Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 44464-2024 PDF English

US$440.00 · In stock · Download in 9 seconds
GB/T 44464-2024: General requirements of vehicle data
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GB/T 44464-2024440 Add to Cart Auto, 9 seconds. General requirements of vehicle data Valid

Similar standards

GB/T 44461.1   GB/T 44433   GB/T 44461.2   

GB/T 44464-2024: General requirements of vehicle data

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT44464-2024
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 43.020 CCS T 40 General Requirements of Vehicle Data ISSUED ON: AUGUST 23, 2024 IMPLEMENTED ON: AUGUST 23, 2024 Issued by: State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.

Table of Contents

Foreword ... 4 1 Scope ... 5 2 Normative References ... 5 3 Terms and Definitions ... 5 4 General Requirements ... 7 4.1 Requirements for Vehicle Data Security Management System ... 7 4.2 General Requirements for Vehicle Data Processing ... 9 5 Requirements for Personal Information Protection ... 9 5.1 General Requirements for Personal Information Processing ... 9 5.2 Individual Consent ... 11 5.3 Collection of Personal Information ... 12 5.4 Storage of Personal Information ... 12 5.5 Use of Personal Information ... 12 5.6 Transmission of Personal Information ... 12 5.7 Deletion of Personal Information ... 14 5.8 Outbound of Personal Information ... 14 6 Requirements for Important Data Protection ... 14 6.1 General Requirements for Important Data Processing ... 14 6.2 Important Data Collection ... 14 6.3 Storage of Important Data ... 15 6.4 Use of Important Data ... 15 6.5 Transmission of Important Data ... 15 6.6 Deletion of Important Data ... 15 6.7 Outbound of Important Data ... 15 7 Audit, Evaluation and Test Requirements ... 15 Appendix A (informative) Example of Vehicle Data Classification and Grading ... 16 A.1 Principles of Data Classification and Grading ... 16 A.2 Data Classification ... 16 A.3 Data Classification ... 16 A.4 Example of Personal Information Classification and Grading... 18 Appendix B (normative) Test Method for Anonymization of Personal Information ... 20 B.1 Test Conditions ... 20 B.2 Test Equipment ... 20 General Requirements of Vehicle Data

1 Scope

This document specifies the general requirements, personal information protection requirements, important data protection requirements, audit and evaluation, and test requirements for data generated and collected during the R&D, design, production and manufacturing processes of automotive products, and describes the corresponding test methods. This document applies to automotive products and vehicle data processors.

2 Normative References

This document does not have normative references.

3 Terms and Definitions

The following terms and definitions are applicable to this document. 3.1 collect The act of obtaining vehicle data in a certain mode. 3.2 vehicle data security management system vehicle data security management system A systematic approach to standardize the process of vehicle data processing activities to ensure vehicle data security. 3.3 cabin data Data that may contain personal information collected from the car cabin through various means, such as: cameras, infrared sensors, fingerprint sensors or microphones, as well as data generated after processing. [source: GB/T 41871-2022, 3.6, modified] 3.4 personal information subject The natural person identified by personal information. [source: GB/T 35273-2020, 3.3, modified] 3.5 face object system and adopt vehicle data security protection technical measures to ensure that vehicle data is continuously effectively protected and legally used. 4.1.2 Vehicle data processors shall formulate vehicle data security objectives and policies, analyze the internal and external environment of the vehicle data security management system, and determine the boundaries and scope of application of the vehicle data security management system. 4.1.3 Vehicle data processors shall establish a vehicle data security management institution and determine the responsibilities of relevant personnel. 4.1.4 Vehicle data processors shall establish a vehicle data classification and grading system and form a vehicle data asset management ledger. NOTE: see Appendix A for an example of vehicle data classification and grading. 4.1.5 Vehicle data processors shall formulate specific hierarchical protection requirements and operating procedures for data collection, storage, use, processing, transmission, provision, disclosure, and deletion processes for the entire life cycle of vehicle data. 4.1.6 Vehicle data processors shall at least establish a data security process management system for the entire life cycle of the vehicle, including R&D, design, production and manufacturing, etc. NOTE: other links, such as: operation, maintenance and scrapping, shall be implemented accordingly. 4.1.7 If vehicle data processors need to store personal information and important data collected and generated within the territory of the People’s Republic of China, it shall be stored within the country; if it needs to be provided overseas, it shall pass the data outbound security assessment. 4.1.8 Vehicle data processors shall establish a vehicle data security risk monitoring and incident management system. When a vehicle data security risk is found, remedial measures shall be immediately taken. When a vehicle data security incident occurs, disposal measures shall be immediately taken, users shall be informed in a timely manner in accordance with regulations, and a report shall be filed to the relevant competent authorities. In addition, in accordance with regulations, risk assessments shall be regularly conducted on important data processing activities, and risk assessment reports shall be submitted to the relevant competent authorities. 4.1.9 Vehicle data processors shall establish a complaint and reporting handling mechanism, establish a data security complaint and reporting channel, and handle user complaints and reports in a timely manner. 4.1.10 Vehicle data processors shall establish a data security management system for data processing-related parties, including signing data security agreements and verifying data security protection capabilities, etc. 4.2 General Requirements for Vehicle Data Processing 4.2.1 When processing personal information generated and collected during the R&D, design, production and manufacturing processes of automotive products, vehicle data processors shall comply with the requirements of Chapter 5, except for other circumstances specified in mandatory national standards; automotive products shall have the corresponding capabilities to ensure that vehicle data processors comply with the requirements of Chapter 5 or other circumstances stipulated by laws, administrative regulations and mandatory national standards when processing personal information. 4.2.2 Automotive products shall have the corresponding capabilities to ensure that when vehicle data processors process personal information, in-vehicle processing and default non-collection shall comply with the requirements of 5.1, the accuracy range shall comply with the requirements of 5.3, the use of anonymization for desensitization treatment shall comply with the requirements of 5.6, and the prominent notification shall comply with the requirements of 5.2. 4.2.3 When processing important data generated and collected during the R&D, design and manufacturing of automotive products, vehicle data processors shall comply with the requirements of Chapter 6, except for other circumstances specified in mandatory national standards; automotive products shall have the corresponding capabilities to ensure that vehicle data processors comply with the requirements of Chapter 6 or other circumstances stipulated by laws, administrative regulations and mandatory national standards when processing important data. 4.2.4 When the data generated and collected during the R&D, design, production and manufacturing of automotive products processed by vehicle data processors is both personal information and important data, it shall simultaneously comply with the requirements of Chapter 5 and Chapter 6.

