The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers’ precise geolocation and driving behavior data from millions of vehicles.
The U.S. government organization proposes a settlement in which the automotive giant will be barred from sharing drivers’ sensitive data for five years. The car maker also has to improve its data handling transparency while giving users more control over their information.
Multiple violations identified
American car maker General Motors owns the Chevrolet, Buick, GMC, and Cadillac brands. It produces over 6.1 million vehicles annually across manufacturing plants in eight countries.
OnStar, GM’s subsidiary, provides digital in-car services such as navigation, emergency services, security, communications, and remote diagnostics.
FTC’s investigation into the practices of the two companies found multiple violations that the organization highlighted in a complaint.
Specifically, FTC alleges that GM collected precise geolocation data every three seconds, as well as driving data (braking, speeding) from millions of vehicles without obtaining the consumers’ explicit consent.
This data was subsequently sold to third parties, including consumer reporting agencies like Verisk and Lexis Nexis, and later Jacobs Engineering, whose reports influenced those drivers’ insurance rates or even led to denial of coverage.
FTC further notes that GM misled consumers by making OnStar’s “Smart Driver” feature appear as a driving habits self-assessment tool rather than the data collection mechanism that it was.
The FTC also found GM’s privacy statements vague, failing to adequately inform consumers that their data were being collected and resold to third parties.
Proposed order
FTC’s proposed settlement bars GM and OnStar from engaging in similar practices for the next five years and introduces several additional provisions:
- Ban sharing geolocation and driver behavior data with consumer reporting agencies for 5 years.
- Obtain mandatory consumer consent before collecting or selling data.
- Deletion of prior-retained data unless consumers opt in.
- Allow consumers an easy way to access and delete their data.
- Give consumers a simple method to disable in-vehicle tracking and driving data collection.
- Improve transparency with clear disclosures about data collection and its usage.
- Limit data collection to only what is necessary for essential vehicle services.
Although the FTC did not announce a monetary fine for GM’s previous violations, it suggests civil penalties of up to $51,744 per violation of the provisions, giving the two firms a period of 180 days to comply.
Tracking you around
On Tuesday, BleepingComputer reported about Texas Attorney General Ken Paxton filing a lawsuit against car insuring firm Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans.
The tracking activity was done through adding Arity’s SDK in popular apps like Life360, GasBuddy, Fuel Rewards, and Routely, without drivers knowing or consenting to it.
The lawsuit also implicated several car makers, including Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram, who allegedly collected and sold data to Allstate and Arity directly.
Source link
-
-
-
-
-
-
-
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/24083307/DSC03735_processed.jpg)
