> The idea as I've presented it is probably unworkable. But maybe with some tinkering ...
Actually no. It is perfectly workable. In fact that is how cars in the 90s were made. Lots of discrete systems and components, hanging of a bus and communicating with each other (except without the "CSM", because who would want that in a car?). It was perfectly possible to disconnect/replace the traction control/ABS/Engine/Transmission ECUs and still have the rest work. Which is why these cars make excellent doners for kit/replica cars nowadays.
Try to use any important bits from a modern car in a replica or kit car and you will find it a massive PITA, usually all the core bits are intergrated into one master ECU, and removing/changing bits and pieces makes the whole thing throw a wobbly and refuse to work. Getting such hardware to work usually involving making your own hardware/software equivalent systems, which is usually too expensive to be worth it.
This started from the 2000s onwards, integrating things like transmission, engine and anti-lock brake ECUs into one. Slowly they took this to the extreme, where it is pretty much impossible now to disconnect a single part of a cars system without the whole thing failing. A bunch of enterprising chaps have developed "defeat devices" for some of these systems, which fool the ECU into thinking the original system is still present, but even that is getting harder and harder to do, especially with the CSM module being tightly integrated. I guess they would not want you defeating that easily.
From my perspective, I would never want to buy a car that is always on connected, or that has a data plan and a privacy statement for your collected data, so I guess I will stick with pre-CSM cars.
As per your suggestion, what should be made a requirement is the ability to disconnect/replace any such CSM modules from a car and have it still work (personally I would like to go back to the 90s "distributed ECU" model, with modern components). It is technically feasible to this , but I strongly suspect that governments and the powers that be would not want it to be made easy.
Too much potential benefit for them to be able to ask the car manufacturers for backdoor access to historic vehicle data (or possibly direct vehicle access), especially if non-compliance could result in said manufacturer not being able to sell in that market.