Computers and other equipment fill the back of an unmanned car at the Volkswagen Automotive Innovation Laboratory in 2010.

A self-driving car is, in the words of the roboticist Missy Cummings, “one, big data-gathering machine.” Which, on one hand, is great: For driverless cars to work, they have to slurp up huge streams of sensory data about the world around them.

But these vehicles will also collect reams of personal information about their passengers—just the way Uber and Google Maps have detailed information about where you’ve gone, and can predict where you’re going.

This isn’t necessarily bad—there are all kinds of neat services that might rely on personalized data—but it does raise the question of how, if at all, data collection ought to be regulated. This topic came up last week at a Congressional hearing on driverless cars, and the companies potentially doing the data-collecting were, and this is putting it gently, evasive.

“Do you think there should be a mandatory minimum for privacy protection?” asked Senator Ed Markey, a Democrat from Massachusetts.

The witnesses, representing car makers and the ride-sharing company Lyft, had well-rehearsed platitudes—privacy is important, we look forward to cooperating with the federal government, that kind of thing—but none agreed that mandatory privacy standards should apply to them.