What they're not telling you: # GM Just Paid a Record Penalty for Breaking California Privacy Law General Motors sold the driving data of hundreds of thousands of California motorists to data brokers without their consent—and only paid $12.75 million in penalties despite making approximately $20 million from the scheme. The settlement, agreed to by GM, reveals a calculation that corporate America has perfected: the fine for breaking privacy law is simply a cost of doing business, one substantially smaller than the actual profit generated by the violation. Drivers who subscribed to OnStar, GM's emergency roadside and navigation service, believed their location data and driving patterns were protected.
# THE TAKE: GM's $12.75M Fine Is Corporate Regulatory Theater General Motors just bought permission to keep selling your driving data. That's what a $12.75 million penalty actually is—the price of admission to a profitable market, not punishment. Here's the math: GM monetizes location data from hundreds of thousands of vehicles. Data brokers weaponize that information for insurers, employers, and surveillance contractors. The fine? Barely a rounding error for a company with $122 billion in annual revenue. California's attorney general wants you thinking enforcement works. It doesn't. The real scandal isn't that GM violated privacy law—it's that privacy law creates *negotiable* penalties instead of structural prohibition. Until fines exceed the lifetime value extracted from stolen data, corporations will treat compliance as optional overhead. GM will pay again next year. We'll clap ourselves on the back. That's not regulation. That's organized crime with a consent decree.
What the Documents Show
Instead, the company allegedly misled these customers about how their information would be used, then sold it to data brokers for commercial purposes. The penalty GM faced was a haircut on their own illegal proceeds—not a punishment designed to deter future violations. What mainstream coverage typically glosses over is the asymmetry at work. GM collected data from subscribers in California, one of the few states with meaningful privacy law enforcement. The company extracted roughly $20 million in value from this data.
Follow the Money
When caught, they wrote a check for $12.75 million—less than 64 cents of penalty for every dollar stolen. A consumer caught shoplifting faces criminal charges; a corporation caught stealing data faces a negotiated settlement worth a fraction of its haul. The distinction matters because it shapes incentives. If you can make $20 million and lose $12.75 million when caught, the math encourages violations. The OnStar example is particularly instructive because it involves a direct relationship between a company and paying customers. These drivers weren't using a free service in exchange for their data—a common privacy trade-off.
What Else We Know
They explicitly paid for OnStar's services, presumably under the assumption that their driving data would remain linked to those services. GM's alleged misrepresentation about data usage constitutes a breach of the basic trust that underpins any commercial relationship. The company sold access to intimate details about where people drove, when they drove, and how often they drove without meaningful consent. California's data protection framework, embodied in the California Consumer Privacy Act and related statutes, theoretically gives the state's attorney general authority to police these violations. The settlement shows the state is willing to act, but the penalty structure reveals the limits of enforcement through fines alone. GM agreed to pay $12.75 million and presumably agreed to discontinue the practice, a common settlement provision.
Primary Sources
- Source: r/privacy
- Category: Corporate Watchdog
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.