On August 23, 2024, the National Technical Committee of Auto Standardization (SAC/TC114) released GB/T 44464-2024 General Requirements of Vehicle Data (hereinafter referred to as the General Requirements). This recommended national standard specifies the general requirements for data generated and collected during the research, design, and manufacturing of vehicles, including personal information protection, key data protection, audit assessment, experimental requirements, and corresponding test methods. The release of this standard aims to support data security and compliance for intelligent connected vehicles.

The General Requirements apply to vehicles with data processing functions and their data processors. The key requirements are summarized below:

  1. Vehicle Data Security Management System

The General Requirements stipulate that data processors should establish a security management system for vehicle data and specifies the contents of this management system.

Figure 1: The Structure of Vehicle Data Management System

  1. Personal Information Protection Requirements

Chapter 5 of the General Requirements outlines the general provisions for personal information protection, detailing specific requirements for obtaining individual consent, and the collection, storage, usage, transfer, and deletion of information. The primary goal is to minimize the impacts on individuals’ rights and interests while ensuring that data processing activities are legally justified and reasonably necessary. Notably, direct cross-border transfer of personal information from vehicles is prohibited, except when such transfers result from user or driver actions, such as visiting foreign websites, using communication software to send information abroad, or downloading third-party applications that may transfer personal information abroad.

  1. Key Data Protection Requirements

The General Requirements specify that, when handling key data, vehicles must set parameters for cameras, radar, and other equipment according to the precision needs of functional services. At least one function shall meet the highest precision standard, while other functions must be justified. Data storage, usage, and transfer must comply with GB 44495-2024 Technical requirements for vehicle cybersecurity to prevent unauthorized access. Deleted data must be irrecoverable, and cross-border data transfers must strictly adhere to relevant legal requirements.

  1. Audit, Assessment, and Testing Requirements

The standard mandates that data processors meet conformity assessment requirements and conduct personal data anonymization and key data processing tests according to Appendix B and D of the General Requirements. It also recommends performing anonymization error rate tests per Appendix C to further optimize data processing.

In conclusion, the GB/T 44464-2024 General Requirements of Vehicle Data provides a framework for addressing the key aspects of data security and compliance in intelligent connected vehicles. The standard outlines the necessary steps for establishing a vehicle data security management system, safeguarding personal information, and protecting key data. It also sets guidelines for data handling, storage, and transfer, ensuring that data processing activities align with legal requirements. Additionally, the standard includes provisions for audit, assessment, and testing to ensure adherence to the outlined requirements. This framework serves as a reference for stakeholders involved in vehicle data processing and management.