A recent report from The New York Times has accused automakers of selling customer driving data to insurance firms. While this is something many drivers had already been made aware of since the implementation of connected vehicles, the outlet claims that the amount of data has ramped up to a staggering degree. Not only is the amount of data being shared staggering, so is the specificity and degree to which it’s impacting people’s insurance rates.
The report focuses on LexisNexis’ “Risk Solutions” program formerly dedicated to keeping track of accident reports and moving violations. However, the division has expanded dramatically over the years and now oversees just about every scrap of relevant data modern vehicles can accumulate about you.
Investigations commenced after Kenn Dahl, a Seattle-based gentleman who drives a Chevrolet Bolt, noticed his insurance premiums shot up by 21 percent in 2022. When he opted to explore other agencies, he noticed they likewise seemed to be much higher than normal. Inquiring with one agency as to why, he was told his LexisNexis report could be a factor.
Using the Fair Credit Reporting Act to obtain a copy of his report, Dahl was confronted with a 258-page consumer disclosure document outlining just about everything that had been done with the vehicle.
From NYT:
What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car.
On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.
According to the report, the trip details had been provided by General Motors — the manufacturer of the Chevy Bolt. LexisNexis analyzed that driving data to create a risk score “for insurers to use as one factor of many to create more personalized insurance coverage,” according to a LexisNexis spokesman, Dean Carney. Eight insurance companies had requested information about Mr. Dahl from LexisNexis over the previous month.
“It felt like a betrayal,” Mr. Dahl said. “They’re taking information that I didn’t realize was going to be shared and screwing with our insurance.”
Insurance groups formerly had to engage with customers to install tracking devices that would monitor “safe driving” under the guise of offering discounts. While these systems originally had to be installed under the hood of your automobile, later examples have included phone apps and giving automakers permission to share connected-vehicle data with insurance firms.
That information is then utilized to raise premiums whenever someone is caught in a moment of exuberant driving. However, there used to be more barriers in place for insurance agencies to gain access.
That’s no longer necessary with connected vehicles. Automakers stand to profit off selling customer data and insurance agencies want the information so it can be leveraged to raise their rates or find excuses to deny people coverage. This outlet recently suggested that in-cabin cameras (something that’s presently being encouraged by the automotive lobby and IIHS) will be used to similar effect and we’ve already started to see this being done with the exterior camera arrays that are now ubiquitous.
Sadly, it looks like the industry is no longer asking for consent — at least not directly.
The New York Times noted that several automakers (referencing General Motors, Kia, and Hyundai) have tied data sharing to optional features that may include some kind of safe driving app. Once activated, the systems relay information to data brokers who then sell the information to insurance firms and whoever else is paying. But it actually might be worse than that. The above supposes that customers are unwittingly falling into data traps by not reading the fine print.
However, a previous report by the Mozilla Foundation asserted modern automobiles are the absolute worst device in terms of user privacy. The takeaway is that almost every vehicle brand under the sun is harvesting vast amounts of user data without explicitly asking for their consent and that most will go on to sell that information to data brokers around the globe.
All told, 84 percent of automotive brands were found to sell or share user information and 92 percent gave drivers little to no control over what happens to their personal data. While some brands were found to be entering into less egregious behavior than others, all were cited as failing to reach the most basic threshold for meeting Mozilla’s Minimum Security Standard.
Considering just how much information modern devices are now racking up about people, it seems reasonable that drivers should have to provide explicit consent. But most automakers, like tech companies, tend to hide those permissions in expansive terms and conditions agreements nobody bothers to read. There have even been instances where drivers were tracked by features they hadn’t even activated — such as GM’s OnStar Smart Driver.
“GM’s OnStar Smart Driver service is optional to customers,” explained GM spokeswoman, Malorie Lucich. “Customer benefits include learning more about their safe driving behaviors or vehicle performance that, with their consent, may be used to obtain insurance quotes. Customers can also unenroll from Smart Driver at any time.”
But the issue is that customers likely don’t know that and the NYT article goes out of its way to explain this even when someone actively decides to enroll in the Smart Driver program. No mention was given about the information being shared with third parties. In fact, some drivers probably don’t even know they have it on their vehicle due to the fact it’s incentivized by sales personnel at dealerships and the system is frequently activated at the point of sale.
GM continued getting attention from the outlet, which noted that the same company that’s sharing data that could result in higher insurance premiums is also selling high performance models. One owner even claimed that his insurance premiums went off after taking his Corvette to a track day, suggesting data collection doesn’t care whether you’re on public streets or a closed course.
Numerous people on the [GM] forums complained about spiking premiums as a result. A Cadillac driver in Palm Beach County, Fla., who asked not to be named because he is considering a lawsuit against G.M., said he was denied auto insurance by seven companies in December. When he asked an agent why, she advised him to pull his LexisNexis report. He discovered six months of his driving activity, including many instances of hard braking and hard accelerating, as well as some speeding.
“I don’t know the definition of hard brake. My passenger’s head isn’t hitting the dash,” he said. “Same with acceleration. I’m not peeling out. I’m not sure how the car defines that. I don’t feel I’m driving aggressively or dangerously.”
When he finally obtained car insurance, through a private broker, it was double what he had previously been paying.
The Cadillac owner, Mr. Dahl and the drivers on the forums had all been enrolled in OnStar Smart Driver. OnStar is G.M.’s Internet-connected service for its cars and Smart Driver is a free, gamified feature within G.M.’s connected car apps (all part of OnStar, but branded MyChevrolet, MyBuick, MyGMC and MyCadillac).
We’re just at the tip of the iceberg with this problem and I’d encourage everyone to go and read any of the linked articles for additional context. This is a massive issue, with GM and LexisNexis being a singular avenue.
The amount and type of data, as well as how consent is managed, varies quite a bit. But Kia, Subaru and Mitsubishi were also said to contribute to the LexisNexis data treasure trove via their own “Telematics Exchange” programs. Ditto for Verisk Analytics (another data company) who confirmed it receives user data from most major automakers — citing Ford, Honda, and Hyundai as examples.
As for what you can do about it, you have a few options. You can either exclusively own older vehicles that predate automotive connectivity or you can be extremely fastidious whenever you interface with the features of your automobile. Read the fine print and explore exactly what kind of data each brand shares. Shunning any advanced safety features and never signing up for safe-driving programs would also make it more difficult for data brokers to help insurance firms burn you.
However, real change is only going to come when there’s a concerted effort from consumers to oppose these trends. On a longer timeline, these types of data exchanges may also be deemed illegal if there’s a competent judge involved. Some states even have user privacy laws that already place these practices on shaky legal ground and California is actively investigating how automakers collect their data. Senator Edward Markey (D-MA) has likewise asked the Federal Trade Commission to investigate the matter at the federal level.
“The ‘internet of things’ is really intruding into the lives of all Americans,” Senator Markey stated. “If there is now a collusion between automakers and insurance companies using data collected from an unknowing car owner that then raises their insurance rates, that’s, from my perspective, a potential per se violation of Section 5 of the Federal Trade Commission Act.”
[Image: General Motors]
Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.
