In June, Chinese regulators released the latest policy draft regarding the general collection and use of data by tech companies within the country. The law, which takes effect on September 1, tightens rules on how data can be collected and shared with third parties in a broad range of industries, including tech, transportation, telecommunications, and finance, which will bring implications for the country’s tech titans such as ByteDance, Alibaba, and Baidu.
The auto sector will also be impacted by Chinese policymakers’ new focus on data protection, as the vast amount of geographic and personal data collection needed to power modern automotive solutions has prompted concerns around safeguarding “national security and the public interest.” In fact, just a month earlier, on May 12, China’s Cyberspace Administration (CAC) released a separate policy specifically targeting the automotive industry’s collection and use of location-based and geographic data.
The new policy tightens the collection and management of two types of data: personal user information and “important data,” which includes city mapping, automobile and pedestrian traffic flows, electric charging infrastructure, as well as audiovisual data from cameras and sensors. The new legislation will also forbid the unapproved overseas transfer of data concerning Chinese road traffic and vehicle positioning, affecting both local companies and multinational firms such as Tesla. Following the news, the California-based electric vehicle—which has also been affected by a PR crisis over crash data—announced on May 26 that it would store all its data locally in a new data center in China.
The draft rules would impact not only automakers but also ride-sharing services that use mobile apps and autonomous driving firms that rely heavily on data obtained from cameras and sensors to produce safer self-driving cars. Local companies like AutoX, WeRide, and Baidu could feel the effect of the new policies. At the same time, other tech giants like Xiaomi and Huawei, which are throwing their weight into an increasingly high-tech-powered automotive market, will need to keep an eye on evolving regulations.
For instance, mass data collection is essential to enable transportation solutions like GPS mapping, ride-hailing, and autonomous driving. Cars are also increasingly reliant on data collection for features such as voice recognition technology to open windows, play music, and more. Nearly half of all new cars sold in 2020 can connect to the internet, according to Nikkei Asia, which cited Chinese media.
Maps and ride-hailing
Data collection is central to the operation of ride-hailing companies. Didi Chuxing, China’s largest ride-hailing firm, which just filed for an IPO in New York, relies on its software to collect data to enable features such as precise mapping technology. The company’s software also monitors citywide traffic levels for both vehicles and pedestrians to create a heat map to position drivers in areas where they can pick up more passengers per day. Didi’s mapping technology and aggregated traffic data—known as Didi Brain—have also been used by city governments to improve their urban management.
Other companies have also leveraged the precision collection of geographic info for their products. One of China’s most popular map apps, Alibaba-backed AutoNavi, has ramped up its ride-hailing services since 2018, leveraging its strength in city traffic analysis and troves of passenger location data for over 400 million users. Huawei, another tech giant that has put a major focus on the automobile industry, pioneered the use of augmented reality features—a technology that relies on even more granular environmental data collection—in its map app from February 2020.
However, the new data privacy law limits companies from collecting data in geographic areas sensitive to national security, such as those that include government buildings and organizations of military or state importance. “In accordance with Article 11, operators must report their intention to use data in these sensitive areas prior to collection and processing. This could increase operating costs for mobility and mapping companies and even force them to reconsider offering services in these sensitive areas,” Xia explained.
The policy could potentially hamper the operation of location-based services like Didi within Beijing’s central district of Xicheng, an area spanning 32 square kilometers and home to around 1.3 million residents. The district houses many government organization headquarters, including Zhongnanhai, China’s Ministry of Education, China’s State Grid Corporation, Bank of China, and China National Nuclear Corporation. The same could apply in other parts of the country.
Didi, which has been under scrutiny for not properly disclosing investments or acquisitions, could face more headaches in the name of personal data privacy. “For example, Didi currently requires facial recognition authentication to verify a driver’s identity, but according to Article 10 of the new draft, it would have to provide a biometric alternative,” Xia explained.
He added that the new law also requires Didi to provide an option to turn off its in-vehicle recording function, which has become a staple of Didi’s revamped safety protocols following the sexual assault and murder of passengers in 2018.
Autonomous driving implications
The autonomous driving sector is the truest representation of data as the new oil.
In the race to reach true L4 autonomous driving—where no human intervention is needed within designated areas of vehicular operation—tech companies are racking up miles on test roads to collect data that will be used to train algorithms capable of guiding unmanned vehicles. However, China’s new data privacy regulations stipulate that a new “appropriate standard” will be defined for the scope of automakers’ environmental data collection.
In essence, policymakers will work with industry players to determine how much data collection is appropriate to improve a vehicle’s software, treading a fine line not to gather excessive data that could threaten security interests. Operators collecting environmental data would have to report to province-level cybersecurity administrations in advance, along with an annual review meeting every December.
Xia explained that the new requirements could be arduous and time-consuming for companies to follow. At the very least, some of China’s autonomous driving projects, including Baidu’s Apollo and Guangzhou-based WeRide, would be slowed in their data collection and analysis practices, Xia said.
The law could hamper Chinese companies’ aspirations to compete on a global scale. While Google’s Waymo has accumulated over 32 million km of real-world driving data since 2009, China’s leading project, Baidu’s Apollo, has only completed around 10 million km as of April 2021. Baidu, whose Apollo unit targets an addressable market worth USD 467 billion by 2025, started to commercialize its robotaxi services in a limited area of Beijing in January and expanded operations to Cangzhou in Hebei Province in March.
However, Apollo’s aspirations go beyond robotaxis. The company has announced plans to have its autonomous driving technology pre-installed in 1 million vehicles within the next five years. To accomplish this, the company has been working with over 100 industry partners, including BMW, Ford Motor Co, and Toyota to develop its open intelligent driving solutions. However, the new policy could pose challenges for Baidu’s goals, as the sale of such services could be subject to additional reporting processes for regulators to determine whether the included data contains sensitive information or poses security risks.
Newcomers to the EV sector like Xiaomi, which has started to hire dozens of full-stack engineers for its EV unit, and Huawei, which will invest USD 1 billion on researching self-driving and electric car technologies, will also have a bigger challenge in collecting enough data to power their upcoming features.
As for penalties for data handling violations, China’s general data privacy law will issue fines ranging from RMB 50,000 (USD 7,700) to RMB 500,000 (USD 77,300), depending on the infraction’s scale and nature. Non-compliant operators risk the suspension of their business.
Xia mentioned that although it is too early to know for certain how the new measures will hamper Chinese autonomous driving companies in their data collection practices, firms should “adopt a proactive government relations approach to minimize the potential adverse impact on their businesses.”