Recently, 360 issued an exclusive report disclosing that the mainland is one of the key targets of the NSA organization, and many key fields and units from the military industry, petroleum, aerospace, Internet companies, scientific research institutions and government agencies have been attacked by different degrees of network infiltration, which is another public exposure after the 360 real hammer CIA carried out 11 years of cyber attack and infiltration against China in 2020.
From the WikiLeaks incident to the Snowden incident to the recent Swiss encryption machine incident, it is enough to show that the form of war is not only a kind of military confrontation, cyberspace has long become another important battlefield in the contest of great powers. Once the entire national social system is attacked, it may lead to the paralysis of transportation, banking, aviation, hydropower systems, etc., causing immeasurable harm to the country's political stability and economic lifeline.
For several consecutive days, hot words such as network attacks, data security, personal information, and privacy protection have frequently brushed the Hot Search List in March, becoming one of the most concerned topics for the whole people. So why is data security so important? For intelligent and connected vehicles, what important value and impact will data security have?
Why is data security important?
In the past two years, everyone has realized through the Huawei incident that the lack of core will be stuck in the neck, so it is determined to become bigger and stronger in the chip field. However, the importance of data security is not smaller than that of chips, which not only involve chips, operating systems, but also application software, network connections, etc. Almost all advanced digital technologies will face data security problems.
Therefore, in this year's national "two sessions" government work report, it is clearly proposed to strengthen the construction of digital China, promote the digital transformation of the industry, cultivate and expand the digital industry, and release the potential of data elements, fully reflecting the great significance and value of data at the macro, meso and micro levels.
First, at the macro level: the competition between countries has gradually changed from the original tangible content of capital, land, resources, etc., to the competition of technology, data and innovation. Data is the key production factor and core resource to promote social and economic development, can be used as the basis for national decision-making, management and innovation, the mainland has always been a major country in data resources, the total amount of data is expected to jump to the world's first place in 2025, accounting for more than 27% of the global data scale.
Secondly, at the meso level: in order to achieve the transformation from the era of industrial economy to the era of digital economy, data will play an important role and is the key to empowering the digital transformation and upgrading of the industry, which can not only improve production efficiency, reduce information asymmetry, achieve intelligent production, improve the efficiency of factor allocation, but also stimulate new kinetic energy and cultivate new formats.
Third, at the micro level: enterprises can use data to create new business value and services, the so-called "thousand faces" is an important application of data in precision marketing. Especially in the era of mobile Internet, everyone's behavior will leave traces, and all behaviors can be digitized. Because of this, while providing convenience to users, data will also involve security issues such as personal privacy leakage.
At present, the global penetration rate of intelligent networked new cars is about 45%, and it is expected to be close to 60% by 2025; the penetration rate of China's intelligent networked vehicles in 2020 is about 15%, and it is expected to exceed 75% by 2025, higher than the global average. This means that in the next three years, China's intelligent networked new car market will continue to usher in a blowout.
Along with the rapid development of automobile intelligence, cars generate massive user data every day. On the one hand, car companies collect and use these data in the background for product improvement and experience optimization; on the other hand, these data are collected, shared and used in large quantities, which also poses potential risks to personal privacy.
"Personal information contains two main categories: one is personal ordinary information, and the other is personal sensitive information. Among them, personal sensitive information also contains personal biological information, such as fingerprints, face recognition, action trajectory, etc., in principle, this information can not be transmitted to the outside of the car, need to be stored in a relatively safe area, and through the combination of soft and hard protection measures to strictly manage it. Luo Lei, director of the Embedded Software Engineering Center of the University of Electronic Science and Technology of China and secretary general of the TIAA Cyber Security Committee, said.
Data governance, how to break the game?
It is said that data is the "gold mine" of the information age and the "oil" of the 21st century. So, how to make the commercial value of the "gold mine" really give back to the "mine owner" itself? How to "refine" in compliance and legality? Looking at the world, is there some experience to follow in the governance of automotive data security?
As a leader in data security governance, the EU emphasizes the creation of a common data space, such as the formulation of the General Data Protection Regulation, which stipulates different protection paths and scopes of use for different types of data, and classifies and layers the management of data to protect personal privacy to the greatest extent.
At the beginning of 2020, the European Union also released the European Data Strategy, proposing the concept of a public data space similar to the ecological community; at the end of the year, the European Data Governance Regulation (Data Governance Law) was adopted, which is also based on citizens and enterprises, with the protection of their interests as the starting point.
It is not difficult to see that Europe is based on the interests and needs of users in dealing with data security. Among them, the "Guidelines for the Processing of Personal Data of Intelligent Connected Vehicles" issued by the European Data Protection Commission is one of the most representative guidance suggestions for the protection of personal privacy of intelligent connected vehicles, which not only defines the personal data of different types of intelligent connected vehicles, but also gives several suggestions for the processing of personal data.
