The Federal Trade Commission has just imposed a sweeping ban on how General Motors can trade in your driving habits, cutting off a lucrative pipeline of location and behavior data that flowed from connected cars into the insurance industry. For drivers in GM vehicles, that means a rare, concrete limit on how far in-car tracking can go, but it also starts a countdown on how long those protections will last and how quickly other automakers might test the same boundaries. I see this as a pivotal moment in the quiet tug-of-war between data hungry carmakers and regulators who are only beginning to treat vehicles as rolling smartphones.

What the FTC actually banned GM from doing

At the heart of the new order is a simple rule: General Motors and its OnStar service are barred from sharing or selling key categories of connected vehicle data without clear, advance permission from the people behind the wheel. The Federal Trade Commission has finalized a settlement that effectively prohibits General Motors and OnStar from disclosing precise geolocation and detailed driver behavior information, including how hard you brake or how fast you take a corner, to consumer reporting agencies and similar intermediaries that feed insurance decisions. The Commission’s order also blocks GM from using that data to determine eligibility for credit or insurance products, closing off a backdoor route into risk scoring that many drivers never realized existed.

The restrictions are not limited to a single app or program. Under the order, General Motors and its subscription-based telematics service OnStar must obtain explicit consent before collecting, using, or sharing connected vehicle data for these purposes, and they must give consumers a meaningful way to opt out of ongoing collection. The Federal Trade Commission has described this as a first-of-its-kind move to safeguard Americans’ privacy in connected vehicles, with narrow exceptions such as using location information for first responders in emergencies. In practice, that means data from a Chevrolet Silverado or Cadillac Escalade equipped with OnStar can no longer quietly flow to companies like LexisNexis or Verisk to help set insurance premiums unless the driver has been clearly informed and has agreed in advance.

How GM turned “safety” features into a data business

The enforcement action did not appear out of thin air. It grew out of allegations that GM and OnStar quietly transformed driver assistance and “safety” programs into a data-harvesting engine that fed the insurance industry. One focal point was Smart Driver, an OnStar feature marketed as a coaching tool to help people improve their driving habits and potentially qualify for discounts. According to federal regulators, Smart Driver was pitched as a way to promote safer behavior, but in reality it operated as a tracking program that collected granular telematics, including hard braking, rapid acceleration, and late-night driving, and then passed that information to third parties that used it to influence customers’ premiums.

Regulators say many drivers never understood that enrolling in Smart Driver or similar services would result in their behavior being scored and shared with consumer reporting agencies. The Federal Trade Commission alleged that GM and OnStar failed to obtain informed, affirmative consent before sending this data to outside firms, and that some consumers only discovered the consequences when they saw higher insurance quotes or were denied favorable terms. The Commission’s complaint described a pattern in which connected vehicle features, presented as optional conveniences or safety enhancements, became a pipeline for monetizing driver behavior without the kind of clear disclosures that would allow people to make a genuine choice.

What the five-year and twenty-year clocks really mean

The penalty structure in the settlement is more complex than a single headline number, and it matters for how long drivers can rely on these new protections. The Commission has imposed a five-year ban on GM disclosing consumers’ geolocation and driver behavior data to consumer reporting agencies and similar entities, effectively freezing the company’s ability to sell or share that information into the insurance ecosystem for a defined period. At the same time, The FTC has finalized a broader twenty-year order that governs how GM and OnStar handle connected vehicle data more generally, including requirements around consent, data deletion, and record keeping that will shape the company’s privacy practices well beyond the initial sharing ban.

In practical terms, the five-year clock is the most visible shield for drivers who worry about their daily commutes being turned into risk scores. For roughly half a decade, GM is barred from returning to the specific data-sharing arrangements that triggered the enforcement action, such as relationships with LexisNexis and Verisk that turned telematics into insurance inputs. The longer twenty-year framework functions more like a probationary regime, forcing GM to build and maintain internal systems that respect the limits on data collection and use, and giving the Federal Trade Commission leverage to step back in if the company drifts toward similar practices under a different label. I read that dual-timer structure as a signal that regulators see connected vehicle data as a long-term battleground, not a one-off scandal.

Inside GM’s privacy promises and their limits

GM’s own privacy materials show how far the company had already gone in normalizing extensive data collection from its vehicles. In its U.S. Consumer Privacy Statement, the company describes a wide range of “Connected Vehicle Features and Controls” that rely on telematics, from navigation and remote start to diagnostics and in-car apps. Under sections on “Sharing your connected vehicle,” GM explains that the nature of its connected vehicles means data may be shared with service providers, business partners, and others to deliver features, support marketing, and enable third-party services. The statement also notes that vehicles are required to include certain disclosures in the owner’s manual, and that data may be used to personalize content and advertising on third-party websites.

Those disclosures, while more detailed than what many consumers see from smaller tech firms, still leave a wide gap between what is technically described and what an average driver might reasonably expect. A person buying a 2024 GMC Sierra with OnStar might understand that location is used for navigation or roadside assistance, but not that the same stream of data could be packaged and sent to a consumer reporting agency to help determine insurance eligibility. The Federal Trade Commission’s order effectively narrows the space between GM’s broad contractual language and the specific uses that regulators consider unacceptable without explicit, opt-in consent. It also forces GM to build clearer mechanisms for people to see, manage, and limit how their driving data is used, rather than burying those choices in dense privacy statements and owner’s manuals.

Why this fight extends far beyond GM drivers

Although the order targets a single automaker, I see it as a template for how regulators may treat connected vehicles across the industry. Many of today’s cars collect telematics data as a matter of course, including where and how you drive, how often you brake hard, and how quickly you accelerate. That information can be used to power convenience features, but it is also attractive to insurers, lenders, and data brokers who want a more granular picture of risk and behavior. The Federal Trade Commission has framed its action against GM as a way of safeguarding Americans’ privacy in this new environment, signaling that similar arrangements at other manufacturers could face scrutiny if they rely on opaque consent or surprise drivers with downstream consequences.

More from Fast Lane Only