GM Pinky Swears It Will Stop Selling Driving Data To Insurers After Lawsuits, NYT Bombshell
from the I-can't-drive-55 dept
Earlier this month the New York Times published a major story confirming that automakers collect driver behavior data then sell it to a long list of companies. That includes insurance companies, who are now jacking up insurance rates if they see behavior in the dataset they don’t like.
The absolute bare minimum you could could expect from the auto industry here is that they’re doing this in a way that’s clear to car owners. But of course they aren’t; they’re burying “consent” deep in the mire of some hundred-page end user agreement nobody reads, usually not related to the car purchase itself but the apps consumers now use to manage roadside assistance and other programs.
So not surprisingly, GM was subsequently sued. And now the company finds itself on an apology tour, which apparently includes pinky swearing that they will stop selling data to insurance companies:
“OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk,” a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. “Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies.”
Of course if “consumer trust ” was actually a priority, GM would have done the absolute bare minimum here and openly and clearly informed consumers this was happening. Instead, like most companies, they buried it fifty pages deep in the end user agreement for embedded support and monitoring services.
And they did that because they know there’s no meaningful penalty.
The U.S still has no meaningful modern privacy law. And U.S. privacy regulators have been steadily defanged, defunded, understaffed and boxed into a corner for the better part of a generation under the pretense that this would unlock vast and untold innovative synergies. Instead, as consumer groups and privacy activists long warned, it created an environment rife for widespread abuse.
Florida resident Romeo Chicco, whose insurance rates skyrocketed after his Cadillac collected his driving data, has filed a complaint seeking class-action status against GM, OnStar and LexisNexis. Federal regulators will also likely come knocking, even if a four year investigation likely results in a fine that’s a tiny percentage of the amount of money GM made from monetizing the data.
At that point automakers (which a recent Mozilla report stated have some of the worst privacy and security standards in all of tech) will have moved on to abusing your privacy in entirely new ways (or in the same way, simply with a few new creative wrinkles). Such is life in a country that’s too corrupt to pass a meaningful privacy law — or adequately support the agencies tasked with existing legal enforcement.
Filed Under: automobiles, cars, fine print, insurance rates, privacy, security, surveillance, vehicles
Companies: gm
Comments on “GM Pinky Swears It Will Stop Selling Driving Data To Insurers After Lawsuits, NYT Bombshell”
Call Their Bluff
If GM is so committed to not selling customer data ever again, then they wouldn’t just update their policy. They would offer a warranty to buyers expressly stating they won’t hand over the driver data to anyone.
Re:
Hey, wait a minute, they never said they wouldn’t hand it over to anyone. They never even ruled out sharing data with LexisNexis or Verisk; they said they’ve stopped, but never said it would be permanent (so if you’ve got your kid in the front seat, make sure they know never to press an “I Agree” button).
That “Feds are demanding your Youtube history” article is still on the front page. If they’re not already demanding your GM history, they will be, now that we’re all aware such data exists.
Re: Re:
Despite the title of this article saying “GM Pinky Swears”, that doesn’t appear to be remotely true. Neither the Techdirt summary nor the NYT article mention any promise.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re: Karl Bode is a liar
What do you expect from Karl Bode
Re: Re: Re:
The whole point of using the phrase “pinky swears” seems to have gone over your head.
Re: Re: Re:2
Your lack of any explanation doesn’t help matters. In my mind, “pinky-swearing” is something most associated with children, who perhaps are not wont to keep their promises… nevertheless, as far as I know, the phrase is only used when there is some type of promise being made, however tenuously.
GM didn’t even go that far. They didn’t make any bullshit promise to stop; all they said was that they’d “review” it (and I pinky-swear to you that their pre-scandal privacy and data-sharing policies were reviewed by lawyers and GM executives already; they just miscalculated what they could get away with).
Re: Re: Re:
From the NYT article:
An implied promise is still a promise, and it was stated in the body of the article. How do you like them apples?
Re: Re: Re:2
The only implied promise is that they’d evaluate things. There was no implication that the sharing wouldn’t re-start after the review, even if you inferred such a promise.
This comment has been flagged by the community. Click here to show it.
Re: Re:
You understand that he had an onstar subscription service, and your kid cant just press “i agree”, right?
