Bipartisan House Leaders Raise Alarm Over PRC-related Self-Driving Vehicle Companies Collecting Americans’ Data

Washington D.C.— House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA), along with Committee Ranking Member Frank Pallone, Jr. (D-NJ), House Select Committee on the Chinese Communist Party Chair Mike Gallagher (R-WI), and Select Committee Ranking Member Raja Krishnamoorthi (D-IL) led a bipartisan letter signed by 14 members of Congress to 10 People’s Republic of China-related automotive companies raising concerns over their handling of data collected while testing their autonomous vehicles in the United States. 

The letters were signed by Reps. Cathy McMorris Rodgers, Frank Pallone, Jr., Mike Gallagher, Raja Krishnamoorthi, Bob Latta, John Moolenaar, Gus Bilirakis, Kathy Castor, Jan Schakowsky, Neal Dunn, Tim Walberg, Haley Stevens, Marc Veasey, and Debbie Dingell.  

Members asked companies to respond to the following inquiries by November 29, 2023:

  1. Detail all the categories of information collected by your vehicles while they are deployed in the U.S. Please detail the purposes for which you use each subset of information your company collects in the U.S. Please detail all the categories of information collected by vehicles that you retain, how long you retain it, for what purposes you retain such information, and the process, if any, for deleting such information when it is no longer needed. Do you license, share, or sell data collected in the U.S.?  If so, please detail your policies and practices for licensing, selling, or sharing data collected in the U.S.  Please provide the number of and a description of the entities for which you have licensed, shared, or sold such data in the last three years. Does your company de-identify data?  If no, why not?  If yes, please detail the process by which you de-identify data and describe your policies and procedures for ensuring such data is not reidentified. Are the algorithms used to power any of your self-driving systems subject to CCP export controls requiring the algorithms to be located and trained only in China? Please provide a detailed description of the categories of information, if any, your vehicles collect about infrastructure in the U.S.
  2. Do you offer any services to Americans, such as ride hailing services, or delivery services? If yes, please detail such services and the categories of information you collect from Americans who use such services.
  3. Do you process or store in China or any other place outside the U.S. any information that is collected in the U.S.? Please identify all specific location(s) where U.S. data is processed or stored, including whether such data is stored within on-premise servers or a cloud infrastructure. Please describe the contracts, leases, and any other arrangements in place with third parties pertaining to the storage of U.S. user data. Please describe how U.S. user data is secured, including any encryption used in transit and at rest and the specific categories of data that are encrypted. List all individuals with the ability to decrypt U.S. data, where those individuals are located and their positions, and where encryption keys are generated and maintained. Has your company ever experienced a breach of its data? If yes, please describe the dates and circumstances of such breaches, nature of the data breached, the categories of data affected, whether that data was collected in the U.S., government authorities that were informed, and any remedial actions taken.
  4. Have you shared any of the information collected in the U.S. with the People’s Republic of China (PRC), the CCP, the People’s Liberation Army (PLA), any entity that could be reasonably thought to be acting at the direction of one of the above, or any members or officials in such bodies?
  5. Have you coordinated with the PRC, CCP, or PLA on your company’s strategy for testing in the U.S.?  If yes, please detail the nature and frequency of such coordination. How many data records were shared?  Do you currently engage in such coordination?
  6. Do you coordinate with other Chinese AV companies on your company’s strategy for testing in the U.S.? If yes, please detail the nature and frequency of such coordination.
  7. Do you receive any funding from the PRC, CCP, PLA, or Chinese state-owned entities or private equity backed by the PRC, CCP, or PLA, to test your vehicles in the U.S.? If yes, please detail the amount and the purposes for such funding.
  8. Do entities supported by or affiliated with the Chinese government or the CCP have access to your company’s network or data depositories? Have these entities used your company to spy, surveil, or observe individuals or groups? If yes, please explain the nature of the access and use.
  9. Please outline the steps you would take if you learned that actors supported by or affiliated with the Chinese government or the CCP are or have accessed your company’s network or data depositories, used or are using your company to disseminate disinformation, or are using your company to spy on, surveil, or observe individuals or groups.
  10. Please document all meetings, communications, or interactions you - or any other senior company executives - have had with members of the Chinese government or the CCP while serving as officers of the company relating to your operations in the United States.
  11. Has your company, or any companies you work with, been accused of stealing any trade secrets from American AV companies?
  12. Like ByteDance, does your company have an internal CCP Committee?
  13. Please provide an organizational chart detailing your current corporate ownership structure, as well as noting any material changes in that structure that has occurred within the last seven years.

CLICK HERE to read the full letter to Baidu. 

CLICK HERE to read the full letter to AutoX. 

CLICK HERE to read the full letter to Deeproute.ai.  

CLICK HERE to reach the full letter to Didi Chuxing. 

CLICK HERE to read the full letter to Inceptio. 

CLICK HERE to reach the full letter to NIO.  

CLICK HERE to read the full letter to Pony.ai. 

CLICK HERE to read the full letter to Qcraft. 

CLICK HERE to read the full letter to WeRide.  

CLICK HERE to read the full letter to XPeng.  

DIVE DEEPER: Energy and Commerce is leading on a national data privacy and security standard to put people in control of their personal information. Emerging technologies like AI and self-driving cars rely on massive amounts of data, and it is vital that we prevent the Chinese Communist Party from using these technologies to surveil and manipulate Americans. As part of this effort, the Energy and Commerce Committee is holding hearings to guarantee that the U.S. is leading in the development and deployment of artificial intelligence, while also ensuring robust protections for Americans’ personal data. CLICK HERE to read more.