Scared of Chinese EVs Stealing Your Data? Well, That’s Happening Without Them, GM Just Paid $12.75M for It

Let’s play a quick game of “Would You Rather.”

Would you rather worry about a hypothetical Chinese electric vehicle someday leaking your data back to Beijing… or would you rather know that right now, your good old-fashioned American pickup truck has already been narcing on you to your insurance company?

Yep. You read that right.

While politicians and pundits have been pointing fingers at Chinese EVs as potential spy-mobiles, Detroit’s very own General Motors just quietly agreed to pay $12.75 million to the state of California. Why? Because they’ve been secretly collecting and selling the driving data of hundreds of thousands of Californians for years. The biggest auto privacy penalty in California history wasn’t issued to a mysterious Chinese startup—it was handed to the company that makes your Silverado, your Escalade, and your trusty Chevy Malibu.

If you’ve been sweating about the privacy implications of a BYD or Nio, it might be time to look in your own garage. The wolf at the door? He’s already wearing a GM badge.

The Surveillance Machine in Your Driveway

Here’s a scary thought: Modern cars are less like vehicles and more like smartphones strapped to a combustion engine—or a battery pack.

GM’s secret wasn't just that they collected data. It’s how they did it. Through a feature called OnStar Smart Driver—sold to buyers as a helpful tool to improve your driving habits—GM secretly vacuumed up your precise geolocation every three seconds, your speed, when you slammed on the brakes, whether you buckled your seatbelt, and even if you drove late at night.

It felt innocent. GM’s ads made customers think they were just unlocking emergency roadside assistance and a navigation aid. Some customers weren’t even aware they’d been enrolled. Dealership "onboarding" processes made the sell so seamless that many drivers signed away their privacy amid a blur of stressful paperwork. One moment you're buying a car; the next, you're selling your soul to a data broker without even knowing it.

That “helpful” driving score? It wasn't just a cute gamification feature. It was a commodity.

Following the Money: Your Braking, Their Cash

Once GM had this rich stream of behavioral data, they didn't just file it away. It went to the usual suspects: LexisNexis Risk Solutions and Verisk Analytics—data brokers who operate in the shadows of the consumer world.

These brokers transformed your late-night grocery runs and heavy braking into a “Driving Score.” Then, they sold those scores to insurance companies. And yes, those insurers used the data to hike premiums, deny coverage, or even cancel policies on unsuspecting drivers. GM reportedly made nearly $20 million nationwide from these sales, effectively profiting twice: once when you bought the car, and again when you drove it.

What’s even crazier? While GM’s public privacy policy claimed they didn’t sell driving or location data, internal systems were happily offloading it for cash anyway. They didn't just bend the truth; they broke the California Consumer Privacy Act (CCPA). Hence, the record-breaking fine.

But Wait… Aren’t Chinese EVs the "Real" Threat?

Hold on. Wasn't there a massive global panic about this?

Yes! The UK Ministry of Defence slapped warning stickers in their EVs, forbidding staff from talking about top-secret stuff inside Chinese-made vehicles. Poland and the Israeli Defense Forces banned some Chinese cars from their military bases outright. Meanwhile, the Biden (and now Trump-era) administration set out strict bans on connected vehicle software and hardware with ties to China, citing national security risks.

Now, let’s be clear: The concerns regarding Chinese vehicles aren’t entirely unfounded. A modern EV is packed with cameras, microphones, and sensors. The fear that data could flow to the Chinese state via a backdoor server is a valid geopolitical conversation.

But here’s the bitter psychological twist: This is not a theoretical future risk. American automakers like GM have already turned our cars into "rolling data collection machines" and sold the data to the highest bidder. The big privacy nightmare we were told to fear from abroad is happening at home, with a bowtie logo on the hood. We’re buying high-tech privacy-invasive products from Detroit right now, while Congress debates whether to let us buy cheap Chinese ones at all.

Uncle Sam (Finally) Fights Back

The good news? Regulators are finally catching up.

The $12.75 million California settlement isn't just a slap on the wrist. It's the largest CCPA penalty in the state's history and the very first enforcement of the "data minimization" principle (meaning companies can't just hoard your info for unlimited side quests beyond the car's original purpose).

The Federal Trade Commission (FTC) also jumped into the fray, issuing a first-of-its-kind connected vehicle data ban. For the next five years, GM is prohibited from sharing your sensitive driving data with consumer reporting agencies. They also have to get your crystal-clear "yes" before collecting anything in the future and install a way for you to delete your data.

On Capitol Hill, Senators are pushing the Auto Data Privacy and Autonomy Act, which aims to make these opt-in protections a federal mandate and explicitly bar sharing your telematics with adversarial nations—China included.

The walls are closing in on the data brokers.

How to Stop Your Car From Spying on You Today

So, what can you do besides waiting for the next lawsuit? Here’s a quick privacy checklist for the modern driver:

• Request your data reports: Go to the LexisNexis and Verisk consumer portals and request a copy of your "consumer disclosure report." You might be shocked at the level of trip detail they have on you.
• Dig into your infotainment: Dive into your car’s settings menu and look for privacy or "data services" toggles—turn them off.
• Check the app: Most modern cars connect to a mobile app (like OnStar, FordPass, or HondaLink). Look carefully at the privacy settings hidden there.
• Request deletion: Under state laws (especially in California and Colorado), you can demand automakers—both American and Chinese—delete your personal information.

It's a jarring reality check. We’re conditioned to fear the exotic "foreign" threat: the black-box spy software in a Chinese EV. But the insidious monetization of our daily routines—the school drop-offs, the late-night drives to the pharmacy, the emergency braking on the freeway—has been happening under the hood of our American cars for years.

Privacy isn't about the geography of the manufacturer; it's about corporate greed and transparent consent. Before we vilify the next imported battery car as a spy machine, let’s make sure the car sitting in your driveway isn't the one already selling you out.

Safeguard your drive. Because data protection isn't just a policy problem—it’s a key inside your pocket.