What Your Car Is Selling to Insurance Companies Right Now (2026)

# What your car is selling to insurance companies right now (2026)

If your car was built after 2018, it is a networked computer on wheels, and the company that made it is selling your driving data. Not "anonymized behavior signals." Actual trips. Actual hard braking events. Actual locations. And the buyers are not who you'd guess. Your car insurance company is the obvious one, but the list also includes data brokers, lenders, marketing firms, municipal planners, and anyone else willing to pay.

The 2024 New York Times investigation confirmed this at scale with GM OnStar, and the 2024-2025 FTC enforcement actions against GM and Mitsubishi pushed the industry into public awareness, but nothing material has changed. The data pipeline is still running. This post covers what's happening, what it costs you in dollars, and what you can do about it.

#What's actually being collected

Every major manufacturer sold from 2018 forward has the telematics hardware to capture and transmit:

• GPS location, continuously, with roughly 1-5 second resolution
• Speed, matched to the GPS track
• Acceleration and braking events, specifically the "hard" ones
• Cornering g-forces
• Engine RPM, throttle position, fuel level, battery state
• Seatbelt sensor status
• Door open/close events with timestamps
• Bluetooth pairing records (which phones, when, how often)
• Voice-assistant transcripts in many models
• In-cabin camera footage in some 2023+ models (for driver attention monitoring)

Whether this gets sent back to the manufacturer depends on your connectivity subscription, but even unsubscribed vehicles transmit telematics in many cases. The over-the-air modem is always on. The data flows. The "enrollment" is a consent fiction the automaker points to in court.

#Who buys the data

The buyers break down into three tiers:

Tier 1: Your insurance company. LexisNexis Risk Solutions runs the clearinghouse most insurers query. Your driving score is built from hard braking events, hard accelerations, late-night driving, phone use while driving (inferred from Bluetooth pairing patterns), and speed over limit. The score gets applied to your premium. Drivers with no specific incidents have seen renewal quotes jump 20-40% because "the data" scored them as risky.

Tier 2: Financial services. Lenders, auto-finance companies, and repo services buy location data to find collateral when payments lapse. Location accuracy here is good enough that an auto repo agent can be dispatched to your workplace parking lot.

Tier 3: General data brokers. Acxiom, Epsilon, Experian Marketing Services, Oracle Data Cloud (via its earlier acquisitions). These aggregate the car data with every other PII signal they have on you and resell the bundle to advertisers, political campaigns, private investigators, and HR background-check firms.

#The LexisNexis pipeline specifically

This one matters because it's the most direct financial hit. The flow works like this:

1. Your car's telematics system transmits driving events to the manufacturer.
2. The manufacturer shares the data (often via a subsidiary or partner) with LexisNexis Risk Solutions.
3. LexisNexis stores it in a product called "Consumer Disclosure Report."
4. Insurance underwriters query CDR when you apply for a new policy or at renewal.
5. Your premium is priced based on the aggregated score.

You can request your own CDR at consumer.risk.lexisnexis.com. It's a federal right under the Fair Credit Reporting Act. People who've done this find their entire driving history in there, including trips they don't remember taking. You can dispute inaccuracies. You cannot delete the record entirely.

#The carmakers' defense

GM, Ford, Honda, Hyundai/Kia, Nissan, Toyota, Mitsubishi, Subaru, and Stellantis all engage in some form of this data sharing. Their defense when asked:

• "The customer consented." Consent is buried in 40 pages of small print the dealer clicked through at delivery. Courts have repeatedly ruled this consent is valid.
• "Data is aggregated and anonymized." It is not. The data carries VIN, sometimes username, and always a location history that is trivially de-anonymizable.
• "The consumer can opt out." The opt-out process is deliberately complex. Most drivers don't know it exists. Some manufacturers only allow opt-out by phone during business hours. Some require the opt-out to be re-confirmed annually.

#FTC action

The FTC's 2025 settlement with GM required them to:

• Stop sharing geolocation data with data brokers without explicit, unbundled consent
• Let consumers delete their data
• Notify customers more clearly about what's shared and with whom
• Appoint a privacy officer with real authority

The consent-unbundling requirement is the teeth. It means the OnStar enrollment can no longer be packaged with the telematics data sale.

