GM Settles $12.75M Privacy Dispute Over Driver Data in California
TL;DR
- General Motors agreed to pay $12.75 million to settle allegations of selling California drivers' personal and driving data without consent via its OnStar service.
- The deal, led by California AG Rob Bonta, bans data sales to certain parties for five years and requires data deletion within 180 days.
- This marks the largest CCPA penalty ever, contrasting with a penalty-free FTC settlement earlier in 2026.
The Settlement Announcement
General Motors (GM) has reached a landmark $12.75 million settlement with California Attorney General Rob Bonta and district attorneys from Los Angeles, San Francisco, Napa, and Sonoma counties. Announced on May 8, 2026, the agreement resolves claims that GM violated the California Consumer Privacy Act (CCPA), Unfair Competition Law, and False Advertising Law. Backed by the California Privacy Protection Agency, the deal addresses years of alleged unauthorized data sharing from GM's OnStar connected vehicle service. Subject to court approval, it imposes hefty penalties and sweeping reforms on how automakers handle driver information.
What Went Wrong: The Data Scandal
From 2020 to 2024, GM allegedly collected detailed data on hundreds of thousands of California OnStar subscribers—including names, contact info, GPS locations, speeds, rapid accelerations, hard braking, and parking spots—then sold it to data brokers Verisk Analytics and LexisNexis Risk Solutions. These brokers are known for feeding info to insurers, sparking fears of rate hikes after a 2024 New York Times exposé on automaker data practices. GM reportedly pocketed around $20 million from these sales, despite privacy assurances to customers. Notably, California's Proposition 103 shielded local drivers from insurance surcharges based on such data, but the privacy breach still drew fire.
Key Terms of the Deal
The settlement packs financial and operational punches:
- **$12.75 million in civil penalties**, the biggest CCPA fine since the law's 2018 inception—nearly five times the prior record from a Disney case earlier this year.
- **Data deletion mandate**: GM must wipe retained driver data within 180 days (unless customers consent) and instruct brokers like Verisk and LexisNexis to do the same.
- **Five-year sales ban**: No selling or sharing driving data with consumer reporting agencies.
- **Injunctive reforms**: Stricter notice and consent rules for OnStar enrollment at dealerships, updated training and incentives for staff, and restrictions flowing to third parties that previously bought GM data.
These mirror but expand on a January 2026 FTC order against GM, which imposed similar disclosure bans without a monetary hit.
Broader Implications for Privacy and Automakers
"This settlement makes clear that car companies cannot secretly speed off with your personal data for profit," said Los Angeles County DA Nathan J. Hochman. AG Bonta emphasized data minimization, warning companies against hoarding info for later monetization. The deal ripples beyond GM: It requires prior data buyers to confirm deletions, and dealerships must now prioritize privacy consents. For the auto industry, it's a wake-up call amid rising scrutiny of connected vehicles—think always-on GPS tracking in an era of smart cars.
GM's Response and Context
GM framed the settlement around its discontinued Smart Driver product, launched in 2024 and axed amid backlash. "It addresses Smart Driver... and reinforces steps we’ve taken to strengthen our privacy practices," a spokesperson told Reuters. GM stressed commitment to transparency: "Vehicle connectivity is central to a modern and safe driving experience, which is why we’re committed to being clear... about the choices and control [customers] have." Still, critics highlight the irony—OnStar data collection dates back to 2016, predating the controversies.
This case underscores California's aggressive privacy enforcement, setting a precedent as connected cars become data goldmines. With no direct insurance impacts in the state, the focus stays on consent and accountability, potentially influencing national standards.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!