Tesla flagship store in Chengdu China showing smart car data protection regulation

China’s Data Protection Regulation Push Comes to the Smart Car Market; Vehicle Keys, Locally Generated Information Must Be Stored In-Country

A new expansion of China’s data protection regulations will impact the smart car market in the country. Existing legislation requires the personal data of citizens to remain on servers within national borders, but the CCP has clarified terms to require this of the digital keys to smart vehicles as well.

Any locally generated data from the vehicles must stay within China as well, with exports to other countries requiring government approval. Over-the-air software updates for smart cars will also need to be filed with the Ministry of Industry and Information Technology before going out.

Chinese smart cars face additional regulations after spying concerns

The move comes as the Chinese government has engaged in a sweeping regulatory campaign targeting tech companies in the name of data protection. However, smart cars faced particular scrutiny in the country earlier this year after concerns about the cameras located throughout most models led to a ban from use on military bases and on certain types of government property.

Tesla is currently the only automaker with a presence in China that is entirely foreign-owned, but its electric cars are the country’s best-selling and have sparked a frenzy of competition from domestic companies such as Baidu and Xiaomi. The Chinese government had already requested that Tesla store all of the data it collects from the country’s drivers locally after banning its cars from military bases in April. Tesla agreed to the request and plans to set up data centers in the country.

The new regulations also require smart car manufacturers to implement a self-check system for data protection and security purposes that reports potential issues automatically, and those with assisted or autonomous driving functions must clearly state the potential limitations and responsibilities between the driver and the control system. The new regulations also encourage use of the country’s BeiDou satellite navigation system, the third generation of which was completed last year.

The update to the data protection policy did not include any specific penalty terms. The package of legislation that this generally falls under, the Data Security Law, is set to go into enforcement in September. The penalties allowed under this new law include fines of up to the equivalent of $1.5 million for each case and revocation of business licenses.

Data protection effort focuses on foreign access to Chinese customer information

Numerous other foreign automakers sell vehicles in China but do not have manufacturing or other operations in place there. Some of these, including Ford and BMW, have already pledged to set up local data centers in the country to serve Chinese smart car customers. Others, notably GM and Toyota, have not announced their plans for handling the country’s new data protection requirements as of yet.

While the Chinese government is allowing these categories of protected user data to exit the country on a case-by-case basis, it is very likely that smart car manufacturers will have to decrypt any relevant data and allow the government to inspect it. Auto manufacturers are generally not well-positioned to handle the Chinese government’s terms, but are scrambling to find the best way to adjust given that China is projected to become the world’s top market for smart cars by 2025. This interest is also driven by smart cars being something of a sales flop in the United States, with Tesla the only manufacturer really doing well in the electric vehicle space at present. About 231,000 electric cars were sold in the country in 2020, compared to a projected 28 million internet-connected smart cars expected to be on the roads of China in 2025.

The Chinese government’s crusade against tech firms has mostly been limited to its domestic companies to date, with a focus on keeping social media platforms from accruing too much power and discouraging some from conducting IPOs in Western countries. The latter has been a primary reason for shutting down data transfers out of the country, with the government citing concerns about national security and potential use of personal information for espionage purposes.

The government has also maintained at least a veneer of public welfare concerns in its recent blitz of tech regulation, however, particularly as concerns data protection issues. It has also had a strong interest in scenarios that are potentially anticompetitive. In early August, the State Administration for Market Regulation (SAMR) launched an investigation into the chip makers that smart cars rely on amidst suspicions that manufacturers were colluding to drive up prices. The issue stems from a chip shortage in December, which has led some smart car manufacturers and distributors to stockpile whenever they are available. Though China is a tech manufacturing hub, 90% of the specific sophisticated chips needed for smart cars are imported into the country.