Right to Repair

🇨🇦 Canadian Edition 🇨🇦

Canada Car/Light Truck National Security

BYD Might Spy on Its Owners?

Byrr

Jan 16, 2026 #Canada, #Cars/Trucks, #National_security
UK05 BYDPicture : BYD Gallery -- All assets are copyright free for editorial and media use only (UK Market)

I am preparing a series of articles examining the extent to which modern cars and light trucks collect data on their owners. While Tesla is often cited as an example, nearly every electric vehicle entering the market — and some traditional cars — has the technical capability to perform similar data collection. More concerning, as will be discussed in forthcoming articles, is the possibility that certain non‑governmental U.S. corporations may control access to critical vehicle functions, including diagnostics, immobilizer and locksmith services, and telematics.

If one accepts that the United States has access to nearly all vehicle immobilizer systems in Canada, one must also acknowledge the possibility that such access could be used to prevent large numbers of vehicles from starting on a given morning, potentially as a means of coercion or blackmail against Canada.

It could also enable U.S.-based entities to track the movements of mayors, elected officials, or other public figures, raising serious concerns about sovereignty, privacy, and national security.

BYD (Chinese Carmaker)

BYD may enter the Canadian market and appears ready to engage with authorities. Although limited third-party information exists on data security practice in BYD vehicles, Canada can impose legal safeguards and require assurances from China, including:

  1. Declare that using any U.S. infrastructure to manage our cars should be deemed unacceptable. We are divorcing the USA.
  2. Insist on an “offline mode” to restrict communication with the BYD server. This feature is offered on some European models, according to European owner manuals.
  3. Requesting that BYD provide a full audit of its current data‑handling processes.
  4. Ensure that all vehicle telematics and related data services are processed and stored within Canada— for example, through data centres located in Montréal— and that they are subject to Canadian oversight and auditing. Even better, a fully transparent (non-police reachable) Canadian Crown corporation could handle this data. Such a corporation could be financed through car registration and license plate fees and must remain under the control of an entity that will never sell owner information. This entity could then transmit only the information that is beneficial to Canada to the manufacturer. (For security reasons, I have a soft spot for Montréal.)
  5. Guaranteeing that vehicle owners retain full ownership rights over their vehicles, including unrestricted rights to maintenance and repair. Any software upgrade must be explicitly authorized by the owner before it is installed.
  6. Prohibiting the implementation of closed, monopolistic repair ecosystems that rely on mandatory subscriptions, restrict access to diagnostic tools, or prevent owners or independent repair facilities from servicing vehicles. (Several articles are in the works regarding the U.S.A. taking control of all cars and trucks in North America).

What we know about BYD so far

Like many modern vehicles from any brand, BYD electric cars include connectivity features such as GPS, cameras, cellular links, Wi‑Fi, and over‑the‑air (OTA) software updates that can generate detailed information about where and how a vehicle is driven. Security experts note that this data could be used for tracking or telemetry if mishandled.

At present, I do not believe that BYD collects more information than vehicles such as the Hyundai Ioniq 5 or many other American and European models entering the market. It is time for us to mobilize. In fact, I am far more concerned about U.S.-based (or Western-controlled) automotive data systems operating from the United States than I am about BYD.

However, there are still some concerns about BYD. Are these issues merely bugs that will be corrected?

AspectDetails & AllegationsBYD’s Official Position & Actions
Cabin Audio AccessIn 2024, an Australian BYD owner demonstrated that the car’s internal SIM could be dialed externally, transmitting cabin audio with no on-screen indication. This was later reported as a software bug.BYD’s distributor fixed the issue within 48 hours, stating there was “no risk of exposure” of owner details and that the data was held securely by the telecom provider.
Data Collection & StorageA 2025 security report found a BYD vehicle storing unencrypted personal data (contacts, location history, device IDs). Data was reportedly sent to servers in China.BYD states it follows a “Privacy First” approach. It claims data is stored locally and that in Europe, customer data does not leave the region. In Australia, the company states personal data is stored on local servers.

(For the unencrypted personal data, the allocation of CVE-2025-7020 number demonstrates that the IT community considers this a problem to be fixed.)
Data SharingThe same report indicated data flows to servers in China, raising concerns about access by foreign entities.BYD states it does not transfer customer data to China from markets like Australia. For warranty purposes, only anonymous diagnostic data is shared.
Industry ContextA 2023 Australian consumer group investigation found data collection and sharing to be common across many brands (e.g., Toyota, Tesla, Kia), calling automotive privacy practices poor overall.BYD positions its practices (like physical camera covers and data minimization) as protective measures within an industry where data collection is standard.

(Table collected by Deepseek AI)

According to BYD’s privacy policies:

On its website, BYD seeks to reassure consumers. In a U.S. publication titled “U.S. Privacy Statement”, BYD outlines its data-collection practices. Another source appears to reproduce essentially the same BYD statement.

What BYD Claims It Collects

  • App and Feature Data: Data generated through the use of navigation, voice commands, or other in-vehicle features (activated by a button or keyword).
  • Account and Service Data: Name and contact information used for sales, service, and application-related features.
  • Vehicle Operation Data: Anonymous diagnostic data collected for warranty support and product improvement purposes.

“I will review some of the claims in Part 2 and likely in Part 3 regarding BYD.

We must ensure that the Canadian government takes decisive action.

BYD claims to follow all applicable laws… but such laws must exist, and currently, many necessary Canadian regulations are absent. It is time to act.

Nothing prevents Canada from establishing a Crown corporation to control all data flows. From there, only data deemed acceptable would be sent to the manufacturer—whether U.S., Chinese, or European. The same corporation could manage authorization for remote updates and locksmith service.

The national security risks are real and numerous. In a way, I believe that negotiating with China on this matter could be easier and more fruitful. However, our government must step up and not cave to the U.S., as it did with the Digital Services Tax.

(The author is a retired IT Security Consultant)

By rr

Related Post

Business Canada Electronic National Security News Uncategorized World

A national authentication scheme must be operated and controlled by the country itself.

Jan 29, 2026 rr
Business Canada National Security News

Useless RISK — NBC Is Now Using Adobe Analytics on Its Banking Site

Jan 24, 2026 rr
National Security News

The next war, a drone war ?

Jan 11, 2026 rr

Leave a Reply

Your email address will not be published. Required fields are marked *