Car manufacturer General Motors (GM) has settled a case in the United States over the illegal collection and sale of driving behavior and location data from hundreds of thousands of motorists for $12.75 million.

In 2024, the New York Times reported that car makers, including GM, were sharing consumers’ driving behavior with insurance companies. Because of this data, some companies allegedly raised consumers’ rates.

Shortly after, the California Department of Justice and the California Privacy Protection Agency (CalPrivacy) announced they would investigate the matter.

The investigation revealed that, from 2020 to 2024, GM sold the names, contact information, geolocation data, and driving behavior data of hundreds of thousands of Californians to two data brokers and made approximately $20 million in the process.

Thanks to California’s insurance laws, California drivers weren’t subjected to increasing insurance rates. However, GM failed to inform consumers that information regarding their driving behavior would be sold to third parties. The manufacturer’s privacy policy even stated that it wouldn’t disclose such information for insurance purposes.

Following years of violations of the California Consumer Privacy Act (CCPA), the State of California and GM have reached a settlement. For starters, the car manufacturer is ordered to pay $12.75 million in civil penalties and has to stop selling driving data to any consumer reporting agency for the next 5 years.

In addition, GM has to delete any driving data retained by the company within 180 days. Furthermore, the car manufacturer must develop and maintain a new, robust privacy program to document the risks associated with drivers’ data collection. Lastly, upcoming privacy assessments have to be shared with the California Department of Justice, District Attorneys, and CalPrivacy.

“General Motors sold the data of California drivers without their knowledge or consent and despite numerous statements reassuring drivers that it would not do so. This trove of information included precise and personal location data that could identify the everyday habits and movements of Californians,” Rob Bonta, attorney general for the state of California, said in response to the settlement.

“California’s privacy laws are clear: companies must collect only what they need, use it responsibly, and be forthright with consumers about how their data is handled,” Tom Kemp, executive director of CalPrivacy, adds to Bonta’s statement.

In January 2026, the Federal Trade Commission (FTC) ruled that GM isn’t allowed to sell drivers’ location and driving behavior data to consumer reporting agencies for 5 years.

---

Unlock exclusive Cybernews content on YouTube.