FTC Bans GM From Selling Drivers' Location Data for Five Years

The FTC’s enforcement action against General Motors underscores a pivotal shift in how connected‑vehicle data is treated under U.S. privacy law. While OnStar’s “Smart Driver” feature was marketed as a consumer‑focused tool, the agency determined that the systematic capture of location points every three seconds constituted a massive data‑harvesting operation. By mandating express consent and prohibiting data sales to consumer reporting agencies, the order forces automakers to redesign telemetry pipelines and re‑evaluate revenue streams that rely on third‑party data licensing.

For consumers, the settlement introduces concrete rights that were previously vague in the automotive sector. The ability to request copies of stored data, demand its deletion, and toggle precise geolocation collection empowers drivers to manage their digital footprints directly from the vehicle interface. These provisions align with emerging state‑level privacy statutes, such as California’s Consumer Privacy Act, and may accelerate industry‑wide adoption of opt‑in frameworks that prioritize transparency.

The broader implications extend beyond GM, as the FTC’s stance reverberates through the entire automotive ecosystem. Insurers, data brokers, and app developers that have depended on granular driving metrics now face heightened compliance burdens and potential litigation risk. As vehicle connectivity deepens, regulators are likely to pursue similar actions, prompting manufacturers to embed privacy‑by‑design principles and seek alternative, consent‑driven data monetization models. Companies that proactively adapt will gain competitive advantage in a market increasingly defined by trust and data stewardship.