I just wrote about how dramatic it is that lawmakers are trying to ban Chinese EVs over safety concerns. Most recently, Michigan Senator Elissa Slotkin claimed the Chinese EVs being driven on California roads are spying on us by capturing video and mapping out stuff to send back to China. Uh, yeah.
However, turns out that you don’t gotta be from overseas to spy on the United States and its citizens.
General Motors made $20 million selling driver data
General Motors has just agreed to a $12.75 million settlement with prosecutors in California after it was caught illegally selling customer data for five years. Apparently, GM illegally sold data on hundreds of thousands of drivers to data brokers from 2020 to 2024 — including names, locations, and driving behavior.
This was considered illegal since GM never told customers that their data was being sold. General Motors was getting this sensitive data from OnStar, which is ironically a safety, security, and connectivity service. Through an app, customers get 24/7 emergency response, automatic crash alerts, stolen vehicle assistance, and remote vehicle management — but you gotta pay every month. It’s a subscription service, so drivers are paying to have their data stolen. And GM has reported that over 13 million people are subscribed. I don’t know how many were in California.
GM is reported to have made $20 million selling drivers’ data to Verisk Analytics Inc. and LexisNexis Risk Solutions. The data would be used to develop a driver-rating product that could potentially let auto insurers set rates.
“Today’s settlement requires General Motors to abandon these illegal practices and underscores the importance of data minimization in California’s privacy law — companies can’t just hold on to data and use it later for another purpose,” California Attorney General Rob Bonta said in a statement.
GM claims that whole issue stems from Smart Driver, which was discontinued in 2024. So… That’s the only reason GM stopped doing it. However, the automaker claims it has “strengthened” its privacy practices since then. “Vehicle connectivity is central to a modern and safe driving experience, which is why we’re committed to being clear and transparent with our customers about our practices and the choices and control they have over their information.”
It wasn’t really by choice, though. As part of its settlement, GM had to delete driving data within 180 days and ask the two data brokers to which it sold the data to do the same.
General Motors is an American automaker. This makes it all the more silly that lawmakers are so freaked out about the cars in China. Looks like we can get our data stolen right here in the good ol’ U.S. of A.
EVs are capable of spying, but are they?
While I don’t think Chinese EVs specifically are data-hungry machines, EVs in general have been known to collect data and have the ability to spy on drivers. This is due to their microphones, cameras, and wifi connectivity.
“There are lots of opportunities to collect data and therefore lots of opportunities to compromise a vehicle like that,” Rafe Pilling, the director of threat intelligence at the cybersecurity firm Secureworks, told The Guardian. “A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform.”
Right now, there is no public proof at all that Chinese EVs are stealing data. They could be, but so are American automakers.
