GB/T 44464-2024: General requirements of vehicle data (English PDF)
Price & Delivery
US$440.00 · In stock · Download in 9 secondsGB/T 44464-2024: General requirements of vehicle data
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step chartStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GB/T 44464-2024 | English | 440 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
General requirements of vehicle data
| Valid |
PDFs (Download full copy in 9 seconds upon purchase)
PDF Preview: GB/T 44464-2024
GB/T 44464-2024: General requirements of vehicle data
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.020
CCS T 40
General Requirements of Vehicle Data
ISSUED ON: AUGUST 23, 2024
IMPLEMENTED ON: AUGUST 23, 2024
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword... 4
1 Scope... 5
2 Normative References... 5
3 Terms and Definitions... 5
4 General Requirements... 7
4.1 Requirements for Vehicle Data Security Management System... 7
4.2 General Requirements for Vehicle Data Processing... 9
5 Requirements for Personal Information Protection... 9
5.1 General Requirements for Personal Information Processing... 9
5.2 Individual Consent... 11
5.3 Collection of Personal Information... 12
5.4 Storage of Personal Information... 12
5.5 Use of Personal Information... 12
5.6 Transmission of Personal Information... 12
5.7 Deletion of Personal Information... 14
5.8 Outbound of Personal Information... 14
6 Requirements for Important Data Protection... 14
6.1 General Requirements for Important Data Processing... 14
6.2 Important Data Collection... 14
6.3 Storage of Important Data... 15
6.4 Use of Important Data... 15
6.5 Transmission of Important Data... 15
6.6 Deletion of Important Data... 15
6.7 Outbound of Important Data... 15
7 Audit, Evaluation and Test Requirements... 15
Appendix A (informative) Example of Vehicle Data Classification and Grading... 16
A.1 Principles of Data Classification and Grading... 16
A.2 Data Classification... 16
A.3 Data Classification... 16
A.4 Example of Personal Information Classification and Grading... 18
Appendix B (normative) Test Method for Anonymization of Personal Information... 20
B.1 Test Conditions... 20
B.2 Test Equipment... 20
General Requirements of Vehicle Data
1 Scope
This document specifies the general requirements, personal information protection
requirements, important data protection requirements, audit and evaluation, and test
requirements for data generated and collected during the R&D, design, production and
manufacturing processes of automotive products, and describes the corresponding test methods.
This document applies to automotive products and vehicle data processors.
2 Normative References
This document does not have normative references.
3 Terms and Definitions
The following terms and definitions are applicable to this document.
3.1 collect
The act of obtaining vehicle data in a certain mode.
3.2 vehicle data security management system vehicle data security management
system
A systematic approach to standardize the process of vehicle data processing activities to ensure
vehicle data security.
3.3 cabin data
Data that may contain personal information collected from the car cabin through various means,
such as: cameras, infrared sensors, fingerprint sensors or microphones, as well as data generated
after processing.
[source: GB/T 41871-2022, 3.6, modified]
3.4 personal information subject
The natural person identified by personal information.
[source: GB/T 35273-2020, 3.3, modified]
3.5 face object
system and adopt vehicle data security protection technical measures to ensure that vehicle data
is continuously effectively protected and legally used.
4.1.2 Vehicle data processors shall formulate vehicle data security objectives and policies,
analyze the internal and external environment of the vehicle data security management system,
and determine the boundaries and scope of application of the vehicle data security management
system.
4.1.3 Vehicle data processors shall establish a vehicle data security management institution and
determine the responsibilities of relevant personnel.
4.1.4 Vehicle data processors shall establish a vehicle data classification and grading system
and form a vehicle data asset management ledger.
NOTE: see Appendix A for an example of vehicle data classification and grading.
4.1.5 Vehicle data processors shall formulate specific hierarchical protection requirements and
operating procedures for data collection, storage, use, processing, transmission, provision,
disclosure, and deletion processes for the entire life cycle of vehicle data.
4.1.6 Vehicle data processors shall at least establish a data security process management system
for the entire life cycle of the vehicle, including R&D, design, production and manufacturing,
etc.
NOTE: other links, such as: operation, maintenance and scrapping, shall be implemented
accordingly.
4.1.7 If vehicle data processors need to store personal information and important data collected
and generated within the territory of the People’s Republic of China, it shall be stored within
the country; if it needs to be provided overseas, it shall pass the data outbound security
assessment.
