Breaking
Atef Najib faces at least ten charges in landmark Syria trialNew Zealand olive sector stays confident after Wairarapa producer's closureChina hands suspended death sentences to former defence ministersSouth Africa condemns 'fake' xenophobia videos as Ghana calls for AU missionAtef Najib faces at least ten charges in landmark Syria trialNew Zealand olive sector stays confident after Wairarapa producer's closureChina hands suspended death sentences to former defence ministersSouth Africa condemns 'fake' xenophobia videos as Ghana calls for AU mission
Vesper
ENESFRTR
Log inSign up
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1773 0.11%GBP/USD1.3616 0.04%USD/JPY156.66 0.07%USD/CHF0.7774 0.14%AUD/USD0.7243 0.13%USD/CAD1.3669 0.08%USD/CNY6.8159 0.22%USD/INR94.48 0.01%USD/BRL4.9175 0.07%USD/ZAR16.39 0.20%USD/TRY45.37 0.01%Gold$4,715.70BTC$81,063 0.70%ETH$2,340 1.12%SOL$94.49 1.79%
Tech

General Motors agrees to pay $12.75M in California driver privacy settlement, ending probe led by Bonta

TechCrunch8 h ago
ShareXWhatsAppTelegramLinkedIn
Car dashboard with digital screen lit
Photo: Erik Mclean / Pexels

General Motors has signed a $12.75 million privacy settlement with a group of California law-enforcement agencies led by Attorney General Rob Bonta, ending a two-year probe over alleged violations of the state's Consumer Privacy Act (CCPA). California's allegation: GM sold driver telematics data — location, acceleration, brake usage, hard turns, sometimes covering thousands of miles annually — to third-party data brokers, particularly LexisNexis Risk Solutions and Verisk Analytics, both of which market to the insurance industry, without adequate driver consent.

The allegation became public in early 2024 with an investigation published by The New York Times. The story showed that driving-behavior data of GM owners enrolled in OnStar's Smart Driver programme was being sent to LexisNexis. Many drivers learning that their insurance premiums had jumped sharply discovered, on closer inspection, a credit-report-style "driver behavior report" — recording dates of phone calls, hard-braking events and speed-limit overruns. The reports had been compiled without those drivers having been informed.

The California probe was opened by Bonta in March 2024, and neighbouring states — Oregon, Washington, Nevada — opened parallel inquiries. Investigators found that GM had offered an opt-out preference for driver-behavior data sales during OnStar customer registration, but the option was buried in a place that was almost impossible to find. California law requires opt-in consent: drivers must affirmatively allow their data to be sold, rather than being signed up by default.

The settlement provides for GM to pay the $12.75 million and to refrain from selling driver-behavior data to third parties for the next three years. The company must also create an explicit opt-in consent process for any new buyers. Bonta said: "California consumer data has become a product sold to influence financial decisions — from insurance premiums to credit. This settlement sends a clear message to the industry: violating consent rules is expensive."

GM, in its statement, said its acceptance of the settlement is "a step to strengthen the company's relationship with its California customers." Spokesperson Paul Edwards said: "We managed the OnStar Smart Driver programme on the assumption that an opt-in preference set up years ago was sufficient. The probe showed us that we need to be stronger and clearer in communicating the features of this programme to our customers." Edwards added that GM had voluntarily suspended data sales mid-2024.

The payment represents only a fraction of GM's 2025 net income (roughly $6 billion). But privacy attorneys point to the settlement's symbolic weight: "GM has set an important precedent for how vehicle data is to be handled under CCPA, particularly in California. Other manufacturers — Ford, Volkswagen, Toyota — now have to review their own opt-in processes," said Riana Pfefferkorn, director of Stanford's Center for Internet and Society.

Most large automakers offer OnStar-type telematics systems, which can collect and potentially sell tens of thousands of miles of driving data each year. Ford's Vehicle Data Service, Toyota's T-Connect, Volkswagen's Car-Net and Tesla's internal system architecture all use different opt-in models. After the 2024 Times investigation, Tesla and Volvo announced that they would stop selling data to third parties; Ford and other producers have continued their programmes.

The California settlement is part of a wider US debate over consumer data regulation. At federal level, Congress did not pass the American Privacy Rights Act in 2024 or 2025; at state level, California, Virginia, Colorado and another nine states have passed their own privacy laws. The result is a patchwork for automakers — a vehicle sold in California is subject to a different opt-in process than the same model sold in Texas or Florida.

Electronic Frontier Foundation privacy lawyer Adam Schwartz criticised the settlement: "$12.75 million is not a 'costly lesson' for a company like GM — it's a parking fine. The good side of the settlement is that it requires GM to fix its opt-in processes. But considering how big the driver-data market is across the United States, $12.75 million has limited deterrent effect." Schwartz added that the absence of a comprehensive federal privacy law reduces the impact of state-by-state settlements.

The settlement will take effect after a 30-day court approval process. Bonta said: "California will continue to lead the country on privacy. Automakers that continue to sell customer data without consent will face larger settlements." His office signalled that other large automakers are under parallel inquiry — without naming them publicly.

This article is an AI-curated summary based on TechCrunch. The illustration is a stock photo by Erik Mclean from Pexels.