Your car became a "data center on wheels": here's what it collects on you

The car stopped being a box of pistons and became a computer with wheels that spends most of its life online. It has GPS, a cabin microphone, cameras pointed in and out, an embedded cellular modem, and an app on your phone. All of it watches you all day: your route to work, the time you idle outside the school, your foot on the pedal. The question is no longer whether it collects. It's where the data goes, and who's buying.

In at least one well-documented case, the answer is uncomfortable. It went to your insurance company.

How much data, and what kind

A connected car can produce up to 25 GB an hour, fed by roughly 200 onboard sensors¹. This isn't only engine telemetry. It's geolocation, navigation, voice recognition, biometrics, and data pulled from your own paired phone, much of it captured in the background by cameras, microphones, and sensors you never notice².

The size of the gap becomes clear when someone audits the code. An academic study examined three automakers' implementations of Android Automotive and found wild variation: one carmaker collected 845 vehicle properties but disclosed only 110 of them (13%) in its privacy policy, capturing vehicle speed 25 times a second³. Cabin climate and comfort data was collected and appeared in none of the three policies. The paper states plainly that the data is "used for advertising, insurance, financing, and is shared with 3rd parties"³.

"The worst product category we've ever reviewed"

In September 2023, the Mozilla Foundation ran cars through its Privacy Not Included guide and reached a blunt verdict: cars are the worst product category they've ever reviewed for privacy. All 25 brands tested failed, a first in seven years of the guide⁴.

The numbers sting. 84% of brands say they can share your personal data; 76% (19 of 25) say they can sell it⁴. Only two brands, Renault and Dacia, let drivers delete their own data⁴. And buried in the policies are categories that have nothing to do with driving: sexual activity, immigration status, race, health and genetic data⁵. Mozilla flagged Nissan as the worst case precisely for listing things like that⁵.

Hold on to one distinction people routinely trample: a policy allowing collection is not the same as it being proven sold. What Mozilla exposed is how much automakers permit themselves to do. The proof of an actual sale came from somewhere else.

The GM case: 26 cents for your life behind the wheel

In March 2024, New York Times reporter Kashmir Hill showed that General Motors was selling the driving behavior of specific motorists (hard braking, sharp acceleration, speed) to LexisNexis and Verisk, the firms that feed insurers⁶. The cruel twist: many drivers opted in through a program called Smart Driver, marketed as gamified coaching to drive better and supposedly pay less for insurance. In practice, it became ammunition for insurers to raise premiums.

How much were GM and its peers paid? An investigation by senators Ron Wyden and Ed Markey laid out the prices⁷. Honda handed Verisk data from 97,000 cars for $25,920, about 26 cents a car⁷. Hyundai supplied data from 1.7 million vehicles for over $1 million, roughly $0.61 a car, with sharing switched on by default⁷. GM discontinued Smart Driver in April 2024 and cut ties with both firms⁸.

The regulators moved in

It turned into litigation. In January 2026, the FTC, the US consumer-protection agency, finalized a settlement with GM and OnStar over collecting and selling precise geolocation and driving behavior without informed consent⁹. It was the FTC's first action on connected-vehicle data⁹. The terms: a five-year ban on handing that data to credit-reporting agencies, and, for 20 years, a duty to obtain express consent and offer deletion⁹. The order, however, included no payout for drivers⁹.

The money came at the state level. In May 2026, California's attorney general reached a record $12.75 million settlement with GM for selling Californians' location data without adequate notice, under the state privacy law (CCPA)¹⁰. Investigators estimate GM earned around $20 million from these sales between 2020 and 2024¹⁰. Texas and Arkansas sued the company too¹¹ ¹².

Three things tend to get blurred and are worth keeping apart: the FTC order (no fine), the California settlement ($12.75M), and other jurisdictions running their own privacy regimes. Distinct cases, distinct enforcers.

Beyond the carmaker

A fair counterpoint the privacy crowd keeps making: this isn't only on automakers. Phone apps collect as much or more. In January 2025, Texas sued Allstate and its subsidiary Arity for collecting and selling the driving data of more than 45 million Americans through an SDK embedded in everyday apps, recording data every 15 seconds¹³. Switching cars doesn't fix that side of the problem. And plenty of telemetry has a legitimate job (emergency calling, over-the-air updates, recalls, diagnostics), so demonizing every modem throws out real safety functions with the bathwater.

What the community is saying

The mood in car and privacy communities is frustration laced with cynical resignation. The emotional pivot is the GM case: a sense of betrayal over a program that promised help and instead fed the people who price your insurance. Stacked on top is powerlessness, the feeling that you can't buy a new "dumb" car without a modem anymore, and that clicking through 40 screens of terms is nothing like real consent.