4.1.8 Vehicle data processors shall establish a vehicle data security risk monitoring and incident
management system. When a vehicle data security risk is found, remedial measures shall be
immediately taken. When a vehicle data security incident occurs, disposal measures shall be
immediately taken, users shall be informed in a timely manner in accordance with regulations,
and a report shall be filed to the relevant competent authorities. In addition, in accordance with
regulations, risk assessments shall be regularly conducted on important data processing
activities, and risk assessment reports shall be submitted to the relevant competent authorities.
4.1.9 Vehicle data processors shall establish a complaint and reporting handling mechanism,
establish a data security complaint and reporting channel, and handle user complaints and
reports in a timely manner.
4.1.10 Vehicle data processors shall establish a data security management system for data
processing-related parties, including signing data security agreements and verifying data
security protection capabilities, etc.
4.2 General Requirements for Vehicle Data Processing
4.2.1 When processing personal information generated and collected during the R&D, design,
production and manufacturing processes of automotive products, vehicle data processors shall
comply with the requirements of Chapter 5, except for other circumstances specified in
mandatory national standards; automotive products shall have the corresponding capabilities to
ensure that vehicle data processors comply with the requirements of Chapter 5 or other
circumstances stipulated by laws, administrative regulations and mandatory national standards
when processing personal information.
4.2.2 Automotive products shall have the corresponding capabilities to ensure that when vehicle
data processors process personal information, in-vehicle processing and default non-collection
shall comply with the requirements of 5.1, the accuracy range shall comply with the
requirements of 5.3, the use of anonymization for desensitization treatment shall comply with
the requirements of 5.6, and the prominent notification shall comply with the requirements of
5.2.
4.2.3 When processing important data generated and collected during the R&D, design and
manufacturing of automotive products, vehicle data processors shall comply with the
requirements of Chapter 6, except for other circumstances specified in mandatory national
standards; automotive products shall have the corresponding capabilities to ensure that vehicle
data processors comply with the requirements of Chapter 6 or other circumstances stipulated
by laws, administrative regulations and mandatory national standards when processing
important data.
4.2.4 When the data generated and collected during the R&D, design, production and
manufacturing of automotive products processed by vehicle data processors is both personal
information and important data, it shall simultaneously comply with the requirements of
Chapter 5 and Chapter 6.
5 Requirements for Personal Information Protection
5.1 General Requirements for Personal Information Processing
5.1.1 When processing personal information, vehicle data processors shall hold clarified and
reasonable purposes, which shall be directly related to the purpose of processing and in a mode
that minimizes the impact on personal rights and interests. Unless the driver independently sets
it, the vehicle shall be set to not collect personal information by default; unless the consent of
the personal information subject is obtained, personal information shall not be provided to
outside the vehicle.
5.1.2 Under any of the following exceptions, the vehicle data processors may not obtain
individual consent for processing personal information:
---Used for functions necessary to protect the life, health and property safety of natural
persons in emergency situations;
5.2 Individual Consent
5.2.1 General requirements for individual consent
When processing personal information, vehicle data processors shall obtain individual consent;
when processing sensitive personal information, separate consent shall be obtained. The above
two circumstances shall be notified to individuals in at least one prominent mode, clearly
explaining the specific circumstances and necessity of processing personal information, and
providing convenient personal information management functions, such as: review, copy and
deletion, etc. The specific requirements are as follows.
---The notification mode may be selected from the user manuals, on-board display panels,
voice and application programs related to automotive use, etc.
---The notification content shall at least include:
the types of personal information processing and the necessity of processing each
type of personal information, including purposes, usage, and modes, etc.;
the specific circumstances, under which, various types of personal information are
collected, and the modes and channels of stopping collection;
The storage location and storage period of personal information, or the rules for
determining the storage location and storage period;
The modes and channels of reviewing and copying personal information and
deleting the personal information in the vehicle or request deletion of the personal
information that has been provided to outside the vehicle;
Name and contact information of the contact person for user rights matters;
Other matters that shall be notified as required by laws and administrative
regulations.
5.2.2 Options for obtaining individual consent
Vehicle data processors shall set up options for obtaining individual consent in accordance with
the following requirements:
---Provide modes for consent and refusal;
---Provide a channel of independently setting the consent period for processing sensitive
personal information, and the period shall not be set as always allowed or permanent.
5.2.3 Re-obtaining individual consent
5.2.3.1 Vehicle data processors shall process personal information within the period of consent
obtained. When the individual consent period expires, if the vehicle data processors still need
to continue personal information processing activities other than deletion, the individual
consent shall be re-obtained.
