Senators Press AV Firms on Data Collection, Privacy and Cybersecurity

Data collection, privacy and cybersecurity were recurring themes at the hearing as senators worried about the scope and use of sensor and interior recordings.

Senator Blackburn asked whether companies anonymize and avoid storing personal data; Lars Moravi said Tesla uses an "opt in" policy and aggregates and anonymizes data used to improve products. Mauricio Pena said Waymo collects data to improve its driver and does not share personally identifiable information; companies said they comply with valid legal orders but will evaluate overly broad requests.

Senator Cruz and others highlighted the scale of potential data collection: Pena said Waymo vehicles may have about 29 cameras per vehicle and Cruz asked how that multiplies across hundreds of vehicles in a city. When asked whether law enforcement could obtain recordings, Pena said Waymo would comply with a "valid legal order" and would review requests that seem overbroad.

On cybersecurity, Pena and Moravi described protections that isolate safety-critical systems from external connections, use layered defenses, and employ penetration testing. Moravi described a process that requires dual keys for firmware uploads and said Tesla routinely runs hacking events and bug bounties. "The answer is quite simply no" when asked whether anyone had remotely taken over their vehicles, Moravi said; Pena said he was not aware of such events either.

Senators flagged potential risks from data breaches, the possibility of less scrupulous actors entering the market, and the need for statutory clarity on reporting and access. Several senators signaled interest in crafting data-protection and reporting language in future legislation.