led to a 69% plunge in Tesla’s domestic car sales in June, according to data from the China Passenger Car Association. The MIIT however, indicated that it has been working on formulating regulations on smart connected vehicles since last year. In June, for instance, it issued a set of draft regulations focused on cybersecurity, including provisions for smart cars that aim to establish a relatively complete cybersecurity standard by 2025.
Notably, the new rules will apply to a wide range of businesses, including automakers, auto parts makers, software companies, car dealers, as well as ride-hailing services. Most evidently, companies will have to disclose the locations where they plan to store the data. Authorities have stated that sensitive data will include anything from Chinese road traffic and logistics information to facial recognition data, videos, and photos taken by onboard cameras, as well as operational data on charging stations for electric vehicles.
How will it impact automakers?
According to a report by Reuters, a handful of automakers shared that they have been storing data locally. None of the carmakers said whether they would share data from China with their overseas offices.
For example, Ford Motor said it established a data center in China in the first half of last year and was storing all vehicle data locally. BMW also said it operates “local data centers in China for the Chinese vehicle fleet,” without saying when they opened.
Meanwhile, Daimler said it runs “a dedicated vehicle backend in China, where vehicle data is stored.” General Motors and Toyota Motor Corp on the other hand declined to discuss how they manage their data in China, while France’s Renault said it does not yet have a car data center in China.
Nissan Motor and Stellantis said they would comply with rules in China but gave no further details. Volkswagen agrees that compliance with data protection rules was crucial for a successful digital transformation, but “as the regulatory environment is still in rapid development, it is too early for us to comment on the specifics.”
- Cybersecurity Awareness Month 2022 – what is it? And why should you care?
- Workday: Organizations in Asia lag in digital agility and that needs to change — here’s why
- Shifting from Russia to Singapore to stabilize the threat landscape in the country
- Local and state government cyber attacks are as complicated as other industries as well
- Wasabi Technologies hoping to spice up cloud storage in APAC