5.2.3.2 When the processing purposes and modes of personal information, and the types of
personal information processed change, the vehicle data processors shall re-obtain the
individual consent.
5.2.4 Withdrawal of individual consent
Vehicle data processors shall provide a channel of withdrawing individual consent.
5.3 Collection of Personal Information
5.3.1 When collecting personal information, vehicle data processors shall determine the
coverage and resolution of cameras and radars, etc. based on the data accuracy requirements of
the functional services provided.
5.3.2 If the same data collection equipment supports multiple functional services with different
requirements for data accuracy, at least one functional service shall comply with the
requirements of 5.3.1. For other functional services that do not comply with the requirements
of 5.3.1, the vehicle data processors shall provide a reasonable explanation.
5.4 Storage of Personal Information
5.4.1 Vehicles shall adopt secure access technology, encryption technology or other security
technologies to protect sensitive personal information stored in the vehicle and prevent
unauthorized access and acquisition.
5.4.2 Vehicles shall adopt security defense mechanisms to protect the vehicle identification
number (VIN) and other data stored in the vehicle for vehicle identification, and prevent
unauthorized deletion and modification.
NOTE: security defense mechanisms to prevent data from being deleted and modified without
authorization include secure access technology and read-only technology, etc.
5.5 Use of Personal Information
5.5.1 When using personal information, vehicle data processors shall take access control
measures to prevent unauthorized access to stored personal information.
5.5.2 Personal biometrics shall not be used as the only means to achieve personal identity
authentication.
5.6 Transmission of Personal Information
5.6.1 Requirements for transmission outside the vehicle
5.6.1.1 Vehicles shall implement confidentiality protection measures for sensitive personal
NOTE: for the calculation method for anonymization detection rate, see Appendix B.
5.6.2.2.2 Anonymization false detection rate
The anonymization false detection rate of face target and vehicle license plate target should be
less than or equal to 10%.
NOTE: for the calculation method for anonymization false detection rate, see Appendix C.
5.6.2.3 Anonymization effect
Face object and vehicle license plate object that satisfy the requirements of 5.6.2.1 and have
been anonymized shall not be recognizable.
5.7 Deletion of Personal Information
5.7.1 If an individual requests to delete sensitive personal information, the vehicle data
processor shall complete the deletion within 10 working days. If otherwise stipulated by laws
and administrative regulations, such provisions shall apply.
5.7.2 Deleted personal information shall be irretrievable and inaccessible.
5.8 Outbound of Personal Information
Vehicles shall not directly transmit personal information and other data overseas.
NOTE: this article does not restrict the autonomous behaviors of users, such as: using browsers to
visit overseas websites, using communication software to send messages overseas, and
independently installing third-party applications that may cause outbound data.
6 Requirements for Important Data Protection
6.1 General Requirements for Important Data Processing
When processing important data, vehicle data processors shall hold clarified and reasonable
purposes, which shall be directly related to the purpose of processing. Unless the driver
independently sets it, the vehicle shall be set to not collect important data by default and shall
not provide important data to outside the vehicle.
6.2 Important Data Collection
6.2.1 When collecting important data, vehicle data processors shall determine the coverage and
resolution of cameras and radars, etc. based on the data accuracy requirements of the functional
services provided.
6.2.2 If the same data collection equipment supports multiple functional services with different
requirements for data accuracy, at least one functional service shall comply with the
requirements of 6.2.1. For other functional services that do not comply with the requirements
of 6.2.1, the vehicle data processors shall provide a reasonable explanation.
6.3 Storage of Important Data
Vehicles shall adopt secure access technology, encryption technology or other security
technologies to protect important data stored in the vehicle and prevent unauthorized access
and acquisition.
6.4 Use of Important Data
When using important data, vehicle data processors shall take access control measures to
prevent unauthorized access to stored important data.
6.5 Transmission of Important Data
Vehicles shall implement confidentiality protection measures for important data sent outside
the vehicle.
6.6 Deletion of Important Data
Deleted important data shall be irretrievable and inaccessible.
6.7 Outbound of Important Data
Vehicles shall not directly transmit important data and other data overseas.
NOTE: this article does not restrict the autonomous behaviors of users, such as: using browsers to
visit overseas websites, using communication software to send messages overseas, and
independently installing third-party applications that may cause outbound data.
7 Audit, Evaluation and Test Requirements
7.1 Vehicle data processors shall pass the conformity evaluation that satisfies the requirements
of 4.1.
7.2 The vehicle shall be tested for anonymization of personal information in accordance with
Appendix B, and the vehicle shall be tested for processing personal information and important
data in accordance with Appendix D, and the corresponding requirements of each test shall be
satisfied.
