The Federal Trade Commission (FTC) and General Motors (GM) announced an agreement yesterday that will see the automaker banned from selling data its cars gather about their drivers for five years.
The move comes after a New York Times investigation triggered an outcry over how automakers handle owner data. GM is the only automaker to respond publicly so far.
Your Car May Track Where and How You Drive
Many of today’s cars collect telematics data. That information can include a car’s location, mileage, speed, and sudden acceleration or hard braking incidents.
Last summer, a New York Times investigation found that several automakers keep and sell this data. They’re not alone – several phone apps do the same.
The buyers are typically auto insurers, often through third-party companies that collect the data, create reports on individual drivers, and sell them to auto insurance companies.
The investigation began when the Times looked into General Motors’ OnStar Smart Driver program – which GM marketed as a sort of driving coach. It advised owners on how to drive to save fuel. It also collected reports that GM sold to data giant LexisNexis, which resold them to insurers.
Further research found that Mitsubishi, Hyundai, and both Honda and its Acura luxury arm all offered similar driver coaching systems and sold related data to LexisNexis and a similar company, Verisk.
Some seemingly unrelated phone apps, including Life360 and the gas price service GasBuddy, do the same.
GM Shut its Program Down
After the report, GM shut the Smart Driver program down.
It hired a chief trust and privacy officer to overhaul how the company handled drivers’ data.
Yesterday the FTC banned the company “from disclosing consumers’ sensitive geolocation and driver behavior data to consumer reporting agencies” for five years. In a statement, GM says it “discontinued Smart Driver across all GM vehicles, unenrolled all customers, and ended our third-party telematics relationships with LexisNexis and Verisk” before the FTC’s action.
The company has also committed to “obtain affirmative customer consent to collect, use, or disclose certain types of connected vehicle data (with exceptions for certain purposes)” for 20 years.
Driver Privacy a Growing Concern
To date, GM is the only automaker to publicly admit to changing its practices. But others may soon be forced to follow suit.
In July, a pair of U.S. Senators issued a report noting that other automakers still sell similar driver data. Honda, the pair said, “shared data from 97,000 cars with Verisk, which paid Honda $25,920, or 26 cents per car, and it did so without obtaining informed consent from consumers.” Hyundai sold data from 1.7 million for about “61 cents per car.”
Both companies say they obtain consent for the practice in the documents buyers sign at purchase. But those can be difficult to understand, and buyers are often pressured to sign them quickly without a thorough review as part of a purchase.
In a 2023 analysis, privacy researchers from a prominent tech watchdog group found “cars the official worst category of products for privacy ever reviewed.”
Researchers found that many automakers reserved the right to collect and sell data from cars and even the phones that connect to them. Owners often consented to the practices in paperwork signed as part of a car sale, though Subaru’s policy even specifies that passengers consent to data collection just by entering a car.
Nissan’s privacy notice, the group said, says the company “can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes. We absolutely aren’t making that up.”
