Here's How GM Was Able To Spy On The Driving Habits Of Millions Of Its Customers [Update]
We’ve previously reported on how General Motors has been collecting and selling the data of millions of drivers to the insurance industry, but now it seems the New York Times reporter who first broke the story also got caught up in this spying. This happened to her and her husband in their 2023 Chevy Bolt even though they took all the steps necessary to keep their car from spying on them.
The Most Frustrating Features In Cars
The couple was none the wiser until they received reports from LexisNexis Risk Solutions and Verisk – two data brokers that work with the insurance industry and GM has been providing data to. Her husband’s report had a breakdown of 203 trips that were taken in the car since January. It included things like distance, start and end times and aggressive driving data. The Verisk report dated back to mid-December and contained 297 trips. It had a high level summary up top: 1,89.89 miles driven, 4,251 driving minutes, 170 hard-brake events, 24 rapid acceleration events and zero speeding events.
That’s all very normal for folks who opt in to OnStar and its connected services plan as well as Smart Drive, a program that offers feedback and digital badges for good driving. However, that’s not what the couple signed up for. From the New York Times:
That wasn’t us — and I had checked to be sure. In mid-January, again while reporting, I had connected our car to the MyChevrolet app to see if we were enrolled in Smart Driver. The app said we weren’t, and thus we had no access to any information about how we drove.
But in April, when we found out our driving had been tracked, my husband signed into a browser-based version of his account page, on GM.com, which said our car was enrolled in “OnStar Smart Driver+.” G.M. says this discrepancy between the app and the website was the result of “a bug” that affected a “small population” of customers. That group got the worst possible version of Smart Driver: We couldn’t get insights into our driving, but insurance companies could.
The author of this story and her husband were not alone in this. From NYT:
Many G.M. owners have reached out with similar accounts since my article appeared. Jenn Archer of Illinois bought a Chevy Trailblazer in April 2022. She didn’t subscribe to OnStar and had never heard of Smart Driver, but last month discovered that LexisNexis had her driving data.
“I was furious,” she said. In the last two years, her insurance rate has increased by 50 percent.
In 10 federal lawsuits filed in the last month, drivers from across the country say they did not knowingly sign up for Smart Driver but recently learned that G.M. had provided their driving data to LexisNexis. According to one of the complaints, a Florida owner of a 2019 Cadillac CTS-V who drove it around a racetrack for events saw his insurance premium nearly double, an increase of more than $5,000 per year.
At no point had these drivers been explicitly informed that this would happen, not even in the fine print, they said. New reporting reveals the cause: a misleading screen that these people would have briefly seen when they bought their cars — if their salesperson showed it to them.
Back in March of this year, GM said it stopped sharing data with LexisNexis and Verisk, which cost them an annual revenue in the low millions. It also hired a new chief trust and privacy officer.
Here’s how this happened to the author and her husband. From the Times:
According to G.M., our car was enrolled in Smart Driver when we bought it at a Chevrolet dealership in New York, during the flurry of document-signing that accompanies the purchase of a new vehicle. That this happened to me, the rare consumer who reads privacy policies and is constantly on the lookout for creepy data collection, demonstrates what little hope there was for the typical car buyer.
To find out how it happened, I called our dealership, a franchise of General Motors, and talked to the salesman who had sold us the car. He confirmed that he had enrolled us for OnStar, noting that his pay is docked if he fails to do so. He said that was a mandate from G.M., which sends the dealership a report card each month tracking the percentage of sign-ups.
G.M. doesn’t just want dealers selling cars; it wants them selling connected cars.
Our Bolt automatically came with eight years of Connected Access, a feature we didn’t know about until recently. It allows G.M. to send software updates to our car but also to collect data from it — actions consented to during OnStar enrollment.
Our salesman described the enrollment as a three-stage process that he does every day. He selects yes to enroll a customer in OnStar, then yes for the customer to receive text messages and then no to an insurance product that G.M. offers and that monitors how you drive your car. (This sounds similar to Smart Driver, but it is different.)
He does this so often, he said, that it has become automatic — yes, yes, no — and that he always chooses no for the last one because that monitoring would be a nuisance for customers.
Ms. Barker, the G.M. spokeswoman, said that dealers are not permitted to sign customers up and that the customer must be the one to accept the terms. At my request, she provided the series of screens that dealers are instructed to show customers during the enrollment for OnStar and Smart Driver. There is a message at the top of each screen: “The customer must personally review and accept (or decline) the terms below. This action is legally binding and cannot be done by dealer personnel.”
The flow of screens was almost exactly as my salesman described, except for the second one about receiving messages, which he said he always hits “yes” on. That screen wasn’t just about accepting messages from G.M.; it also opted us into OnStar Smart Driver.
It’s a screen that my husband and I do not recall seeing — presumably because our salesman filled it out for us as part of his standard procedure.
Alrighty, I’ve already spoiled a lot for you in this story. You should really head over to the New York Times for a full rundown of what happened, how this little screen is enrolling millions of folks against their will and what GM is doing about it.
Update: Friday, April 26, 2:00 p.m. EST: Jalopnik reached out to General Motors for more information, and we were given this statement by a spokesperson:
At GM, we believe that vehicles are not just modes of transportation — they’re also technology platforms that can enrich our customers’ lives. Vehicles have become increasingly connected, intelligent, and personalized with features that improve the overall driving experience and safety on every journey. As our technology progresses, we are committed to being transparent in our privacy practices and empowering customers with control of their data.
Over the last several weeks, we have heard feedback from many customers about the OnStar Smart Driver product. Customer trust is a priority for us, which is why we have taken several decisive actions and are continuing to review our processes:
Discontinuing OnStar Smart Driver: We established the Smart Driver product to promote safer driving behavior for the benefit of customers who chose to participate. However, we’ve decided to discontinue Smart Driver across all GM vehicles and unenroll all customers. This process will begin over the next few months.
Terminating partnerships with LexisNexis and Verisk: We terminated our relationships with third-party telematics companies, LexisNexis and Verisk. Any data sharing with these companies ended on March 20, 2024.
Enhancing privacy controls: We are working on enhanced privacy controls aimed at greater transparency. At the same time, we are focused on providing customers with the ability to manage vehicle performance, diagnostics and, most importantly, what is needed to keep them and their vehicles safe.
New leadership: Alisa Bergman will join General Motors as our new Chief Trust and Privacy Officer on April 29, 2024. She comes to GM from Fanatics, where she served as Chief Privacy Officer (CPO), and before that held the roles of CPO at Adobe and Warner Bros. She was a Board member for the International Association of Privacy Professionals (IAPP) and is currently on the Advisory Boards of the IAPP AI Governance Center and The Future of Privacy Forum.