Security Risks and Compliance Recommendations for the Export of Automotive Data

Recently, the Ministry of State Security issued a safety reminder, pointing out that certain overseas mapping companies are luring domestic personnel to illegally collect sensitive geographic information data through virtual currency rewards. Some individuals, due to a lack of security awareness, unknowingly become accomplices in illegal data collection.

It is worth noting that blockchain mapping projects like Hivemapper are developing rapidly. Hivemapper has mapped 10% of the world's roads in just one year. While the application of new technologies has made geographic navigation more precise, it has also increased the risk of sensitive data leakage.

This article takes Hivemapper as an example to analyze the data security risks during its operation process, and provides suggestions on the compliance construction of relevant enterprises from the perspective of China's data security laws.

The Operating Principle of Hivemapper

Hivemapper is a blockchain-based mapping network. Users can collect data by installing dashcams and receive HONEY token rewards. The project innovatively builds a global map, allowing users to collaboratively create maps through dashcams.

The features of Hivemapper include:

1. Lower cost - Collect data through daily travel to reduce the cost of map services.

2. More timely updates - The more participants there are, the more frequently the mapping at the same location occurs.

3. Higher quality - Compared to traditional methods, more high-quality images can be obtained.

Hivemapper adopts a "Drive to Earn" model, where users only need to drive and collect images to earn HONEY token rewards.

Data Security Risks Involved in the Hivemapper Project

The core of projects like Hivemapper lies in the cross-border flow of automotive data. However, this has also raised concerns about data security protection and regulation.

From a vertical perspective, the risks of cross-border flow of automotive data involve multiple levels:

1. Personal information security aspect: may involve directly or indirectly identifiable personal information, including sensitive personal information.

2. Business Development Level: Data analysis is key for enterprises to understand customer needs and enhance competitiveness, often involving trade secrets.

3. National Security Aspect: The sensitive information contained in geospatial information data, once leaked, may threaten national security.

From a horizontal perspective, cross-border data flow involves multiple links, with risks being dispersed and dynamic:

1. Data collection phase: facing risks such as unauthorized collection and unclear classification and grading.

2. Data transmission and storage stages: There are risks of data damage, tampering, leakage, and so on.

3. Data application stage: facing risks such as data misuse and unauthorized access.

Automotive Data Export Security Compliance Recommendations

For the security of automotive data going abroad, it is recommended that enterprises:

1. Develop a data classification and grading inventory, carefully guiding the data sorting and identification work. Set corresponding cross-border flow management measures for different types and levels of data.

2. Establish a data export security assessment system, form an assessment team, and create internal self-assessment tools. Plan for data export and maintain communication with the competent authorities.

3. Establish an outbound risk self-assessment mechanism to dynamically monitor risks. Regularly conduct risk assessments and compliance self-inspections, and pay timely attention to regulatory trends.

4. Require the overseas recipient to provide information on data security protection capabilities and the legal environment of the location, and assist in the data security assessment work.