GM Agrees to $12.75M Settlement Over Driver Data Sales in California

General Motors (GM) has agreed to pay California $12.75 million over claims it breached the California Consumer Privacy Act (CCPA). Allegedly, GM collected and sold driver data without consent.

Allegations and Settlement

The focus is on GM's OnStar and 'Smart Driver' systems. These reportedly shared driving and location data with brokers like Verisk Analytics and LexisNexis Risk Solutions from 2020 to 2024. This is the largest CCPA-related penalty so far.

Attorney General Rob Bonta said GM sold data without drivers knowing, despite promises otherwise. The data included detailed location info, revealing personal habits.

Settlement Terms

GM must do several things beyond paying up:

• Stop selling driving data to consumer agencies and brokers for five years.
• Delete driving data within 180 days unless drivers say it's okay to keep it.
• Ask LexisNexis and Verisk to delete past data.
• Beef up its privacy program and check in with regulators regularly.

California officials noted that state laws probably kept drivers' insurance rates from spiking due to these data sales.

Auto Industry and Data Privacy

The auto industry faces more scrutiny over data privacy as cars get smarter. The Federal Trade Commission (FTC) had previously slammed GM for similar issues, resulting in a five-year data sales ban.

This GM case is key for enforcing data rules, warning companies to follow privacy laws.

What's Still Unclear:

• How will GM's compliance be monitored going forward?
• What exact steps will GM take in its privacy program?
• Could this spark more lawsuits against other car makers?

Why This Matters:

This settlement highlights the rising importance of data privacy, especially in industries handling tons of personal info. It sets a standard for enforcing privacy laws on big companies, particularly in tech-heavy fields like automotive. As cars get more connected, protecting consumer data is crucial.