Automobile data processing includes the collection, storage, use, processing, transmission, provision and disclosure of automobile data.
Automobile data processors refer to organizations that carry out automobile data processing activities, including automobile manufacturers, parts and software suppliers, dealers, maintenance agencies and travel service enterprises.
Personal information refers to all kinds of information related to recognized or identifiable car owners, drivers, passengers, people outside the car, etc. recorded electronically or in other ways. , excluding anonymous information.
Sensitive personal information refers to personal information that, once leaked or illegally used, may lead to discrimination against car owners, drivers, passengers and people outside the car or seriously endanger personal and property safety, including vehicle trajectory, audio, video, images and biometric information.
Important data refers to data that may endanger national security, public interests or the legitimate rights and interests of individuals and organizations once it is tampered with, destroyed, leaked or illegally obtained or used, including:
(1) Geographic information, personnel flow, vehicle flow and other data of important sensitive areas such as military administrative zones, national defense science and technology units and party and government organs at or above the county level;
(two) data reflecting the economic operation of the car flow, logistics and so on;
(3) Operation data of automobile charging network;
(4) External video and image data including face information and license plate information;
(5) Personal information involving more than 654.38 million people;
(six) other data that may endanger national security, public interests or the legitimate rights and interests of individuals and organizations as determined by the national network information department and the State Council development and reform, industry and information technology, public security, transportation and other relevant departments. Article 4 Automobile data processors shall legally, fairly, concretely and clearly process automobile data directly related to automobile design, production, sales, use, operation and maintenance. Article 5 When using the Internet and other information networks to carry out automobile data processing activities, a network security level protection system shall be implemented, automobile data protection shall be strengthened, and data security obligations shall be fulfilled according to law. Article 6 The State encourages the rational and effective use of automobile data according to law, and advocates that automobile data processors insist on:
(a) the principle of in-vehicle handling, unless it is really necessary not to provide out-of-vehicle handling;
(2) The principle of not collecting by default, unless the driver sets it himself, the default setting is not collecting every time he drives;
(3) The application principle of precision range, according to the data precision requirements provided by functional services, determine the coverage and resolution of cameras and radars;
(four) the principle of desensitization, as far as possible, anonymous, de-identity and other processing. Article 7 When processing personal information, automobile data processors shall inform individuals of the following matters through user manuals, vehicle display screens, voice, and applications related to automobile use. :
(1) The types of personal information to be processed, including vehicle tracks, driving habits, audio, video, images and biological features;
(two) the specific situation of collecting all kinds of personal information and the ways to stop collecting it;
(3) Uses, purposes and processing methods of all kinds of personal information;
(4) The storage place and time limit of personal information, or the rules for determining the storage place and time limit;
(5) Ways and means of consulting and copying their personal information, deleting personal information inside the car and requesting the deletion of personal information provided outside the car;
(six) the name and contact information of the contact person for user rights affairs;
(seven) other matters that should be informed by laws and administrative regulations. Article 8 When processing personal information, automobile data processors shall obtain personal consent or meet other circumstances stipulated by laws and administrative regulations.
Due to the need to ensure driving safety, if personal information is collected outside the car and provided outside the car without personal consent, it should be anonymized, including deleting pictures that can identify natural persons or partially contouring the face information in the pictures. Article 9 When processing personal sensitive information, an automobile data processor shall meet the following requirements or other requirements such as laws, administrative regulations and mandatory national standards:
(a) for the purpose of directly serving individuals, including enhancing driving safety, intelligent driving, navigation, etc. ;
(two) through the user manual, vehicle display, voice and car use related applications and other significant ways to inform the necessity and personal influence;
(3) Personal consent should be obtained, and individuals can set their own consent period;
(four) on the premise of ensuring traffic safety, prompt the collection status in an appropriate way, and provide convenience for individuals to terminate the collection;
(5) If an individual requests deletion, the automobile data processor shall delete it within ten working days.
Before collecting biometric information such as fingerprints, voiceprints, faces, heart rate, etc., it is purposeful and necessary to enhance driving safety.