Could data privacy concerns spoil China’s autonomous vehicle ambitions?

Editor’s note: This was contributed by Jamie Manley, a former Program Associate at the Paulson Institute, a think-and-do tank focused on strengthening US-China relations and advancing sustainable economic growth in both countries. He can be contacted on LinkedIn or by adding jamiemanley on WeChat.

The race to develop autonomous vehicles is on. But how soon will self-driving cars actually become available? A motley crew of companies have joined in the race to find out, ranging from traditional auto manufacturing giants to small software startups. Perhaps the most interesting entrants are Chinese tech companies and auto manufacturers such as Baidu, Didi, BYD, and Tencent. These companies are not only planning to compete in the Chinese market but are using the transition to autonomous and electric vehicles as a chance to finally penetrate foreign auto markets.

The geopolitical implications of China’s international autonomous vehicle ambitions have received little attention, especially when compared to the potential effects autonomous vehicles could have on employment, road safety, and the automotive industry itself. But unlike other industries where Chinese companies have achieved international dominance, such as solar panels, autonomous vehicles could pose serious privacy and security issues.

The Chinese legislature recently released a comprehensive plan for China to become a world leader in artificial intelligence, including autonomous vehicles, by 2030, with a strong focus on international expansion. Chinese companies are taking note: nearly a fifth of the 42 companies approved for California’s autonomous vehicle testing permit are Chinese. Baidu is also coordinating international autonomous vehicle stakeholders with its Apollo platform, which includes a data sharing facility, an autonomous driving simulator, and an equity investment fund.

But autonomous vehicles hold particular data privacy risks, which could become a sticking point as China expands its global technology reach. The Chinese government has a poor track record of protecting the privacy of its citizens and is becoming more sophisticated about utilizing data for social control. For example, the government has taken equity stakes in major Chinese tech companies like Tencent, and now requires popular apps like WeChat to make private user conversations available for inspection. Local police are creating “Police Clouds” to aggregate large amounts of citizen data, ranging from hotel records to birth control methods, and are using predictive analytics to forecast crime before it happens. Chinese companies are compelled first and foremost to cooperate with the Chinese government, and the same data that the government uses to build surveillance systems has commercial value for tech companies. This means that Chinese tech companies have an incentive to collect as much data as possible about their users while also making it available to the government.

Will customers and governments outside of China trust Chinese companies with the vast amount of sensitive data generated by autonomous vehicles?

Much has already been written about the privacy implication of autonomous vehicles: in short, the proliferation of sensors attached to autonomous vehicles could allow for real-time, street-level monitoring anywhere autonomous vehicles are deployed. Used in conjunction with machine learning algorithms that allow computers to identify faces or specific activities from sensor data, autonomous vehicles could give companies and governments unprecedented marketing and surveillance tools.

The possible uses for this sensor data, both beneficial and nefarious, are endless. On the plus side, this data could be used to better understand consumer behavior and reduce auto insurance costs. On the other hand, the same data could also be used to track individuals without their consent and map out the real-time locations of a police force within a city. There are already companies making real-time street-level 3D maps and analytics derived from autonomous vehicles available to the public.

Critically, autonomous vehicles also collect data completely unrelated to the user and driving experience. Data on pedestrians, storefronts, and homes could all be captured by a passing vehicle. When aggregated, the data from autonomous vehicles could provide companies with the same level of insight into the physical world that companies like Facebook already have about their user’s digital lives. And if autonomous vehicles become a winner-takes-all market, this data could be concentrated in the hands of just a few players.

These are serious domestic issues that are compounded when a foreign company or government becomes involved. Drone maker DJI has come under scrutiny from American customs authorities, who suspect that DJI’s drones may be sending sensitive information about American infrastructure back to the Chinese government. The Indian Intelligence Bureau recently released a list of 42 Chinese apps that could be sending sensitive information back to Chinese authorities. Chinese smartphone manufacturers Huawei and ZTE have long been banned from selling to the US government over concerns about potential backdoors. The list goes on. Chinese autonomous vehicle companies may fare better in markets outside the US where consumers are more concerned about price than privacy, but foreign governments would still face serious security concerns.

Of course, foreign firms entering China may face similar issues. China is already putting up barriers to foreign autonomous vehicle firms hoping to create high-definition maps in China. Yet the tight link between Chinese companies and the Chinese government means that the potential for Chinese companies to misuse autonomous vehicle data seems especially high. The potential for misuse carries a commercial risk: companies that are not proactive about managing these concerns could see consumer sentiment turn against them, or governments could eventually decide that the security risks associated with this type of data collection are too great.

To help minimize these concerns, Chinese autonomous vehicle companies could confine data processing to the vehicle, anonymize data before it is sent back to the cloud, or move foreign user data to servers outside China. But even those measures might not be enough. On a broader level, there is a need for baseline regulation on how data from autonomous vehicles is used and protected. Legislation recently introduced in the US Senate, the SPY Car Act of 2017, provides one model. The bill would develop standards to protect user data from hacking, disclose how data is collected and used, and give users the option to opt out of data collection.

To succeed abroad, Chinese autonomous vehicle companies will need to take a proactive and politically-sensitive approach to managing these issues. Ultimately, while building a fully-functional autonomous vehicle would be an engineering marvel, the real challenge for Chinese autonomous vehicle companies may lie in gaining the trust of users outside of China.

TechNode does not necessarily endorse the statements made in this article.