Recently, a certain brand car had a serious traffic accident in Qingyuan, Guangdong. In the ** and middle cases circulating on the Internet, the roof of the accident vehicle was almost completely lifted, and the A and B pillars were suspected to be broken.
After the incident, the official account of the brand car involved responded many times, announcing the above-mentioned accident-related **, saying that combined with the preliminary analysis of the background data of the vehicle, the vehicle did not turn on the auxiliary driving function during driving, and 3 seconds before the collision, the speed reached 178 kilometers per hour, and the driver took braking measures, and finally rear-ended the truck in front at a speed of 96 kilometers per hour, and rushed out of the road after drilling under the truck.
Regarding the response of the car company, many netizens questioned: After the accident, did the car company obtain the authorization of the car owner?If it is unauthorized, can the accident car driving record be made public**??Is this an invasion of personal privacy?How to ensure the security of vehicle data?
Earlier than the announcement of the Bulletin
It is reported that the traffic accident occurred at about 21 o'clock on December 21, when a brand car drove to the accident section, it collided with a heavy semi-trailer tractor in front, resulting in the death of the car driver and a passenger, and the injury of another passenger.
After the accident and before the Qingyuan traffic police issued a notice on December 25, the brand car companies involved spoke out through their official social accounts one after another, expressing "great sadness and regret" for the personnel caused by the accident. The vehicle triggers the on-board emergency alarm call system, and after many calls to the user without feedback, the staff rushed to the scene for support as soon as possible. At the same time, through the text description and the publication of the driving record**, the situation at the time of the vehicle collision accident is explained: 3 seconds before the collision, the driver takes braking measures when the vehicle is at a speed of 178 kilometers per hour, and the vehicle rear-ends a large truck at a speed of 96 kilometers per hour.
Under the relevant ** when the car company announced the incident, some netizens left a message saying that the car before the incident was announced, whether the consent of the parties was obtained?Should there be boundaries for car companies to publish information such as vehicle driving data?Is this an invasion of privacy?
In response to the car company's behavior of disclosing the accident vehicle driving ** in this incident, Guo Qing, a partner of Beijing Anli Law Firm, analyzed that the car company did not clearly state whether it had obtained the authorization of the car owner before the public announcement. In reality, it is not uncommon for the driver to be someone else, and the owner is someone else. It is unclear whether the deceased driver is the owner of the car himself, so based on the limited information available on the current network, it is not yet possible to determine whether it is illegal for a car company to drive publicly**.
However, it can be made clear that if the car company does not obtain the prior consent of the car owner, it will violate the provisions of the Several Provisions on the Security Management of Automotive Data (for Trial Implementation) that 'the processing of personal information by the automobile data processor shall obtain the consent of the individual or comply with other circumstances stipulated by laws and administrative regulations'. Guo Qing said that in addition, in accordance with the "Several Provisions on the Security Management of Automotive Data (Trial)", automotive data should be reasonably and effectively used in accordance with the law, and automotive data processors should adhere to the principle of in-vehicle processing in carrying out automotive data processing activities, unless it is really necessary not to provide it outside the car.
Public driving records should be authorized
After this incident, many car owners of the brand expressed concerns about personal driving privacy. Mr. Li, the owner of the car, told the "Rule of Law**" reporter that after the incident, he found the sales of the car company to inquire about the matter, and the sales responded that the driving records are stored in the USB flash drive that comes with the car, and the data needs the authorization and consent of the owner to be uploaded, but it does not include the movement track, and there is no recording function.
However, Mr. Li did not find the authorization option on the car or the app. "In this incident, the driver of the accident vehicle died, but the car company was still able to obtain and publish the driving record as soon as possible**, and the privacy information protection of the owner is worrying. ”
The reporter consulted the "User Privacy Policy" on the official website of the car company, which clearly wrote: "We need to collect and process vehicle data related to the use, operation and condition of the vehicle through the supporting on-board sensing equipment of the automotive product, including the vehicle VIN code, vehicle driving status data, ......."In accordance with the provisions of laws and regulations, we will store your personal information collected and generated in the course of domestic operations in the People's Republic of China, located in a data center in Beijing controlled by us. ”
Guo Qing told reporters that the dash cam can record the vehicle at which time and in which sections, and some of the content recorded by the camera and microphone in the car will constitute personal privacy, because the space in the car is relatively private, involving private life, and usually does not want others to know.
Xie Lianjie, director of the Internet Legal Affairs Department of Beijing Yingke (Shanghai) Law Firm, believes that car companies should obtain the authorization of users to collect and disclose dashcam data, otherwise they are suspected of violating laws and regulations such as the Civil Code, personal information protection, and several provisions on automotive data security management (trial), which are not only suspected of violating the user's privacy rights, but also suspected of illegal processing of personal information. Specific to this incident, the car company should explain whether the dashcam data is in the cloud or the user side. If the data is in the cloud, the car company should explain whether the data is uploaded to the cloud with the user's authorization, and whether the user's authorization includes the disclosure of dashcam informationIf the data is on the user's side, the car company should explain whether the tachograph data collected and disclosed from the user's side after the incident occurs, and whether the user has authorized it.
Establish a system to protect data security
The interviewed experts all said that car companies must have boundaries for collecting and applying car owners' driving information, and must protect the personal privacy of car owners and handle the information and data generated in the process of driving in accordance with laws and regulations.
*Zhu Xiaofeng, a professor at the School of Law of the University of Finance and Economics, said that if the processing of the private data of car owners by car companies causes damage to the legitimate rights and interests of users or the public interest, the car data processor shall bear corresponding responsibilities in accordance with the law. Where automotive data processors violate the "Several Provisions on the Security Management of Automotive Data (Provisional)", the relevant departments such as for internet information, industry and information technology, public security, and transportation at the provincial level or above are to punish them in accordance with the provisions of the Cybersecurity Law, the Data Security Law, and other laws and administrative regulations;where a crime is constituted, criminal responsibility is pursued in accordance with law.
Guo Qing said that if a car company violates personal privacy when processing private data and causes losses to individuals, it should bear civil liability such as compensation for moral damages and economic lossesIf there is a clear privacy protection clause between the car company and the car owner when signing the car purchase contract, the privacy infringement may violate the contract, and the car company needs to bear the corresponding responsibilities in accordance with the terms of the contract. In addition, privacy violations can affect consumer trust and can lead to reputational damage.
So, how should car companies protect the personal privacy information of car owners?
Xie Lianjie said that car companies should not only comply with general laws such as the Civil Code, Data Security Law, and Personal Information Protection, but also need to comply with special laws for the automotive industry such as Several Provisions on Automotive Data Security Management (Trial). According to the above-mentioned laws, car companies should not only establish various internal systems to ensure data security, but also take various technical measures to protect data security, and inform users of relevant matters through user manuals, in-vehicle display panels, voice, car use-related applications, etc., and obtain users' consent if necessary. In addition, car companies are required to regularly take measures such as personal information compliance audits to ensure data security.
Guo Qing believes that from the perspective of car companies, they should first ensure that car owners are informed and agree to the purpose, scope and method of collecting and using their personal information, and respect the main rights of car owners. Second, car companies should take reasonable technical and organizational measures to prevent unauthorized access, use, disclosure, modification, damage or loss of vehicle owners' personal information.
Relevant law enforcement authorities should strengthen supervision, regularly conduct security assessments of car companies' handling of relevant data, and promptly punish violations of laws and regulations such as unauthorized publication and use of data. Guo Qing said.
Comic Li Xiaojun
*:Rule of law**.