Zhong Guo Zheng Quan Bao·2025-06-16 20:58Core Viewpoint - The acceleration of Chinese autonomous driving companies' overseas expansion raises concerns about automotive data security, prompting the release of the "Automotive Data Export Security Guidelines (2025 Edition)" draft for public consultation [1][2]. Group 1: Data Export Guidelines - The guidelines require automotive data processors to declare safety assessments for various scenarios of data export, particularly in automated driving contexts [1][2]. - Important data types that need to be declared include vehicle operation status data, road environment and personnel data, and in-vehicle personnel privacy data [1][3]. - Automotive data processors include manufacturers, parts and software suppliers, telecom operators, autonomous driving service providers, platform operators, dealers, maintenance organizations, and mobility service companies [1][2]. Group 2: Data Security Risks - The automotive industry has faced over $500 billion in losses due to cyberattacks in the past five years, with nearly 70% of threats stemming from remote network attacks [3]. - A single autonomous vehicle can generate up to 10TB of data daily, significantly more than traditional vehicles, with projections indicating that by 2025, vehicles with L2-level driving assistance will upload over 70,000PB of data annually [3][4]. - Key data categories include vehicle operation status, road environment and personnel data, and in-vehicle personnel privacy data, which pose risks if leaked or stolen [3][4]. Group 3: Recommendations for Data Management - Experts suggest establishing mandatory national standards for vehicle information security and developing internal security monitoring products to detect potential attacks [5][6]. - Companies should implement comprehensive data security management systems and enhance governance to mitigate risks associated with sensitive data, such as camera and GPS data [4][5]. - Recommendations include localizing data storage, employing data anonymization techniques, and establishing a risk warning system for cross-border data flow [5][6].