The controversy surrounding GM’s sharing of driving data from connected vehicles with third parties continues to unfold, revealing concerning practices and raising questions about privacy. It all started when New York Times reporter Kashmir Hill broke the news that GM was selling driving data about specific drivers and trips to LexisNexis and Verisk, companies that help auto insurance companies assess risk. This data was extracted from the Smart Driver+ program, a driving gamification feature aimed at improving driving skills.
Initially, GM defended its actions, stating that customers had to opt into the Smart Driver+ program. However, a Cadillac driver in Florida, whose insurance premium was doubled due to incidents recorded by Smart Driver+, filed a lawsuit against GM. This prompted GM to cut ties with LexisNexis, citing a prioritization of customer trust and an active evaluation of privacy processes and policies.
In a surprising turn of events, Hill discovered that she and her husband’s Chevrolet Bolt had also been enrolled in Smart Driver+, despite not remembering opting in. Her husband requested reports from LexisNexis and Verisk and received two files detailing incidents from nearly 300 trips taken over three months. This raised concerns as neither company had access to Hill’s data, as the dealership listed her husband as the primary owner of the vehicle, leaving her name out of the equation.
To further investigate, Hill and her husband checked the OnStar app, which indicated that they were not enrolled in Smart Driver. However, when they accessed OnStar on a computer, it revealed their enrollment. GM attributed this discrepancy to a “bug” affecting a small number of owners, causing the app to display incorrect information.
A visit to the dealership shed light on some revealing information. The salesperson confessed to automatically filling out three pages of the sales paperwork with “Yes,” “Yes,” and “No,” without consulting the customer. The second page signed customers up for OnStar and enrolled them in Smart Driver. GM insisted that buyers had to approve the terms, but only a few lines on the page instructed the salesperson to obtain the buyer’s approval. The salesperson explained that if he didn’t sign a buyer up for OnStar, his pay would be docked, and GM graded dealerships based on the percentage of vehicles enrolled in Connected Access. It became apparent that opting out of Smart Driver was not possible without also forgoing benefits such as OTA updates or remote diagnostics.
When Hill inquired further, a more senior salesman claimed that customers always accept the terms themselves, leaving room for doubt. While Hill acknowledges that she may have forgotten such a moment during her car purchase due to the extensive paperwork involved, the lack of transparency regarding GM’s use of data captured by Smart Driver+ remains an issue. Drivers are unaware of this information unless they obtain their report from LexisNexis or Verisk.
Responding to the backlash, GM has ceased data sharing with LexisNexis and Verisk, discontinued the Smart Driver program in all GM vehicles, and hired a new trust and privacy officer. However, the company now faces at least ten federal lawsuits from disgruntled owners affected by Smart Driver. This situation emphasizes the importance of understanding privacy policies and raises questions about the extent of data collection and usage by auto manufacturers.
To delve deeper into this issue and gain insights from privacy experts, it is recommended to read the full story.