Case Study 15.2: GM and the OnStar Data Sale — When Your Car Becomes a Data Broker

How America's Largest Automaker Sold Driving Data Without Most Customers Knowing

Background: OnStar and Connected Vehicle Services

OnStar, launched by General Motors in 1996, was originally a telematics platform designed for vehicle safety and emergency response. The service provided automatic crash notification (the system detects an accident and calls emergency services), stolen vehicle tracking, roadside assistance, and turn-by-turn navigation. It was marketed as a safety service, and many customers subscribed to it on those grounds.

As connected vehicle technology matured, OnStar's data collection capabilities expanded. By the 2010s, OnStar-equipped vehicles were continuously reporting location data, driving behavior (speed, acceleration, braking, cornering), engine diagnostics, and usage patterns to GM's servers. The platform was generating a comprehensive behavioral profile of every enrolled driver's vehicle operation.

The question of what GM did with this data — beyond providing the safety and navigation services subscribers paid for — was not prominently disclosed in customer-facing materials.

The Data Sales: LexisNexis and Verisk

In March 2024, investigative reporting by Kashmir Hill at the New York Times documented that GM had been selling precise driving data from millions of OnStar subscribers to data brokers, specifically LexisNexis Risk Solutions and Verisk Analytics, without customers' knowledge or meaningful consent.

LexisNexis and Verisk are major data analytics companies that serve insurance companies. LexisNexis's "Telematics Exchange" and Verisk's "DrivingData" platforms collect driving behavioral data from multiple sources — including automaker partnerships — and sell it to insurance companies for use in risk scoring. Insurance companies use this data to set premiums, to investigate claims, and to identify high-risk policyholders.

The mechanism was as follows: GM customers who had active OnStar subscriptions and had enabled "Smart Driver" features — a driving feedback program that provided personalized driving tips — had, buried in the program's terms of service, consented to data sharing with third parties. The consent was technically present; its practical significance was not clear to most subscribers.

The New York Times investigation found that GM customers whose driving data had been shared with LexisNexis and Verisk were: - Unaware that their driving data had been shared - Unaware that insurance companies had access to this data - In some cases, receiving higher insurance premiums or insurance non-renewals based on driving scores derived from this data without being informed of the data's role

One customer documented in the investigation had received a notice of non-renewal from his insurance company. When he investigated, he discovered that his LexisNexis consumer file contained a detailed driving score derived from GM OnStar data — data he had no idea had been shared. He had not been told that his driving data was being sold, had not been told that insurers were using it, and had no right under current law to prevent its use.

GM's defense, when the story became public, was that customers had consented to data sharing through the Smart Driver terms of service. A review of the relevant consent language found that it was:

  • Present in a lengthy terms of service document
  • Written in dense legal language
  • Not prominently featured in customer-facing materials describing the Smart Driver program
  • Not specifically disclosing that data would be shared with insurance data brokers for insurance scoring purposes
  • Not specifically disclosing that the data could affect insurance rates or insurability

This is a version of the consent-as-fiction problem encountered throughout Part 3. The consent was legally documented but practically meaningless — most customers had not read, understood, or contemplated the specific use their data was being put to. Surveys suggest that most customers who had enabled Smart Driver features were unaware of any insurance data connection.

The Regulatory Response

The GM OnStar data sale attracted immediate regulatory attention:

Senate Commerce Committee: Senators Ron Wyden (D-OR) and Edward Markey (D-MA) sent a letter to GM requesting detailed information about its data sharing practices and demanding accountability for the practices described in the Times investigation.

FTC Investigation: The FTC, which had been building out its data broker regulatory activity, indicated it was examining GM's practices as part of its broader connected vehicle privacy initiative.

State Attorneys General: Several state attorneys general signaled interest in the practices under their states' consumer protection and privacy statutes.

GM's Response: In the immediate aftermath of the Times investigation's publication, GM announced that it was discontinuing data sharing with LexisNexis and Verisk. The announcement was notable for its speed — within days of the publication — suggesting the practices were commercially but not legally defensible. GM said it had "paused" sharing while it reviewed its policies.

Industry-Wide Patterns

The GM case was not isolated. The Mozilla Foundation's 2023 privacy review of automobile brands, published several months before the Times investigation, had found that most major automobile manufacturers had extensive data sharing practices with third parties, with limited disclosure to consumers. The review covered 25 brands and found all 25 failed minimum privacy standards.

Subsequent reporting found that other manufacturers — including Honda, Hyundai, and Kia — had participated in similar data-sharing arrangements with LexisNexis and Verisk, though the specific terms and scope differed. The automotive data broker ecosystem had grown substantially in the 2010s as connected vehicle adoption increased.

The insurance industry's use of driving behavioral data is, in principle, actuarially defensible — individual driving behavior is genuinely predictive of individual accident risk, and using individual data rather than group statistics can produce more accurate pricing. The problem is not the use of behavioral data for risk assessment per se; it is the opacity of the data pipeline, the absence of consumer knowledge and consent, and the absence of a right to access or contest the driving score that affects insurability.

The Difference from Opt-In Telematics

The GM case is structurally different from opt-in telematics programs like Progressive Snapshot or State Farm Drive Safe & Save, in several respects:

Disclosure: Opt-in telematics programs are sold explicitly as driving behavior monitoring programs — consumers are told their driving is being tracked and scored. GM's Smart Driver program was sold as a driving improvement service; the insurance data sharing dimension was not prominent.

Purpose limitation: Opt-in telematics programs are explicitly designed for insurance pricing; consumers are choosing to participate in a defined exchange (monitoring for premiums). GM's data sharing occurred outside any such defined exchange — the consumer was using one service and their data was flowing to an entirely different commercial purpose.

Benefit: Opt-in telematics programs offer explicit premium discounts in exchange for monitoring. GM's data sharing offered no benefit to the consumer — only potential harm through increased insurance premiums or non-renewal.

Control: Opt-in telematics programs can typically be terminated — consumers can remove the device or disable the program. GM's data sharing occurred through the base OnStar subscription and the Smart Driver feature — both of which had primary non-insurance uses that consumers valued.

Analysis Questions

  1. GM's data sharing was technically covered by a terms of service consent. Apply the chapter's analysis of "consent as fiction" to this situation. What specific features of the consent mechanism made it a fiction rather than a genuine agreement?

  2. The chapter describes GM's practice as an instance of function creep — a concept introduced in Chapter 5. Explain how this applies. What was the original function of OnStar data collection, and what was the new function that the data was repurposed for?

  3. Insurance companies argue that individual driving data is more accurate and therefore more fair than group-based actuarial statistics — it holds each driver responsible for their own behavior rather than penalizing them for the behavior of their demographic group. Is this argument persuasive? What concerns does it overlook?

  4. GM discontinued data sharing within days of the Times investigation's publication, suggesting the practice was commercially but not legally untenable. What does this pattern — widespread practice, public exposure, rapid abandonment — suggest about the role of investigative journalism as a surveillance accountability mechanism? What are the limits of this mechanism?

  5. The EU's proposed Data Act would give vehicle drivers the right to access the data their vehicles generate. If this right existed in the United States, how would the GM/OnStar scenario have been different? Would access rights be sufficient? What other rights would be necessary?

Case Study 15.2 | Chapter 15 | Part 3: Commercial Surveillance