General Motors Settles $12.5 Million Data Privacy Case with California Officials: Impact on Insurance Rates and Consumer Privacy

General Motors has reached a settlement with California officials, agreeing to pay $12.5 million to resolve allegations of illegally selling location and driving data of Californians. This case highlights the increased scrutiny automakers face for sharing driver data with the insurance industry, potentially impacting insurance rates. California law prohibits insurers from using driving data to determine rates, and the state Attorney General emphasized the importance of holding companies accountable for data privacy violations.
The settlement represents the largest penalty under the California Consumer Privacy Act, giving consumers the right to know what data businesses collect and the option to opt out of data sharing or sale. General Motors was found to have sold driver data, including personal information, location data, and driving behavior data, to data brokers Verisk Analytics, Inc. and LexisNexis Risk Solutions from 2020 to 2024. The data was obtained through OnStar, a service owned by GM that offers roadside assistance and navigation.
The investigation involved various district attorneys in California, including those in Los Angeles and San Francisco. The use of technology in the auto industry has raised concerns about the privacy implications of collecting driver data, which can reveal personal habits and activities. The California Privacy Protection Agency began looking into the privacy practices of connected cars in 2023, and reports in 2024 indicated that GM was sharing consumer driving behavior with insurance companies, generating significant revenue from data sales.
In addition to the California settlement, the Federal Trade Commission also took action against GM and OnStar in 2025, prohibiting the disclosure of location and driver behavior data to consumer reporting agencies for five years. The GM settlement, subject to court approval, requires the deletion of retained driving data, cessation of data sales to consumer reporting agencies, and the development of a privacy program to assess and mitigate data risks from OnStar. Other automakers, such as Ford and Honda, have faced fines for privacy violations in the past.
The case underscores the importance of data privacy in the automotive industry and the need for companies to comply with regulations to protect consumer information. As technology continues to advance, ensuring the security and confidentiality of driver data remains a critical issue for regulators and consumers alike.