7.3 Anonymization false detection rate tests should be conducted on vehicles in accordance
with Appendix C.
Vehicle data processors classify the data generated and collected during the R&D, design,
production and manufacturing processes of automotive products in accordance with the affected
objects and the degree of impact.
A.3.1.2 Affected objects
Affected objects refer to those affected by tampering, destruction, leakage, illegal acquisition,
and illegal utilization of data generated and collected during the R&D, design, production and
manufacturing processes of automotive products, including national security, industry security,
organizational security, and personal rights and interests, among which:
---The situation where the affected object is national security means that once the data is
leaked, tampered, destroyed or illegally acquired, it may have an impact on national
political security, national economic security, national public security, national resource
security, national scientific and technological security and national network security,
etc.;
---The situation where the affected object is industry security means that once the data is
leaked, tampered, destroyed or illegally acquired, it may have an impact on the security
of the automotive industry supply chain, key facilities and core technologies in the
automotive industry, etc.;
---The situation where the affected object is organizational security means that once the
data is leaked, tampered, destroyed or illegally acquired, it may have an impact on the
organization’s technical research and product development, organizational production
and manufacturing, and organizational operations, etc.;
---The situation where the affected object is personal rights and interests means that once
the data is leaked, tampered, destroyed or illegally acquired, it may lead to infringement
of the legitimate rights and interests of the personal information subject, such as: the
personal dignity or personal and property safety of the natural person.
A.3.1.3 Degree of impact
The degree of impact can be divided from high to low into serious harm, general harm, minor
harm, and no impact. When judging the degree of impact on different affected objects, different
criteria are used. If the affected object is national security or industry security, then, the overall
interests of the country, society or industry will be used as the basis for judging the degree of
impact; if the affected object is only the rights and interests of organizations or individuals, then,
the rights and interests of organizations or individual citizens will be used as the basis for
judging the degree of impact.
A.3.2 Classification method
The classification method for data generated and collected during the R&D, design, production
and manufacturing processes of automotive products is shown in Table A.1, which is divided
into core data, important data and general data. Among the important data, those related to
Appendix B
(normative)
Test Method for Anonymization of Personal Information
B.1 Test Conditions
B.1.1 A list of functions that require anonymization of personal information shall be provided
and the relevant sensor information involved in the anonymization shall be clearly stated.
B.1.2 Test vehicles that are subject to the anonymization of personal information shall meet the
following requirements:
---Have the capability to anonymize images or videos containing face object and license
plate object outside the vehicle and transmit them to outside the vehicle;
---Have clear conditions for enabling functions of anonymization and transmission to
outside the vehicle.
B.1.3 If the capability to provide anonymization area range files is available, the anonymization
area range files may include anonymization annotation areas, such as: rectangles, ellipses or
rotated rectangles, anonymization object properties (face object and vehicle license plate object)
and recording time.
B.2 Test Equipment
B.2.1 Test equipment record contents
During the test, additional test recording equipment shall be installed and recorded. At least the
following contents shall be recorded:
--Test timeline and test duration;
---Video information of the test vehicle’s surrounding environment.
B.2.2 Accuracy of test recording equipment
The resolution of the test recording equipment shall be no less than (1,920 × 1,080) pixels, and
the video sampling frame rate shall be at least 30 f/s.
B.2.3 Installation and operation of test recording equipment
The installation and operation of the test recording equipment shall not affect the original
configuration of the test vehicle and the normal operation of its personal information collection
and transmission functions.
B.2.4 Requirements for test result annotation capability
B.2.4.1 Requirements for image collections with annotation capabilities
Select 500 anonymized images and 500 non-anonymized images to form an image collection
for the verification of annotation capabilities. The image collection shall meet the following
requirements.
---For non-anonymized image collections:
Contain at least 200 face objects and 200 vehicle license plate objects;
Documentation with the true pixel values of each side length of each face object
and vehicle license plate object boundary frame;
Documentation with the true values of the visible range area of each face object.
---For anonymized image collections:
Contain at least 200 face objects and 200 vehicle license plate objects that have
been anonymized;
Documentation with the true pixel values of each side length of each face object
and vehicle license plate object boundary frame;
Documentation with the true values of the visible range area of each face object;
Documentation with the true values of the anonymization area and coverage rate
of each face object and vehicle license plate object that have been anonymized;
There are no identical images in the non-anonymized image collections.
NOTE: the images in the image collections are not collected during the test process.
