Chinese automotive manufacturers gain a competitive edge through laxer rules governing personal data protection and intellectual property. Oscar Borgogno and Giovanni Veronese argue that ensuring effective compliance with European law could help European manufacturers re-establish a level playing field while upholding EU constitutional values.
Connectivity to cellular networks, the internet, and cloud is a feature of new vehicles. Consumers can stream music, receive traffic and weather updates, and even watch movies. The flip side of this technological development is that vehicles and their manufacturers continuously collect data about drivers, vehicle performance, and surrounding infrastructure. New cars have become digital platforms, and for the most part this has been good for consumers, who receive more sophisticated and safer vehicles in exchange for their data. Data exchange may one day mean advanced autonomous vehicles.
Chinese car manufacturers such as BYD Auto have been among the pioneers in developing vehicles that leverage and deliver advanced data-intensive features, which rely on the collection and processing of large volumes of data. However, China’s reputation for maintaining a personal data protection framework that grants the government broad access to privately held data, combined with relatively weak enforcement of intellectual property laws, is likely to pose significant legal barriers to the entry of its vehicles into international markets. This is particularly true in the European Union, where data protection and intellectual property regulations are among the most rigorous and comprehensive.
The governance of vehicle data and the licensing of essential connectivity technologies are central to global competition in modern vehicles, shaping regulatory risks, competitive advantages, and potentially the future balance of trade in the electric and autonomous vehicle market. Cross-border data flows and protection of patented connectivity technologies raise two underexplored policy challenges in ongoing trade disputes between the EU and China and suggest more productive pathways than tariffs and other trade restrictions to evening trade imbalances.
The problem of personal data protection
Access to vehicle-generated data is key for providing services to drivers such as passenger assistance, maintenance, smart traffic management, and remote diagnostics. The scope of the information collected is extensive. It includes location histories, driving patterns, and entertainment preferences. It may also include much more sensitive information such as biometric indicators, voice commands, video recordings from external cameras, and behavioral signals generated by driver monitoring systems. Most of this information is transmitted to cloud storage systems controlled by vehicle manufacturers or their technology partners. From there, it can be accessed remotely to update software, monitor performance, or provide digital services.
Automotive manufacturers that can accumulate such data at scale gain a significant competitive advantage. Similar to digital platforms such as Amazon and Facebook, where user interaction data is monetized by delivering targeted advertisements and offers, manufacturers may partially offset vehicle prices through the value generated by information collected from drivers. This data can be analyzed, often using advanced artificial intelligence techniques, to develop personalized services for users or to supply valuable insights to third parties such as insurance companies, mobility providers, or advertisers.
Despite the sensitivity of their data, drivers often have limited control and knowledge over how it is used. In many cases, users cannot easily determine where their data is stored, who has access to it, or whether it is shared with third parties. These questions become even more complex when vehicle data can be accessed from outside the EU. The EU General Data Protection Regulation (GDPR) restricts transfers of personal data to countries that do not guarantee a level of protection comparable to that provided within the EU. Companies that transfer data abroad must demonstrate that the rights of individuals remain protected according to the stipulations of the GDPR. Following extensive negotiations, court rulings, and the introduction of additional safeguards, the European Commission has adopted adequacy decisions enabling data flows with major jurisdictions relevant to the automotive industry, such as the United States and Japan. However, no comparable framework currently exists for personal data transfers to China.
Even if cloud infrastructure is located in the EU, data generated by vehicles operating in Europe may still be remotely accessible from abroad, as the TikTok case showed. In May 2025, the Irish Data Protection Commission imposed a fine of 530 million euros on TikTok for violating European data protection law. The authority concluded that the company had transferred the personal data of users in the European Economic Area to China without showing that the information retained a level of protection essentially equivalent to that guaranteed within the EU, even though the data was physically stored on servers in the EU. The authority also found that the company had failed to properly inform users about the nature of these transfers and the possibility that their data could be accessed from China.
The TikTok decision is significant because it represents one of the first major European enforcement actions addressing transfers of personal data to China rather than to the U.S. In its analysis, the Irish authority examined several Chinese laws that may require companies to cooperate with Chinese government bodies. These laws include legislation on counter espionage, cybersecurity, and national intelligence. Because Chinese companies may be required to provide data to their government and may be prevented from disclosing such requests, the Irish authority concluded that the safeguards provided by TikTok were insufficient to guarantee an adequate level of protection for personal data in the EU. The Irish Data Protection Commission therefore ordered the suspension of the transfers and required the company to bring its data processing operations into compliance with European law.
This decision has clear implications for the automotive sector. Under the same reasoning, Chinese vehicle manufacturers may be required to store and process sensitive vehicle data exclusively within the EU and impede remote access from China. Implementing such changes could require major operational adjustments and lead to redundancies, including relocating specialized staff and duplicating centralized analytical infrastructure in order to conduct all data-related activities independently from manufacturers’ global operations.
