The emergence of Intelligent Connected Vehicles (“ICVs”) will fundamentally change the ways people travel in the future. ICVs have raised many challenging legal questions, one of which is the issue of personal data protection. To authenticate authorised use and to provide more customized value-added settings to vehicle owners (for example, fingerprint identification unlocking, sound control, common destination settings, entertainment preference settings, etc.), ICVs need to collect personal information (and even sensitive personal information) of vehicle owners or drivers, such as personal identification information, personal biometric identification information, etc.

Meanwhile, through a variety of embedded connectivity systems and equipment, ICVs can collect a large amount of personal data generated during the course of driving, such as vehicle’s location data, journey history, driver’s driving habits and service needs, etc. These hundreds of thousands of users’ raw data, after aggregation and processing, will have an enormous commercial value for secondary exploitation. According to a study released by Frost & Sullivan, vehicle data will generate USD700 to USD800 per vehicle in savings for automakers, vehicle owners, service providers and local governments, which includes perks such as lower insurance rates for motorists, lower warranty costs, more aftersales revenue for dealerships, etc1. It is estimated that by 2030, the market scale of global telematics system, data and service market will hit USD70 billion2.

With the promulgation of the PRC Cyber Security Law and its associated regulations and national standards, China has been increasingly strengthening its protection of personal information. Since the beginning of this year, the Chinese regulatory authorities and the National Information Security Standardization Technical Committee have issued various notices and guidelines such as…
 
> Click here to download the full report in PDF format