California Attorney General v. General Motors

General Motors allegedly sold the names, contact information, geolocation data, and driving behavior data of hundreds of thousands of Californians to two data brokers, Verisk Analytics, Inc. and LexisNexis Risk Solutions, from 2020 to 2024. General Motors allegedly failed to give consumers notice of these sales and purportedly misled consumers by implying that data would only be used to provide OnStar subscribers with requested services. General Motors' privacy policy also reportedly stated that it did not sell any driving or location data and that if it did disclose any such data for insurance purposes, it would be at the consumer’s express direction. General Motors allegedly sold consumers’ data without customers’ knowledge or consent, despite an internal privacy compliance program that purportedly required General Motors to inform consumers how their personal information would be used and the third parties that may receive it. Additionally, General Motors allegedly retained Californians’ driving and location data long after being used to operate OnStar and then sold this retained data, which is prohibited by California law, to Lexis and Verisk, who intended to sell the data for insurance rate-setting. These practices allegedly violated the CCPA’s purpose limitation and data minimization requirements.

Summary generated from official California Attorney General press release