Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here
General Motors data collection and sharing controversy: Difference between revisions
Jump to navigation
Jump to search
tone changes - also all the references appear to be bugged - someone who understands them better than me should have a go at fixing |
fix ref links |
||
| Line 1: | Line 1: | ||
<!-- IMPORTANT: CURRENTLY ALL THE REFERENCES FOR THIS ARTICLE ARE BUGGED. -->General Motors (GM) has been collecting & monetizing driving data from millions of internet connected vehicles since 2015; through its OnStar system & vehicle telematics, GM gathers comprehensive data about drivers; including trip details, driving behavior, & real-time location information.<ref name="texaslawsuit"> | <!-- IMPORTANT: CURRENTLY ALL THE REFERENCES FOR THIS ARTICLE ARE BUGGED. -->General Motors (GM) has been collecting & monetizing driving data from millions of internet connected vehicles since 2015; through its OnStar system & vehicle telematics, GM gathers comprehensive data about drivers; including trip details, driving behavior, & real-time location information.<ref name="texaslawsuit">[[:File:General_Motors_Original_Petition_Filestamped.pdf|General Motors Original Petition (Filestamped)]]</ref> These data collection practices have been marketed to drivers as features for safety & convenience, however they have faced legal and regulatory scrutiny alleging that the practices are potentially deceptive, and that consumers were given inadequate disclosure.<ref name="nytimes">[https://web.archive.org/web/20240311090514/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html Carmakers, Driver Tracking, and Insurance] ''The New York Times'' Retrieved 2025-01-19</ref> | ||
GM has shared driving data from over 14 million vehicles (including 1.8 million in Texas alone) with commercial data brokers like LexisNexis & Verisk, who analyze it to create "driving scores" that are sold to insurance companies.<ref name="texaslawsuit" /> These scores have reportedly led to increased insurance premiums and coverage denials for consumers who were unaware their data was being collected and sold.<ref name="nytimes" /> Additionally, investigations have revealed that GM shares customer location data with law enforcement through subpoenas rather than requiring warrants, a practice that contradicts the company's public privacy commitments.<ref name="wydenletter1">[[:File:Signed_wyden_markey_letter_to_ftc_with_attachmentpdf.pdf|Signed Wyden-Markey Letter to FTC with Attachment]] 2024-04-30</ref> | |||
The company's data collection practices have attracted attention from federal legislators, state attorneys general, & privacy advocates, who argue that GM failed to obtain informed consent from consumers & used deceptive techniques to enroll drivers in data collection programs without their informed consent.<ref name="wydenletter2">Wyden, Ron and Markey, Edward. [[:File:Wyden-markey_auto_privacy_letter_to_ftc.pdf|Wyden-Markey Auto Privacy Letter to FTC]] 2024-07-26</ref>This article examines GM's data collection and sharing practices, their impact on consumers, and the resulting legal and regulatory challenges, as well as the harm done by the [[EULA roofie]]. | |||
== Background == | == Background == | ||
Since 2015, General Motors has installed technology in its vehicles that collects, records, and transmits highly specific "Driving Data" about vehicle usage.<ref name="texaslawsuit" | Since 2015, General Motors has installed technology in its vehicles that collects, records, and transmits highly specific "Driving Data" about vehicle usage.<ref name="texaslawsuit" /> While marketed to consumers as improving vehicle safety and functionality, these internet-connected systems allow the manufacturer unprecedented surveillance of driver behavior, & the ability to share that surveillance capabilities to any company that will pay for it. When consumers purchase a GM vehicle, their primary concern is typically getting from Point A to Point B. However, investigations have shown that these purchases unwittingly enrolled many drivers into a data collection system with far-reaching consequences.<ref name="texaslawsuit" /> | ||
=== Evolution of Data Collection === | === Evolution of Data Collection === | ||
The practice began in 2005 when GM partnered with insurance carriers to provide usage-based insurance through devices customers would voluntarily install. As technology advanced, separate monitoring devices became unnecessary - GM began manufacturing vehicles with built-in telematics systems that could directly obtain the same data.<ref name="texaslawsuit" | The practice began in 2005 when GM partnered with insurance carriers to provide usage-based insurance through devices customers would voluntarily install. As technology advanced, separate monitoring devices became unnecessary - GM began manufacturing vehicles with built-in telematics systems that could directly obtain the same data.<ref name="texaslawsuit" /> The OnStar system, installed in most GM vehicles since 2015, consists of both hardware (cameras, sensors, speakers) and software components that enable comprehensive data collection.<ref name="texaslawsuit" /> | ||
