Reed Smith Client Alerts

In the era of Electric Vehicles (EVs), the surge in embedded electronics and vehicle apps present an unprecedented opportunity to enhance vehicle performance and efficiencies through data utilization. However, this requires stringent data governance practices. In this comparison table, we explore the data requirements and other regulatory considerations relating to EVs and vehicle usage apps across various jurisdictions including Singapore, Hong Kong, China, UK and the U.S. (California).

A PDF download of this information in a comparison table is available below.

Authors: Barbara Li Steve Tam Elle Todd Sarah L. Bruno Michael J. Rubayo Bryan Tan Eng Han Goh (Resource Law LLC)

Vehicle usage apps – the operation of the vehicle now requires apps to be set up and typically operated by the manufacturer

What are the basic data protection considerations in setting up an app?


The app must comply with the obligations of the Personal Data Protection Act 2012 (PDPA), in particular the transfer limitation and protection obligation.

The transfer limitation obligation requires the app to only transfer personal data to another country if the standard of protection is comparable to the protection under the PDPA.

The protection obligation requires the app to implement reasonable security arrangements to protect personal data and prevent unauthorized access, collection, use, disclosure or similar risks.

Hong Kong

The app must comply with the Personal Data (Privacy) Ordinance (PDPO), in particular the data protection principles regarding data collection, use and security.

Personal data must be collected for a lawful purpose directly related to a function or activity of the app. Such data cannot be used for a new purpose without prior consent from the app users.

The PDPO requires the app to take all practicable steps to ensure that any personal data held is protected against unauthorized or accidental access, processing, erasure, loss or use.


The collection and processing of personal data via the app shall comply with the Personal Information Protection Law of China (PIPL), in particular, by following the principles of legality, necessity and appropriateness, and also comply with the obligations on notification and consent, special requirements for sensitive personal data, security measures, etc. Some personal data may be deemed as sensitive personal data (e.g., whereabouts data and accurate positioning data) and shall be subject to separate consent of data subjects and more stringent protection measures.