Your Car Is Watching You: The FTC's GM Ban and the Battle for Automotive Privacy
Let's be honest—most of us don't think about privacy when we're driving. We're focused on the road, the podcast, or just getting where we need to go. But here's the uncomfortable truth: your car knows more about you than your closest friends. And until recently, companies like General Motors were selling that intimate knowledge to anyone willing to pay.
In 2026, the Federal Trade Commission dropped a bombshell: a five-year ban preventing GM from selling drivers' location data. This wasn't some minor slap on the wrist. It was a recognition that our vehicles have become rolling surveillance devices, and that needed to stop.
I've been tracking automotive privacy issues for years, and this ruling changes everything. But what does it actually mean for you? How vulnerable are you right now? And most importantly, what can you do about it? We're going to explore all of that—and give you practical steps to take back control of your privacy on the road.
The Backstory: How We Got Here
To understand why the FTC had to step in, you need to understand how car data collection evolved. It didn't happen overnight.
Back in the early 2000s, "connected cars" were a luxury feature. Maybe you had GPS navigation that felt like magic. Fast forward to 2026, and virtually every new vehicle is a smartphone on wheels. They're constantly connected to cellular networks, collecting data points by the thousands every minute.
GM's OnStar system was actually ahead of its time when it launched. Emergency assistance? Great feature. Stolen vehicle tracking? Absolutely useful. But somewhere along the line, the business model shifted. What started as safety and convenience features became data goldmines.
The FTC investigation revealed something chilling: GM wasn't just collecting data for your benefit. They were packaging and selling precise location information—where you live, where you work, where you worship, where you get medical care—to data brokers. Those brokers then resold it to insurance companies, marketing firms, and who knows who else.
And here's the kicker: most drivers had no idea this was happening. The consent was buried in terms of service documents that nobody reads. Opting out was either impossible or so convoluted that regular people couldn't figure it out.
What Exactly Was GM Selling?
When people hear "location data," they might think "general area." That's not what we're talking about here.
We're talking about precision tracking that could identify:
- Your exact home address (not just the neighborhood)
- Your workplace with parking spot-level accuracy
- Regular visits to medical facilities (including which building and how long you stayed)
- Places of worship you attend
- Schools your children go to
- Friends' and family members' homes
- Political rallies or protests you might attend
- "Sensitive locations" like addiction treatment centers or domestic violence shelters
One Reddit commenter put it perfectly: "They're not just selling where you are—they're selling who you are. Your routines, your relationships, your vulnerabilities."
And it wasn't just about where you went. The data included timestamps, duration of visits, driving patterns (hard braking, rapid acceleration), and even when you turned your vehicle on and off. Combine all that, and you've got a frighteningly complete picture of someone's life.
The FTC found that this data was being sold to at least a dozen data brokers. From there, it entered the shadowy world of data marketplaces where it could be purchased by virtually anyone.
Why This FTC Action Matters (And Why It's Not Enough)
First, the good news: this ban sets a crucial precedent. The FTC is finally recognizing that vehicle location data deserves special protection. It's not just another data point—it's a window into our most private lives.
The five-year ban means GM can't profit from this data stream. They also have to implement a comprehensive privacy program, delete unnecessary location data, and provide clear, simple opt-out mechanisms. That's progress.
But here's what keeps me up at night: GM is just one company.
As several Reddit users pointed out, virtually every major automaker is doing some version of this. Ford, Toyota, Volkswagen, Tesla—they're all collecting massive amounts of data. The business model of modern cars increasingly relies on data monetization. One commenter noted: "My 2025 SUV has more data collection points than my smartphone. And at least with my phone, I can install privacy tools."
Another limitation? The ban only covers "selling" location data. What about sharing it with "partners"? What about using it for "internal analytics"? The loopholes are still there.
Most concerning of all: this only applies to new data collection. The data that's already out there—the information about your movements over the past years—is already in the wild. It's been sold, resold, and integrated into countless databases. You can't put that genie back in the bottle.
How Data Brokers Operate (And Why They're So Dangerous)
This is where things get really scary. Most people don't understand the data broker ecosystem, so let me break it down.
Data brokers are middlemen. They buy data from thousands of sources—not just car companies, but apps, websites, loyalty programs, public records, you name it. Then they create incredibly detailed profiles on hundreds of millions of people.
One Reddit user shared their experience: "I requested my data from a major broker. They had a 2,000-page file on me. They knew cars I'd owned a decade ago, approximate income, political leanings, health conditions I'd searched for... and yes, frequent locations from my connected car."
These profiles are then sold to:
- Insurance companies (who might adjust your rates based on where you drive)
- Employers (for "background checks" that include lifestyle analysis)
- Marketing firms (targeting you with eerily specific ads)
- Law enforcement and government agencies (often without warrants)
- Private investigators and suspicious spouses
- Foreign governments and intelligence services
The worst part? There's virtually no regulation of what data brokers can do. They operate in a legal gray area, exploiting gaps in privacy laws. The GM ban addresses the supply side, but the demand side—the massive data broker industry—continues mostly unchecked.
As one privacy expert on the thread noted: "Cutting off one source helps, but it's like trying to drain a lake with a teaspoon while other companies are pouring in buckets."
What About Other Car Brands?
This is the question everyone on Reddit was asking: "Is my car doing this too?"
The short answer: probably.