The result would not amount to a trade barrier, but it could still represent a significant hurdle, increasing the cost for Chinese manufacturers entering the European market. At the same time, this is an issue EU policymakers should consider carefully to avoid surprises in trade relations with a partner as important as China and to prevent being caught off guard by their own legal framework. Indeed, EU law empowers individuals to challenge transfers of personal data abroad, obliging national data protection authorities to act, as happened in the Schrems saga concerning personal data transfers from the EU to the U.S.
Attempts to address these issues through high-level EU–China Cross-Border Data Flow Communication Mechanism, which began in 2024, have produced limited progress. The two sides remain divided on a fundamental question. While the EU, as illustrated by the Data Act, is open to allowing the cross-border movement of non-personal data, such as engine or battery performance metrics (that is, information not relating to an identified or identifiable individual), China would prefer to enable reciprocal access to personal data as well. However, granting such access would conflict with the core principles of European data protection law, as it would not be possible to ensure the same level of protection under the Chinese legal framework, where Chinese government access to privately held personal data faces virtually no limitations.
And the problem of intellectual property
Data governance is only one side of the complex landscape involving connected vehicles. The second, less visible issue concerns the intellectual property that enables vehicle connectivity. Connected vehicles rely heavily on standardized communication technologies, including 4G and, soon, 5G mobile networks. These standards allow vehicles to communicate with mobile networks, infrastructure, and other devices.
Many of the technologies required to implement these standards are protected by patents owned by companies outside the automotive industry, namely in the telecommunications and software sectors. As a result, car manufacturers are no longer interacting only with suppliers of physical components. They are also negotiating with the global telecommunications industry over access to connectivity patented technologies.
When it comes to connectivity patents, licensing negotiations often take place through Avanci, a Texas-based licensing entity that acts as a one-stop shop, aggregating patents from dozens of technology companies across Europe, the U.S., and Asia. While this “patent pool” provides a comprehensive license for automotive connectivity technologies, car manufacturers have long complained that patent holders’ pricing policies lack transparency and extract unfairly high rents.
In contrast, Chinese manufacturers often operate under a different legal environment than EU competitors. Courts in China have imposed global royalty rates that are significantly lower than those negotiated elsewhere. In certain cases, Chinese courts have asserted the authority to determine worldwide licensing terms for patents that are valid in multiple jurisdictions. This allows manufacturers in China to obtain access to essential technologies at heavily discounted rates compared with other jurisdictions, while competitors abroad are legally bound to pay higher licensing fees.
This may create an uneven playing field in which Chinese manufacturers benefit from lower intellectual property costs when producing connected vehicles. Concerns about this imbalance have intensified as the Chinese electric vehicle footprint expands abroad. If vehicles produced in China incorporating standardized connectivity technologies are exported worldwide while paying reduced royalties at home, the resulting cost advantages could distort the global competition landscape.
These disputes have reached the international stage. In February 2026, the EU requested a World Trade Organization panel to review China’s practice of allowing its courts to set worldwide licensing terms, including royalties, for portfolios of standard essential patents that includes patents held by European firms, without the consent of patent holders. A previous complaint on the same issue, closed in July 2025, resulted in the WTO arbitrator agreeing that member states must implement the provisions of the Agreement on Trade-Related Aspects of Intellectual Property Rights in their own national systems, without undermining the protection and enforcement of intellectual property rights in other members’ territories. While the case formally concerned mobile phone producers, the same contested judicial practice could give Chinese manufacturers an unfair advantage not only in phones but also in connected vehicles.
Back to the basics: ensuring a level playing field
The tariffs introduced by the EU in 2024 have done little to shield Europe’s automotive industry from a surge of lower-cost imports, while further tariff increases risk raising final prices for European consumers and slowing the green transition. A more effective response would be to ensure full compliance with European data governance rules and equal treatment in patent licensing. In several areas, European manufacturers face regulatory and licensing costs that Chinese competitors can avoid due to weak enforcement of EU law and lenient treatment by courts in mainland China. Ensuring a genuine level playing field in these areas would help safeguard fair competition in the nascent connected car ecosystem and reduce the risk that a handful of firms accumulate dominant control over mobility data, thereby creating data-opolies similar to those that have emerged in social media markets. Pursuing this approach in relation to connected vehicles manufactured in China could also strengthen the EU’s position in transatlantic discussions by demonstrating that its regulatory framework addresses structural market distortions and fundamental rights concerns, rather than reflecting what the U.S. administration has described as discrimination against large American technology companies.
Author’s Disclosure: Oscar Borgogno and Giovanni Veronese work for the Banca d’Italia (Directorates General for Economics, Statistics and Research). The opinions expressed and conclusions drawn are those of the authors and do not necessarily reflect the views of the Banca d’Italia. The authors declare that they have no potential conflicts of interest.
Articles represent the opinions of their writers, not necessarily those of the University of Chicago, the Booth School of Business, or its faculty.
Subscribe here for ProMarket’s weekly newsletter, Special Interest, to stay up to date on ProMarket’s coverage of the political economy and other content from the Stigler Center.
