GM Settles California Lawsuit on OnStar Data Misuse for $12.75 Million
*General Motors will pay millions to resolve claims that it improperly collected and sold customer driving data through its OnStar service.*
General Motors has agreed to a $12.75 million settlement in a California lawsuit accusing the company of misusing customers' driving data. The case centered on GM's OnStar system, which gathers vehicle information and shares it with data brokers without clear consent. For tech workers building connected car systems, this underscores the risks of data handling in automotive software.
The lawsuit, filed in California, alleged that GM collected detailed driving data via OnStar and sold it to third-party data brokers. OnStar, GM's subscription-based telematics service, tracks metrics like location, speed, and braking patterns to provide features such as emergency assistance and remote diagnostics. Prior to this settlement, GM had faced scrutiny over its data practices, but no major penalties had been imposed in this specific context.
Under the agreement, GM will pay $12.75 million to settle the claims. The funds are designated for affected California customers who used OnStar services. Details on how the payout will be distributed—such as direct reimbursements or a claims process—remain tied to the lawsuit's terms, which prioritize resolution without admitting wrongdoing.
The Role of OnStar in Data Collection
OnStar has been a core part of GM vehicles since the late 1990s, evolving from basic emergency calling to a full suite of connected services. The system relies on embedded cellular modems and GPS to monitor vehicle performance in real time. This data enables features like stolen vehicle recovery and navigation, but it also creates a rich dataset of user behavior.
According to the lawsuit, GM shared this information with data brokers, companies that aggregate and resell personal data for marketing or analytics. Driving data from OnStar could reveal patterns such as commute routes, driving habits, and even home addresses, raising privacy concerns. California regulators, under laws like the California Consumer Privacy Act, have increasingly targeted such practices in the auto industry.
The settlement does not specify the volume of data involved or the exact brokers receiving it. However, it highlights a broader trend where automakers treat vehicle telemetry as a revenue stream. GM's approach mirrors practices by competitors, though few have faced similar legal challenges to date.
Legal and Industry Context
California has emerged as a battleground for data privacy suits, with its strict consumer protection laws applying to out-of-state companies like GM. The lawsuit likely drew from evidence of OnStar's data-sharing policies, which users may have accepted in fine print during service activation. No public quotes from GM executives appear in the case details, but the company has previously defended OnStar as essential for safety and convenience.
Data brokers operate in a gray area, buying datasets from sources like insurers or app developers to build consumer profiles. In the automotive space, this can lead to targeted ads or risk assessments without user knowledge. The settlement avoids a trial, sparing GM prolonged litigation but setting a precedent for how connected vehicle data is monetized.
Other automakers, including Ford and Tesla, collect similar telemetry through their infotainment systems. Tesla's Autopilot and Full Self-Driving features, for instance, log extensive driving data for improvement, though the company emphasizes opt-in controls. No counterpoints from industry groups dispute the facts here, but the Auto Alliance has lobbied for federal standards to preempt state-level actions.
Implications for Data Practices in Tech
This settlement matters because it exposes the tension between innovation in connected vehicles and user privacy. Software engineers working on IoT or automotive APIs must now factor in not just functionality but compliance with varying state laws. GM's payout signals that courts view driving data as sensitive personal information, akin to health or financial records.
For technical founders building fleet management tools or ADAS software, the case is a caution: data collection for "enhancements" can cross into liability if shared without explicit, granular consent. It changes little for everyday drivers in the short term, but it pressures GM to revise OnStar's terms. Broader adoption of privacy-by-design principles—encrypting data at the edge or anonymizing before sharing—could mitigate future risks.
The auto industry's shift to software-defined vehicles amplifies these issues. As over-the-air updates and cloud syncing become standard, the line between service data and sellable assets blurs. GM's resolution here is a win for plaintiffs, but without federal privacy legislation, similar suits will proliferate. Expect more scrutiny on how telematics feeds into AI training for autonomous driving, where datasets are gold but ethically fraught.
In the end, this $12.75 million check from GM buys time, but it won't erase the data trails already sold.
---
No comments yet