I would say, in two ways. First would be through what people call cellular modules or CIMs, which are susceptible to remote manipulation because they require software updates from the manufacturers. There have been a number of reports, sadly, about remote access and remote manipulation of Chinese-made cellular modules in electric vehicles, including one in the United Kingdom. It was in a ministerial car, which was bugged as a result, so these are really very important national security implications around this.
In addition to that, a key point about data transfer is that we have, in the European Union, the general data protection regulation, GDPR, but the reality of that situation is that it doesn't really save us when it comes to data transfer to China. The reason is that it's still possible for any company to transfer to any partner company in China if they have contracts with each other and there are certain clauses in those contracts. Those clauses say that they will, of course, protect people's data. However, they don't, and they can't. The reason that they can't is that, in China, the intelligence security law of 2017 and a number of other pieces of legislation require every Chinese company to hand over data upon request and to deny that such a request has happened if they are asked. So, from a data protection point of view, that means that your data can be legally transferred to China, that the state may have access to it, that you will never know, and that the company is not permitted to tell you by law.