Two car manufacturers are collecting and sending their Australian customers’ data to China

Automakers MG and Great Wall Motors have included vast and vague data collection in their privacy policies.

Automakers MG and Great Wall Motors have included vast and vague data collection in their privacy policies. Photo: AAP

Two Chinese-owned car manufacturers collect their Australian customer’s personal information and transfer it to China, according to analysis of their privacy policies.

Analysis from Top10VPN found many Chinese car manufacturers, including MG and Great Wall Motors (GWM), allow widespread data collection of users, their vehicles and their devices when connected to smart-car ecosystems.

Experts have previously told The New Daily about the risks involved in widespread data collection, including how it becomes easier to commit identity theft with larger data sets available, the threat of data breaches and how it is impossible to police how personal information is used if it leaves Australia.

MG and Great Wall Motors (GWM) privacy policies allow for customers’ private information to be available to third parties outside Australian jurisdiction and law.

The pair have a strong market presence in Australia due to their affordable vehicles.

Great Wall Motors

Most Australians will know GWM for its cheap ute, and the company sold over 25,000 vehicles in 2022.

GWM “may disclose personal information to our related companies overseas and to our overseas service providers,” according to its privacy policy.

“The countries in which these third parties are located will depend on the circumstances,” the policy reads.

“In the ordinary course of business, we commonly disclose personal information to parties located in China.”

The company collects a vast range of personal information, including names, addresses, gender, date of birth, mobile phone numbers, email addresses, usernames and passwords, and profile photos.

MG and Great Wall Motors collect a vast amount of data from user’s devices. Photo: Getty

Device data collected includes GPS location, message content, message metadata, mobile device identifiers, IP addresses, device brand and model, operating system and browser version.

According to the analysis, GWM fails to disclose what data they collect from in-vehicle systems. It also stores the data “as long as necessary,” and doesn’t say which third parties it shares data with.

The company’s Google Play Store listing was significantly inaccurate and “failed to indicate that its mobile app collected a user’s name and phone number, along with the contents of email and text messages.”

The company ambiguously promises to anonymise or delete personal information, but its app also asks for permission to read all of a device’s media files and for alerts when the user is actively using it.

GWM was contacted for comment.


MG has been making waves because of its cheap electric vehicles, with its entry-level petrol-fuel model costing just $19,990, making it an ultra-competitive low-cost market standout.

The company was one of the best-performing in data privacy out of the 10 companies examined, but the analysis still highlighted several issues with its policies and practices.

MG’s parent company, SAIC, is wholly owned by the Chinese government, and the car manufacturer conducts a high level of data collection and asks for a large number of high-risk app permissions.

“It’s clear that any MG customers’ personal data transferred to its state-owned parent company SAIC Motor would be easily accessible to the local authorities,” the analysis states.

It collects more than 50 individual data points about users, their vehicles and devices.

Personal information collected includes names, addresses, email addresses, passwords, mobile numbers, unique identifiers and voice data.

It also collects device data like GPS locations, IP addresses, content accessed, date and time the device is accessed and calendar entries.

MG also collects information on driving route and vehicle GPS data, but was found to have the most consumer-friendly policies around data storage and deletion.

The company stores location data for one year and user information until the account is deleted, states it shares its data with Amazon and users can withdraw consent for their data to be used in advertising. It also accurately labelled its privacy labels in the Apple and Android app stores.

Their app also requests permission to silently download without notifying the user.

MG was contacted for comment.

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Copyright © 2024 The New Daily.
All rights reserved.