GM can’t sell your driving data for 5 years: Here’s hhat the FTC found

Charisse Medrano
GM can’t sell your driving data for 5 years: Here’s hhat the FTC found
Image Credit: Joe Ross from Lansing, Michigan – CC BY-SA 2.0/Wiki Commons

General Motors is now under a strict federal order that blocks it from selling your driving data for the next five years, a direct response to how the company handled location and behavior information from connected cars. At the center of the case is what The Federal Trade Commission says GM and its OnStar unit did with highly sensitive details about where people drove and how they behaved behind the wheel, and what they failed to tell customers along the way. I want to unpack what the regulators actually found, what the new rules require, and what it all means if you drive a Chevrolet, GMC, Cadillac, or Buick that talks to the cloud.

What the FTC says GM and OnStar did wrong

The Federal Trade Commission has accused General Motors and its OnStar subsidiary of quietly turning connected vehicles into rolling data feeds, collecting precise geolocation and detailed driving behavior and then sharing or selling that information without clear, informed consent. According to the agency, the data did not just show that a driver took a highway exit, it pinpointed exact locations and captured patterns like hard braking, rapid acceleration, and nighttime driving, all of which can be used to build a risk profile. The FTC says GM and OnStar then passed this information to third parties, including insurance-related entities and analytics firms, in ways that drivers did not reasonably expect when they activated services in their cars.

Earlier in the enforcement process, The Federal Trade Commission laid out allegations that General Motors and OnStar collected, used, and shared drivers’ precise location and driving behavior with outside companies, including insurance agencies, without consumers’ consent, framing the practice as a violation of federal law that bars unfair or deceptive acts in commerce. The agency has now followed that up with a final order that describes how GM failed to clearly disclose that it was gathering consumers’ precise geolocation and driving behavior data and then selling or sharing it, a pattern that regulators say left drivers exposed to uses of their information they never knowingly agreed to. Those allegations are spelled out in the FTC’s own description of its action against General Motors.

The five‑year ban and what it actually covers

When The FTC finalized its settlement with GM and OnStar, it did not just tell the company to do better disclosures, it imposed a concrete ban on selling certain kinds of driving data for a full five years. In practical terms, that means General Motors is prohibited from selling or licensing precise geolocation and driving behavior information from its connected vehicles to third parties that want to use it for purposes like insurance underwriting, risk scoring, or marketing. The order also restricts GM from sharing that data with outside entities unless it has obtained clear, affirmative consent from the driver, and it bars the company from conditioning basic safety or connectivity features on agreeing to broad data sales.

On January 14, 2026, the Federal Trade Commission approved a final order that, as summarized in outside coverage, bans General Motors and its subsidiaries from selling driving data to third parties for five years and requires the company to secure explicit opt‑in consent for any sharing of sensitive information that is still allowed. That same description notes that the order treats precise location and detailed driving behavior as sensitive categories that demand heightened protection, similar in spirit to how regulators treat financial or health records. The contours of the ban and its duration are reflected in the FTC’s own explanation of the five‑year restriction.

How the final order changes GM’s data practices

The final order approved by The FTC does more than freeze certain sales, it rewires how GM is supposed to handle sensitive information from the moment a driver signs up. The agency says GM must clearly tell consumers that it collects precise geolocation and driving behavior data, explain how that information will be used, and obtain affirmative consent before sharing it with third parties. The order also prohibits GM from misrepresenting how it collects, uses, or shares data, and it bars the company from suggesting that drivers must agree to broad data sharing in order to receive prizes, discounts, or other perks that are not actually contingent on that consent.

In its own description of the settlement, The FTC highlights that GM and OnStar are now required to implement a comprehensive privacy program that covers the collection and sale of geolocation and driving behavior data, and that they must not mislead consumers about whether they are enrolled in programs that transmit such information. The agency also emphasizes that the final order blocks GM from using deceptive enrollment flows, such as burying key terms in fine print or implying that a driver must share data to receive basic services, and it specifically calls out that the company cannot falsely claim that it will stop collecting data or promise a prize in exchange for consent when that is not accurate. Those requirements are laid out in the FTC’s own summary of the final order.

Why this case matters beyond GM

As I see it, the GM case is a signal that regulators are starting to treat car data more like financial or health information, not just another marketing feed. The Federal Trade Commission has been steadily expanding its privacy enforcement playbook, and its action against General Motors and OnStar fits into a broader pattern of cracking down on companies that quietly monetize sensitive data without meaningful consent. When the agency describes precise geolocation and driving behavior as sensitive, it is effectively telling the entire auto and mobility sector that they need to treat those categories with extra care, from how they design dashboards in a 2024 Chevrolet Silverado to how they pitch insurance‑linked “safe driving” programs in a Cadillac Escalade.

That broader shift is visible in other corners of the FTC’s work, including new data breach reporting rules for non‑banking financial institutions that require companies to notify the agency when certain kinds of personal information are exposed. In that context, the FTC has stressed that firms handling sensitive data must have robust safeguards and transparent practices, and it has directed readers to its own materials for more detailed information about those breach rules. When I connect those dots, the GM order looks less like a one‑off punishment and more like a template for how the agency expects any company that touches location, behavior, or financial‑adjacent data to behave.

What drivers should watch for in their own cars

If you drive a GM vehicle with OnStar, the most immediate change you should expect is clearer language about what data is collected and how it is used, especially when you activate services or sign up for extras like insurance‑linked programs. The FTC’s allegations focused on the idea that GM failed to clearly disclose that it collected consumers’ precise geolocation and driving behavior data and then sold or shared it, so the settlement is designed to force the company to surface those details in plain view. I would expect future enrollment screens in models like the Chevrolet Equinox or GMC Sierra to spell out whether your trips and driving style will be shared with outside entities and to give you a real choice to say no.

For drivers of any brand, not just GM, the case is a reminder to treat connected‑car sign‑ups the way you would treat a new banking app or online insurance portal. When The Federal Trade Commission first announced that it was taking action against General Motors for sharing drivers’ precise location and driving behavior data with insurance agencies without consumers’ consent, it was effectively warning the entire market that vague consent flows are not good enough. The agency’s own description of that enforcement step against General Motors makes clear that drivers should expect to be told, in straightforward terms, when their location and behavior will be shared and with whom.

More from Fast Lane Only

Charisse Medrano Avatar
Charisse Medrano

Welcome!

Welcome to Fast Lane Only—the ultimate destination for everything on wheels. Whether you’re into celebrity rides, classic icons, modern muscle, or the fastest supercars on the planet, we’ve got you covered.

From the rarest collector’s cars to the high-performance machines turning heads today, we bring you stories, specs, and insider looks at the rides that matter. If it’s fast, legendary, or owned by someone famous, you’ll find it here. Buckle up and stay in the fast lane!

Search

Latest Posts

Archives