GM and LexisNexis Sued Over Shared Data Without Explicit Consent
In a scenario that feels plucked straight from a modern dystopia, Romeo Chicco found himself grappling with the unexpected consequences of his car's connectivity. His 2021 Cadillac XT6, emblematic of the new era where vehicles act as internet-connected devices, ostensibly monitored his every move on the road, leading to a significant increase in his auto insurance rates.
This revelation came to light when, after being turned down by seven insurance companies in December, he finally secured insurance at nearly double his former rate. The reason? A report by LexisNexis Risk Solutions, informed by data from his own Cadillac, detailed every aspect of his driving over the last six months.
As any IAPP member knows these are the edge cases in data privacy that are given a lot of publicity and bring awareness to the importance of gaining explicit consent from your users.
The Heart of the Issue:
- Invasive Data Collection: Chicco's car, unbeknownst to him, had been transmitting detailed data about his driving habits directly to General Motors, which then found its way to LexisNexis Risk Solutions. This included specifics of his journeys, such as times, distances, and instances of speeding or hard braking.
- Violation of Privacy: The discovery led Chicco to file a lawsuit against General Motors and LexisNexis Risk Solutions in the U.S. District Court for the Southern District of Florida, accusing them of privacy and consumer protection law violations. This suit underscores the broader concern of how automakers and data brokers collaborate to share and monetize consumer data without explicit consent.
Data Privacy Concerns:
- Consent and Transparency: The case highlights the paramount importance of clear consent and transparency in data collection practices, especially when the data is as sensitive as personal driving habits.
- Consumer Rights: Individuals must have the right to know what data is being collected about them, how it's being used, and with whom it's being shared. They should also be able to opt out of such data collection easily.
- Regulatory Scrutiny: This incident could prompt closer regulatory scrutiny of data collection practices in the automotive industry, emphasizing the need for stringent data privacy regulations to protect consumers.
- Impact on Insurance: The way driving data is used by insurance companies to determine rates is a growing concern, as it can lead to increased costs for consumers based on data they might not even be aware is being collected.
Chicco's ordeal serves as a cautionary tale for the digital age, shedding light on the intricate web of data privacy issues that surface when technology outpaces legislation. It calls for a balanced approach that safeguards consumer privacy while allowing for innovation and convenience.
As companies try to navigate the balance of privacy and innovation it's important to conduct Privacy Impact Assessments and to consult with IAPP certified experts. Captain Compliance helps drive forward the conversation around data privacy, consent, and consumer rights as it's more crucial than ever, signaling a need for data protection officers and chief privacy officersto be either in house or outsourced for any company that is growing.