B.2.4.2 Requirements for annotation accuracy
Before carrying out the image annotation in B.5.1, import the image collections that satisfy
B.2.4.1 and verify the annotation capabilities. The annotation accuracy shall meet the following
requirements.
---In the image collections that have not been anonymized, annotate the face boundary
frame of each image. When the true value of the minimum side length pixel of the face
boundary frame is greater than or equal to 27 pixels, calculate the ratio of the minimum
side length pixel annotation value of all boundary frames to the true value. The number
of boundary frames with the ratio greater than or equal to 0.9 and less than or equal to
1.1 accounts for more than 98% of the number of all face boundary frames.
---In the image collections that have not been anonymized, annotate the vehicle license
plate boundary frame of each image. When the true value of the minimum side length
pixel of the vehicle license plate boundary frame is greater than or equal to 11 pixels:
......
Source: Translated/reviewed by www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked Questions
- 1. How long will the true-PDF of English version of GB/T 44464-2024 be delivered?
- The full copy PDF of English version of GB/T 44464-2024 can be downloaded in 9 seconds, and it will also be emailed to you in 3 minutes typically (double mechanisms to ensure the delivery reliably), with PDF-invoice.
- 2. Can I share the purchased PDF of GB/T 44464-2024 (English) with my colleagues?
- Yes. The purchased PDF of GB/T 44464-2024 (English) will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.
- 3. Does the price include tax/VAT?
- Yes. Our tax invoice includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Please see the List of Avoidance of Double Taxation Agreements (DTAs) signed between Singapore and 100+ countries.
- 4. Do you accept my currency other than USD?
- Yes. Visit www.ChineseStandard.us — GB/T 44464-2024. Click this link and select your country/currency to pay; the exact amount in your currency will be printed on the invoice. The full PDF and invoice will also be downloaded/emailed instantly, following platform Shopify.com's intuitive and self-explained procedure.
How to Buy and Download a True PDF of GB/T 44464-2024 (English) in 9 Seconds
- Visit. Go to www.ChineseStandard.net/PDF.aspx/GBT44464-2024 (Master website, accepting USD only). For other currencies (EUR, KRW, JPY, GBP, AUD, CAD, etc.), please visit www.ChineseStandard.us/products/gbt44464-2024, see Note 1.
- Search (Optional). Enter the keyword "GB/T 44464-2024" in the search bar, if it is not already shown.
- Add to Cart. Click "Add to Cart". You may repeat steps 2 and 3 to add up to 12 PDF documents per transaction.
- Payment Agent (Gateway). Select your preferred payment gateway ( www.Stripe.com or www.PayPal.com).
- Invoice. Customize your Tax Invoice by entering your email address and billing details.
- Checkout. Click the "Checkout" button.
- Payment. Complete your payment via Credit Card, PayPal, Google Pay, or Apple Pay (securely processed by/at Stripe.com or PayPal.com).
- Instant Access. Typical delivery time: Less than 9 seconds; see Note 2. Because we utilize real-time asynchronous Webhooks, your order is processed before you even return to our site.
- Download. On the Return Page, click "Download" button to enter into the dedicated download page for securely accessing itemized PDF and Tax Invoice. See Note 3.
- Verification (USD 1.00 Trial). Want to experience our lightning-fast delivery first? Click here to purchase GB 38031-2020 for only USD 1.00 (the minimum checkout amount) to test the full 9-second procedure.
Visual Step-by-Step Screenshots
Reference guide for the steps above (with flowchart): Steps 1~9
Notes and Explanations
Note 1: www.ChineseStandard.us/products/gbt44464-2024 is hosted on well-known platform www.Shopify.com. Although the Shopify's purchasing procedure is different, it is deemed as intuitive and self-explained, both PDF and invoice can also be downloaded instantly after the payment.
Note 2: Our "9-second delivery" is powered by the Webhook protocol (first conceptualized by Jeff Lindsay in 2007). Like lightning arriving before thunder, our backend receives your payment confirmation via the 'Technical Edge' before your browser even finishes the redirect (your browser returns to www.ChineseStandard.net from the payment gateway).
Note 3: If you are unable to redirect back to our Return Page, do not worry. Additionally and independently, our automated system will still deliver your PDF and Invoice via email (the second mechanism to ensure the delivery), typically within 3 minutes. Once your payment is complete, you have two instant ways to access your PDF and invoice: you may stay on the Return Page for download in 9 seconds typically, or simply check your email inbox where a copy is automatically delivered in 3 minutes typically.