General Motors is being sued by Texas’ Attorney General Ken Paxton for allegedly
unlawfully collecting driving data from users and selling it to other companies.
GMC allegedly
used technology that was installed in the majority of 2015 or newer General Motors vehicles that would “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle[.]”
That’s a long time to be collecting and peddling personal information without the permission of the vehicle’s owner.
After all,
Unbeknownst to customers, however, by enrolling in GM’s products, they were “agreeing” to General Motors’ collection and sale of their data. Despite lengthy and convoluted disclosures, General Motors never informed its customers of its actual conduct—the systematic collection and sale of their highly detailed driving data.
I see two suitable civil sanctions here, assuming conviction. One is to force GMC to disclose the amount of money it received over those two years from its sale of those data. It must then be required to pay that money to each person who bought a GMC vehicle from those two model years, whether the vehicle was bought new or used. Yes, yes, identifying all the used vehicle buyers will be difficult. Cry me a river. GMC should have thought about that beforehand.
The other isn’t really a sanction, per se. GMC should be required to disclose each of the buyers of those data, and then each of those buyers should be required to certify that it has purged all of the data of this type that GMC sold to it.
It would be suitable, also, to go after criminal sanctions against the GMC executives who authorized the illegal collection of the data, who authorized the sale of those illegally collected data, and who carried out the collections, and who carried out the sales.
It’s time to get draconian in sanctioning these data thefts. Bad enough we have to deal with hackers; we shouldn’t have to be subject to such thefts from allegedly mainstream companies.