5 Requirements for Personal Information Protection

5.1 General Requirements for Personal Information Processing 5.1.1 When processing personal information, vehicle data processors shall hold clarified and reasonable purposes, which shall be directly related to the purpose of processing and in a mode that minimizes the impact on personal rights and interests. Unless the driver independently sets it, the vehicle shall be set to not collect personal information by default; unless the consent of the personal information subject is obtained, personal information shall not be provided to outside the vehicle. 5.1.2 Under any of the following exceptions, the vehicle data processors may not obtain individual consent for processing personal information: ---Used for functions necessary to protect the life, health and property safety of natural persons in emergency situations; 5.2 Individual Consent 5.2.1 General requirements for individual consent When processing personal information, vehicle data processors shall obtain individual consent; when processing sensitive personal information, separate consent shall be obtained. The above two circumstances shall be notified to individuals in at least one prominent mode, clearly explaining the specific circumstances and necessity of processing personal information, and providing convenient personal information management functions, such as: review, copy and deletion, etc. The specific requirements are as follows. ---The notification mode may be selected from the user manuals, on-board display panels, voice and application programs related to automotive use, etc. ---The notification content shall at least include:  the types of personal information processing and the necessity of processing each type of personal information, including purposes, usage, and modes, etc.;  the specific circumstances, under which, various types of personal information are collected, and the modes and channels of stopping collection;  The storage location and storage period of personal information, or the rules for determining the storage location and storage period;  The modes and channels of reviewing and copying personal information and deleting the personal information in the vehicle or request deletion of the personal information that has been provided to outside the vehicle;  Name and contact information of the contact person for user rights matters;  Other matters that shall be notified as required by laws and administrative regulations. 5.2.2 Options for obtaining individual consent Vehicle data processors shall set up options for obtaining individual consent in accordance with the following requirements: ---Provide modes for consent and refusal; ---Provide a channel of independently setting the consent period for processing sensitive personal information, and the period shall not be set as always allowed or permanent. 5.2.3 Re-obtaining individual consent 5.2.3.1 Vehicle data processors shall process personal information within the period of consent obtained. When the individual consent period expires, if the vehicle data processors still need to continue personal information processing activities other than deletion, the individual consent shall be re-obtained. 5.2.3.2 When the processing purposes and modes of personal information, and the types of personal information processed change, the vehicle data processors shall re-obtain the individual consent. 5.2.4 Withdrawal of individual consent Vehicle data processors shall provide a channel of withdrawing individual consent. 5.3 Collection of Personal Information 5.3.1 When collecting personal information, vehicle data processors shall determine the coverage and resolution of cameras and radars, etc. based on the data accuracy requirements of the functional services provided. 5.3.2 If the same data collection equipment supports multiple functional services with different requirements for data accuracy, at least one functional service shall comply with the requirements of 5.3.1. For other functional services that do not comply with the requirements of 5.3.1, the vehicle data processors shall provide a reasonable explanation. 5.4 Storage of Personal Information 5.4.1 Vehicles shall adopt secure access technology, encryption technology or other security technologies to protect sensitive personal information stored in the vehicle and prevent unauthorized access and acquisition. 5.4.2 Vehicles shall adopt security defense mechanisms to protect the vehicle identification number (VIN) and other data stored in the vehicle for vehicle identification, and prevent unauthorized deletion and modification. NOTE: security defense mechanisms to prevent data from being deleted and modified without authorization include secure access technology and read-only technology, etc. 5.5 Use of Personal Information 5.5.1 When using personal information, vehicle data processors shall take access control measures to prevent unauthorized access to stored personal information. 5.5.2 Personal biometrics shall not be used as the only means to achieve personal identity authentication. 5.6 Transmission of Personal Information 5.6.1 Requirements for transmission outside the vehicle 5.6.1.1 Vehicles shall implement confidentiality protection measures for sensitive personal NOTE: for the calculation method for anonymization detection rate, see Appendix B. 5.6.2.2.2 Anonymization false detection rate The anonymization false detection rate of face target and vehicle license plate target should be less than or equal to 10%. NOTE: for the calculation method for anonymization false detection rate, see Appendix C. 5.6.2.3 Anonymization effect Face object and vehicle license plate object that satisfy the requirements of 5.6.2.1 and have been anonymized shall not be recognizable. 5.7 Deletion of Personal Information 5.7.1 If an individual requests to delete sensitive personal information, the vehicle data processor shall complete the deletion within 10 working days. If otherwise stipulated by laws and administrative regulations, such provisions shall apply. 5.7.2 Deleted personal information shall be irretrievable and inaccessible. 5.8 Outbound of Personal Information Vehicles shall not directly transmit personal information and other data overseas. NOTE: this article does not restrict the autonomous behaviors of users, such as: using browsers to visit overseas websites, using communication software to send messages overseas, and independently installing third-party applications that may cause outbound data.

