We regularly hear stories about companies that are selling your sensitive personal information — including your location data — to the highest bidder. The latest culprit appears to be General Motors.
The Federal Trade Commission alleges that GM and Onstar — GM’s subscription-based vehicle safety and security system — collected, used and sold precise driver geolocation data and driving behavior information from millions of vehicles without notifying them. adequately consumers and without obtaining their consent.
On Thursday, the agency issued a proposed order to bar the company from selling such data to consumer reporting agencies for five years.
In its complaint, the FTC alleged that GM used a “deceptive enrollment process” to get consumers to sign up for Onstar. Some users reported they were unaware they signed up for Onstar’s Smart Driver feature, which promises to use driving data to help drivers improve their vehicle’s performance and encourage safer driving.
“GM monitored and sold accurate people’s location data and driver behavior information, sometimes as often as every three seconds,” FTC Chairman Lina M. Khan said in a statement.
This is the latest problem to hit the car manufacturing giant in recent weeks. Last month, GM pulled the plug on financing its autonomous vehicle unit Cruise, a company in which GM has invested more than $10 billion.
Thursday’s settlement with the FTC follows an investigation by Kashmir Hill of The New York Times, which found that GM had been collecting details about its customers’ driving habits — including any instances of heavy braking, nighttime driving, late and speed – and sold the data to insurance companies and third-party data brokers. The result was that drivers started seeing higher insurance premiums but couldn’t figure out why.
The potential misuse of customer data goes beyond raising insurance premiums. A person’s geographic location data can reveal the most intimate details of a person’s life, including where they live and work, and whether they have visited a medical facility or place of worship. In the wrong hands, location data poses a serious risk to, for example, abortion seekers across the country.
As part of the FTC’s proposed order — if upheld by a court — GM and Onstar would be prohibited from disclosing data to consumer reporting agencies and would also have to obtain express affirmative consent from consumers before collecting data for future vehicles. The automaker will also have to allow customers to retrieve and delete their data, as well as limit the collection of data from their vehicles.
Since it is still a proposed order, the agreement will be subject to a 30-day public comment period before a final decision goes into effect.
TechCrunch has reached out to GM and the FTC for additional information and will update if we hear back.