=== Investigations & Oversight === | === Investigations & Oversight === | ||
Several major investigations have examined the scope of GM's data practices: | Several major investigations have examined the scope of GM's data practices: | ||
* '''NY Times Investigation''': In March 2024, reporting revealed how GM's OnStar Smart Driver program collected and shared driving data with data brokers like LexisNexis and Verisk. The investigation found many cases where drivers faced insurance premium rate hikes based on this data without their knowledge. In one case, a careful driver with no accidents saw his insurance go up 21% due to data in his LexisNexis report, which contained over 130 pages detailing six months of driving behavior. | * '''NY Times Investigation''': In March 2024, reporting revealed how GM's OnStar Smart Driver program collected and shared driving data with data brokers like LexisNexis and Verisk. The investigation found many cases where drivers faced insurance premium rate hikes based on this data without their knowledge. In one case, a careful driver with no accidents saw his insurance go up 21% due to data in his LexisNexis report, which contained over 130 pages detailing six months of driving behavior.<ref name="nytimes" /> | ||
* '''Legislative Action''': Senators Ron Wyden and Edward Markey requested FTC investigation into automakers' deceptive practices, particularly focusing on GM's use of "dark patterns" and misleading interfaces to obtain nominal consent for data collection; which has been characterized as an example of a [[EULA roofie]]<!-- term used needs changing at some point to whaterver we decide the 'official' term should be -->.<ref name="wydenletter1" | * '''Legislative Action''': Senators Ron Wyden and Edward Markey requested FTC investigation into automakers' deceptive practices, particularly focusing on GM's use of "dark patterns" and misleading interfaces to obtain nominal consent for data collection; which has been characterized as an example of a [[EULA roofie]]<!-- term used needs changing at some point to whaterver we decide the 'official' term should be -->.<ref name="wydenletter1" /><ref name="wydenletter2" /> Their investigation found that GM was selling data for pennies per vehicle - Honda received just 26 cents per car for data sold to Verisk, while Hyundai got 61 cents.<ref name="wydenletter2" /> | ||
* '''Texas Lawsuit''': In August 2024, the Texas Attorney General filed suit against GM and OnStar LLC for violating the Texas Deceptive Trade Practices Act. The lawsuit revealed that GM had collected data from over 14 million vehicles nationally and 1.8 million in Texas alone, while maintaining a network of over 300 dealerships that were incentivized to enroll customers in data collection programs through commissions.<ref name="texaslawsuit" | * '''Texas Lawsuit''': In August 2024, the Texas Attorney General filed suit against GM and OnStar LLC for violating the Texas Deceptive Trade Practices Act. The lawsuit revealed that GM had collected data from over 14 million vehicles nationally and 1.8 million in Texas alone, while maintaining a network of over 300 dealerships that were incentivized to enroll customers in data collection programs through commissions.<ref name="texaslawsuit" /> | ||
The scope of data collection expanded considerably in recent years. Beyond standard vehicle diagnostics, GM now collects detailed behavioral data including driving speed, acceleration patterns, braking habits, seatbelt usage, & even radio listening habits - information that has proven valuable to insurers, marketers, & other commercial entities.<ref name="texaslawsuit"> | The scope of data collection expanded considerably in recent years. Beyond standard vehicle diagnostics, GM now collects detailed behavioral data including driving speed, acceleration patterns, braking habits, seatbelt usage, & even radio listening habits - information that has proven valuable to insurers, marketers, & other commercial entities.<ref name="texaslawsuit" /><ref name="nytimes" /> | ||
== Data Collection Practices == | == Data Collection Practices == | ||
| Line 31: | Line 28: | ||
* '''Vehicle Operation''': Current speed, acceleration patterns, braking power, & seatbelt status | * '''Vehicle Operation''': Current speed, acceleration patterns, braking power, & seatbelt status | ||
* '''Technical Data''': Including synthetic keys, trip IDs, GPS coordinates, engine diagnostics, & fuel usage | * '''Technical Data''': Including synthetic keys, trip IDs, GPS coordinates, engine diagnostics, & fuel usage | ||
* '''Additional Metrics''': Vehicle ignition status, odometer readings, & even radio listening patterns<ref name="texaslawsuit" | * '''Additional Metrics''': Vehicle ignition status, odometer readings, & even radio listening patterns<ref name="texaslawsuit" /> | ||
The system automatically logs events deemed "bad driving behavior," including late-night driving, hard braking, sharp turns, and speeds over 80 miles per hour.<ref name="texaslawsuit" | The system automatically logs events deemed "bad driving behavior," including late-night driving, hard braking, sharp turns, and speeds over 80 miles per hour.<ref name="texaslawsuit" /> | ||
