The Federal Trade Commission (FTC)’s recent settlement with General Motors (GM) and its OnStar subsidiary has brought significant changes to the automaker’s data practices. The FTC has imposed a five-year ban on GM’s practice of selling sensitive customer geolocation data to data brokers. This ban means that GM will no longer share precise driving behavior or location data with third-party companies like Verisk Analytics and LexisNexis, who previously used this information to create consumer reports for insurance companies.
The allegations against GM stem from its OnStar Smart Driver program, which was initially meant to help customers monitor their driving habits. However, GM was found to be using this data to create detailed profiles of individual drivers, which were then sold to data brokers without the customers’ knowledge or consent. This practice of selling data on customer behavior, including specific trip locations, driving speeds, and even radio stations listened to, led to adverse consequences for consumers, such as higher insurance premiums and breaches of privacy.
The FTC discovered that GM’s privacy policy was misleading and failed to adequately disclose the extent of data collection and sharing. Customers were often pressured into signing up for the OnStar Smart Driver program without fully understanding how their data would be used and shared. The lack of transparent privacy disclosures meant that consumers were not given the opportunity to make informed choices about participating in the program. Additionally, GM did not inform customers that their data would be sold to third-party data brokers, who then sold it to insurance companies.
As part of the FTC settlement, GM is now required to implement several corrective measures to protect consumer privacy. These measures include obtaining explicit consent from customers before collecting their data, providing options for data deletion and limiting collection, allowing customers to request and delete their data, and ensuring transparency about data usage. The five-year ban on selling data represents a significant move towards enhancing consumer privacy in the automotive industry, underscoring the importance of strict privacy protocols for maintaining consumer trust.
In light of these developments, businesses in the automotive sector must prioritize consumer privacy and data protection to avoid sanctions and maintain a positive reputation. The FTC’s enforcement actions serve as a reminder that companies must be transparent about their data practices and obtain consent from customers before using or sharing their personal information. By adhering to these guidelines, businesses can build greater trust with their customers and safeguard sensitive data from unauthorized access or misuse.