GM Agrees to $12.75M Settlement Over Alleged Unauthorized Sale of California Drivers' Data

General Motors has agreed to a $12.75 million settlement resolving allegations that the automaker sold California drivers' personal data to third parties without obtaining proper consent, marking a significant enforcement action under the state's privacy laws. The case centers on claims that GM transmitted sensitive driver information—including location data, vehicle usage patterns, and identifiable details—to data brokers and marketing firms while failing to provide consumers with adequate disclosure or opt-out mechanisms guaranteed under California law.

The settlement emerges from a broader crackdown on automotive data practices, as regulators increasingly scrutinize how vehicle manufacturers collect, store, and monetize the vast amounts of personal information generated by modern cars. California residents filed complaints alleging that GM's onboard systems and connected vehicle services harvested data that was subsequently commercialized, sometimes without drivers' knowledge that such sharing was occurring. The monetary figure represents one of the larger penalties levied against an automaker for privacy violations in the state, signaling regulators' intent to hold the industry to stricter standards.

The case highlights mounting pressure on automotive companies to revamp their data governance frameworks as consumer advocates and lawmakers demand greater transparency around vehicle data practices. GM did not admit wrongdoing as part of the settlement terms. The outcome could set precedent for similar actions against other manufacturers, many of which face ongoing scrutiny over their connected car data policies. California Attorney General Rob Bonta emphasized that companies cannot treat driver data as a revenue stream without explicit consumer authorization.