Re: Re: Re:
Take a stab at context.
The comment was contextually targeted at future GM action not the current situation. I do not discount the possibility of GM delivering a new terms for the use of the embedded OnStar equipment via the infotainment screen and an active “I have read this click” like websites use to legally impose draconian data collection.
Automotive has been way behind the tech enshittification curve, and just because we are wise to these tricks does not mean automakers wont rely on the passivity of feckless regulators to get in on the gold rush.
Re: Re: Re:
If the OnStar hardware is aboard, it wouldn’t astonish me if it phones home about driver behaviour even when the driver has not subscribed to the service nor agreed to such data sharing.
Re: Re: Re:2
To quote the NYT story: “In his complaint, Mr. Chicco said he called G.M. and LexisNexis repeatedly to ask why his data had been collected without his consent. He was eventually told that his data had been sent via OnStar — G.M.’s connected services company, which is also named in the suit — and that he had enrolled in OnStar’s Smart Driver program, a feature for getting driver feedback and digital badges for good driving.
Mr. Chicco said that he had not signed up for OnStar or Smart Driver, though he had downloaded MyCadillac, an app from General Motors, for his car.”
The closest thing to a promise is that GM said they’d be reviewing their privacy policies. Hence the prediction that they’ll be asking people to agree to new terms (in all likelihood allowing most of the same shit they were caught doing).
Re:
Well, I’d demand a warranty that they’ll pick up the difference if my insurance premium goes up, and I find out it was due to data sharing of this nature.
I’d also want a warranty giving similar protections for ID theft, due to insecure data storage at several points, each and every one of them just begging for hackers to “come and get it!”.
GM won’t sell your driving data to insurance companies. Instead they will sell it to data brokers who then go on to sell the data to insurance companies.
What are the chances GM is planning on either setting up or buying a data broker?
Re:
Ummm, not to be argumentative, but GM is already a data broker. They get it in, they put it out, no limits on either end.
I suppose that if you’re going for the classic definition of a broker, then yes, GM didn’t buy the data in the first place, and then resell it. In fact, they were paid (by the customer) to gather that data, all built into the purchase price of the car/truck right at the point of sale. But I trust that we’ll all agree that the difference is vanishingly small, yes?
New wrinkle? How about this…. your Medicare Supplemental insurance carrier would love to know that you are driving to not one, but several drugstores a week, instead of getting your prescription refills just once a month. They might consider that an abuse of the system, or at the least, an abuse of your health, which in either case, is costing them money for your care. That might trigger them to cause you some grief, eh?
If you’re not an old fart like me, it won’t make any difference. Where I see one potential problem, I’m damned sure that you’ll find more problems without my help!
tl;dr:
We’re all fucked!
Given what I have been reading online – that even people who did not agree to / subscribe to Onstar have had their driving data sold to LexisNexis – GM’s promise not to sell that data rings hollow.
No, they pinky promised it isn’t being shared directly to two companies. They did not promise to stop “sharing” aka selling data completely.
Define 'share'
They say they won’t “share” the data with LexisNexis, et al, but the definition of the word “share” does not include compensation. It’s not even implied. Therefore, GM can, by the terms they laid out for themselves, sell the data to whomever, for a marginal fee.
Re:
What terms? Do you see anything in the New York Times story that looks like a promise?
Karl said they’d promised to stop sharing. I don’t see anything in the linked stories to support this claim.
Re: Re:
How about the following?
That, to me, reads very much like an implied promise.
Re: Re: Re:
At best, it implies they won’t be doing it for a while. Maybe till everyone accepts some new terms of service. Anything else you conclude is an unfounded inference.
That’s not an accident, though. Spokespeople are trained to speak in a way that sounds more substantial than it is; to say basically nothing, while making it sound re-assuring.
This comment has been flagged by the community. Click here to show it.
Karl Bode is a liar
The reason why there is no “modern” privacy law, is because congress is restrained from creating new categories of speech outside of the first amendment, other than those which were already outside the first amendment when the constitution was made, and their definition that there is no reasonable expectation of privacy in information willingly given to third parties.
Since clearly the act of gossiping about other people has existed, and was not regulated at the time of the founding, you would need to pass a constitutional amendment.
