The Federal Trade Commission (FTC) reached a settlement with General Motors (GM) and its OnStar subsidiary, imposing a five-year ban on the automaker’s practice of selling sensitive customer geolocation data to data brokers. GM will no longer share precise driving behavior or location data with third-party companies, such as Verisk Analytics and LexisNexis, which used it to create consumer reports for insurance companies. In addition to halting the sale of this data, GM is also required to obtain clear, explicit consent from customers before collecting or using their information. The settlement also mandates that GM provide consumers with clear options for managing how their data is shared.
The FTC’s allegations stem from GM’s practice of gathering geolocation data
From its OnStar Smart Driver program, which was designed to help customers monitor their driving habits. However, GM used this data to create detailed profiles of individual drivers, which were then sold to data brokers. This practice allowed GM to sell data on customer behavior, including the exact location of trips, driving speeds, and even radio stations listened to, without informing customers or obtaining their consent. Consumers who were unaware of this data-sharing practice found themselves facing higher insurance premiums, insurance cancellations, or the exposure of private information.
GM’s privacy policy was found to be misleading, failing to properly disclose the full scope of data collection and sharing. The FTC noted that GM had pressured customers into signing up for the OnStar Smart Driver program, often obscuring the true nature of the data collection in the process. The privacy disclosures were inadequate, and consumers were often not given fair, informed choices about whether to participate in the program. The automaker also misled customers about how their data would be used, failing to mention that it would be sold to third-party data brokers, which in turn sold it to insurance companies.
Under the new FTC settlement, GM is required to take several corrective actions, including obtaining clear consent from consumers before collecting their data, offering an option to delete their data, and allowing customers to limit data collection. GM must also enable customers to request a copy of their data and erase it if they wish. The five-year ban on data sales marks a significant step toward increased consumer privacy protection in the automotive industry, with the FTC emphasizing that adherence to strict privacy protocols is essential for businesses to maintain consumer trust.
