You probably locked your phone down years ago. You’ve got a VPN, maybe an ad blocker, and you side-eye every app that asks for your location. But there’s a device you use almost every day that’s collecting way more data than your phone — and you’ve probably never thought twice about it.
It’s sitting in your driveway right now.
Your car — that shiny, connected, WiFi-equipped machine — is watching you. It knows where you go, how fast you drive, how hard you brake, and when you’re on the road at 2 a.m. And it’s selling that information to people you’ve never heard of, for reasons you never agreed to.
Your Car Collects Data Every Three Seconds
Modern vehicles are basically computers with wheels. They’re packed with cameras, radar, lidar, GPS, Bluetooth, and cellular connections. And all of those systems are collecting information constantly. We’re talking about your precise location, the routes you take, how often you visit certain places, your speed, your acceleration patterns, your braking habits, whether you wear your seatbelt, and even how you take corners.
Some systems, like GM’s OnStar, have been documented collecting this kind of data as frequently as every three seconds. That’s not a rough snapshot of your driving. That’s a full surveillance log.
A 2024 J.D. Power study found that over 80% of consumers either aren’t sure or flat-out don’t believe their automaker is being straight with them about what data is being collected. And honestly? They’re right to be suspicious.
Nearly Every Automaker Is Doing This
This isn’t a GM problem. It’s an industry-wide problem. A major investigation dug through thousands of pages of privacy policies and questioned 15 different automakers — BMW, Ford, GM, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Stellantis, Subaru, Tesla, Toyota, and Volkswagen. The finding? Nearly every single one is collecting and sharing driver behavior data with outside companies.
That data ends up with car insurers, lenders, thousands of data brokers, infotainment companies, and even government agencies. Almost every automaker refused to name the specific companies they share your data with. When Oregon passed a law in July 2024 letting residents request a list of every company their data was shared with, nearly 400 people filed requests. Not a single automaker responded.
Let that sink in. They literally ignored the law.
Your Dealer Might Have Opted You In Without Telling You
Here’s where it gets really infuriating. Some car owners found out their data was being tracked even though they never turned on any data-sharing feature themselves. According to reports, car dealers enabled the feature at the point of sale — without clearly telling the buyer what they were signing up for.
These programs often hide behind friendly-sounding names like “Smart Driver,” “Driving Score,” or “Driver Feedback.” They’re pitched as gamification tools — little scores that reward you for safe driving. What they don’t tell you is that the data behind those scores gets packaged up and sold.
Brant McDonald, a farmer from Valdosta, Georgia, bought a new Chevy truck in September 2023. Months later, he learned GM was selling driving behavior data. When he called to cancel his OnStar subscription, a representative reportedly told him: “Even if you turn it off, we can still track you. We can still see what you’re doing.”
It’s Already Costing People Real Money
This isn’t just creepy. It’s expensive. The data pipeline works like this: your car collects driving data, sends it to the manufacturer, who sells your driving profile to data brokers like LexisNexis or Verisk, who then sell it to anyone willing to pay — including car insurers.
Romeo Chicco got rejected by seven different insurers before one of them — Liberty Mutual — finally told him his LexisNexis report was the problem. His 2021 Cadillac XT6 had been tracking his driving behavior the whole time, and the data resulted in a higher risk score. He filed a class action lawsuit against GM and LexisNexis on March 13, 2024.
LexisNexis has bragged about having access to “real-world driving behavior” from more than 10 million vehicles. They compile profiles that include detailed data on every trip you take — start and end times, duration, distance, and every instance of hard acceleration or braking. And they sell this to dozens of paying partners in the insurance industry.
By the end of 2022, at least 16.8 million drivers had signed up for telematics-based insurance. That number is expected to hit 30 million policies by 2027. But here’s the key difference: those telematics programs involve an obvious opt-in and offer premium discounts for safe driving. What automakers are doing is completely different — there’s no clear opt-in, no discount, and plenty of financial downside.
An $800 Billion Business You Get Nothing From
The California Privacy Protection Agency has been working to understand what automakers collect from the state’s tens of millions of drivers. What they’ve found is that drivers benefit almost nothing from what’s becoming an $800 billion connected car data industry.
Your location data gets sold to advertisers. Your driving habits get sold to insurance companies. Your travel patterns get analyzed by companies like SAP, IBM, and Otonomo, which aggregate car data from multiple sources to package and monetize it. And you — the person generating all of this information — don’t see a dime.
A Mozilla Foundation analysis found that nearly 90% of the car brands they studied create “inferences” about drivers by combining multiple data points. Of those, 39% say they may sell the data to third parties. And 82% of connected car drivers have no idea how much data their vehicle actually collects.
It’s Also a National Security Problem
The privacy issue is bad enough for individual drivers. But there’s a bigger picture that’s even more alarming. Cybersecurity experts have flagged connected cars as a serious national security risk.
Many car manufacturers rely on third-party software — sometimes developed overseas — for their communication features. That opens the door for foreign adversaries to intercept data or exploit vulnerabilities. A car’s connection system could theoretically allow conversations to be recorded, calls to be intercepted, and sensitive data to be pulled out of the vehicle without anyone knowing.
There are currently 26 million electric vehicles on roads worldwide, and that number is projected to hit 145 million by 2030. Each one of those vehicles is a node in a massive data network. The U.S. Bureau of Industry and Security responded with a Connected Vehicles Rule that went into effect on March 17, 2025, specifically targeting national security risks from foreign technologies in American cars.
The FTC has also warned that large amounts of sensitive data collected by any company can pose national security issues if shared with foreign actors. Cars collect persistent, precise location data — the kind of information that could be used for espionage, targeted attacks, or building databases of high-value targets.
Lawsuits Are Piling Up — But Change Is Slow
By 2024, seven class action lawsuits had been filed against General Motors, OnStar, LexisNexis, and Verisk Analytics. These were consolidated in a Georgia federal court. In August 2024, Texas Attorney General Ken Paxton sued GM and OnStar for violating state consumer law. Senators Ed Markey and Ron Wyden urged the FTC to investigate automakers for invasive data practices, alleging that GM, Honda, and Hyundai all used deceptive methods.
After the backlash, GM announced it would stop sharing data with LexisNexis and Verisk. But the FTC settlement only banned GM from selling driving data to consumer reporting agencies — it didn’t address the broader data collection itself. And the other 14 automakers? Still doing their thing.
The FTC stated plainly: “The easiest way that companies can avoid harming consumers from the collection, use, and sharing of sensitive information is by simply not collecting it in the first place.” That’s a pretty clear statement from a federal agency. Whether automakers listen is another question entirely.
What You Can Actually Do About It
Opting out isn’t easy, and it sometimes means giving up connected car features you actually want. But here’s what experts recommend:
Search your car’s infotainment settings and any connected apps for features called “Smart Driver,” “Driving Score,” “Driver Feedback,” or anything similar. Disable them. Check what permissions any third-party apps connected through Apple CarPlay or Android Auto are requesting. Request your data report from LexisNexis and Verisk — you have the right to see what they have on you, and you can ask them to delete it. And if you’re selling your car, wipe the data. The FTC recommends treating your car the same way you’d treat a computer or phone before handing it off.
Ask probing questions at the dealership before buying. Find out exactly what data the vehicle collects and who it goes to. If the salesperson doesn’t know — or won’t say — that tells you something too.
We spent years worrying about our phones listening to us. Turns out, we should have been worrying about our cars.