=== Data Monetization === | === Data Monetization === | ||
| Line 40: | Line 37: | ||
# '''Direct Sales''': Between 2015-2024, GM sold data to Verisk Analytics and LexisNexis Risk Solutions, receiving multi-million dollar lump sum payments | # '''Direct Sales''': Between 2015-2024, GM sold data to Verisk Analytics and LexisNexis Risk Solutions, receiving multi-million dollar lump sum payments | ||
# '''Ongoing Revenue''': The company earns "royalty payments" from data brokers based on subsequent license sales to insurers | # '''Ongoing Revenue''': The company earns "royalty payments" from data brokers based on subsequent license sales to insurers | ||
# '''Volume Incentives''': GM receives guaranteed annual payments when providing data from a threshold number of vehicles<ref name="texaslawsuit" | # '''Volume Incentives''': GM receives guaranteed annual payments when providing data from a threshold number of vehicles.<ref name="texaslawsuit" /> | ||
=== Third-Party Sharing === | === Third-Party Sharing === | ||
GM's data sharing network includes: | GM's data sharing network includes: | ||
* '''Data Brokers''': Companies like Verisk and LexisNexis compile "telematics exchanges" containing data from over 16 million customers' vehicles<ref name="texaslawsuit" | * '''Data Brokers''': Companies like Verisk and LexisNexis compile "telematics exchanges" containing data from over 16 million customers' vehicles.<ref name="texaslawsuit" /> | ||
* '''Insurance Companies''': At least eight different insurers accessed one customer's data through LexisNexis in a single month | * '''Insurance Companies''': At least eight different insurers accessed one customer's data through LexisNexis in a single month.<ref name="nytimes" /> | ||
<big>* '''Law Enforcement''': Unlike Honda, Ford, Tesla, & Stellantis, GM provides location data without requiring a warrant<ref | <big>* '''Law Enforcement''': Unlike Honda, Ford, Tesla, & Stellantis, GM provides location data without requiring a warrant.<ref name="wydenletter1" /></big> | ||
* '''Other Partners''': GM shared location data with an unnamed British data broker (likely Wejo) until May 2023, then began sharing with another undisclosed company<ref | * '''Other Partners''': GM shared location data with an unnamed British data broker (likely Wejo) until May 2023, then began sharing with another undisclosed company<ref name="wydenletter2"/> | ||
== Consumer Impact == | == Consumer Impact == | ||
| Line 56: | Line 53: | ||
* '''Bundled Consent''': The OnStar "onboarding" process combines data sharing acceptance with safety features & theft alerts | * '''Bundled Consent''': The OnStar "onboarding" process combines data sharing acceptance with safety features & theft alerts | ||
* '''Overwhelming Information''': Customers must navigate over fifty pages of disclosures about OnStar products during vehicle purchase | * '''Overwhelming Information''': Customers must navigate over fifty pages of disclosures about OnStar products during vehicle purchase | ||
* '''Hidden Terms''': Data sharing agreements are buried in complex privacy policies that don't explicitly mention data sales<ref name="texaslawsuit" | * '''Hidden Terms''': Data sharing agreements are buried in complex privacy policies that don't explicitly mention data sales.<ref name="texaslawsuit" /> | ||
=== Financial Consequences === | === Financial Consequences === | ||
| Line 63: | Line 60: | ||
* '''Insurance Increases''': Some drivers saw premiums rise by 21% based on collected data {{Citation needed}} | * '''Insurance Increases''': Some drivers saw premiums rise by 21% based on collected data {{Citation needed}} | ||
* '''Coverage Denials''': At least one Cadillac owner was denied coverage by seven different insurance companies due to their driving data {{Citation needed}} | * '''Coverage Denials''': At least one Cadillac owner was denied coverage by seven different insurance companies due to their driving data {{Citation needed}} | ||
* '''No Notice''': Only Tesla currently informs customers when their data is shared with third parties<ref name="wydenletter2" /> | * '''No Notice''': Only Tesla currently informs customers when their data is shared with third parties<ref name="wydenletter2" /><ref name="nytimes" /> | ||
=== Privacy Issues === | === Privacy Issues === | ||
| Line 70: | Line 67: | ||
* '''Mandatory Sharing''': Internet-connected features can't be used without accepting some level of data collection | * '''Mandatory Sharing''': Internet-connected features can't be used without accepting some level of data collection | ||
* '''Long Retention''': GM stores detailed driving records for extended periods - far longer than competitors like Tesla and Mercedes-Benz who limit data retention | * '''Long Retention''': GM stores detailed driving records for extended periods - far longer than competitors like Tesla and Mercedes-Benz who limit data retention | ||
* '''Limited Control''': Customers have no meaningful way to limit data sharing while maintaining vehicle connectivity.<ref name="wydenletter2" | * '''Limited Control''': Customers have no meaningful way to limit data sharing while maintaining vehicle connectivity.<ref name="wydenletter2" /> | ||
== Legal Challenges == | == Legal Challenges == | ||
| Line 78: | Line 75: | ||
* Used deceptive enrollment practices through dealership incentive programs | * Used deceptive enrollment practices through dealership incentive programs | ||
* Misrepresented how customer data would be used and shared | * Misrepresented how customer data would be used and shared | ||
* Created an "all-seeing surveillance system" that monetized private consumer behavior<ref name="texaslawsuit"> | * Created an "all-seeing surveillance system" that monetized private consumer behavior.<ref name="texaslawsuit" /> | ||
The suit seeks civil penalties and restitution for affected consumers, as well as requirements for GM to delete collected data and implement clear opt-out mechanisms.<ref name="texaslawsuit" /> | |||
== See Also == | == See Also == | ||
* [[Automotive data privacy]] | * [[Automotive data privacy]] | ||
| Line 88: | Line 86: | ||
== References == | == References == | ||
{{reflist}} | |||
[[Category:Automotive privacy]] | [[Category:Automotive privacy]] | ||
[[Category:Consumer rights]] | [[Category:Consumer rights]] | ||
Revision as of 14:15, 19 January 2025
General Motors (GM) has been collecting & monetizing driving data from millions of internet connected vehicles since 2015; through its OnStar system & vehicle telematics, GM gathers comprehensive data about drivers; including trip details, driving behavior, & real-time location information.[1] These data collection practices have been marketed to drivers as features for safety & convenience, however they have faced legal and regulatory scrutiny alleging that the practices are potentially deceptive, and that consumers were given inadequate disclosure.[2]
GM has shared driving data from over 14 million vehicles (including 1.8 million in Texas alone) with commercial data brokers like LexisNexis & Verisk, who analyze it to create "driving scores" that are sold to insurance companies.[1] These scores have reportedly led to increased insurance premiums and coverage denials for consumers who were unaware their data was being collected and sold.[2] Additionally, investigations have revealed that GM shares customer location data with law enforcement through subpoenas rather than requiring warrants, a practice that contradicts the company's public privacy commitments.[3]
The company's data collection practices have attracted attention from federal legislators, state attorneys general, & privacy advocates, who argue that GM failed to obtain informed consent from consumers & used deceptive techniques to enroll drivers in data collection programs without their informed consent.[4]This article examines GM's data collection and sharing practices, their impact on consumers, and the resulting legal and regulatory challenges, as well as the harm done by the EULA roofie.
Background
Since 2015, General Motors has installed technology in its vehicles that collects, records, and transmits highly specific "Driving Data" about vehicle usage.[1] While marketed to consumers as improving vehicle safety and functionality, these internet-connected systems allow the manufacturer unprecedented surveillance of driver behavior, & the ability to share that surveillance capabilities to any company that will pay for it. When consumers purchase a GM vehicle, their primary concern is typically getting from Point A to Point B. However, investigations have shown that these purchases unwittingly enrolled many drivers into a data collection system with far-reaching consequences.[1]
Evolution of Data Collection
The practice began in 2005 when GM partnered with insurance carriers to provide usage-based insurance through devices customers would voluntarily install. As technology advanced, separate monitoring devices became unnecessary - GM began manufacturing vehicles with built-in telematics systems that could directly obtain the same data.[1] The OnStar system, installed in most GM vehicles since 2015, consists of both hardware (cameras, sensors, speakers) and software components that enable comprehensive data collection.[1]
Investigations & Oversight
Several major investigations have examined the scope of GM's data practices:
- NY Times Investigation: In March 2024, reporting revealed how GM's OnStar Smart Driver program collected and shared driving data with data brokers like LexisNexis and Verisk. The investigation found many cases where drivers faced insurance premium rate hikes based on this data without their knowledge. In one case, a careful driver with no accidents saw his insurance go up 21% due to data in his LexisNexis report, which contained over 130 pages detailing six months of driving behavior.[2]
- Legislative Action: Senators Ron Wyden and Edward Markey requested FTC investigation into automakers' deceptive practices, particularly focusing on GM's use of "dark patterns" and misleading interfaces to obtain nominal consent for data collection; which has been characterized as an example of a EULA roofie.[3][4] Their investigation found that GM was selling data for pennies per vehicle - Honda received just 26 cents per car for data sold to Verisk, while Hyundai got 61 cents.[4]
- Texas Lawsuit: In August 2024, the Texas Attorney General filed suit against GM and OnStar LLC for violating the Texas Deceptive Trade Practices Act. The lawsuit revealed that GM had collected data from over 14 million vehicles nationally and 1.8 million in Texas alone, while maintaining a network of over 300 dealerships that were incentivized to enroll customers in data collection programs through commissions.[1]
The scope of data collection expanded considerably in recent years. Beyond standard vehicle diagnostics, GM now collects detailed behavioral data including driving speed, acceleration patterns, braking habits, seatbelt usage, & even radio listening habits - information that has proven valuable to insurers, marketers, & other commercial entities.[1][2]
Data Collection Practices
GM's OnStar and vehicle telematics systems collect a large array of data points, including:
- Trip Information: Precise date, start time, end time, distance driven, & route data for each journey
- Vehicle Operation: Current speed, acceleration patterns, braking power, & seatbelt status
- Technical Data: Including synthetic keys, trip IDs, GPS coordinates, engine diagnostics, & fuel usage
- Additional Metrics: Vehicle ignition status, odometer readings, & even radio listening patterns[1]
The system automatically logs events deemed "bad driving behavior," including late-night driving, hard braking, sharp turns, and speeds over 80 miles per hour.[1]
Data Monetization
GM has developed multiple revenue streams from consumer data:
- Direct Sales: Between 2015-2024, GM sold data to Verisk Analytics and LexisNexis Risk Solutions, receiving multi-million dollar lump sum payments
- Ongoing Revenue: The company earns "royalty payments" from data brokers based on subsequent license sales to insurers
- Volume Incentives: GM receives guaranteed annual payments when providing data from a threshold number of vehicles.[1]
Third-Party Sharing
GM's data sharing network includes:
- Data Brokers: Companies like Verisk and LexisNexis compile "telematics exchanges" containing data from over 16 million customers' vehicles.[1]
- Insurance Companies: At least eight different insurers accessed one customer's data through LexisNexis in a single month.[2]
* Law Enforcement: Unlike Honda, Ford, Tesla, & Stellantis, GM provides location data without requiring a warrant.[3]
- Other Partners: GM shared location data with an unnamed British data broker (likely Wejo) until May 2023, then began sharing with another undisclosed company[4]
Consumer Impact
Deceptive Practices
GM uses several EULA roofying techniques to obscure its data collection:
- Bundled Consent: The OnStar "onboarding" process combines data sharing acceptance with safety features & theft alerts
- Overwhelming Information: Customers must navigate over fifty pages of disclosures about OnStar products during vehicle purchase
- Hidden Terms: Data sharing agreements are buried in complex privacy policies that don't explicitly mention data sales.[1]
Financial Consequences
Accusations of harm caused to consumers by GM's policy include:
- Insurance Increases: Some drivers saw premiums rise by 21% based on collected data [citation needed ]
- Coverage Denials: At least one Cadillac owner was denied coverage by seven different insurance companies due to their driving data [citation needed ]
- No Notice: Only Tesla currently informs customers when their data is shared with third parties[4][2]
Privacy Issues
GM's practices raise several privacy concerns:
- Mandatory Sharing: Internet-connected features can't be used without accepting some level of data collection
- Long Retention: GM stores detailed driving records for extended periods - far longer than competitors like Tesla and Mercedes-Benz who limit data retention
- Limited Control: Customers have no meaningful way to limit data sharing while maintaining vehicle connectivity.[4]
Legal Challenges
The Texas Attorney General's lawsuit specifically alleges that GM:
- Failed to obtain informed consent before collecting and selling driving data
- Used deceptive enrollment practices through dealership incentive programs
- Misrepresented how customer data would be used and shared
- Created an "all-seeing surveillance system" that monetized private consumer behavior.[1]
The suit seeks civil penalties and restitution for affected consumers, as well as requirements for GM to delete collected data and implement clear opt-out mechanisms.[1]
See Also
- Automotive data privacy
- Vehicle telematics
- Connected car security
- Volkswagen Car Location Data Exposure Incident
References
- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 1.14 General Motors Original Petition (Filestamped)
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 Carmakers, Driver Tracking, and Insurance The New York Times Retrieved 2025-01-19
- ↑ 3.0 3.1 3.2 Signed Wyden-Markey Letter to FTC with Attachment 2024-04-30
- ↑ 4.0 4.1 4.2 4.3 4.4 4.5 Wyden, Ron and Markey, Edward. Wyden-Markey Auto Privacy Letter to FTC 2024-07-26