China has issued a wide range of new rules on cybersecurity, data exchange, and consumer protection that will define the development of smart cars, says China-lawyer Mark Schaub in an extensive analysis of the recent regulations, at Lexocology.
China has established its main legal regime in regulating cybersecurity, data security and personal information protection with the promulgation of Cybersecurity Law, the Data Security Law and PIPL. Smart cars will be collecting, processing and transferring data at levels previously undreamt of. However, such activities will prove to be a great challenge to the Chinese regulators. Following the effectiveness of the Data Security Law, the PIPL and the Management Provisions, we expect to see enforcement against some major players to make it clear that China will enforce data security and personal information protection. Companies that will be affected should consider the following: (1) Consider data security issues in the process of designing, producing, selling, operating, maintaining and managing cars, and reduce the amount of data collected and stored in car to the greatest possible extent.(2) While using big data for commercial operations, safeguard the users’ right to know and implement technical safeguards to desensitize and anonymize data, as well as preventing misuse or unauthorized third-party access.(3) Multinational companies or Chinese companies with R&D centers outside China should consider implementing localized storage as soon as possible by establishing data centers within China and enhancing local R&D capabilities in China.(4) Finally, companies would be well advised to conduct a systematic review and assessment of the current state of their data handling. Business operations that clearly do not comply with the requirements of the Management Provisions should be adjusted in a timely manner.
Are you looking for more articles by Mark Schaub on different subjects? Do check out this list.