Article Details

FTC bans GM from selling drivers' location data for five years. The U.S. Federal Trade Commission has finalized an order with General Motors (GM) and its subsidiary, OnStar, settling charges that they collected and sold the location and driving data of millions of drivers without consent. General Motors owns the GMC, Cadillac, Chevrolet, and Buick brands and produces over 6.1 million vehicles each year. OnStar, GM's subsidiary, provides digital in-car services such as navigation, communications, security, emergency services, and remote diagnostics. As the FTC claimed in its January 2025 complaint, GM collected precise geolocation data and detailed driving behavior information from millions of vehicles (without customers' consent) every three seconds through OnStar's now-discontinued "Smart Driver" feature, which was marketed as a driving-habits self-assessment tool rather than a data-collection mechanism. This data was then sold to third parties, including consumer reporting agencies, which then provided it to insurance companies, leading to higher insurance rates or denial of coverage. The finalized order approved by the commission bans GM from sharing consumers' geolocation and driver behavior data with consumer reporting agencies for five years. Also, for the full 20-year duration of the order, GM must obtain express consent from consumers before collecting their data, using or sharing their connected vehicle data, with exceptions for emergency services. The company must allow U.S. consumers to request copies of their data and seek its deletion, provide vehicle owners the ability to disable precise geolocation data collection, and enable them to opt out of location and driving behavior data collection (with some limited exceptions). "This fencing-in relief is appropriate given GM's egregious betrayal of consumers' trust," the FTC said on Wednesday. "The FTC consent order includes new measures that go above and beyond existing law, while capturing steps we've already taken to establish choices for customer data collection and communications about how the information is used," GM said after reaching the settlement agreement with the FTC. "We're also giving customers more transparency and control. We've expanded a GM privacy program to provide customers in all 50 states with options to access and delete their personal information." One year ago, in January 2025, Texas Attorney General Ken Paxton also filed a lawsuit against car insurance firm Allstate for unlawfully collecting and selling driving data from over 45 million Americans. The tracking activity was carried out by adding an SDK developed by Allstate subsidiary Arity to popular apps such as Life360, GasBuddy, Fuel Rewards, and Routely, without drivers' consent. The lawsuit also involves several car makers, including Toyota, Lexus, Mazda, Chrysler, Jeep, Dodge, Fiat, Maserati, and Ram, who also allegedly collected and sold data directly to Allstate and Arity. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.