Other automakers are not under the same order. Expect the FTC to go after Ford and Hyundai next based on the same pattern, but don't wait for it.

#What to do about it

Direct actions, in order of effectiveness:

1. Pull your LexisNexis Consumer Disclosure Report. Free, takes 15 minutes.

Link: consumer.risk.lexisnexis.com/request

You'll see what insurers see. Dispute any inaccuracy.

2. Disable your vehicle's telematics subscription, then verify data transmission stopped. "Disable" is not enough. Most manufacturers keep a passive data stream going. You can:

• Call the manufacturer connectivity line directly, request total deactivation, document the call
• Check your OBD port for an aftermarket tracker (insurance-issued "discount" dongles)
• In extreme cases, physically disconnect the telematics modem (requires trim removal in most vehicles, voids some warranties)

3. Opt out with each carmaker's privacy portal. These are the correct URLs as of 2026:

• GM: my.gm.com → Settings → Data Privacy
• Ford: privacy.ford.com
• Toyota: privacy.toyota.com
• Honda: privacy.honda.com
• Hyundai: hyundai.com/us/en/privacy-policy
• Kia: kia.com/us/en/privacy-policy
• Nissan: nissanusa.com/privacy-policy
• Subaru: subaru.com/privacy.html
• Stellantis (Chrysler / Dodge / Jeep / Ram): stellantis.com/en/privacy

4. Submit data broker deletion requests. For LexisNexis, Acxiom, Epsilon, and the half-dozen other aggregators. Tools that automate this: DeleteMe, Optery, Privacy Duck. Cost: $100-200/year. Worth it.

5. For your next vehicle, ask specifically about telematics. "What data does this car transmit, to whom, and how do I opt out?" Make the dealer produce an answer in writing. The high-end trim packages often include a telematics agreement that's hard to escape, the base trim often does not.

6. If you're in California, Colorado, Connecticut, Utah, Virginia, or any state with a comprehensive privacy law, you can issue a formal deletion request under state statute. Companies that ignore it face enforcement.

#Insurance pricing

Some insurers offer "telematics-based discounts" where they ask you to install their app or a dongle. Common ones:

• State Farm Drive Safe & Save
• Progressive Snapshot
• Allstate Drivewise
• Liberty Mutual RightTrack
• USAA SafePilot
• Geico DriveEasy

The pitch: "Safe drivers get up to 30% off."

The reality: a meaningful minority of drivers who enroll end up paying more, not less. The discount is front-loaded, and the score penalty kicks in after the first risky event the algorithm catches. Hard braking to avoid a kid chasing a ball? That's a flag. Night drives because of shift work? That's a flag. Bluetooth pairing while driving? That's a flag.

If your driving is genuinely safe, you might save money. If it's average, you'll probably pay more. If you live in a dense urban area with frequent braking, you're getting flagged regardless of whether you're actually unsafe.

Some states (CA, WA, NM, among others) prohibit the use of telematics data for underwriting. Check your state regulator.

#The bigger picture

Cars were the last major class of personal property that wasn't fully networked. That changed in the 2010s. The automakers did not build their telematics privacy protections with the rigor they applied to airbag reliability. The result is a data-collection surface as pervasive as smartphones, with worse consent practices, and with financial downstream that hits you directly at renewal.

None of this is going to get better fast. Make the opt-out calls. Pull your LexisNexis report. Consider the dongle discount a trap until proven otherwise. Drive a 2012 vehicle if privacy is the top priority.

#Valtik related services

This is consumer privacy territory, not our primary service line, but related work for principals (executives, public figures, domestic violence survivors who need address invisibility) includes vehicle-specific opsec: telematics audits, data broker opt-out campaigns, and ongoing monitoring for re-accumulation.

Principal Threat Protection engagements: /services/principal-threat-protection.

General privacy questions: hello@valtikstudios.com.

#Sources

1. New York Times (2024): "GM Quit Sharing Driving Data With Brokers. Those Who Still Get It Are Troubling."
2. FTC v. General Motors, 2025 consent order
3. LexisNexis Consumer Disclosure Report request portal
4. Mozilla Foundation "Privacy Not Included" 2024 Car Review
5. Cal. Civ. Code § 1798.100+ (CCPA / CPRA)