From the previous analysis, it can be seen that the “Several Provisions on the Security Management of Automobile Data (Draft for Comment)” carries out the supervision logic according to the dimensions of personal information and important data, which reflects the supervision responsibility of the Central Cyberspace Administration of China for data. Specifically:

Personal information

(Defined as: “Personal information referred to in these regulations includes personal information of vehicle owners, drivers, passengers, pedestrians, etc., as well as various information that can infer personal identity, describe personal behavior, etc.”)

Sensitive Personal Information

(Defined as: including vehicle location, driver or passenger audio and video, etc., as well as data that can be used to judge illegal driving, etc.)

biometric data

(Defined as: driver’s fingerprint, voiceprint, face, heart rate, etc.)

important data

(1) Data on the flow of people and vehicles in important sensitive areas such as military administrative areas, national defense science and industry units, and party and government organs at or above the county level that involve state secrets;

(2) Surveying and mapping data that is higher than the accuracy of the maps publicly released by the state;

(3) The operation data of the vehicle charging network;

(4) Data on the type of vehicles on the road, vehicle flow, etc.;

(5) Out-of-vehicle audio and video data including faces, voices, license plates, etc.;

(6) Other data that may affect national security and public interests as specified by the national cybersecurity and informatization department and relevant departments of the State Council.

So, how much data can connected vehicles collect and generate? And is there a more accepted way of describing data types in the industry? Gonghaojun has done some superficial research recently and share it with you.

A classification method for American industry

1. Most vehicles have already started collecting and producing data

Event Data Recorders (EDR)

EDR has been integrated into automobiles since the 1990s, and more than 90% of vehicles now have EDR installed. The EDR records technical information about the vehicle’s operation in the seconds before and after the collision. This information includes speed, accelerator and brake position, seat belt usage, and whether airbags are deployed. EDRs are designed to provide critical information to car crash investigators and others. Access to EDR information requires physical access to the vehicle, as well as specific EDR reading tools, in addition to meeting any country-specific consent requirements. If equipped with EDR, the vehicle’s systems must meet certain federal requirements, and other laws regarding ownership of EDR data vary from state to state.

On-Board Diagnostic Information

All vehicles manufactured after 1996 are required by law to have an on-board diagnostic port, or “OBD-II.” The OBD-II port is usually located under the dashboard on the driver’s side of a car, and the information it contains can be retrieved by plugging a compatible device into the port. This port can access information to help service technicians measure emissions, diagnose performance issues, or repair your vehicle. Owners may also choose to plug a third-party device into the OBD-II port of some vehicles to collect or share information about their vehicle with a third party of their choice (for example, to work with their insurance company for safe driving discounts). The available information may include driver behavior information (how fast you drive, how hard you hit the brakes, etc.) and geolocation data (where you are, your path, and your speed).

2. More advanced vehicles have begun to collect and generate data

location information

Navigation and related systems may collect the location of the vehicle and destination in order to deliver the driver and passengers to the destination.

external information

Modern cars may contain cameras and sensors that gather information about the car’s surroundings. These sensors can detect road or weather conditions, lane markings and obstacles, surrounding traffic, and more. Key technologies that rely on this external environmental information include blind spot detection, lane departure warning, assisted braking and rear parking detection.

in-cabin information

Many vehicles today also contain sensors in the cabin. Microphones, cameras and other devices may record information about people in the vehicle. These sensors may be required to communicate with emergency services, or utilize features such as speakerphones.

user recognition

Some systems identify users by physical features such as fingerprints or faces, so there may be biological or biometric information about the user. Biometric information can also be used to determine who the driver is and adjust the system accordingly. For example, instead of requiring the driver to press a seat position button, the seat can automatically adjust after the driver’s face is recognized by sensors located in the vehicle. These technologies can also track eye movements and detect driver attention to determine if the driver is asleep while driving.

Applications (Apps)

Your vehicle may include interfaces to third-party systems such as Apple CarPlay, Android Auto, or other services. The vehicle may also allow an interface between the app on the phone and the vehicle. Enabling applications provided through these interfaces, or using applications that interact with the car on the phone, may result in exposure of car data to these third-party application providers. These suppliers have their own policies on what information they collect and what they do with it.

other

Automakers and their technology partners are constantly updating and improving cars. The sensors, capabilities and data collected today may be very different tomorrow.

A taxonomy of Australian industry

The Australian National Transport Commission proposed the following classifications in a 2020 paper:

Motion/positioning data: The precise geographic location of the vehicle (location, timestamp, orientation).

Event/Action Data: The operating functions of the vehicle, including but not limited to the activation of the Anti-lock Braking System (ABS), Electronic Stability Control (ESC) sensors, activation of windshield wipers or hazard lights.

Driving behavior: Information about the driver’s physical state (e.g. eye movements) or how a person drives the vehicle (speed, acceleration, seat belt status, hard braking, lane departure events). This information may come directly from the vehicle’s systems or derived information.

Crash Analysis: Data stored and recorded in an Event Data Recorder (EDR) or Data Storage System for Autonomous Driving (DSSAD) for road safety and user information. This may also include other sensor data that is not currently stored on the vehicle, but is stored remotely by the vehicle data server.

Crash Response: Crash data information triggered by airbag deployment and sent to public authorities for emergency crash response (eCall or Automatic Collision Notification System)

Asset Sensing: Data about how a car perceives its remote environment, including infrastructure and other road users. For example, radar/lidar/machine vision, tire pressure, or packets of information derived from that data. This can be used to indicate potholes or deterioration of the road surface.

V2X information: Data packets generated by a vehicle, in a structured format, that can be consumed by other vehicles or devices, or by infrastructure. mainly:

Cooperative Awareness Information (CAM) – Location Data

Decentralized Event Notification Message (DENM) – Danger Warning

Signal Request Message (SRM) – Green Light Request

Signal Phase and Time, MAP (Road Geometry Information), Vehicle Signs

Autonomous driving: It is not entirely clear what data is produced by the autonomous driving system, or how it will be reported. We speculate that it may include safety reporting obligation requirements, vehicle handover requests, or data related to areas of vehicle operation design.

simple analysis discussion

The above classification is basically carried out from the perspective of objective description. But we also know the importance of data classification from the perspective of data security management[Data Classification Research from the Perspective of Data Security Management: Full Text of the Research Report][Understanding and Cognition of the “Data Security Law” | Data Classification and Classification].

Therefore, when carrying out the safety standardization of connected vehicles in the future, the first step is to map the objective data classification of the industry to the data classification proposed from the perspective of data security management.

This work is a kind of art in a sense, not just a simple engineering work. (Finish)