Car Companies Know When You Speed. Then They Sell That Data

Months ago, the NYT's Kashmir Hill—herself a Chevrolet Bolt owner—uncovered how her car and others were collecting data around driving habits, braking, acceleration and more, and then selling that data to a broker that worked with insurance companies. From there, insurance quotes (which are already skyrocketing nationwide) were tailored to drivers' personal habits, often without their knowledge or with their "consent" buried in pages of fine print. 

In the months since that story was published, one implicated automaker, General Motors, said it would terminate its partnership with data broker LexisNexis and analytics company Verisk. But this weekend, the NYT also reports that Democratic U.S. Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts want the Federal Trade Commission to crack down on this practice for good.

"We write to urge the Federal Trade Commission (FTC) to investigate automakers’ disclosure of millions of Americans’ driving data to data brokers, and to share new details about the practice uncovered in a recent oversight investigation," the two senators said in a letter to the FTC. If the FTC determines that these companies violated the law, we urge you to hold the companies and their senior executives responsible." 

The letter specifically targets GM, Honda and Hyundai for their data collection and selling practices. It says that GM and Honda's disclosures around a "voluntary" program designed to lower premiums were intentionally "manipulative." The worst, however, was aimed at Hyundai.

Hyundai enrolled all consumers who activated their new car’s internet connection into the company’s driving score program, which included sharing their data with Verisk," the senators said. "Between 2018 and 2024, Hyundai shared data from 1.7 million vehicles with Verisk, which paid Hyundai $1,043,315.69, or 61 cents per car. Hyundai did not seek informed consent from consumers before sharing their data.

The letter said that Hyundai confirmed this practice, and that it never told customers their driving habit data would be for sale if they consented to enable internet access. That's particularly disappointing given Hyundai's high-tech focus as of late and the fact that it makes some truly class-leading EVs—all of which depend heavily on internet-connected services and features. 

GM and Honda told customers that these "Safe Driver" programs would be used to lower their premiums if they lived up to that promise. However, aside from the murky consent issues, they also never guaranteed the data would only be used that way:

But automakers could not guarantee that this data would only be used by insurance companies to provide discounts and that consumers would not pay more than if they had never enrolled in these programs. Moreover, Verisk officials confirmed to Senator Wyden’s office that the company’s contracts with automakers and insurers did not require that driver telematics data only be used to provide discounts.

Currently, rules around automotive data collection practices are, unsurprisingly, based on a patchwork of state-by-state regulations. That's why these two senators are urging a more nationwide response by asking the FTC to investigate the practice, which they admit are just the stuff they know about right now: 

The problematic practices we have uncovered and documented in this letter are likely just the tip of the iceberg. Companies should not be selling Americans’ data without their consent, period. But it is particularly insulting for automakers that are selling cars for tens of thousands of dollars to then squeeze out a few additional pennies of profit with consumers’ private data. 

Spokespeople for these automakers reiterated to the NYT that these were opt-in programs, although that doesn't address that customers clearly weren't aware of what they were opting into. A GM official said the company "still shares anonymized location information from its cars with a company that Mr. Wyden’s office said GM had declined to identify." And in one case, one data broker (which has since closed up shop) was a company that GM had invested in. 

Clearly, automakers have big plans for your driving data, and their executives are doing so with big dollar signs in their eyes. But they do this as they ask customers to trust that they can do in-car software as well as the tech companies—and pay for those features as well. They certainly aren't alone; Apple claims to never sell your data to third parties, but we know there are holes in that practice as well.

But if car companies really want to sell us on a high-tech, connected future, they can't sell us out at the same time. And perhaps now the U.S. government will have something to say about these plans.

General Motors issued this statement on the matter to us here at InsideEVs:

We share the desire to protect consumers’ privacy while enhancing safety and preserving innovation, and as a reminder, the Smart Driver product ceased to exist in June 2024.  

We vehemently deny the assertion that we used “manipulative design techniques” to coerce consumers into enrolling in Smart Driver. Each consumer was given choice at the time of enrolling and throughout the life of the product.   

To be clear, we established the Smart Driver product to promote safer driving behavior for the benefit of customers who elected to participate. Data was only shared with an insurer if a customer initiated a quote directly with their chosen carrier and provided a separate consent to that carrier.  

As is common industry practice, we share de-identified data not associated with specific drivers or vehicles with select partners for purposes that include enhancing city infrastructure and road safety for pedestrians, cyclists, and drivers. 

Contact the author: patrick.george@insideevs.com