US Data Privacy Regulators Target Automotive Industry and Texas Takes the Lead

Growing Regulatory Scrutiny in the Automotive Industry

In recent years, the automotive industry has found itself under increasing scrutiny from US data privacy regulators. With the rise of connected vehicles and sophisticated onboard technologies, car manufacturers have collected a vast amount of data from car owners and drivers—often without explicit knowledge or consent at time of purchase, transfer, or activation. This has prompted regulators across the country to take action, with California leading the charge with its investigative sweep of the auto industry. However, Texas is now making headlines with its aggressive stance against major players in the sector.

Texas Attorney General Sues General Motors

In a groundbreaking move, Texas Attorney General Ken Paxton recently filed a lawsuit against General Motors (GM), accusing the automotive giant of unlawfully collecting and selling the private driving data of over 1.5 million Texans. According to the lawsuit, GM used technology installed in most 2015 model year or newer vehicles to collect, record, analyze, and transmit highly detailed information about each drive. This data was then allegedly sold to various third parties, including insurance companies, without the drivers’ knowledge or consent.

Findings from the June 2024 Investigation

Attorney General Paxton’s action follows an investigation he launched in June 2024 into several car manufacturers over similar allegations. His findings revealed that GM had engaged in deceptive business practices by compelling customers to enroll in products like OnStar Smart Driver during the vehicle onboarding process. Customers were reportedly told that failing to enroll would result in the deactivation of their vehicle’s safety features. However, what many did not realize was that by enrolling, they were inadvertently agreeing to the collection and sale of their driving data.

Paxton’s Strong Stance on Privacy Violations

“Our investigation revealed that General Motors has engaged in egregious business practices that violated Texans’ privacy and broke the law. We will hold them accountable,” said Attorney General Paxton. “Companies are using invasive technology to violate the rights of our citizens in unthinkable ways. Millions of American drivers wanted to buy a car, not a comprehensive surveillance system that unlawfully records information about every drive they take and sells their data to any company willing to pay for it.”

Broader Implications for Data Privacy in Texas

This lawsuit is part of a broader data privacy and security initiative launched by Attorney General Paxton to ensure that companies operating in Texas respect the privacy rights of its citizens. The initiative underscores a growing trend among states to take more aggressive action against companies that violate data privacy laws. While California has been at the forefront of data privacy enforcement with its California Consumer Privacy Act (CCPA), Texas is signaling that it, too, will not hesitate to hold companies accountable.

Automotive Industry Should Heed the Warning

The automotive industry should take note: Texas is setting a precedent, and other states are likely to follow. As more states begin to crack down on data privacy violations, automotive companies could find themselves facing similar lawsuits if they do not take immediate steps to comply with emerging privacy regulations.

Potential for Broader Industry Impact

Furthermore, this action against General Motors may not be an isolated incident. Attorney General Paxton has made it clear that his office will continue to investigate and pursue companies that violate Texans’ privacy rights. This could mean that other automotive giants, including Tesla and other industry leaders, could be next in line for similar legal challenges.

The Urgency for Compliance in a Changing Landscape

The implications of these actions are far-reaching. As the automotive industry continues to evolve with the advent of connected and autonomous vehicles, the data privacy landscape will become increasingly complex. Companies must prioritize transparency and obtain clear, informed consent from consumers before collecting and sharing their data. Failure to do so could result in significant legal and financial consequences.

A Call to Action for the Automotive Industry

In conclusion, the recent actions by Texas and California serve as a wake-up call for the automotive industry. Data privacy is no longer just a compliance issue—it is a critical component of consumer trust and brand reputation. As regulators ramp up enforcement, companies that fail to prioritize data privacy may find themselves in the crosshairs of legal action, with potentially devastating consequences. The time for the automotive industry to act is now before more states follow Texas’s lead in taking aggressive action against data privacy violations.

Click here to learn more about our Preference and Consent Management Platform! Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.

Email Now:

Mike Mango, VP of Sales
mmango@clarip.com