The United States is more based on the industry, for the telecommunications, finance, health, education, automotive and other industries to set up a special data protection law, such as the 2014 "Data Accountability and Transparency Act" and the "California Consumer Privacy Act", etc., without exception to clarify the rights and protection principles of data subjects.
At the same time, China also attaches great importance to the application and governance of data resources, especially in recent years, many relevant laws and regulations have been proposed. A typical example is the implementation of the Cybersecurity Law of the People's Republic of China in 2017, which clearly proposes that the protection of personal information should strictly follow the basic principles of legality, legitimacy and necessity; in the same year, personal information was also included in the Civil Code for protection, indicating that the state has raised the protection of personal information to an unprecedented height.
Subsequently, the state has also successively promulgated the "E-commerce Law of the People's Republic of China", "Method for Determining the Illegal Collection and Use of Personal Information by Apps", "Data Security Management Measures", "Network Security Review Measures", "Data Security Law" and "Personal Information Protection Law", etc., gradually elevating data security to the level of national security.
"Especially from 2021 onwards, the competent authorities of relevant industries have paid great attention to automotive network security and data security, and have standardized the rational development and utilization of automotive data." According to Luo Lei, the Ministry of Industry and Information Technology has officially issued the "Opinions on Strengthening the Management of Intelligent and Connected Vehicle Manufacturers and Product Access" last year, requiring the strengthening of automotive data security, network security, software upgrades, functional safety and expected functional safety management.
In addition, the Several Provisions on the Security Management of Automobile Data (Trial) (hereinafter referred to as the "Trial")," led by the State Internet Information Office and jointly issued by the four ministries and commissions, will also be formally implemented on October 1, 2021, covering the definition of automobile data, the definition of important data, the principles of data processing, the matters that data processors should inform individuals, the requirements to be met for handling sensitive personal information, and the requirements for providing important data abroad.
"The Trial Implementation not only clarifies the responsibilities and obligations of automotive data processors, but also strictly regulates the activities of automotive data processing, and is also a necessary prerequisite for the mainland to prevent and resolve automotive data security risks and ensure the reasonable and effective use of automotive data according to law." Lorelei added.
In Luo Lei's view, the relevant laws and regulations of the mainland have been relatively complete, especially after the Ministry of Industry and Information Technology issued the "Guidelines for the Construction of the Networking Network Network Security and Data Security Standard System" on March 7 this year, more and more car companies have carried out the organization construction, management system construction and technical system construction of data security, "Although the standard system of enterprises has been on the road of practice, what is most lacking at this stage is still the landing of the industry standard system, including how to classify and classify data, how to deal with personal sensitive information, How to prevent software upgrade vulnerabilities, how to form a secure data sharing, how to make data compliance and appreciation, etc., all call for the introduction of industry standards. ”
Where are the boundaries of data usage?
Worryingly, the proportion of digital security investment in the mainland is still relatively low in the world, and the proportion of network security in developed countries alone in the overall IT investment has reached 10%, while the domestic investment is less than 1%. Especially compared with the mobile phone and Internet industries, the use and protection of user data in the automotive industry is obviously not mature enough.
"As we all know, data is the basis for the digitization and intelligence of automobiles. In order to achieve the functions of automatic driving, assisted driving, human-computer interaction, and intelligent networking, intelligent networked vehicles need to continuously collect environmental perception information, vehicle working condition information, and driver and passenger information, and use this information to provide personalized services of 'thousands of people'. Lorelei said.
Nowadays, the car has become another mobile smart terminal after the smartphone, and more and more car manufacturers, ride-hailing platforms and technology companies have used car data to reduce emissions, manage traffic, avoid accidents and other purposes, and the benefits of intelligent connected car data are obvious. But at the same time, there is also an increasing number of personal information of drivers, riders and people outside the car being collected, used and shared, posing a privacy risk.
According to the Global Times and J.D. The "2022 Survey of Chinese Consumers' Data Security and Personal Privacy Awareness and Concerns" (hereinafter referred to as the "Survey") jointly released by Power shows that Chinese consumers have insufficient confidence in whether intelligent connected car manufacturers can properly protect personal sensitive information at this stage. Among them, the proportion of respondents who are highly concerned about personal sensitive information being collected, used and shared by intelligent and connected cars is as high as 77.4%.
First of all, compared with mobile phone manufacturers, car manufacturers have implemented fewer notification measures for personal data collection, which makes users less aware of the collection of personal information by intelligent connected cars, and nearly half of the owners surveyed said that they have never received tips from car brands or dealers on the collection of personal information, which shows that many data collection behaviors are carried out without the user's knowledge.
Secondly, car users are generally worried about the serious consequences of personal information leakage, such as the collection and resale of personal information to third parties, the illegal dissemination or extortion of personal private information after being secretly photographed, the loss of private property after the account is stolen, and the loss of control of the vehicle after the vehicle is hacked.
