GM driving – General Motors will pay $12.75 million to settle a California lawsuit over how it handled and sold driving data tied to OnStar.
A California settlement is forcing General Motors to put a price tag on how it collected and monetized drivers’ information, including data gathered through its OnStar system.
The company has agreed to pay $12.75 million in civil penalties to resolve a lawsuit brought by California Attorney General Rob Bonta on behalf of the state’s residents. As part of the deal, GM is also banned from selling driving data to consumer reporting agencies for the next five years.
This settlement follows GM’s earlier resolution with the FTC earlier this year over its sale of drivers’ data to brokers. a sequence that highlights how regulators are tightening oversight of vehicle-connected data flows.. The California action was sparked after a 2024 report revealed that GM collected consumers’ driving information through OnStar and then sold that information to data brokers including Verisk Analytics and LexisNexis Risk Solutions.
Those brokers, according to the reporting that fed into the legal claims, could then use the acquired driving data to market it to auto insurers. That potential path matters because driving behavior can be valuable in underwriting and pricing, and it can influence how insurers assess risk.
In some cases, it’s been argued that insurers could use this kind of information to raise customers’ rates. However, the complaint notes that the effect may have been limited in California, where state rules prohibit insurers from using driving data in that rate-increasing way.
Even so, the lawsuit’s focus is broader than pricing. It alleges GM violated consumers’ privacy by selling data without consent, including information such as names and contact details, geolocation data, and driving behavior signals.
Under the settlement terms. GM must delete any driving data it has retained within 180 days. with an exception for certain limited internal uses.. The agreement also requires that GM obtain customers’ express consent if it intends to keep using this type of data beyond what is allowed for those narrowly defined internal purposes.
The settlement also places process and oversight obligations on GM. The company is required to create a privacy program to evaluate the risks associated with collecting data through OnStar, and to report its findings to the DOJ and other agencies.
In a statement following the resolution, Bonta said the agreement requires GM to abandon what he described as illegal practices.. He also emphasized the role of data minimization under California’s privacy law. arguing that companies cannot simply retain data and later repurpose it for different goals.
For consumers, the case underscores how “connected car” features like OnStar can turn everyday vehicle telemetry into commercial data products.. The practical risk is not only misuse in the narrow sense of rate-setting. but also the possibility that sensitive location and behavior information can move through third-party ecosystems without clear consent.
The five-year ban on selling driving data to consumer reporting agencies is designed to cut off one specific downstream channel. but the reporting. deletion window. and required privacy program indicate that regulators are looking at the entire pipeline: collection. retention. sharing. and the governance needed to prevent future expansion of use.
Meanwhile. the broader regulatory momentum—starting with the FTC matter and now reinforced in California—suggests that companies in the auto and telematics space may face increasing scrutiny over how they justify retention and secondary uses of customer data.. Even where state protections limit certain impacts on pricing, privacy obligations and consent requirements remain central to enforcement.
GM driving data settlement OnStar privacy data brokers FTC settlement California AG Rob Bonta connected car telemetry consumer reporting agencies