6 Requirements for Important Data Protection

6.1 General Requirements for Important Data Processing When processing important data, vehicle data processors shall hold clarified and reasonable purposes, which shall be directly related to the purpose of processing. Unless the driver independently sets it, the vehicle shall be set to not collect important data by default and shall not provide important data to outside the vehicle. 6.2 Important Data Collection 6.2.1 When collecting important data, vehicle data processors shall determine the coverage and resolution of cameras and radars, etc. based on the data accuracy requirements of the functional services provided. 6.2.2 If the same data collection equipment supports multiple functional services with different requirements for data accuracy, at least one functional service shall comply with the requirements of 6.2.1. For other functional services that do not comply with the requirements of 6.2.1, the vehicle data processors shall provide a reasonable explanation. 6.3 Storage of Important Data Vehicles shall adopt secure access technology, encryption technology or other security technologies to protect important data stored in the vehicle and prevent unauthorized access and acquisition. 6.4 Use of Important Data When using important data, vehicle data processors shall take access control measures to prevent unauthorized access to stored important data. 6.5 Transmission of Important Data Vehicles shall implement confidentiality protection measures for important data sent outside the vehicle. 6.6 Deletion of Important Data Deleted important data shall be irretrievable and inaccessible. 6.7 Outbound of Important Data Vehicles shall not directly transmit important data and other data overseas. NOTE: this article does not restrict the autonomous behaviors of users, such as: using browsers to visit overseas websites, using communication software to send messages overseas, and independently installing third-party applications that may cause outbound data.

