General Motors has agreed to pay a hefty $12.75 million in civil penalties following an investigation by California Attorney General Rob Bonta’s office, stemming from allegations that the company sold customer driving data without consent.

The settlement centers on GM's OnStar program, which reportedly shared the names, contact information, geolocation data, and driving behavior of hundreds of thousands of Californians with data brokers Verisk Analytics and LexisNexis Risk Solutions. The data was allegedly collected between 2024 and 2026, generating around $20 million for GM.

However, Bonta’s office claims that the data did not lead to increased insurance premiums in California due to existing state laws prohibiting insurers from using driving data to set rates. Nevertheless, the settlement mandates GM to cease selling this type of data to any consumer reporting agencies for five years and delete retained data within 180 days.

In a statement, Bonta emphasized the importance of ‘data minimization,’ stating that companies cannot retain personal data indefinitely for future use without explicit customer consent. GM defended its actions by citing the discontinuation of their Smart Driver product in 2024 and asserting that it has taken steps to enhance privacy practices.