FTC Bans GM From Selling Driver Location Data For 5 Years

Privacy

from the I'm-just-saying-it-would-have-been-nice-if-you-asked dept

Last year, Kashmir Hill at the New York Times published a major story confirming that automakers collect all sorts of driver behavior data then sell it to a long list of companies — without making that clear to car owners or getting consent. That includes insurance companies, which are now jacking up insurance rates if they see behavior in the dataset they don’t like.

Not surprisingly, GM was subsequently sued. Several times. Forcing it to spend much of last year going on an apology tour, which included pinky swearing that they will stop spying on their customers and selling data to data brokers and insurance companies.

Fast forward to this week, and the FTC has announced a new settlement with GM and OnStar, banning the companies from collecting and selling sensitive user location data for five years.

“G.M. monitored and sold people’s precise geolocation data and driver behavior information, sometimes as often as every three seconds,” outgoing FTC boss Lina Khan said of the settlement. “With this action, the F.T.C. is safeguarding Americans’ privacy and protecting people from unchecked surveillance.”

A report last year by Mozilla highlighted how the auto industry was the absolute worst industry that the organization tracks on privacy practices, routinely over-collecting and failing to adequately protect or encrypt broad swaths of data. Not just data from the vehicle; but troves of data collected from your phone every time you sync it with your car’s infotainment and navigation systems.

This data is then sold to a massive array of dodgy and barely regulated data brokers, who aren’t particularly discerning when it comes to selling that data to all manner of equally dodgy folks, whether that’s foreign and domestic governments, stalkers, right wing anti-abortion activists, or people pretending to be law enforcement. You can see how this could prove problematic under authoritarian rule.

In the case of most automakers, they bury what passes for “informed consumer consent” deep in the bowels of some overlong privacy policy for their free initial roadside assistance services, which most users never notice. This GM settlement bars GM and OnStar from collecting this data, and requires that they allow users to request copies and the deletion of any existing data.

On one hand, this is a nice example of the positive outcomes that can happen when journalism, consumer groups (Mozilla, Consumer Reports), and regulators work together to protect consumers.

On the other hand, piecemeal temporary settlements aren’t quite as effective as passing a meaningful and consistently enforced federal privacy law, which the U.S. Congress is too corrupt to do. And after billionaires whined endlessly about Lina Khan being too mean, a key component of Trump 2.0 will be defanging regulatory independence and consumer protection, so whether this settlement even sees enforcement by the Trump FTC is an open question I’m pretty sure I know the answer to.

“Secretly collecting and sharing driver location data is a terrible practice that can cause real harm to unsuspecting consumers,” Consumer Reports Tech Policy DirectorJustin Brookman said of the settlement. “We are encouraged that the FTC is taking action under existing consumer protection law to put a stop to it. But because of ambiguity in the law, the best way to avoid these types of abuses in the future is a strong and clear comprehensive privacy law that restricts unwanted data sharing by default.”

Filed Under: automakers, consent, consumers, drivers, ftc, location data, privacy, surveillance
Companies: gm, onstar