South China Morning Post
Advertisement
Advertisement
Electric & new energy vehicles
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Customers look at an XPeng electric car at a company store in Shanghai, March 11, 2021. Photo: Reuters
TechTech Trends

Smart car firms in China may be required to decrypt data for inspection if it is sent outside the country

  • China is expected to have 28 million connected cars by 2025, making it the world’s top market for smart vehicles
  • The rule fell short of clarifying whether locally stored data could be accessed from abroad
Electric & new energy vehicles
Che Pan
Che Panin Beijing
Why you can trust SCMP
China continues to tighten rules on cross-border data transfers, with a new draft regulation on internet-enabled vehicles like electric vehicles (EVs) and self-driving cars likely to significantly expand Beijing’s access to encrypted data.

The National Information Security Standardization Technical Committee (NISSTC), a Chinese government-affiliated standards-setting body, said in a draft rule on Wednesday that networked-vehicle companies that transfer encrypted data outside China may be required to provide information on the encryption method used as well as the decrypted data in plain text.

The move, which could affect smart carmakers such as Tesla, Xpeng and NIO, comes amid concerns that road and infrastructure information collected by smart cars could pose a national security risk.

01:46

AI instructors teach student drivers in Shanghai how to get behind the wheel

AI instructors teach student drivers in Shanghai how to get behind the wheel

China is expected to have 28 million connected cars by 2025, making it the world’s top market for smart vehicles, according to a report from state-run Xinhua news agency.

The NISSTC also said sensitive data related to roads, buildings, terrain, traffic participants (such as bikers and pedestrians), and vehicle location and trajectory collected by smart cars in the country must be stored inside China. 

The rule, which would affect electric vehicles as well as self-driving cars, fell short of clarifying whether the locally stored data could be accessed from abroad.

China’s Big Tech firms to create user information oversight bodies under upcoming data privacy law

“This has implications beyond just EV companies, but also autonomous driving companies,” said Tu Le, managing director of mobility consultancy Sino Auto Insights, adding that Beijing sees it as not only a data privacy protection issue but a matter of national security.

The NISSTC did not immediately respond to a request for clarification. The draft rule will canvass public comments until the middle of May. 

Xpeng said the new rule would not impact its current data handling practices because it stores all data in China, while a spokesman for EV maker NIO said it was not affected by the new policy, without elaborating.

Tesla declined to comment when reached by the Post.

A Tesla electric vehicle (EV) drives past a crossing in Shanghai, China. Photo: Reuters

The proposed tighter rules on data collection by smart cars comes as electric vehicles, powered by sophisticated cameras and sensors, collect huge troves of data both inside and outside the vehicle, sparking widespread privacy concerns.

The Chinese government restricted the use of Tesla vehicles among military personnel and employees of important state-owned companies over concerns that data amassed by the cars could be a source of leaks that threaten national security, The Wall Street Journal reported last month, citing sources.

In an attempt to quell these concerns, Grace Tao, a Tesla vice-president, told Chinese media early in April that all data gathered by Tesla’s cars in China will stay in China.

The draft rule also prevents car companies from “transferring” identifiable personal data such as facial information collected inside the cockpit via the internet without consent from the targeted individuals.

4