GDPR-Compliant Solutions: Anonymization for Law Enforcement Image Collection
Chinese-OEMs show strong momentum in the EU market
In recent years, the global automotive industry has been undergoing an important transformation, driven by the advancement of sustainable and intelligent technologies. The expansive adoption of new energy vehicles (NEVs) and the continuous development of autonomous driving are reshaping the industry, signalling the arrival of a high- tech era of mobility.
Against this background, Chinese automotives has emerged as a key player on the global stage. Capitalizing on the technological transformation of the industry, Chinese OEMs are making significant paces, driving innovation and accelerating their global expansion. A growing number of Chinese brands are expanding their global footprint, especially in the European market. Leading brands such as BYD, NIO, XPENG and many more are accelerating their overseas strategies. The European market is a crucial part of these external markets.
Local deployment challenges in the EU market
To adapt to the local market in Europe, Chinese OEMs face multiple challenges. One of the biggest challenges is the strict regulatory environment. The EU enforces a comprehensive set of requirements for vehicles sold in its market, encompassing rules like EU General Safety Regulation (GSR), General Data Protection Regulation (GDPR), Whole Vehicle Type Approval (WVTA), European Emission Standard 6 (Euro 6) and so on. These regulations undoubtedly add more barriers to the company.
It is worth noting that GDPR is a critical regulation requiring close attention from OEMs. This regulation warrants closer attention from the automotive industry, especially in the context of autonomous driving scenarios. The law strictly protects individuals’ personal data and applies to any organization that collects, processes, and stores data in the EU, regardless of its headquarters’ location. It aims to protect personal data by establishing comprehensive compliance requirements, and some important rules like:
More importantly, GDPR imposes strict penalties on non-compliant companies, with fines reaching up to 4% of global annual turnover or €20 million, whichever is higher. This can result in extremely serious consequences for the organizations.
Capturing local data without sufficient measures may violate GDPR
Chinese OEMs have various scenarios involving road data collection in their business development in Europe. For example, local driving data is collected to train intelligent driving algorithms to ensure that vehicles can recognize European traffic signs and road regulations, thereby preventing illegal driving and securing safety. Besides that, GSR mandates that all new cars sold in the EU to be equipped with certain assistance features such as ADAS, DDAW and ISA. In this case, the C-OEMs must conduct massive real-world validation to assess vehicle performance in European driving environments. However, during this data collection and field-testing process, sensors mounted on the vehicle like cameras will inevitably capture personal data, such as faces and license plates. Under GDPR, personal data must be processed lawfully, fairly, and transparently, posing significant compliance challenges for nearly all Chinese automotive player operating in Europe.
A desensitization solution – Anonymization
According to GDPR, personal data refers to information that can directly or indirectly identify an individual. This information includes license plates and human faces, and other identifiable elements captured in road data collection. If such data is collected, stored, or used without adequate processing, companies may face serious compliance risks.
However, when the data is processed to the point where it can no longer directly or indirectly identify an individual, such data is no longer considered personal data and is therefore not subject to GDPR. This brings a compliance solution called “Anonymization”. In the scenario of Chinese OEMs doing road collection in the EU, blurring license plates and pedestrian’s faces is an effective way of doing anonymization. This is one of the possible options to improve GDPR compliance, minimizing legal risks while enabling necessary data processing for required use cases.
When carrying out the blurring operations, multiple factors need to be considered, including detection accuracy, scenario adaptability, data volume, processing efficiency, data security, etc. NavInfo Europe’s advanced anonymization model supports over 170 countries and ensures high accuracy across various lighting and weather conditions. Depending on our clients’ priority and preference, we also offer two flexible solutions tailored to meet different needs.
Option1: Dedicated Cloud-Based Pipeline for Large Volume, Efficient Processing
For customers handling large-scale data processing within a short period and prioritizing efficiency and batch automation, NavInfo Europe provides a dedicated cloud-based pipeline. Customers have the freedom to choose either to deploy on their cloud infrastructure or ours. No matter where the pipeline sits, we will ensure high efficiency, secure processing, and seamless automation.
Option2: AutoMask AI: A Flexible, Pay-Per-Use Online SaaS Platform
For customers who plan to process data continuously over time in a smaller batch, NavInfo Europe offers AutoMask AI automask.ai – a SaaS platform that accurately blurs faces and license plates without requiring a large-scale commitment. Customers can upload their collected data anytime, process it on-demand, and download anonymized results instantly. The pay-per-use model provides maximum flexibility and cost efficiency, making it an ideal choice for customers with ongoing but smaller-scale anonymization needs.
Does anonymization mean full data compliance?
Anonymization is an essential step in data compliance, but it alone does not guarantee full compliance with data protection. Companies must also meet other legal and operational compliance requirements to ensure their data processing activities are fully aligned with regulatory frameworks.
At Navinfo Europe, we provide a professional complete GDPR compliance services package, provided by an experienced expert team. Our services include:
- Compliance consultancy and risk evaluation
- DPO (Data Protection Officer) as a Service
- Compliance training and audits
- Regulatory documentation preparation and maintenance
This comprehensive, closed-loop solution has earned the trust of leading partners across the automotive industry, including premier Chinese EV manufacturers, top-tier Japanese automakers, cutting-edge autonomous driving solution providers, international testing and certification bodies, and global HD map suppliers. Furthermore, our compliance solutions extend beyond GDPR, supporting data protection regulations in the UK, Turkey, Australia, Brazil, and various Southeast Asian countries, helping businesses navigate the complexities of global data governance.
Conclusion
With the expansion of new energy vehicles and the advancement of autonomous driving in the automotive industry, an increasing number of Chinese OEMs are introducing their technologies and innovations to the EU market, aiming to establish a significant role overseas. However, they are likely to face numbers of challenges due to the EU’s stringent regulatory landscape. Among these, GDPR stands out as a critical regulation that Chinese OEMs must carefully address to avoid compliance risks. In addition, there are several other key regulations and factors that these companies must also navigate carefully to ensure a successful local deployment and keep sustainable business growth in Europe.