Welcome to the WeChat subscription number of “Sina Technology”: techsina
Text / Deng Simiao
Source: Smart Car Reference (ID: AI4Auto)
Changan UNI-V, which has been on the market for more than three months, has been angrily complained by 136 car owners.
Mainly because of an official notice:
From June 30, the three functions of the car have been cancelled: remote monitoring, 360 panoramic view, and remote intelligent parking.
You know, these functions were originally promoted by Changan as a marketing selling point.
I didn’t say it at first, but suddenly changed my mind. Which one is this playing? ? ?
In fact, in addition to Changan, the remote monitoring functions of Nissan, BYD, and Xiaopeng were also banned not long ago.
There must be a reason for the incident. The “Several Regulations on the Security Management of Automobile Data (Trial)”, which was officially implemented on October 1 last year, is full of answers.
Smart car data, not allowed to be used casually?
“Several Regulations on Vehicle Data Security Management (Trial)” is China’s first regulation for vehicle data security, jointly issued by the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Ministry of Transport.
The regulations have a total of 19 articles. By defining the vehicle data and the supervisory body, the principles of data processing are stipulated, the obligations of data processors are clarified, and cross-border data transmission rules are formulated, which initially establishes the compliance of China’s automobile data security. frame.
The biggest highlight of this regulation is that it clarifies the user’s initiative in data collection. Major car companies, software and hardware suppliers, and autonomous driving companies can no longer collect and abuse car data in a disorderly manner as before.
In a word, all data and privacy must be respected and protected, both inside and outside the car, and protected by levels.
The problem in the car is still relatively easy to solve, just inform in advance and ask for personal consent.
The key lies outside the car. On the one hand, it collects personal information outside the car, and on the other hand, it provides information to the outside of the car.
Moreover, the current car has 6 or 7 8-megapixel cameras casually. The car runs on the road and transforms into a walking high-definition monitoring head.
Geographic information on the road, the flow of people, the flow of vehicles, everything can be photographed, and it is usually unknowingly.
Therefore, the regulation requires that data be processed in the car as much as possible, unless it is absolutely necessary not to provide it outside the car.
What if you really want to collect personal information outside the car and provide it to the outside of the car?
The regulations stipulate that anonymization should be carried out, including deleting pictures containing recognizable natural persons, or performing partial outline processing on the face information in the pictures.
The main idea is that it is necessary to mosaic the key information such as faces and license plate numbers in the picture, so that it is not clear to see.
In addition to this, the regulation imposes two major requirements on data processors.
One is the principle of not collecting by default, unless the driver sets it by himself, the default setting is the state of not collecting every time he drives. This means that the user’s consent is required before every data collection.
The other is the principle of accuracy range application, that is, the coverage and resolution of cameras, radars, etc. are determined according to the data accuracy requirements of the provided functional services. It means that car companies are required to tailor their clothes, not to be smart for the sake of intelligence, just enough.
Finally, it is worth mentioning that the regulation clearly divides three levels of car data.
In addition to personal information and sensitive personal information, the most powerful protection is important data, that is, data that may endanger national security, public interests, or the legitimate rights and interests of individuals and organizations once it is tampered with, destroyed, leaked, or illegally obtained or used.
Specifically, the regulation clearly identifies six categories of important data:
Geographic information, personnel flow, vehicle flow and other data of important and sensitive areas such as military administrative areas, national defense science and industry units, and party and government organs at or above the county level;
Vehicle flow, logistics and other data reflecting the economic operation;
Operation data of car charging network;
Out-of-vehicle video and image data including face information, license plate information, etc.;
Personal information involving more than 100,000 personal information subjects;
Other data that may endanger national security, public interests, or the legitimate rights and interests of individuals and organizations as determined by the national cybersecurity and informatization department and the development and reform, industry and informatization, public security, transportation, and other relevant departments of the State Council.
Regulations require that, when processing important data, automobile data processors shall conduct risk assessments in accordance with regulations, and submit risk assessment reports to the provincial, autonomous region, and municipal network and information departments and relevant departments before December 15 each year.
If important data is to be “exited”, it should pass a security assessment organized by the national cybersecurity and informatization department in conjunction with the relevant departments of the State Council.
What impact did the new regulations have?
Coincidentally, the “Guiding Opinions on Further Strengthening the Security System Construction of New Energy Vehicle Enterprises” issued in April this year also put forward similar requirements for automobile data security:
Enterprises should earnestly fulfill their data security protection obligations, establish and improve the whole-process data security management system, and take corresponding technical measures and other necessary measures to ensure data security. Enterprises should conduct data collection, storage, use, processing, transmission, provision, disclosure and other processing activities in accordance with relevant provisions of laws and administrative regulations, as well as data export security management.
New regulations are coming one after another, and the impact may be just beginning.
On the one hand, car companies, software and hardware suppliers have already demonstrated privacy desensitization work, commonly known as coding.
Personal information security, image desensitization, etc. have become new functions and new patents.
For example, SAIC has released version 2.0 of the network security management and control standard, which has added security modules for vehicle-cloud collaboration information security and personal information protection.
Since the end of September last year, Horizon has successively applied for 4 patents related to “image desensitization”, the purpose is also to improve the security of user privacy data.
SenseTime also set up a standard project for “Technical Requirements and Methods for Vehicle Transmission Video and Image Desensitization”, hoping to build a safe, reliable and efficient data return closed-loop system.
On the other hand, with the camera as the core sensor, the previous state of disorderly expansion will be terminated.
For example, represented by SAIC Zhiji L7, it was once designed and equipped with three Carlog intelligent in-vehicle camera systems totaling 150 million pixels for the new car, and they were placed in the best position for the overhead view.
Before that, the camera of the smart car was basically 8 megapixels…
However, now that the new regulations have been released, Zhiji L7 has also begun to emphasize that the camera “is mainly for landscape shooting. If sensitive information such as faces is involved, it will be blurred when it is transmitted outside the car.”
However, it is foreseeable that under the principle of applying the accuracy range, whether this 150-megapixel camera system can be used consistently is also questioned.
Finally, there are implications for all potential car owners and consumers.
Can car owners who work in some agencies and key units still drive smart cars happily?
(Disclaimer: This article only represents the author’s point of view and does not represent the position of Sina.com.)
This article is reproduced from: http://finance.sina.com.cn/tech/csj/2022-07-03/doc-imizmscu9892812.shtml
This site is for inclusion only, and the copyright belongs to the original author.