Exclusive: As China plans new rules, global automakers move to store car data locally

By Yilei Sun and Tony Munroe

BEIJING (Reuters) – BMW, Daimler and Ford have set up facilities in China to store data generated by their cars locally, they told Reuters, as automakers come under growing pressure in the world’s biggest car market over how they handle information from vehicles.

Cars are being fitted with an ever-increasing array of sensors and cameras to assist drivers.

But the data they generate can also be used by manufacturers to help develop new technologies, such as autonomous driving systems, raising privacy and security concerns, particularly when the information might be sent abroad.

U.S. electric carmaker Tesla is under public scrutiny in China over its storage and handling of customer data in the country.

Last week, Reuters reported that staff at some Chinese government offices were told not to park their Tesla cars inside government compounds due to security concerns over vehicle cameras, according to two people with knowledge of the matter.

Tesla said on Tuesday it had set up a site in China to store data generated by all vehicles it sells in the country.

Other automakers told Reuters they have done the same.

Ford Motor said it established a data center in China in the first half of last year and was storing all vehicle data locally.

BMW said it operates “local data centers in China for the Chinese vehicle fleet,” without saying when they opened.

Daimler said it runs “a dedicated vehicle backend in China, where vehicle data is stored.”

General Motors and Toyota Motor Corp declined to discuss how they manage their data in China, while France’s Renault said it does not yet have a car data center in China.

Nissan Motor and Stellantis said they would comply with rules in China but gave no further details.

Volkswagen said compliance with data protection rules was crucial for a successful digital transformation, but “as the regulatory environment is still in rapid development, it is too early for us to comment on the specifics.”

None of the carmakers said whether they would share data from China with their overseas offices.

Honda Motor Co and Hyundai Motor Co did not respond to requests for comment.

China introduced a cybersecurity law in 2017 that required all companies to store key locally-generated data onshore in China, but that was before “smart” cars made the issue a major concern for carmakers.

This month, China’s cyberspace regulator posted a draft rule that said automakers must seek customer approval to collect driving data. The rule, in the public consultation phase, would also require automakers to store data locally and get regulatory permission when they want to send such data to foreign entities.

In the wake of the 2017 cybersecurity law, the new proposals shouldn’t be a surprise to any automakers, said Tu Le, an analyst at China-based research firm Sino Auto Insights who was critical of manufacturers that have been slow to adapt.

“The lack of a ‘data’ strategy tells me that decision-making is still centralized at their home offices and that they’re still struggling to evolve into ‘digital’ first companies,” Le said.

The European Union’s General Data Protection Regulation also sets strict rules on how companies handle and store data.

It is unclear what impact China’s requirements will have on the way global automakers research and develop new models or technologies. It is not unusual for companies currently to share data from China to their headquarters to develop models, executives at various manufacturers said.

“Data will ultimately be the difference-maker for companies because that’s what they’ll use to build products and services that help differentiate themselves from their competitors,” Le said.

(Reporting by Yilei Sun and Tony Munroe in Beijing; additional reporting by Eimi Yamamitsu in Tokyo and Heekyong Yang in Seoul. Editing by Joe White and Mark Potter)