Currently, China’s data governance of connected vehicles needs to balance the interests among personal information protection, the development of digital market and national security. However, the existing law does not clarify the right of data generated by connected vehicles or the method of personal information protection. Moreover, the proposed cross-border data transfer review mechanism may not be sufficient to protect national security. EU, by means of active legislative and judicial approaches, takes the approach of enlarging the data protection scope of connected vehicles by safeguarding the right of communication of terminal equipment. By clarifying data rights and promoting the free movement of data within its border, EU removes barriers to the digital economy and blocks the monopoly of European market by US internet tycoons. These in turn promote the development of EU digital market. By means of public security exception, EU safeguards the right of its member States to regulate the digital industry through public security concerns. In contrast, the US largely confers the right to regulate connected vehicles to industrial self-discipline and promotes digital economy through a free market approach. The State Laws of the US offer a much narrower protection of personal information. The US also brings safeguards to its national security through restricting the right of “foreign adversaries” to access US sensitive personal information, since it has been reluctant to regulate the cross-border transfer of data. A study of EU and US approaches indicates that the data governance of connected vehicles needs to balance those three aspects because the concept of data has three attributes: personal data, productive factor as well as intelligence. The design of personal information protection would directly impact the development of data market as well as national security. The development of data market does not necessarily contradict with the protection of national security, and they can have a balanced development with scientific identification of the driving force of digital market and the origin of threat to national security. As to China, the three attributes of data correspond with the three aspects of connected vehicle data regulation. Consequently, the institutional design needs to overcome the restriction of different departments of law and be integral. While it is advisable for China to invoke stringent protections of sensitive personal information, non-sensitive personal information should receive categorized protection and data sharing should also be facilitated. Meanwhile, cross-border data transfer review, negative list of foreign investment as well as foreign investment review may contribute to the elimination of national security risks incurred by the cross-border transfer of connected vehicle data. Only in this way can the industrial development of smart vehicles, personal information protection and national security be balanced and promoted.