Will travel data flow abroad?

Will travel data flow abroad?

This article is from the WeChat public account: Traveling a passenger (ID: carcaijing) , Author: Liu Wanyuan, Zhu Maomao, Editor: Shi Zhiliang, original title: “Will travel data flow abroad? What does the regulatory authority do? 》

In the case of an imperfect management system, cross-border data transmission must be “blocked” first.

Personal privacy and national security risks brought about by smart car data collection will soon be brought under control.

On the evening of May 12th, the official website of the State Internet Information Office (“CNC”) released the “Several Provisions on the Management of Automobile Data Security (Draft for Solicitation of Comments)” (“Draft for Solicitation of Comments”), which is now open to the public for solicitation opinion.

There are a total of 21 articles in this consultation draft, which involve the definition of operators, personal information and important data. Operators should insist on the notification responsibilities and usage rights when collecting personal information or important data. Operators provide personal information or important data overseas. Data security assessment and so on.

Data is the lifeblood of smart cars. From software-defined cars to data-driven iterations, the data contributed by cars during use has become the most valuable asset of many car companies. However, with the further development of intelligence and networking, data security issues have also been magnified, such as the collection of the environment inside and outside the car by sensors such as car cameras and lidar.

The personal privacy of consumers, the commercial secrets of car companies, and the national data security urgently need to be regulated by policies. Previously, documents such as the “Draft of Data Security Management Measures for Solicitation of Comments” made clear provisions on the collection, storage, transmission, processing, supervision, protection, and exit of data. However, there have not been special laws and regulations for data management of smart cars to comply with.

The release of the draft for comments can be described as a “timely rain”, and it is also a response to a series of recent smart car safety incidents.

“Prior to this, our country’s regulations and measures for smart car data managers were basically blank. When companies are doing smart car research and development, they have no way to follow, and there are no rules to follow. After this regulation is announced, companies can The research and development of smart car-related technologies under the guidance also guarantees the health of the smart car industry.” said Yang Diange, the founding dean of the School of Vehicles and Transportation, Tsinghua University.

1. More sensors collect more information and involve more problems

With the wave of intelligence sweeping the auto industry, cars are becoming more and more “smart”, but the lack of data security supervision and lagging regulations have also been revealed.

The data generated by smart cars is mainly divided into two parts. One is user data, which is mainly about the user’s personal privacy. For example, getting on WeChat will involve user accounts and access records. In-vehicle cameras and in-vehicle microphones may also infringe on user privacy. The other type is vehicle data, including geographic location, system information, and business-related data.

In February, there was a legal dispute between PATEO IOV, SAIC-GM-Wuling and Tencent. It has not been determined which party infringed, but Tencent’s statement is sufficiently vigilant that the former two have not obtained the explicit authorization of Tencent and users. , Can collect, store and upload sensitive data such as WeChat contact information and chat information.

In addition to personal information such as account number, identity, and location information, how to define the ownership of data such as smart car driving routes and operating parameters has also become a point of dispute. Just as in Tesla’s “Auto Show Rights Protection” incident, the company’s disclosure of driving data to the media constitutes an infringement of the owner’s personal privacy is not fully defined in law; however, Tesla’s published data includes the frame number. The vehicle belongs to personal property, and the frame number is a unique identifier. Recognizing the vehicle is equivalent to recognizing a person. According to industry analysts, this constitutes a leak of personal information.

In addition to personal information, the road environment information collected by the car during driving involves the mapping of geographic information, which threatens national security.

With the rapid launch of the Internet of Vehicles applications, the car is more like a smart phone, but the smart car collects more information than the mobile phone, and there are more various sensors such as cameras and lidars, which involve more serious safety issues.

“During the driving of the vehicle, lidar and cameras also collect road information at all times. This information is likely to involve sensitive locations and the content is illegal. Not only is the content illegal, some lidars are highly accurate, which may cause illegal accuracy. It shouldn’t have such high accuracy.” On April 8, a traveler learned from Yang Diange in the “Focus Observation Room” column of the China Electric Vehicles Association of 100.

However, the policy issued by the Office of the Cyberspace Administration of China this time has made clear restrictions on the collection of personal information and the collection of geographic information in terms of information collection:

Articles 8 and 9 of the draft for comments mentioned that personal information should be collected by default, and the driver’s consent and authorization should be obtained every time. After the driving is completed (the driver leaves the driver’s seat), this authorization is automatically granted. Invalid; it is necessary to clearly inform the personnel in the vehicle that personal information is being collected; the personal information needs to be anonymized or desensitized.

Article 3 of the draft for comments mentioned that data on people flow and traffic flow in important sensitive areas such as military management zones, science and technology for national defense and other units involving state secrets, party and government agencies at or above the county level, and surveying and mapping data that are higher than the accuracy of the publicly released maps of the state All are included in the category of “important data”.

2. Cross-border transmission risks are unavoidable, and domestic data centers must be built

The collection of geographic information and environmental information involving state secret units by smart cars has attracted the attention of government departments.

In March, the Wall Street Journal quoted an insider as saying that because of concerns about cameras collecting sensitive data, the Chinese government has begun to restrict the use of Tesla by military personnel and employees of key state-owned enterprises. Some organizations require employees not to drive Tesla to work and prohibit driving into sensitive companies. Residential complex.

