As reported by Reuters, the California Attorney General recently secured a landmark $12.75 million settlement with General Motors (GM) following a rigorous investigation into the company’s data privacy practices. This action highlights the increasing scrutiny on how companies handle sensitive consumer information.
The Scale of the Violation
According to the settlement, GM unlawfully sold location and driving data to major data brokers, specifically Verisk Analytics, Inc. and LexisNexis Risk Solutions. These practices allowed GM to generate millions of dollars in revenue nationwide from the sale of drivers’ personal data.
Legal Violations and Penalties
The state determined that these actions were in direct violation of the California Consumer Privacy Act (CCPA) and California’s Unfair Competition Law. As a result, GM faces significant penalties. Beyond the $12.75 million payout, GM is under a 5-year ban on selling driving data, must delete all previously retained data, and is required to develop an internal privacy program.
How Companies Can Ensure Compliance
This settlement serves as a critical warning for all companies managing consumer data. To avoid similar pitfalls, businesses should focus on these key areas:
- Review Data Privacy Practices: Conduct regular audits to ensure your operations align with evolving privacy laws.
- Audit Integrations: Ensure that 3rd party tools platformed on your site are also in compliance.
- Obtain Consent: Ensure that consumers are providing clear, informed, and explicit consent before their data is ever shared or sold.
- Maintain Transparency: Communicate how data is used and who it is shared with to build and maintain consumer trust.
- Data Deletion: Define a clear path for visitors to elect to have their information removed from your system.
With data privacy laws in the U.S. existing at a state level, businesses must navigate complex, fragmented, and evolving regulations without the guidance of a single overarching federal law. This can become a cumbersome process as the pathway to compliance and fines varies state by state.
Total amount of fines by sector in the U.S. for 2024 to April 2026
The GM settlement is a stark reminder that data privacy is no longer a peripheral concern—it is a non-negotiable aspect of consumer trust and legal compliance. Successfully navigating the landscape of state-level data privacy regulations requires more than a temporary fix; it demands a proactive, robust, and constantly evolving strategy.
Don’t wait for a costly settlement to expose your vulnerabilities. Leverage Wakefly’s website management experts to assist your compliance team in building a secure digital ecosystem that protects your customers and shields your business from regulatory risk. Contact Wakefly today to discuss how we can help ensure your compliance and maintain consumer trust.
