Operators that collect and process vehicle data in China will have to undergo security assessments if they provide such data overseas for business needs, the Cyberspace Administration of China (CAC) said on Friday.
The data collected from automobiles in China should be stored in China, according to a trial regulation on vehicle data security jointly released by five departments including the CAC and the Ministry of Public Security.
Operators must not send data overseas that exceeds the scope approved by security assessments, and should include relevant information in their annual reports on data security, according to the regulation.
It will go into effect on a trial basis on Oct. 1, aiming to address increasing security challenges and close loopholes as vehicles become smarter and gain a stronger ability to generate and process data, the CAC said in a statement.
The document says data operators should avoid collecting excessive data from cars, and protect the privacy of car owners and users.
They should inform car users and obtain their approval when collecting personal information. Biological data, such as fingerprint, voice, facial and heart rate data, can only be collected if it is absolutely necessary to ensure driving safety.
Those who violate the regulation will face administrative and legal penalties in accordance with the country's cybersecurity law and data security law, according to the regulation.