GM’s ‘crappy’ privacy statement is getting some changes after backlash and a lawsuit

General Motors vehicles can collect troves of data on their drivers, including how far and how fast they drove. - Photo: Justin Sullivan (Getty Images)
General Motors vehicles can collect troves of data on their drivers, including how far and how fast they drove. - Photo: Justin Sullivan (Getty Images)

General Motors (GM)updated its privacy policy on Wednesday for the first time in more than a year as it faces backlash and at least one lawsuit over selling consumer data to brokers.

The Detroit automaker has been accused of failing to adequately disclose its relationship with a number of data brokers, including LexisNexis (RELX) and Verisk (VRSK), according to a lawsuit filed last month by Texas officials. Data collected by GM vehicles, often through the company’s OnStar Smart Driver feature, was then shared by the brokers with insurance companies.

The company collected data on when drivers got behind the wheel, how fast they were going, whether seatbelts were enabled, how far they drove, how long the engine was running — and more.

The lawsuit filed by Texas Attorney General Ken Paxton called GM’s privacy disclosures “confusing and highly misleading,” noting consumers signing up for OnStar would be presented with more than 50 pages of disclosures. Last year, the nonprofit Mozilla Foundation called GM and its brands “crappy at privacy,” highlighting that it found at least six separate privacy statements when it evaluated the Cadillac brand.

And GM seems to have taken that feedback to heart. The automaker folded five different privacy statements — including those for OnStar and its vehicle mobile apps — into a single privacy statement, and went more in-depth on how it handles some data.

When consumers enroll in OnStar, they will receive more information than previously, GM said, including links to the privacy statement. The automaker said it is also highlighting how to delete the personal data stored in a vehicle and — on some newer models — how to limit access to vehicle location data.

“These enhancements to both GM’s privacy statement and its practices will help drivers make thoughtful decisions about uses of their personal information,” Future of Privacy Forum CEO Jules Polonetsky, who GM said was consulted on the update, said in a statement provided by the automaker.

Collecting data on consumers is a common practice in most industries, especially the automotive industry. Kia America (HYMTF), Subaru of America (FUJHY), Mitsubishi Motors (MMTOF), Ford Motor (F), American Honda Motor (HMC), Nissan North America (NSANY), and Hyundai North America all have similar agreements to GM’s, The New York Times reported in March.

Such deals can generate decent cash for some automakers but usually not enough to make a significant difference on their balance sheets.

For each of the 97,000 vehicles Honda collected data from and sold to Verisk over a four-year period, it earned 26 cents, or a total of $25,920, according to a recent letter from two Democratic senators. Hyundai made 61 cents for each of the 1.7 million cars it took data from and shared with Verisk over six years, netting $1.04 million in total.

In 2019, GM took a 35% stake in British connected car startup Wejo as part of a deal that gave it access to drivers’ data, which Prolific North reported was routinely sold at a loss. GM’s annual revenue from its Smart Driver program was in the “low millions of dollars” range, the Times reported.

For the latest news, Facebook, Twitter and Instagram.