The Federal Trade Commission (FTC) has taken a significant step toward safeguarding consumer privacy by initiating a proposed action against General Motors (GM) and its subsidiary, OnStar, over allegations they improperly collected and shared sensitive data on millions of vehicle owners.
Several days earlier, Texas Attorney General (AG) Ken Paxton sued Allstate and its subsidiary, Arity, for “unlawfully collecting, using, and selling” more than 45 million Americans’ driving data “through secretly embedded software in mobile apps such as Life360.” The suit arose from an investigation that led Paxton to sue GM in August for allegedly “false, deceptive, and misleading business practices related to its unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent.” This is the first enforcement action filed by a state attorney general to enforce a comprehensive data privacy law.
Both the FTC and the Texas AG’s actions reflect growing concerns about privacy risks in the era of digitally connected vehicles. Indeed. In December 2024, a significant data breach at Volkswagen Group’s software subsidiary, Cariad, exposed sensitive information of approximately 800,000 electric vehicle owners. The compromised data included precise vehicle locations, contact details, and movement patterns. The breach affected fully electric models across Volkswagen, Audi, Seat, and Škoda brands, impacting vehicles not only in Germany, but throughout Europe and other regions.
