The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers’ precise geolocation and driving behavior data from millions of vehicles.The U.S. government organization [proposes a settlement](https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-takes-action-against-general-motors-sharing-drivers-precise-location-driving-behavior-data) in which the automotive giant will be barred from sharing drivers’ sensitive data for five years. The car maker also has to improve its data handling transparency while giving users more control over their information.Multiple violations identified——————————American car maker General Motors owns the Chevrolet, Buick, GMC, and Cadillac brands. It produces over 6.1 million vehicles annually across manufacturing plants in eight countries.OnStar, GM’s subsidiary, provides digital in-car services such as navigation, emergency services, security, communications, and remote diagnostics.FTC’s investigation into the practices of the two companies found multiple violations that the organization highlighted in a complaint.Specifically, [FTC alleges](https://www.ftc.gov/system/files/ftc_gov/pdf/242_3052_-_general_motors_complaint.pdf) that GM collected precise geolocation data every three seconds, as well as driving data (braking, speeding) from millions of vehicles without obtaining the consumers’ explicit consent.This data was subsequently sold to third parties, including consumer reporting agencies like Verisk and Lexis Nexis, and later Jacobs Engineering, whose reports influenced those drivers’ insurance rates or even led to denial of coverage.FTC further notes that GM misled consumers by making OnStar’s ‘Smart Driver’ feature appear as a driving habits self-assessment tool rather than the data collection mechanism that it was.The FTC also found GM’s privacy statements vague, failing to adequately inform consumers that their data were being collected and resold to third parties.Proposed order————–FTC’s proposed settlement bars GM and OnStar from engaging in similar practices for the next five years and introduces several additional provisions:* Ban sharing geolocation and driver behavior data with consumer reporting agencies for 5 years.* Obtain mandatory consumer consent before collecting or selling data.* Deletion of prior-retained data unless consumers opt in.* Allow consumers an easy way to access and delete their data.* Give consumers a simple method to disable in-vehicle tracking and driving data collection.* Improve transparency with clear disclosures about data collection and its usage.* Limit data collection to only what is necessary for essential vehicle services.Although the FTC did not announce a monetary fine for GM’s previous violations, it suggests civil penalties of up to $51,744 per violation of the provisions, giving the two firms a period of [180 days to comply](https://www.ftc.gov/system/files/ftc_gov/pdf/242_3052_-_general_motors_decisionandorder.pdf).Tracking you around——————-On Tuesday, BleepingComputer reported about Texas Attorney General Ken Paxton filing a [lawsuit against car insuring firm Allstate](https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/) and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans.The tracking activity was done through adding Arity’s SDK in popular apps like Life360, GasBuddy, Fuel Rewards, and Routely, without drivers knowing or consenting to it.The lawsuit also implicated several car makers, including Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram, who allegedly collected and sold data to Allstate and Arity directly.*Update 1/19:* GM’s statement can be [found here](https://news.gm.com/home.detail.html/Pages/news/us/en/2025/jan/0117-gm.html). ### Related Articles:[Allstate car insurer sued for tracking drivers without permission](https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/)[Apple offers $95 million in Siri privacy violation settlement](https://www.bleepingcomputer.com/news/security/apple-offers-95-million-in-siri-privacy-violation-settlement/)[FTC distributes $72 million in Fortnite refunds from Epic Games](https://www.bleepingcomputer.com/news/gaming/ftc-distributes-72-million-in-fortnite-refunds-from-epic-games/)[FTC cracks down on Genshin Impact gacha loot box practices](https://www.bleepingcomputer.com/news/gaming/ftc-cracks-down-on-genshin-impact-gacha-loot-box-practices/)[GDPR complaints filed against TikTok, Temu for sending user data to China](https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/)
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 336 – Transportation Equipment Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 92 – Public Administration
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 523 – Securities
Commodity Contracts
Other Financial Investments And Related Activities
NAICS: 522 – Credit Intermediation And Related Activities
Associated Indicators: