The Federal Trade Commission’s (FTC) finalized punishment of General Motors (GM) over its driver data sharing scandal is a watershed moment for consumer privacy in the automotive world. This isn’t just another regulatory slap on the wrist—it’s a line in the sand for how automakers handle the goldmine of data modern vehicles generate.
Let’s cut through the jargon and talk about why this ruling matters, what most headlines are missing, and what this means for anyone who owns a connected car in 2024 and beyond.
Why This Matters
- Consumer trust is at stake: The revelation that GM’s OnStar “Smart Driver” program sold detailed driving data—down to how you brake and where you go—to third parties, including insurance companies, left drivers feeling betrayed. This isn’t just about privacy; it’s about your wallet. Some saw their insurance rates jump by 21% due to data they didn’t even know was being collected or sold.
- A precedent for the entire auto industry: As cars become rolling computers, every major automaker now faces pressure to be transparent (and honest) about data collection and usage. The FTC’s action signals: “Ignore privacy at your peril.”
- Regulatory teeth are getting sharper: For years, tech companies have played fast and loose with personal data. This case shows regulators are finally ready to bite back—especially when financial harm is involved.
What Most People Miss
- It’s not just GM: While GM’s practices were egregious, many automakers and tech platforms quietly gather similar data. The New York Times reported that most modern vehicles transmit location, speed, and even seatbelt usage back to manufacturers.
- The data broker ecosystem is vast and opaque: Data collected from your car doesn’t just go to one insurer. It can be resold multiple times, creating a web of risk for consumers.
- Consent is being redefined: Under the settlement, GM must ask for explicit permission at the dealership—face to face—before collecting or sharing your data. This is a meaningful shift from burying consent in fine print nobody reads.
Key Takeaways
- Five-year ban on GM sharing user data with consumer reporting agencies
- Mandatory in-person consent for data collection and sharing at point of sale
- Smart Driver program discontinued as of April 2024
- Broader legal pressure, with lawsuits from Texas, Nebraska, and other states
Industry Context: Are Connected Cars Spying on You?
Modern vehicles generate up to 25 gigabytes of data per hour, according to McKinsey. That data is a potential gold rush for automakers, insurers, and marketers—but a minefield for privacy advocates. The European Union’s General Data Protection Regulation (GDPR) has strict controls, but U.S. regulations lag behind, relying on piecemeal enforcement like the FTC’s action here.
Pros and Cons: Strict Data Rules for Automakers
- Pros:
- Consumers regain control over their personal information
- Less risk of discriminatory insurance pricing based on hidden data
- Automakers pushed to be more transparent, building long-term trust
- Cons:
- Potential slow-down in innovation for usage-based insurance models
- Automakers might pass compliance costs to consumers
- Could create a fragmented landscape if each state enforces different rules
The Bottom Line
This FTC ruling is a wake-up call for the entire industry. As cars become smarter, the battle over who owns driver data—and how it’s used—will only intensify. GM’s punishment is just the first shot. Expect more scrutiny, more lawsuits, and (hopefully) more respect for driver privacy ahead. For car buyers: ask questions, demand transparency, and know your rights. For automakers: the era of data free-for-alls is over.