GM Banned from Sharing Driver Data After FTC Settlement
In a landmark move for automotive privacy, General Motors (GM) is now legally barred from sharing certain driver data with consumer reporting agencies—a direct result of a finalized Federal Trade Commission (FTC) order issued January 14, 2026. The ruling stems from revelations that GM’s OnStar Smart Driver program collected and sold sensitive driving behavior and location data to third-party brokers without clear consumer consent. If you’ve ever wondered whether your car is tracking you—and who might be buying that data—the answer just got a lot more regulated.
What the FTC Order Actually Bans
The FTC’s finalized order explicitly prohibits GM and its OnStar telematics unit from sharing connected vehicle data—such as precise geolocation, seatbelt usage, and driving habits—with consumer reporting agencies like LexisNexis and Verisk. These companies previously used the data to influence auto insurance pricing, potentially affecting drivers’ premiums without their knowledge.
Beyond the ban, GM must now obtain explicit, informed consent before collecting or sharing any connected vehicle data. This isn’t buried in a terms-of-service scroll—it happens face-to-face at the dealership during vehicle purchase, tied directly to the car’s VIN. Consumers must actively opt in; silence or pre-checked boxes no longer count.
How GM’s Data Practices Came Under Fire
The controversy traces back to a 2024 investigative report that exposed how GM’s “Smart Driver” program—marketed as a free safety feature—silently tracked and scored driver behavior. The system monitored everything from hard braking to nighttime driving, then funneled that data to data brokers who sold it to insurers. Many customers had no idea they were enrolled, let alone that their driving scores could impact their insurance costs.
The FTC accused GM of using a misleading enrollment process that obscured the true scope of data collection. In some cases, simply activating OnStar services automatically enrolled users in Smart Driver, with minimal disclosure about third-party data sharing. That lack of transparency violated core principles of consumer privacy and digital consent.
Why This Matters Beyond GM
This settlement isn’t just about one automaker—it sets a precedent for the entire connected vehicle industry. As cars become rolling computers packed with sensors, microphones, and internet connectivity, the volume of personal data they generate is staggering. From route history to voice commands, modern vehicles collect deeply intimate information. Yet, until now, oversight has lagged far behind innovation.
The FTC’s action signals a turning point: regulators are no longer willing to treat automotive data as a gray area. With this order, the agency is demanding that automakers treat driver data with the same care as financial or health records—requiring clear notice, meaningful choice, and strict limits on secondary use.
What Changes for GM Customers Now
Starting immediately, GM must overhaul how it handles data at the point of sale. When you buy a Chevrolet, GMC, Buick, or Cadillac, a sales representative must explain what data OnStar collects and how it’s used. You’ll be asked to give unambiguous consent—verbally or in writing—before any tracking begins. Opting out won’t disable core safety features like emergency crash response, but it will block behavioral monitoring and third-party sharing.
GM says it already discontinued the Smart Driver program in April 2024 across all brands, citing customer feedback. It also severed ties with LexisNexis and Verisk. But the FTC order ensures those changes aren’t just temporary PR moves—they’re now legally binding obligations with potential penalties for noncompliance.
Exceptions and Ongoing Concerns
While the ban is sweeping, it does include narrow exceptions. GM can still share data when required by law (such as in response to a subpoena) or for legitimate safety and security purposes, like automatic crash notification. However, these uses must be clearly disclosed and cannot involve commercial resale.
Privacy advocates welcome the order but caution that enforcement remains key. “A paper promise means little if there’s no real accountability,” said one digital rights expert. The FTC will monitor GM’s compliance for 20 years—a unusually long oversight period that underscores the seriousness of the violations.
Cars as Data Machines
Today’s vehicles generate up to 25 gigabytes of data per hour. Much of it sits in a regulatory blind spot, governed more by corporate policy than federal law. The GM case highlights how easily that data can be monetized—at the expense of consumer autonomy.
As other automakers roll out similar driver-scoring programs under the guise of “personalized services” or “insurance discounts,” the FTC’s stance offers a warning: transparency isn’t optional. Drivers deserve to know not just what their car knows about them, but who else gets to see it.
What’s Next for Automotive Privacy?
With Congress still debating comprehensive federal privacy legislation, agency actions like this FTC order are filling the void. Expect more scrutiny of automakers’ data practices in 2026, especially as electric and autonomous vehicles expand their data footprints.
For consumers, the takeaway is clear: always ask what data your car collects—and how to turn it off. The days of passive enrollment are ending. In the age of the connected car, your right to privacy shouldn’t come with fine print.
The GM settlement marks a pivotal moment—not just in holding one company accountable, but in redefining what consent means when your vehicle is watching. And for millions of drivers, that’s a long-overdue shift toward control, clarity, and trust.
