Texas AG sues GM and OnStar over alleged data privacy violations of nearly 2M residents
By onLegal
Texas Attorney General Ken Paxton has filed suit against General Motors and subsidiary OnStar for “false, deceptive, and misleading” business practices related to the alleged collection and sale of more than 1.8 million Texans’ private driving data to insurance companies.
Paxton alleges GM did so without customers’ knowledge or consent.
In June, Paxton opened an investigation into several car manufacturers over allegations that the companies had improperly collected mass amounts of data about drivers directly from the vehicles and then sold the information to third parties.
The investigation was part of a broad data privacy and security initiative launched by the attorney general in June to ensure that companies respect Texans’ privacy rights and enforce privacy protection laws, the release states.
The initiative created a data privacy team that focuses on enforcing state and federal privacy protection laws. Those laws include the Texas Data Privacy and Security Act, Identity Theft Enforcement and Protection Act, Data Broker Law, Biometric Identifier Act, and Deceptive Trade Practices Act as well as the federal laws Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA).
“Our investigation revealed that General Motors has engaged in egregious business practices that violated Texans’ privacy and broke the law,” Paxton said in a news release. “We will hold them accountable. “Companies are using invasive technology to violate the rights of our citizens in unthinkable ways. Millions of American drivers wanted to buy a car, not a comprehensive surveillance system that unlawfully records information about every drive they take and sells their data to any company willing to pay for it.”
According to the suit, GM used technology installed in most 2015 model year or newer GM vehicles to collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle. The company then sold the information to several other companies, including to at least two companies to generate “Driving Scores” about GM’s customers, and selling these scores to insurance companies, according to the suit.
Driving data that was allegedly collected included date, start and end times, vehicle speed, driver and passenger seatbelt status, and distance every time a GM vehicle was driven. Data was also collected from other GM products, such as its mobile apps, and OnStar’s Guardian app, Paxton said.
Data from more than 16 million customers was stored and, once a license was purchased, insurers had access to it resulting in monthly premium increases, dropped coverage, or coverage denials, according to the lawsuit.
“General Motors profited handsomely from these agreements,” the suit states. “The sale of driving data generated multiple new revenue streams for GM. It unlocked millions in lump sum payments, ‘royalty payments’ based on telematics exchange licenses sold to insurers, and annual guaranteed payments if GM sold the driving data of a threshold number of newly sold vehicles.”
It also states that GM told companies who purchased the licenses that customers had consented to the collection, use, and sale of their driving data.
GM deceived many of its customers when it compelled them to enroll in its products, including OnStar Smart Driver, as part of its vehicle “onboarding” process, Paxton’s office found.
They were told that failing to enroll would result in the deactivation of their vehicle’s safety features; however, by enrolling, customers were “agreeing” to GM’s collection and sale of their data, according to the suit.
“Despite lengthy and convoluted disclosures, General Motors never informed its customers of its actual conduct — the systematic collection and sale of their highly detailed driving data,” Paxton’s office said in the release.
In response to the lawsuit, GM told Repairer Driven News, “We’ve been in discussions with the Attorney General’s office and are reviewing the complaint. We share the desire to protect consumers’ privacy.”
In July, U.S. Sens. Ron Wyden and Edward J. Markey asked the Federal Trade Commission (FTC) to investigate automakers’ alleged disclosure of driving data from millions of American consumer vehicles to data brokers.
The letter followed a New York Times investigation earlier this year that exposed how driver behavior data was collected by General Motors, Honda, and Hyundai then sold to the insurance industry.
Wyden’s office confirmed with General Motors, Honda, and Hyundai that they shared driver data such as acceleration and braking data with broker, Verisk Analytics, according to the letter. The senators wrote that GM did so through its now-defunct Smart Driver program. GM confirmed that it disclosed customer location data to two other companies, which it refused to name.
At the time, GM stated, “We share the desire to protect consumers’ privacy while enhancing safety and preserving innovation. We vehemently deny the assertion that we coerced consumers into enrolling in Smart Driver. Each consumer was given a choice at the time of enrolling and throughout the life of the product. To be clear, we established the Smart Driver product to promote safer driving behavior for the benefit of customers who elected to participate. Data was only shared with an insurer if a customer initiated a quote directly with their chosen carrier and provided a separate consent to that carrier.
“As is common industry practice, we share de-identified data not associated with specific drivers or vehicles with select partners for purposes that include enhancing city infrastructure and road safety for pedestrians, cyclists, and drivers.”
Images
Featured image credit: RiverNorthPhotography/iStock