I am preparing a series of articles examining the extent to which modern cars and light trucks collect data on their owners. While Tesla is often cited as an example, nearly every electric vehicle entering the market — and some traditional cars — has the technical capability to perform similar data collection. More concerning, as will be discussed in forthcoming articles, is the possibility that certain non‑governmental U.S. corporations may control access to critical vehicle functions, including diagnostics, immobilizer and locksmith services, and telematics.
If one accepts that the United States has access to nearly all vehicle immobilizer systems in Canada, one must also acknowledge the possibility that such access could be used to prevent large numbers of vehicles from starting on a given morning, potentially as a means of coercion or blackmail against Canada.
It could also enable U.S.-based entities to track the movements of mayors, elected officials, or other public figures, raising serious concerns about sovereignty, privacy, and national security.
BYD (Chinese Carmaker)
BYD may enter the Canadian market and appears ready to engage with authorities. Although limited third-party information exists on data security practice in BYD vehicles, Canada can impose legal safeguards and require assurances from China, including:
- Declare that using any U.S. infrastructure to manage our cars should be deemed unacceptable. We are divorcing the USA.
- Insist on an “offline mode” to restrict communication with the BYD server. This feature is offered on some European models, according to European owner manuals.
- Requesting that BYD provide a full audit of its current data‑handling processes.
- Ensure that all vehicle telematics and related data services are processed and stored within Canada— for example, through data centres located in Montréal— and that they are subject to Canadian oversight and auditing. Even better, a fully transparent (non-police reachable) Canadian Crown corporation could handle this data. Such a corporation could be financed through car registration and license plate fees and must remain under the control of an entity that will never sell owner information. This entity could then transmit only the information that is beneficial to Canada to the manufacturer. (For security reasons, I have a soft spot for Montréal.)
- Guaranteeing that vehicle owners retain full ownership rights over their vehicles, including unrestricted rights to maintenance and repair. Any software upgrade must be explicitly authorized by the owner before it is installed.
- Prohibiting the implementation of closed, monopolistic repair ecosystems that rely on mandatory subscriptions, restrict access to diagnostic tools, or prevent owners or independent repair facilities from servicing vehicles. (Several articles are in the works regarding the U.S.A. taking control of all cars and trucks in North America).
What we know about BYD so far
Like many modern vehicles from any brand, BYD electric cars include connectivity features such as GPS, cameras, cellular links, Wi‑Fi, and over‑the‑air (OTA) software updates that can generate detailed information about where and how a vehicle is driven. Security experts note that this data could be used for tracking or telemetry if mishandled.
At present, I do not believe that BYD collects more information than vehicles such as the Hyundai Ioniq 5 or many other American and European models entering the market. It is time for us to mobilize. In fact, I am far more concerned about U.S.-based (or Western-controlled) automotive data systems operating from the United States than I am about BYD.
However, there are still some concerns about BYD. Are these issues merely bugs that will be corrected?
(Table collected by Deepseek AI)
According to BYD’s privacy policies:
On its website, BYD seeks to reassure consumers. In a U.S. publication titled “U.S. Privacy Statement”, BYD outlines its data-collection practices. Another source appears to reproduce essentially the same BYD statement.
What BYD Claims It Collects
- App and Feature Data: Data generated through the use of navigation, voice commands, or other in-vehicle features (activated by a button or keyword).
- Account and Service Data: Name and contact information used for sales, service, and application-related features.
- Vehicle Operation Data: Anonymous diagnostic data collected for warranty support and product improvement purposes.
“I will review some of the claims in Part 2 and likely in Part 3 regarding BYD.
We must ensure that the Canadian government takes decisive action.
BYD claims to follow all applicable laws… but such laws must exist, and currently, many necessary Canadian regulations are absent. It is time to act.
Nothing prevents Canada from establishing a Crown corporation to control all data flows. From there, only data deemed acceptable would be sent to the manufacturer—whether U.S., Chinese, or European. The same corporation could manage authorization for remote updates and locksmith service.
The national security risks are real and numerous. In a way, I believe that negotiating with China on this matter could be easier and more fruitful. However, our government must step up and not cave to the U.S., as it did with the Digital Services Tax.
(The author is a retired IT Security Consultant)
