GM driver data sharing lacked context and violated trust
Data collection is becoming more and more a part of everyday life. So many of the services and platforms we use collect snippets of information about our behaviors to optimize our experiences, or to even give us credit for “behaving” well. For example, we’ve all seen the commercials for “safe driver discounts” and various other incentive programs where one allows such data tracking, but what about when there’s no such discount? What if we didn’t sign up for such tracking, but instead we get a “risky driver insurance increase?”
Generally speaking, those who intentionally sign up for these discount programs accept this collection so long as the information is used for the prescribed purposes and any sharing of that data is done with our express consent. More and more however we are seeing companies obtain, harvest and sell our data without any knowledge from us.
General Motors/OnStar along with telematics companies have become some of the latest accused of acting in such a manner.
On March 11, 2024, a New York Times article was published revealing that GM, OnStar, LexisNexis, and Verisk Analytics had collected and transferred driver behavior data from the OnStar Smart Driver software and sold that data to insurance companies.
A follow-up article on April 24 revealed that many drivers were totally unaware of the data sharing and had not actively consented to sharing of such data. Many claimed they don’t remember signing up for the program at all.
The OnStar Smart Driver program—which GM ended on April 24, 2024—collected driving information including hard braking, late night driving, speeds over 80 mph, sudden acceleration, and the location where these events took place. However, this data lacks context such as who was driving the vehicle and what the circumstances were on the road. A driver may have had to accelerate or hard brake in response to a hazard or another driver, but the data doesn’t show that. All it shows is that something happened, not why.
General Motors is one of America’s largest automotive manufacturers—owning recognizable brands such as Buick, Cadillac, Chevrolet and GMC. As a result of this data sharing from a company that size, as many as 8 million drivers may have had their information shared with insurers, creating an incomplete picture of their capabilities and, possibly, increasing their insurance rates unjustly.
The OnStar Smart Driver program started with a good idea—use driving data to help drivers be safer. Now, the program is abandoned and there are no plans to replace it.
Last month, U.S. Senators Ron Wyden and Edward Markey sent a written request to the Chair of the Federal Trade Commission (FTC) for an investigation into this matter.
The senators’ letter to the FTC included new details about GM, Honda, and Hyundai’s sharing of drivers’ data with data brokers, including details about the payments the data broker Verisk made to automakers. Based on information Wyden obtained from automakers, the senators revealed:
- Hyundai shared data from 1.7 million cars with Verisk, which paid Hyundai $1,043,315.69, or 61 cents per car
- Honda shared data from 97,000 cars with the data broker Verisk, which paid Honda $25,920, or 26 cents per car
- Automakers used deceptive design tactics, known as “dark patterns,” to manipulate consumers into signing up for programs in which driver data was shared with data brokers, for subsequent resale to insurance companies
The Senators went on to state that “The FTC should hold accountable the automakers, which shared their customers’ data with data brokers without obtaining informed consent, as well as the data brokers, which resold data that had not been obtained in a lawful manner. Given the high number of consumers impacted, and the outrageous manipulation of consumers using dark patterns, the FTC should also hold senior company officials responsible for their flagrant abuse of their customers’ privacy.”
When we share our data with companies, we do so with the understanding that it serves a specific purpose and any sharing of it will only be done with our consent. GM, LexisNexis, and Verisk’s actions potentially violate that understanding. Treating access to driver behavior as permission to leverage it for profit with the insurance industry is a fundamentally flawed logic. Worse, the incomplete nature of the information doesn’t serve public safety instead just harms public trust.
To learn if your driver data has been collected and shared, request a Consumer Disclosure Report from LexisNexis and Verisk. You are entitled to these reports via the Fair Credit Reporting Act. You can request one from LexisNexis or from Verisk, though you will need to attest to the fact that this is in connection with the Verisk report being a factor in an adverse action connected with insurance when you apply. To maximize the time frame of available data requesting this information should be done with a sense of urgency.
Read about other ways your personal information may be at risk.