Re:
“information willingly” which isn’t what happened here.
” because congress is restrained from creating new categories of speech outside of the first amendment,” Funny how the constitution never stops republicans from passing laws known to be unconstitutional all the time.
“Since clearly the act of gossiping about other people has existed, and was not regulated at the time of the founding, you would need to pass a constitutional amendment.” Yes because gossiping and the factual and extremely detailed constant recording of information are the same thing. I’m guessing you also think everyone should have a right to bear tactical nukes as well.
Re: Re:
It’s funny how the revenge porn guy regurgitates exactly the same talking points as the people who sucks up any and all personal information at every opportunity.
I do wonder how fucked up in the head someone has to be to think that the act of recording and gathering information is “speech”.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:
Maybe you should look at the case law, because that is literally what every journalist does, and they have said that it is protected speech.
Re: Re: Re:2
I seem to remember that journalists have to pass a certain legal test to qualify for those protections.
And one of those qualifiers is “newsworthiness”.
So a journalist who wants to discover more about you should you attempt to get elected would be protected should they publish your criminal record, for example.
As are your vile views.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:3
There is no “newsworthiness” requirement for the first amendment, and that requirement was directly refuted subsequently in supreme court precedent, when states tried to use it as an escape hatch for animal cruelty video regulations.
Re: Re: Re:4
But there is for gathering information in intrusive ways and then publishing it, because people have something called “a reasonable expectation of privacy”.
I can see why someone who dabbles in revenge porn thinks it’s just fine to use private information to make money.
Re: Re: Re:5
But this is BJB (Blow Job Bob), so it’s no wonder that he screams about the First Amendment while completely ignoring the Fourth. The guy’s a Republican politician in training: learning how to direct concentration onto an ‘issue’ to distract from real ones.
Re: Re: Re:2
No, it isn’t what case law says. What a journalist publishes is protected speech, gathering information isn’t speech and doesn’t have the same protections.
Re: Re: Re:
Since it’s Jay…
Let’s just say that being known as the revenge porn pest hasn’t stopped him from discovering new lows.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
You are really quite pathetic, if you are dangerous on the road, you should pay for the danger you put other people in, instead of crying about how unfair life is.
Re: Re: Re:3
And that would usually be covered by, I dunno, A CRIMINAL RECORD?
There is a big difference between a publicly accessible criminal record, and selling data for the fucking line.
And you are conflating one with the other.
Again, if you are a danger on the road, the insurance parasites will know via accessing your criminal record, not trying to raise your premium via shady means.
And the insurance parasites you so fervently defend would LOVE to raise all our premiums on a fucking whim.
Re: Re: Re:3
“You are really quite pathetic, if you are dangerous on the road, you should pay for the danger you put other people in, instead of crying about how unfair life is.”
Oh .. Awesome!
I look forward to the day when all government vehicles are continuously monitored in exactly the same way resulting in insurance premium increases for bad driving. It will be public record. Their private vehicle insurance might also increase.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Yes, it is. He signed up for onstar, and they have a very easy to understand privacy policy, that he regrets that he accepted without actually reading, and it is less than 10 pages and describes everything they can / cant do with his data.
You can find the same agreement on the onstar website.
Re: Re: Re:
Except this is about GM. Please do try reading.
Re: Re: Re:2
Except Cadillac is a division of GM. Please do try researching.
Re: Re: Re:
Funny, I didn’t know that MyCadillac and OnStar are the same thing, and nor does GM.
Re:
You made that definition up based on a misreading of an irrelevant SCOTUS text.
Go back to school.
They’ll share it with TikTok, who will share it with whoever and Techdirt will be cool with it, because TikTok!!!!!
Re:
I believe what you are pointing out is the exact reason techdirt and others have pointed out why the tiktok ban is pointless.
'We will no longer share data to THOSE companies' vs 'We will no longer share data'
“OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk,” a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. “Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies.”
If your press release on a general action specifically names two companies then that’s just you saying that you’re still going to be doing the action in question, it’s just not going to include them directly.
Re:
Note that the statement you bolded doesn’t say that; it makes no claims about the future.
To quote one of the great philosophers of the last century...
“Shyeah! Right! And monkeys might fly out of my butt!”
OnStar was already garbage and now it’s invasive.. lol