Data Security


The more digitalized a car is, the more important the issue of effective data protection.

Why Data Security is Critical?

Data security and privacy are often viewed as compliance issues, driven by nascent regulatory data-protection mandates and consumers beginning to realize how much of their information is collected and used. With the rapid development and application of autonomous driving technology, automotive cyber and data security have been receiving more attention from countries all over the world and related industries, making it a basic consensus of major car-producing nations, such as the EU, the U.S., Japan, and China, to empower the growth of automotive industry with data resources.

Current Trends and Characteristics of Autonomous Vehicle Data Industry

The automotive industry is undergoing profound changes unseen in a century. Driven by a new round of information technology revolution and industrial changes, autonomous driving technology is developing rapidly, showing a transition from upgrading hardware to improving software application performance, therefore dramatically enhancing the demand for data. Automakers will be fully empowered through improvement of data full life cycle application, so as to promote auto industry’s transformation from the traditional product-centered system to a data-centered one.

  • Data has penetrated all aspects of autonomous driving R&D and services. Autonomous driving R&D requires massive data in all aspects, and during this process, companies have different needs for data at different stages.
  • Data has emerged as the basic element of autonomous driving service. Firstly, there is the TO-B data service. Data application subjects mainly include governments, automakers, insurance companies, online car-hailing, and leasing service providers, etc.; secondly, there is the TO-C data service, of which the application subjects are mainly the consumers, such as drivers or passengers which includes mainly some in-vehicle information applications to improve the drivers’ and passengers’ experience.

Framework of the Policies and Regulations System in China and the EU

There are currently no mature policies and regulations specifically on automotive data security management in China, but the relevant requirements stipulated in various multiple documents. With data application and security management as an emerging and fast-growing field, China is stepping up efforts in promulgating automotive data security policies and regulations, such as several Provisions on the Management of Automobile Data Security (for Trial Implementation).

The framework of China’s policies and regulations system concerning autonomous vehicle cybersecurity and data security falls into three levels: laws, administrative policies & regulations, and detailed regulations & rules, which are issued by the National People’s Congress, the State Council and all ministries and commissions. 


The EU has established relatively clear rules and requirements for cross-border data transfers under regulations such as the General Data Protection Regulation (GDPR) drafted by the EU. The European Free Flow of Data Initiative removes geographical restrictions on the storage and processing of non-personal data, reduces the differences in data protection rules among member states, and promotes free movement of data.

VDA China Activities

VDA China has been always committed to promoting the rational flow and industrial application of data within the legal framework. Therefore, VDA China stays continuous bilateral communication with its Chinese counterparts on laws, regulations, and standards, through joint workshops and research.