The FTC fined GM for data violations

17 January 2025 2 minutes Author: Newsman

The Federal Trade Commission (FTC) announced an agreement between General Motors (GM) and OnStar that prohibits the sale of sensitive location data of millions of customers for five years

A key part of the agreement with the FTC is that data GM must stop misleading customers about how it collects, uses and shares data, and require GM to obtain express consent before collecting data GM must give drivers clear choices about sharing data and create mechanisms to remove information at the request of a customer FTC Complaint According to the FTC complaint, GM shared the geolocation data of 9 million drivers and used that information to create reports about their driving behavior. This data was sold to Verisk Analytics and LexisNexis Risk Solutions, which worked with insurance companies. This led to higher insurance premiums and loss of insurance policies. The FTC also noted that GM pressured customers to agree to the terms of the OnStar Smart Driver program. Customers were told that if they opted out of the app, the functionality of services such as emergency notifications would be limited.

The scandal began in 2016 when GM signed contracts with Verisk and LexisNexis. The Smart Driver app offered drivers the ability to rate their driving habits, but was actually used to collect data on speed, routes, time and even seat belt usage. This became known from a study published in 2024.

The FTC’s decision is an important signal to the auto industry that it needs to adhere to strict privacy rules, given that GM has agreed to the terms and has already ended its Smart Driver program and partnerships with Verisk and LexisNexis.

Other related articles
News
Read more
Headline FTC orders GoDaddy to improve cybersecurity after multiple breaches
GoDaddy has been ordered to implement a comprehensive cybersecurity program following a series of data breaches between 2019 and 2022. The US Federal Trade Commission required the company to implement multi-factor authentication, SIEM systems and independent auditing. Customers are advised to contact their hosting providers regarding security measures.
73
Found an error?
If you find an error, take a screenshot and send it to the bot.