The Federal Trade Commission (FTC) has initiated action against General Motors (GM) and its subsidiary OnStar over allegations that the companies secretly collected and sold drivers’ precise geolocation and behavior data without adequate consumer consent. This data, including details like hard braking, late-night driving, and speeding, was reportedly used by consumer reporting agencies to influence insurance rates.
In a proposed settlement, GM, GM Holdings, and OnStar would face a five-year ban on sharing sensitive driver data with consumer reporting agencies and must adopt measures to ensure greater transparency and control for consumers regarding their connected vehicle data. The FTC’s move marks its first enforcement related to connected vehicle data and aims to safeguard privacy in an increasingly data-driven automotive sector.
The complaint alleges that GM misled consumers during the OnStar service enrollment process, failing to properly disclose that their data would be sold to third parties. In addition, GM’s confusing sign-up process for the OnStar Smart Driver feature left many consumers unaware of the scope of data collection. One consumer shared their frustration, noting that they had not been told their driving habits would be shared with third-party agencies affecting their insurance premiums.
As part of the settlement, GM and OnStar must clearly disclose their data collection practices, secure consent before collecting sensitive data, and allow consumers to access and delete their data. Furthermore, consumers would be given the option to disable certain types of data collection.
The proposed order is open for public comment for 30 days before the Commission decides on finalizing the settlement. The action emphasizes the need for stronger privacy protections in the connected vehicle industry, where data collection practices are often opaque and extensive.
In response to the settlement GM posted this statement,
“General Motors has reached a settlement agreement with the Federal Trade Commission to address privacy concerns about our now-discontinued Smart Driver program.
Respecting our customers’ privacy and earning their trust is deeply important to us. Although Smart Driver was created to promote safer driving behavior, we ended that program due to customer feedback. Last year, we discontinued Smart Driver across all GM vehicles, unenrolled all customers, and ended our third-party telematics relationships with LexisNexis and Verisk. In September, we consolidated many of our U.S. privacy statements into a single, simpler statement as part of our broader work to keep raising the bar on privacy.
The FTC consent order includes new measures that go above and beyond existing law, while capturing steps we’ve already taken to establish choices for customer data collection and communications about how the information is used. As part of the agreement, GM will obtain affirmative customer consent to collect, use, or disclose certain types of connected vehicle data (with exceptions for certain purposes). The duration of the agreement is 20 years.
We’re also giving customers more transparency and control. We’ve expanded a GM privacy program to provide customers in all 50 states with options to access and delete their personal information. To exercise your privacy rights, visit GM’s US Consumer Privacy Request Form or call 1-866-MYPRIVACY (1-866-697-7482).
We’re more committed than ever to making our policies and controls clear and accessible as we continue to evolve the driving experience for our customers.”