Dive Brief:
- The Federal Trade Commission has reached a settlement agreement with General Motors Co. and its OnStar subsidiary for collecting and selling driving behavior data from millions of vehicles in the U.S. without adequate consent, including precise geolocation data, the agency announced in a proposal order Jan 16.
- As part of the proposed agreement, GM will be banned from disclosing sensitive data to consumer reporting agencies for five years from the date the order is entered. The automaker must also provide greater transparency to consumers over the collection, use and disclosure of their connected vehicle data.
- It’s the FTC’s first-ever action related to connected vehicle data and follows the finalization of a Department of Commerce rule last week banning vehicle software and hardware from China and Russia over national security concerns that it can be used to collect data from U.S. citizens.
Dive Insight:
Last May, the FTC announced that it will take action against any companies that unlawfully collect and use connected car data, including biometric, telematic and geolocation information. But as more new vehicles offer connectivity features, concerns about data privacy have escalated, including how third parties use customer driving behaviors and vehicle geolocation data.
In its proposed settlement with GM, the FTC wrote that tracking and collecting geolocation data can be “extremely privacy invasive,” revealing intimate details about a person’s life and exposing their daily routines, such as whether they visited a hospital or other medical facility.
In addition, the FTC claims that driving behavior data could be used to determine insurance rates for customers that are deemed a higher risk. According to the FTC, many consumers were unaware of these practices and complained to GM after discovering that their driving habits were being shared with insurance companies to determine their rates.
“GM monitored and sold people’s precise geolocation data and driver behavior information, sometimes as often as every three seconds,” said former FTC Chair Lina M. Khan, in the release. “With this action, the FTC is safeguarding Americans’ privacy and protecting people from unchecked surveillance.”
According to the FTC, GM used a “misleading enrollment process” to get consumers to sign up for its OnStar connected vehicle service plan and the OnStar “Smart Driver” feature, which are sold as monthly or yearly subscriptions.
GM informed customers purchasing new vehicles that its Smart Driver feature would help them assess their driving habits. But when customers signed up, the automaker failed to adequately disclose it was collecting driving behavior data from their vehicles and selling it to third parties. Over time, GM increased the amount of data it collected to include precise geolocation.
The FTC also determined that GM failed to clearly disclose to consumers that behavior data collected via Smart Driver would be sold to consumer reporting agencies, including every instance of hard braking, late night driving, and speeding. Vehicle telematics data was also sold to third party companies LexisNexis and Verisk.
GM has since discontinued its Smart Driver program but still offers OnStar. The OnStar premium plan costs $52.99 per month, while a full-year plan costs $579.90, according to OnStar’s website.
As part of the proposed settlement order with the FTC, GM agrees to “obtain affirmative customer consent to collect, use, or disclose certain types of connected vehicle data” with exceptions for certain purposes. The duration of the agreement is 20 years.
However, the FTC order will be subject to public comment for 30 days after publication in the Federal Register. After the 30-day period, the Commission will decide whether to make the proposed consent order final, according to the release.
Last September after the FTC launched its investigation of GM, the company consolidated many of its U.S. privacy statements into a more simple document, so that customers can better understand how their data is collected and used. The automaker also expanded its privacy program in all 50 states with options for customers to access and delete their personal information more easily.
“We’re more committed than ever to making our policies and controls clear and accessible as we continue to evolve the driving experience for our customers,” GM said in a statement in response to the FTC’s proposed order.