Let's look at the landscape. Tesla collects arguably more data than any automaker—they've built their entire business model around it. Their privacy policy is... let's call it "permissive." Stellantis (Chrysler, Jeep, Ram) has similar connected services. Ford's FordPass app collects extensive data. Even mainstream brands like Toyota and Honda have telematics systems that gather more than you'd expect.
Here's what I tell people: assume your connected car is collecting everything. Assume it's being used in ways you wouldn't approve of. Because in most cases, that's exactly what's happening.
The difference with GM was the scale and brazenness. They weren't hiding it well enough, and the FTC caught them. But make no mistake—this is an industry-wide practice, not a GM-specific problem.
One commenter made an excellent point: "We need a 'nutrition label' for car data collection. Right on the window sticker. 'This vehicle collects 15 types of location data, shares it with 8 third parties, and retains it for 7 years.' Then let people decide."
Until that happens, we're all driving blind.
Practical Steps to Protect Your Automotive Privacy
Okay, enough doom and gloom. Let's talk about what you can actually do. I've tested these methods on multiple vehicles, and while nothing is perfect, you can significantly reduce your exposure.
1. Disconnect Your Car
This is the nuclear option, but it works. Find the telematics control unit (TCU) or cellular modem in your vehicle. For many cars, this is in the trunk or under a panel. You can often disconnect the antenna or remove a fuse. Warning: this may disable legitimate safety features like automatic crash notification. Check your manual or forums specific to your vehicle.
2. Opt Out of Everything
Dig into your car's infotainment settings. Look for "data collection," "privacy," "connected services," or "telematics." Turn everything off. Then visit the manufacturer's privacy portal online—most have a way to submit data deletion requests and opt out of sharing. Be prepared: this process is often deliberately cumbersome.
3. Don't Use Manufacturer Apps
That convenient app that lets you start your car from your phone? It's a data collection engine. The remote diagnostics feature? More data. If privacy is your priority, delete these apps. Yes, you lose functionality. That's the trade-off.
4. Use a Faraday Bag for Your Key Fob
Modern key fobs are often always broadcasting. Thieves can amplify these signals to steal cars, but the constant communication can also be tracked. A simple Faraday bag (basically a signal-blocking pouch) prevents this when you're not using the key. Faraday Bag for Car Keys
5. Request Your Data
Under laws like the California Consumer Privacy Act (which applies to many Americans regardless of state), you can request what data companies have on you. Do this with your automaker. It's educational—and sometimes you can request deletion.
6. Consider Older Vehicles
This isn't practical for everyone, but cars made before 2010 generally have minimal connectivity. If you're really concerned, there's something to be said for driving a "dumb" car.
Common Mistakes People Make
I see these errors all the time—even from privacy-conscious people.
Mistake #1: Assuming "I have nothing to hide."
This misses the point entirely. It's not about hiding—it's about control. You should decide who knows about your medical appointments, your religious practices, your relationships. Once data is out there, you can't control how it's used or who accesses it.
Mistake #2: Trusting the dealership.
When you buy a car, the salesperson often sets up all the connected features for you. They're not privacy experts—they're trying to make the sale. Take the time to review every setting yourself afterward.
Mistake #3: Forgetting about used cars.
Buying a used connected car? The previous owner's data might still be in the system. Their locations, their contacts, their patterns. Always do a factory reset on the infotainment system before you use it.
Mistake #4: Overlooking rental cars.
Rental cars are privacy nightmares. They're packed with tracking technology, and you have no control over the settings. Assume everything you do in a rental is being recorded.
Mistake #5: Believing VPNs protect your car.
This came up several times on Reddit. A VPN on your phone doesn't protect your car's built-in connectivity. They're separate systems. Your car has its own cellular connection that bypasses your phone entirely.
The Future of Automotive Privacy
Where do we go from here? The GM ban is a start, but it's just the beginning of what needs to happen.
We need comprehensive federal privacy legislation that covers vehicles specifically. We need clear opt-in requirements (not buried opt-outs). We need data minimization principles—cars shouldn't collect data they don't need for basic operation.
Some states are starting to act. California's Privacy Protection Agency is looking at connected vehicles. But we need a national standard.
Technologically, I'm hopeful about on-device processing. Instead of sending your location to the cloud, your car could process data locally and only send anonymous, aggregated information. Some companies are working on this, but it's not mainstream yet.
There's also a growing market for aftermarket privacy tools. Signal blockers for specific frequencies, physical disconnect switches, open-source firmware replacements for infotainment systems. These are niche now, but demand is growing.
One interesting suggestion from the Reddit thread: community-driven audits. Tech-savvy owners reverse-engineering what their cars are actually transmitting. If you have those skills, consider contributing. You can even find cybersecurity experts on Fiverr who specialize in automotive systems if you need help understanding what your specific vehicle is doing.
Your Privacy on the Road Isn't Lost Yet
The FTC's action against GM is a wake-up call—not just for automakers, but for all of us. Our vehicles have become the ultimate surveillance devices, and we've been mostly asleep at the wheel when it comes to protecting ourselves.
But here's the good news: awareness is growing. Regulations are starting to catch up. And you have more power than you think.
Start by understanding what your car is actually doing. Take an hour this weekend to go through every privacy setting. Submit data requests to your automaker. Consider physical disconnects if you're really serious about protection.
And advocate for change. Support stronger privacy laws. Tell automakers you care about this issue. When you buy your next car, make privacy a deciding factor.
Your location data tells the story of your life. It's time to decide who gets to read that story. The GM ban is a chapter in a much longer book—and we're all still writing how it ends.
Drive safe. And drive private.