Will travel data flow abroad?

In this regard, Tesla CEO Elon Musk said at the China Development Forum that Tesla will never provide the US government with any vehicle and user data it collects in China or other countries.

Whether Tesla is engaged in “espionage” activities is unknown, but smart cars, especially multinational car companies, have caused new problems such as data storage and cross-border transmission.

Industry insiders pointed out that my country has always lacked an effective regulatory mechanism for cross-border data transmission, but cross-border transmission of confidential data has a great impact on national security, and once the data is transmitted, it will be more difficult to rectify and repair later.

“In the case of incomplete technical means and incomplete management systems, more stringent management methods should be adopted for cross-border transmission, and data should be’blocked’ as soon as possible. After the research is clear, these really need to be transmitted and not Secret-related desensitization data can be jointly developed on a global scale. But before the research is clear and the control methods are perfect, the data should be strictly kept in the country.” Yang Diange said.

Wang Pengpeng, a distinguished associate researcher of the School of Law of East China University of Science and Technology, told a traveler that the data generated in the use of cars must be “desensitized” before being transmitted, saved and used in the intelligent research and development of car companies. The privacy-sensitive privacy data of car owners Can also be screened out.

“However, some data collected by cars, such as the trajectory of actions, must have human attributes and belong to the information that needs to be’desensitized’ in law. This may greatly reduce the technical contribution of driverless deep learning.” Wang Pengpeng believes that there must be a balance. Data security and technological advancement require the establishment of a data platform processing center, but the government must be involved in supervision, especially for foreign-related companies such as Tesla.

The draft for comments issued this time also specifically stipulates data storage and cross-border transmission:

Article 12 of the draft for comments states that personal information or important data should be stored in China in accordance with the law, and if it is really necessary to provide it overseas, it should pass the data exit security assessment organized by the national cyberspace administration; Article 13 of the draft for comments states that When personal information or important data is provided overseas, effective measures shall be taken to clarify and supervise the use of data by the recipient in accordance with the purpose, scope and method agreed by both parties to ensure data security.

“Our job is to work with industry and government regulators to establish data security rules and make people more at ease.” During the Shanghai Auto Show, Tao Lin, vice president of Tesla China, said in an exclusive interview with a traveler. The Tesla data center is under construction and is expected to be completed in the second quarter of this year.

It is foreseeable that Tesla and other multinational car companies will need to set up a dedicated data center for processing and storage in China, just like Apple’s setting up a data center in Guizhou. The industry predicts that the draft for comments will have a greater restraining effect on overseas auto companies with data backends.

3. It is difficult to have both privacy and function

Can automotive data security issues be evaded from the source level of car companies and smart solution providers? A traveler learned from Xu Chao, Director of Information Security of Ideal Auto, that this is achievable at the technical level.

“There is no conflict between data security and the vehicle development process. Car companies can integrate security into the vehicle development process, from requirements, design, research and development to testing.” Xu Chao said. Taking the camera as an example, which information can be collected and which are more sensitive require user authorization and desensitization processing. Car companies can simultaneously complete safety assessments during research and development to meet national regulations.

The “security guard” in the Internet age joins the automotive industry and will also provide industry chain partners with smart car network security services. Recently, 360, which takes safety as its foundation, announced its cooperation with Nezha to build cars. Zhou Hongyi, the founder of 360 Group, believes that 360 can provide consumers with more affordable digital products while in-depth research on automotive network security issues.

However, car companies still face a lot of confusion in information processing. A traveler learned from Tencent’s car networking security technology expert Zhang Kang that it is difficult for car companies to have a macroscopic impression and control over the flow of each data. “Car companies don’t know that the data collected by this car is being transmitted and shared. What security risks will you face, and what methods are needed to deal with them.”

Regarding the use of technology and the handling of user privacy, car companies are also facing a situation where it is difficult to have both fish and bear’s paws. Ideal cars currently do not have an in-car camera installed, and future models may be installed, but Xu Chao admitted frankly that if the in-car camera is turned off to protect privacy, the function of monitoring user fatigue driving will fail, and the user experience will also be lost.

In order to protect the privacy of car owners, another solution is to extract only part of the information. “Data has two sides. We promise that we will never use Face ID technology. We only need to extract core facial information such as the user’s eyebrows and eyelids. Even if hackers attack, we cannot find a complete’face’ in the system.” Zhiji Liu Tao, co-CEO of the car, told the media.

Will travel data flow abroad?

Car data leakage not only threatens consumers, but for car companies, they are also worried about the leakage of business information and commercial secrets.

A traveler learned that hackers or competitors can obtain data through crawlers, use statistical sampling analysis, construct some models, and then obtain and analyze sample data to accurately analyze the commercial secrets of actual business.

“Everyone’s focus is on the security of transmission and storage, ignoring the data security of the business application layer. In fact, all kinds of groups such as black and gray products, competitors, business trend analysis, intelligence analysis, and political tendency analysis are all involved. Data mining is going on on the Internet.” Xu Chao said.

This article is from the WeChat public account: Traveling a passenger (ID: carcaijing) , author: Shi Zhiliang’s team

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/will-travel-data-flow-abroad/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-03 08:16
Next 2021-07-03 08:22

Related articles