BEIJING—On September 1, a new cybersecurity law in China takes effect that tightens rules on how data can be collected and shared with third parties in the automotive and other industries. The auto sector will be significantly impacted by the law, as its focus on data protection directly relates to the vast amount of geographic and personal data collection needed to power modern electric vehicles.

The new policy tightens the collection and management of two types of data: personal user information and “important data,” which includes city mapping, automobile and pedestrian traffic flows, electric charging infrastructure, as well as audiovisual data from cameras and sensors. The legislation also forbids the unapproved overseas transfer of data concerning Chinese road traffic and vehicle positioning, affecting both local companies and multinational firms such as Tesla. In late May, the California-based manufacturer announced that it would store all its data locally in a new data center in China.

The new law also impacts ride-sharing services that use mobile apps and autonomous driving firms that rely heavily on data obtained from cameras and sensors to produce safer self-driving cars. Local companies like AutoX, WeRide, and Baidu could feel the effect of the new policies. However, the new data privacy law limits companies from collecting data in geographic areas sensitive to national security, such as those that include government buildings and organizations of military or state importance.

"In accordance with Article 11 of the law, operators must report their intention to use data in these sensitive areas prior to collection and processing," explains Xia Xia Hailong, a lawyer focused on tech policy at the law firm Shanghai Shenlun. "This could increase operating costs for mobility and mapping companies and even force them to reconsider offering services in these sensitive areas.”