Third, the lack of understanding of personal information protection laws and regulations and the lack of knowledge of how to protect rights have also increased the concerns of car users about the leakage of personal privacy and the consequences. Among them, nearly 3/4 of the respondents do not know which of their rights and interests are protected, let alone how to protect their legitimate rights and interests.
The above research results undoubtedly sound the alarm for the intelligent and connected car industry - when fully mining and using the data "gold mine" to improve product functions, provide personalized services, and predict traffic congestion, we should also find a balance between user privacy and car companies to obtain convenience, and ultimately benefit consumers.
In fact, in order to resolve the concerns of car users about sharing personal information, car companies can still have great potential, as long as they ensure that users have the right to know and control personal information, they can effectively enhance the user's sense of security in the protection of personal privacy of the car. For example, when asked under what circumstances they would like to share sensitive personal information, most car users chose scenarios related to driving safety and route planning. This shows that in the future, those car companies that have made achievements in data security and personal privacy protection will be more likely to establish new competitive advantages and thus gain more consumers' favor.
J.D. Power China automotive products digital user experience director Pei Lin pointed out, "With the transformation and upgrading of the automotive industry, the role of automakers is gradually shifting from manufacturing enterprises to technology-based enterprises, with reference to the development experience of technology companies, the network security and user data security of any product occupy the primary position of enterprise operation, therefore, automakers also need to establish a sound automotive data security management specifications and processes in the future." ”
Another important finding in the survey is that more than 90% of consumers surveyed tend to choose car brands that focus on data security and protect sensitive personal information. This shows that data security is becoming an important factor affecting consumers' car purchase decisions, and has become a new watershed in the intelligent competition of car companies, for automobile manufacturers, if it can effectively protect consumers' personal sensitive information, it will greatly enhance consumers' willingness to buy.
To this end, Pei Lin also put forward six suggestions for automobile manufacturers: in all cases, only a minimum of personal information should be collected; maximum transparency should be provided for the collection and use of data, and consumers should be given the autonomy to share and stop sharing personal information; for areas where laws and regulations do not yet have clear requirements, they should also actively fulfill the obligation to inform consumers of privacy choices; from the perspective of corporate strategy, establish a complete data life cycle strategy from data collection to data destruction; and from the perspective of data security system management, Establish an end-to-end automotive data security protection system and emergency handling mechanism; improve and strengthen the user data security firewall from the perspective of technical implementation.
"Establishing high standards in data security protection will help car companies gain more consumers' scientific and technological security recognition, enhance consumers' trust in corporate technology products, and make consumers more willing to share travel data with car companies, thereby promoting the positive improvement of product user experience and helping car companies win opportunities in the competition of future travel ecology." Perrin stressed.
Is the data charge reasonable?
More and more research data show that in addition to paying attention to automobile quality and functional safety, consumers have gradually begun to pay attention to automobile network security and data security, especially the automobile network and data security accidents that occur from time to time at home and abroad, which has aggravated consumers' concerns about automobile data security and personal privacy security.
So, when car companies use the driving data of the owner, do they need to get the consent of the owner? In fact, few car owners have carefully read the relevant privacy policy terms, and may inadvertently check the "agree" option when using the vehicle, but in fact, this aspect requires the relevant state departments to "draw a bottom line" for the car company, and some overlord clauses that cross the legal red line are also invalid, so they need the support of the legislative community.
In addition, is there any relevant laws and regulations on the use of cameras in the car in the mainland? Luo Lei said, "Although the mainland has not yet introduced laws and regulations related to the camera in the car, the camera in the car involves personal privacy data, and the state still has relevant regulations, that is, it is clear that individual authorization is required, and enterprises can use relevant data." ”
In response to the question of whether car owners can charge for this after using the owner data, Luo Lei believes that "the right to data is a big problem, and we have also seen some car companies doing corresponding practices, for example, sharing driving data as an incentive mechanism and forming a data ecology with car owners, I believe there will be more similar models in the future." ”
In fact, there are precedents abroad for the discussion of personal information charges, and from a legal point of view, there is no relevant provision that the owner cannot charge the fee, but there will be many potential obstacles to the owner's behavior. First of all, the owner is also the owner of the driving data feedback and optimized performance; second, if the owner agrees to the privacy clause, then from the perspective of the contract, it is difficult for the owner to claim financial benefits.
More importantly, the data used by car companies to improve the automatic driving performance of vehicles is actually desensitized, so car owners cannot track whether car companies use their own data. That is to say, although the data comes from the owner, the car company will desensitize the data through some technical means to form a collection, and then improve the user experience, so it is difficult for the owner to get direct economic returns.
In fact, the data security of smart cars reflects a balanced and co-creation relationship between car companies and users, that is, how to find a balance between giving up privacy and obtaining convenience. From the perspective of future trends, automotive data security should be strong supervision, strict supervision and fine supervision.
![Do Apple's new privacy rules curb competition? Polish regulators have stepped in to investigate[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)