7 Audit, Evaluation and Test Requirements

7.1 Vehicle data processors shall pass the conformity evaluation that satisfies the requirements of 4.1. 7.2 The vehicle shall be tested for anonymization of personal information in accordance with Appendix B, and the vehicle shall be tested for processing personal information and important data in accordance with Appendix D, and the corresponding requirements of each test shall be satisfied. 7.3 Anonymization false detection rate tests should be conducted on vehicles in accordance with Appendix C. Vehicle data processors classify the data generated and collected during the R&D, design, production and manufacturing processes of automotive products in accordance with the affected objects and the degree of impact. A.3.1.2 Affected objects Affected objects refer to those affected by tampering, destruction, leakage, illegal acquisition, and illegal utilization of data generated and collected during the R&D, design, production and manufacturing processes of automotive products, including national security, industry security, organizational security, and personal rights and interests, among which: ---The situation where the affected object is national security means that once the data is leaked, tampered, destroyed or illegally acquired, it may have an impact on national political security, national economic security, national public security, national resource security, national scientific and technological security and national network security, etc.; ---The situation where the affected object is industry security means that once the data is leaked, tampered, destroyed or illegally acquired, it may have an impact on the security of the automotive industry supply chain, key facilities and core technologies in the automotive industry, etc.; ---The situation where the affected object is organizational security means that once the data is leaked, tampered, destroyed or illegally acquired, it may have an impact on the organization’s technical research and product development, organizational production and manufacturing, and organizational operations, etc.; ---The situation where the affected object is personal rights and interests means that once the data is leaked, tampered, destroyed or illegally acquired, it may lead to infringement of the legitimate rights and interests of the personal information subject, such as: the personal dignity or personal and property safety of the natural person. A.3.1.3 Degree of impact The degree of impact can be divided from high to low into serious harm, general harm, minor harm, and no impact. When judging the degree of impact on different affected objects, different criteria are used. If the affected object is national security or industry security, then, the overall interests of the country, society or industry will be used as the basis for judging the degree of impact; if the affected object is only the rights and interests of organizations or individuals, then, the rights and interests of organizations or individual citizens will be used as the basis for judging the degree of impact. A.3.2 Classification method The classification method for data generated and collected during the R&D, design, production and manufacturing processes of automotive products is shown in Table A.1, which is divided into core data, important data and general data. Among the important data, those related to

Appendix B

(normative) Test Method for Anonymization of Personal Information B.1 Test Conditions B.1.1 A list of functions that require anonymization of personal information shall be provided and the relevant sensor information involved in the anonymization shall be clearly stated. B.1.2 Test vehicles that are subject to the anonymization of personal information shall meet the following requirements: ---Have the capability to anonymize images or videos containing face object and license plate object outside the vehicle and transmit them to outside the vehicle; ---Have clear conditions for enabling functions of anonymization and transmission to outside the vehicle. B.1.3 If the capability to provide anonymization area range files is available, the anonymization area range files may include anonymization annotation areas, such as: rectangles, ellipses or rotated rectangles, anonymization object properties (face object and vehicle license plate object) and recording time. B.2 Test Equipment B.2.1 Test equipment record contents During the test, additional test recording equipment shall be installed and recorded. At least the following contents shall be recorded: --Test timeline and test duration; ---Video information of the test vehicle’s surrounding environment. B.2.2 Accuracy of test recording equipment The resolution of the test recording equipment shall be no less than (1,920 × 1,080) pixels, and the video sampling frame rate shall be at least 30 f/s. B.2.3 Installation and operation of test recording equipment The installation and operation of the test recording equipment shall not affect the original configuration of the test vehicle and the normal operation of its personal information collection and transmission functions. B.2.4 Requirements for test result annotation capability B.2.4.1 Requirements for image collections with annotation capabilities Select 500 anonymized images and 500 non-anonymized images to form an image collection for the verification of annotation capabilities. The image collection shall meet the following requirements. ---For non-anonymized image collections:  Contain at least 200 face objects and 200 vehicle license plate objects;  Documentation with the true pixel values of each side length of each face object and vehicle license plate object boundary frame;  Documentation with the true values of the visible range area of each face object. ---For anonymized image collections:  Contain at least 200 face objects and 200 vehicle license plate objects that have been anonymized;  Documentation with the true pixel values of each side length of each face object and vehicle license plate object boundary frame;  Documentation with the true values of the visible range area of each face object;  Documentation with the true values of the anonymization area and coverage rate of each face object and vehicle license plate object that have been anonymized;  There are no identical images in the non-anonymized image collections. NOTE: the images in the image collections are not collected during the test process. B.2.4.2 Requirements for annotation accuracy Before carrying out the image annotation in B.5.1, import the image collections that satisfy B.2.4.1 and verify the annotation capabilities. The annotation accuracy shall meet the following requirements. ---In the image collections that have not been anonymized, annotate the face boundary frame of each image. When the true value of the minimum side length pixel of the face boundary frame is greater than or equal to 27 pixels, calculate the ratio of the minimum side length pixel annotation value of all boundary frames to the true value. The number of boundary frames with the ratio greater than or equal to 0.9 and less than or equal to 1.1 accounts for more than 98% of the number of all face boundary frames. ---In the image collections that have not been anonymized, annotate the vehicle license plate boundary frame of each image. When the true value of the minimum side length pixel of the vehicle license plate boundary frame is greater than or equal to 11 pixels: ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GB/T 44464-2024 be delivered?Answer: The full copy PDF of English version of GB/T 44464-2024 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 44464-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 44464-2024_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 44464-2024 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 44464-2024?

A step-by-step guide to download PDF of GB/T 44464-2024_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 44464-2024".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9