GB/T 44464-2024 General requirements of vehicle data
1 Scope
This document specifies the general requirements, personal information protection requirements, important data protection requirements, audit evaluation and test requirements of the data generated and collected in the process of research and development, design and manufacturing of vehicle products, and describes the corresponding test methods.
This document is applicable to the vehicle products and vehicle data processor.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
act for obtaining vehicle data by certain means
vehicle data security management system
systematic approach for regulating the process of vehicle data processing activities in order to ensure the security of vehicle data
cabin data
data that may contain personal information collected from vehicle cabins through cameras, infrared sensors, fingerprint sensors or microphones, and the data generated after processing the aforesaid data
[Source: GB/T 41871-2022, 3.6, modified]
personal information subject
the natural person identified by personal information
[Source: GB/T 35273-2020, 3.3, modified]
face object
part of the frontal head of a natural person between the uppermost brow and the bottom of the chin, and between the left ear and the right ear (excluding the ear)
face boundary frame
smallest or rotated rectangle covers the face object
Example: See Figure 1 for the schematic diagram of face boundary frame.
Figure 1 Schematic diagram of face boundary frame
vehicle license plate object
official motor vehicle license plate mounted on a vehicle and use metal as base material
Note: The sprayed and amplified license plate, temporary paper license plate for motor vehicles are excluded.
vehicle license plate boundary frame
smallest or rotated rectangle composed of the outer edge of the vehicle license plate object
mask covering rate
ratio of the area to be anonymized in the face or vehicle license plate boundary frame to the area of the entire bounding frame
Example: See Figure 2 for the schematic diagram of mask covering rate. The part covered by solid line is the face boundary frame area; the part covered by dashed line is the area that has been anonymized; the shadow part is the overlapped area between part covered by solid line and part covered by dashed line; the mask covering rate is the area ratio of the shadow part and the part covered by solid line.
Figure 2 Schematic diagram of mask covering rate
detection rate
percentage of the detected number of face objects or vehicle license plate objects to the number that shall be detected
Note 1: The detected number refers to the number of objects that has been anonymized according to the requirements of this document.
Note 2: The number that shall be detected refers to the number of objects that shall be anonymized according to the requirements of this document.
false detection rate
percentage of the false detection number of face objects or vehicle license plate objects to the detected number
Note 1: The detected number of objects refers to the number of objects that are marked as objects to be anonymised and have been anonymized.
Note 2: The false detection number refers to the number of detected objects that do not satisfy the definition of the anonymized object specified in this document.
4 General requirements
4.1 Requirements for vehicle data security management system
4.1.1 The vehicle data processor shall establish and implement the vehicle data security management system, take the vehicle data security protection technical measures, in order to ensure that the vehicle data is continuously in the state of effective protection and legal utilization.
Foreword i 1 Scope 2 Normative references 3 Terms and definitions 4 General requirements 4.1 Requirements for vehicle data security management system 4.2 General requirements for vehicle data processing 5 Personal information protection requirements 5.1 General requirements for personal information processing 5.2 Personal consent 5.3 Collection of personal information 5.4 Storage of personal information 5.5 Use of personal information 5.6 Transmission of personal information 5.7 Deletion of personal information 5.8 Transmission of personal information abroad 6 Requirements for protection of important data 6.1 General requirements for processing of important data 6.2 Collection of important data 6.3 Storage of important data 6.4 Use of important data 6.5 Transmission of important data 6.6 Deletion of important data 6.7 Transmission of important data aboard 7 Review evaluation and test requirements Annex A (Informative) Examples of vehicle data classification and grading A.1 Principles of data classification and grading A.2 Data classification A.3 Data grading A.4 Examples of personal information classification/grading Annex B (Normative) Test method for anonymization of personal information B.1 Test conditions B.2 Test equipment B.3 Procedures for test on anonymization performance requirements B.4 End conditions for test on anonymization performance requirements B.5 Processing of test results B.6 Evaluation of anonymization processing effect Annex C (Informative) Calculation method for false detection rate of anonymization C.1 Calculation method for false detection number of face object C.2 Calculation method for detection number of face objects C.3 Calculation method for false detection rate of face objects C.4 Calculation method for false detection number of vehicle license plate objects C.5 Calculation method for detection number of vehicle license plate objects C.6 Calculation method for false detection rate of vehicle license plate objects Annex D (Normative) Test methods for processing of personal information and important data D.1 Information on test input D.2 Test method for personal consent D.3 Test methods for collection of personal information and important data D.4 Test methods for storage of personal information and important data D.5 Test method for use of personal information D.6 Test methods for transmission of personal information and important data D.7 Test methods for deletion of personal information and important data D.8 Test methods for exit of personal information and important data Bibliography