Automakers like General Motors (GM) are sharing customers' detailed driving behavior data with insurance companies, which can lead to higher premiums for some drivers. According to a March report from The New York Times, the practice fuels concerns over privacy and consent in the IoT world.
After that report was published, however, the author realized that she and her husband were also being tracked -- and she is now sharing their experience.
The initial Times report focused on the experience of Kenn Dahl, a driver who saw his car insurance rates jump by 21%, seemingly out of the blue. When Dahl decided to shop around with other insurance companies, he found competing quotes to be just as high. One agent explained that this was due to his LexisNexis report.
Also: How a new law protects your thoughts from tech companies -and why it matters
When Dahl requested a copy of that report, LexisNexis sent him a 258-page document that included every trip he or his wife drove in their Chevy Bolt during the preceding six months. The report included 640 trips, with dates, start and end times, distances driven, and comprehensive data on driving habits, like speeding, hard braking, and rapid accelerations.
Insurance firms use this data from LexisNexis -- a global provider of legal and business information and analytics -- to personalize insurance rates for drivers. Anyone can download their own Consumer Disclosure Report online, in compliance with the Fair Credit Reporting Act.
Times author Kashmir Hill is now providing a detailed account of her and her husband's own experience with GM's data-sharing practices. Their vehicle was enrolled in OnStar Smart Driver+, a data-sharing program, not only without their consent but despite assurances from a GM app that they were not enrolled.
Also: Not into the Tesla Powerwall? You can now buy the Anker Solix X1
After she contacted GM for comment, a spokesperson told Hill that the data collection only happens when drivers turn on OnStar. Hill was certain she had not initiated OnStar, and checking the MyChevrolet app confirmed as much. Also, her LexisNexis file didn't have any driving data. Months later, they checked on a browser-based version of GM.com and found they were indeed enrolled in OnStar Smart Driver+.
Hill didn't have access to their driving data, but insurance companies did.
Many insurance companies offer "safe driving" discounts, giving those with a clean driving record a better rate. Some even offer devices installed in your car or location tracking through mobile apps to track your driving habits and watch for signs of safe driving, including steady acceleration, gentle braking, and observing speed limits.
Also: Tesla cuts its 'full self-driving' subscription in half, also cuts one time price
These discount programs -- like Progressive'sSnapshot , Allstate'sDrivewise and Geico's DriveEasy -- are ones that drivers enter willingly and knowingly.
I bet nobody selling you a car told you that the automaker would be able to track and see how you drive, down to the minute, and that insurance companies could use this data to adjust your rates.
GM told Hill that this bug involved a "small population" of customers, affecting how data was collected and used without user knowledge.
Also: Brave search engine adds privacy-focused AI - no Google or Bing needed
LexisNexis gathers this data from connected cars with the customer's permission; the problem is that this consent is often buried in fine print or obtained indirectly without clear disclosure. On top of facing higher insurance premiums, drivers can feel surveilled and lose trust in carmakers. We're learning that car manufacturers also gather this data, bypassing companies like LexisNexis.
Connected cars are equipped with internet connectivity and the ability to collect and transmit data, and many of the vehicle models from recent years fall into this category (see what data your vehicle can collect here). Vehicles enrolled in telematics programs, like GM's OnStar, HondaLink, and Hyundai's Blue Link, can also collect driver behavior data that can be shared with other companies.
Also: National Guard will use Google's AI for faster disaster response and recovery
Hill realized she wasn't alone. After publishing her initial article, she said other GM owners reached out with similar accounts. What's more, 10 federal lawsuits have been filed in the past month from drivers claiming they did not knowingly enroll in the Smart Driver program, yet learned GM had provided their driving data to LexisNexis and seen their car insurance premiums increase by as much as double.
According to Hill, GM responded by discontinuing its Smart Driver program, stopping data sharing with brokers, and appointing a new chief trust and privacy officer.
Also: Tinder's 'Share My Date' feature will let you share date plans with friends and family
Hill's and many drivers' experiences highlight a systemic issue with data privacy and consent in connected cars. As the issue stands, the enrollment process for these programs features blatantly inadequate disclosure and misleading practices, especially during the vehicle purchase proceedings.
According to The Times, GM, Kia, Subaru, and Mitsubishi contribute to LexisNexis' "Telematics Exchange," which has gathered real-world driving behavior from more than 10 million vehicles as of 2022.