(Version française disponible ici.)
Ontario Premier Doug Ford recently condemned Carney’s government for allowing 49,000 Chinese electric vehicles (EVs) to enter the Canadian market. Beyond criticizing the impact on Canada’s auto sector, he claimed Chinese EVs posed a national security threat and would allow China to spy on Canadians.
“It’s Huawei 2.0” he said, referring to the saga involving the Chinese telecommunications giant, which has been accused by the United States of espionage.
But the real issue is not the origin of Chinese EVs: Canada is opening its market without having updating its data privacy and consumer protection laws for the era of connected vehicles. Rather than closing the door or giving in to fears of hypothetical foreign surveillance, the real priority should be to strengthen these rules so that opening the EV market to Chinese vehicles benefits Canadians while limiting privacy and cybersecurity risks.
Most vehicles today collect extensive personal data about their drivers. Automakers also maintain control over their vehicle software, creating new cybersecurity risks. These practices, however, are not specific to Chinese manufacturers. They extend across all connected vehicles, including those produced by North American automakers.
Concerns over foreign interference should serve as a wake-up call for Canada to modernize its data privacy framework and consumer protection laws, rather than restricting Canadians’ access to more affordable and environmentally friendly vehicles.
The global EV giant and Canada’s shift
China is now by far the most important EV producer globally. Recent estimates indicate that over 70 per cent of EVs worldwide are manufactured in China. While most of its production remains in China, Chinese EVs are rapidly taking up market shares in foreign markets, especially in developing economies.
Canada, in line with the United States, is one of the few countries where Chinese EVs still have no market share, in part due to the imposition of 100 per cent tariffs since 2024.
The decision to allow the importation of up to 49,000 thousand Chinese EVs at a low tariff rate of 6.1 per cent thereby represents a significant shift in Canadian policy. While Prime Minister Carney has argued that this volume of imports amount to less than 3 per cent of Canada’s auto sector, the new quota would correspond to almost a quarter of EV sales in Canada in 2024 (24.2 per cent).
Following a recent slowdown in the demand for EVs in 2025, lower-priced Chinese EVs could therefore quickly capture an important share of the EV market in Canada.
Smartphones on wheels
Modern EVs can have two to three times more semiconductors than traditional internal combustion engine cars. In addition to controlling lights, drive train system and other basic car functions, these notably enable sensors, cameras, microphones, 5G communications and various in-car applications like Apple Carplay.
All these new technologies contribute to allow drivers to make calls, use navigation systems, have emergency braking and access a wide range of other features.
All these new features also mean that EV companies now collect extensive information on their users, ranging from geolocation, driving habits and real-time images. Moreover, through their connection to our smartphones, they can access our contact list, phone calls and messages.
This data is then stored on online servers, which they can use for data analytics but also share with third parties, including law enforcement authorities.
In China, various laws give law enforcement authorities broad access to data owned by its companies. The Cybersecurity Law of 2017 and Data Security Law of 2021 notably require that companies must support and assist Chinese authorities in the pursuit of its security interests.
Data collected by Chinese EV automakers could therefore become accessible to the Chinese government upon request.
Proprietary software and the risk of bricking
Beyond their potential use as tools of surveillance, EVs may also raise security concerns because of manufacturers’ control over their vehicle software. One novelty from Internet connectivity is that new car features, like the most recent AI models, can be added to EVs every time they update their software.
However, this also means that just like computers and phones, drivers could see their cars loose functionalities over time as companies stop updating their software. This is what is known as “bricking”.
In the worst-case scenario, bricking could even lead drivers to lose access to their vehicles if the software allowing them to control their electric doors or activate their electric motor stopped functioning. While this may seem far-fetched, some owners of John-Deere tractors could attest at the risk of being dependent on proprietary software as some saw their million-dollar equipment become inoperable if they did not pay hefty reparation fees to the company.
In recent years, we have also seen companies being asked to stop offering their services to specific users or even entire countries. For example, Microsoft blocked access to its cloud services and ceased to renew licenses for Russian companies following Western sanctions.
While there is no precedent of Chinese EV companies being asked to cease updating their software or lock their users out of their car, one could wonder what could happen in the context of a future trade conflict or, even worst, war.
Some cybersecurity experts even fear that EVs could be controlled at distance to cause car accidents or block major roads.
Not just a China issue
These risks of surveillance, bricking or remote control are, however, not specific to Chinese automakers. In fact, most examples of data misuse or bricking currently come from car companies based in the United States.
According to research by the Mozilla foundation, all major car brands currently being sold in North America are among the worst product for privacy. Most of them tend to collect more data than needed, give few control to car owners over their personal data and sell the data to other companies.
While there are no known cases of Chinese EVs being used for surveillance, lax privacy policies of American automakers have already allowed abusive partners to track their ex-spouse with their connected cars.
Apart from John Deere, there are also multiple examples of American car companies degrading their services following their failure to update their software. The bankruptcy of the American EV company Fisker in 2024 even risked leaving its owners with useless cars.
These risks are not specific to EVs either. All connected vehicles, and more broadly connected devices, present the same ones. This is the new reality of the Internet of Things. As software and digital services become embedded in physical goods, it challenges traditional notions of privacy and ownership. Companies now collect more data than ever on us and retain control over their products through proprietary software.
Lock the Market or fix the system?
Restricting Chinese EVs access to the Canadian market does not resolve any of these issues. It merely deprives Canadians of access to cheaper vehicles that could help advance Canada’s climate ambitions, while also weakening incentives for American automakers to develop more affordable and competitive cars.
If the goal is to protect Canadian automakers from unfair trade practices, Canada would be better served to launch an official countervailing investigation like Europe and impose tariffs in light of the unfair advantages conferred by the Chinese governments to its automakers, rather than arbitrarily imposing 100 per cent tariff.
Time to update the rules
At the same time, the risks of surveillance and bricking would be better addressed by updating its digital rulebook. Canada has not updated its privacy law since 2001. Considering the risks of personal data being transferred to jurisdictions with fewer privacy safeguards, Canada could again learn from Europe and limit data transfer to countries with equivalent protection.
This would, in effect, require all EV manufacturers, regardless of their nationality, to keep data about Canadian citizens in Canada or countries offering comparable privacy protections. If necessary, narrowly tailored rules could bar Chinese EVs from operating near sensitive locations like military bases, echoing restrictions China imposed on Tesla in 2021.
Finally, Canada should revise its consumer laws to force any car companies to provide software updates for their cars and require that core vehicle functions operate without Internet connection. It should also ensure that consumers can repair their vehicles without being required to rely on the original manufacturer.