One take that circulated in privacy forums nails it: what shocks isn't the amount, it's how cheap it was. They sold years of your life behind the wheel for 26 cents a car. In owner communities, the bitter joke is "buy a 2012 car forever." And the detail that fuels the most cynicism, repeated across tech forums, is the microphone and the modem that keep "phoning home" even after you cancel the service. Canceling, partly, doesn't cancel.

The verdict

The connected car is, right now, probably the most invasive device you own, and unlike your phone, it has no app store with granular permissions for you to manage. What you can do is concrete but limited: on GM, you can switch off Smart Driver in the brand apps (myChevrolet, myGMC, and so on), and canceling OnStar stops future collection¹⁴. But the embedded modem keeps communicating for emergency services, updates, and recalls even after you cancel the plan¹⁴. Canceling, in part, doesn't cancel.

The lesson isn't paranoia, and it isn't the 2012 car. It's recognizing that the terms screen you tap "accept" on at the dealership is, in fact, a data contract, and that regulators, from the US to Brazil, have only just started treating it as one. Privacy in the car stopped being a niche concern. It became a line item in your insurance.

Sources

1. "A 'Connected Car' Can Generate Up To 25 Gigabytes Of Data An Hour, But Where Is It Going?" · The Autopian · https://www.theautopian.com/a-connected-car-can-generate-up-to-25-gigabytes-of-data-an-hour/
2. "What Your Car Knows About You" · heyData · https://heydata.eu/en/magazine/navigating-the-road-of-data-privacy-what-your-car-knows-about-you/ · 2025

Show 12 more sourcesHide sources

3. Gözübüyük, B.; Tang, B.; Shin, K. G.; Pesé, M. D. "Analyzing Privacy Implications of Data Collection in Android Automotive OS" · arXiv:2409.15561v1 · https://arxiv.org/html/2409.15561v1 · 2024
4. "It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy" · Mozilla Foundation (Privacy Not Included) · https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ · 2023-09-06
5. "'Privacy Nightmare on Wheels': Every Car Brand Reviewed By Mozilla Flunks Privacy Test" · Mozilla Foundation · https://www.mozillafoundation.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/ · 2023-09-06
6. Hill, Kashmir. "Automakers Are Sharing Consumers' Driving Behavior With Insurance Companies" · The New York Times · https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html · 2024-03-11
7. "Wyden Investigation Reveals New Details About Automakers' Sharing of Driver Information With Data Brokers" · U.S. Senator Ron Wyden (press release) · https://www.wyden.senate.gov/news/press-releases/wyden-investigation-reveals-new-details-about-automakers-sharing-of-driver-information-with-data-brokers-wyden-and-markey-urge-ftc-to-crack-down-on-disclosures-of-americans-data-without-drivers-consent · 2024-07-26
8. "GM will no longer share driver data to third-party aggregators" · Seeking Alpha · https://seekingalpha.com/news/4083340-gm-will-no-longer-share-driver-data-to-third-party-aggregators · 2024-03
9. "FTC Finalizes Order Settling Allegations that GM and OnStar Collected and Sold Geolocation Data Without Consumers' Informed Consent" · Federal Trade Commission · https://www.ftc.gov/news-events/news/press-releases/2026/01/ftc-finalizes-order-settling-allegations-gm-onstar-collected-sold-geolocation-data-without-consumers · 2026-01-16
10. "California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations" · Hunton Andrews Kurth (Privacy & Cybersecurity Law Blog) · https://www.hunton.com/privacy-and-cybersecurity-law-blog/california-ag-announces-record-12-75m-settlement-with-gm-over-ccpa-data-minimization-and-purpose-limitation-violations · 2026-05
11. "Attorney General Ken Paxton Sues General Motors for Unlawfully Collecting Drivers' Private Data" · Texas Office of the Attorney General · https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-sues-general-motors-unlawfully-collecting-drivers-private-data-and · 2024-08
12. "Arkansas Attorney General Sues GM and OnStar Over Alleged Privacy Violations" · Hunton Andrews Kurth · https://www.hunton.com/privacy-and-information-security-law/arkansas-attorney-general-sues-gm-and-onstar-over-alleged-privacy-violations · 2026-02
13. "Attorney General Ken Paxton Sues Allstate and Arity for Unlawfully Collecting, Using, and Selling Over 45 Million Americans' Driving Data" · Texas Office of the Attorney General · https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-sues-allstate-and-arity-unlawfully-collecting-using-and-selling-over-45 · 2025-01
14. "How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies" · GM Authority · https://gmauthority.com/blog/2024/03/how-to-opt-out-of-gm-sharing-your-driving-data-with-insurance-companies/ · 2024-03

---

By Newsroom, Acta Verum