General Motors on Thursday said it reached a settlement with the FTC “to address privacy concerns about our discontinued Smart Driver program.”
Those concerns, expressed by the US watchdog formal legal complaint (PDF) against the automaker, so GM “collects accurate geolocation data from millions of Gen10+ OnStar vehicles through a specific task that collects and transmits accurate geolocation data every three seconds.”
OnStar is GM’s subscription-based, in-car communications service, sold to drivers for security, emergency services, navigation, and remote diagnostics. But according to the FTC, GM launched a program called OnStar Smart Driver in 2015 and later contracted with telematics analytics companies to provide businesses with driver data.
The program allegedly provided data on driver behavior at least since 2018, without informed consent, to partners Verisk and LexisNexis. That data, it claims, ends up being used against drivers — it’s offered to auto insurance companies and used to raise rates for those deemed to be bad drivers — a determination that not always accurate.
“Respecting our customers’ privacy and earning their trust is very important to us,” the automaker admitted. a statement Thursday. “Although Smart Driver was created to promote safer driving behavior, we ended that program due to customer feedback.”
An example of that feedback can be found in the FTC complaint.
GM said it discontinued the Smart Driver program in April, and “terminated our third-party telematics relationships with LexisNexis and Verisk.” And in September, the manufacturer consolidated several privacy statements into one document, to make the legalese easier to understand.
the proposed consent order (PDF) – the draft settlement between GM and the FTC to avoid a court battle – prohibits the automaker from disclosing geolocation and driver behavior data to consumer reporting agencies for five years.
The general agreement, which will last 20 years, also requires: Affirmative consent from drivers prior to the collection of connected vehicle data, with the exceptions of emergency services; allowing people to access and delete their data – a service today through the GM website; and ensuring that people can prevent the collection of geolocation data and opt out of the collection of geolocation and driver behavior data, with exceptions for emergency services and legal compliance.
“The secret collection and sharing of driver location data is an egregious practice that can cause real harm to unsuspecting consumers,” said Justin Brookman, CR’s director of technology policy and former director in the policy of the FTC’s Office of Technology, Research, and Investigation, at a statement.
“We are encouraged that the FTC is acting under existing consumer protection law to stop this. But because of the ambiguity of the law, the best way to avoid these types of abuse in the future is a strong and clear comprehensive privacy laws that prevent unwanted data sharing by default.”
The proposed settlement is open to public comment within 30 days, after which the regulator will make a final decision. Remember that you have a Renewal in administration from Monday.
Separately, GM nabbed in August by Texas Attorney General Ken Paxton based on allegations of unlawful data collection related to OnStar. The case is ongoing and seems to be headed for trial. More recently, Paxton sued Allstate and its subsidiary Arity, which said the insurance biz colluded with mobile app developers to get them to install the Arity SDK to collect driver data without consent.
Allstate maintains that it obtains consent from drivers to use their data lawfully – because who wouldn’t unwittingly allow their insurance company to scrutinize their driving?
The implications of accessing data about cars and their drivers go beyond privacy to national security. Last year, the US Commerce Department issued a Notice of Proposed Rulemaking titled, “Securing the Information and Communications Technology and Services Supply Chain.”
The concern, the Commerce Department said, is that “connected vehicles may present an inappropriate or unacceptable risk to US national security if these systems are designed, developed, manufactured, or provided by persons owned, controlled by, or under the jurisdiction or direction of an enemy alien.”
On Tuesday, the Commerce Department concluded that rulewhich prohibits the sale or import of vehicles that integrate certain software or hardware components that include components from China or Russia.
“Today’s cars aren’t just steel on wheels — they’re computers,” said US Commerce Secretary Gina Raimondo, in a statement. “They have cameras, microphones, GPS tracking, and other internet-connected technologies.
“Through this rule, the Commerce Department is taking a necessary step to protect U.S. national security and protect the privacy of Americans by preventing foreign adversaries from manipulating these technologies to access sensitive or personal information. – technologies that make America’s roads and protect our nation’s connected vehicle supply chains.” ®
https://regmedia.co.uk/2025/01/17/shutterstock_chevrolet.jpg
2025-01-17 16:52:00
