Your Car Might Be Spying on You — If You Have OnStar

Connected vehicles are no longer just cars with Bluetooth and navigation. For many automotive brands, especially those offering built-in telematics services, your automobile is also a rolling data collection platform.

One of the most prominent systems is OnStar, the telematics and connectivity service offered by General Motors Company (GM).

Many drivers assume OnStar only helps with emergencies or navigation. In reality, it can collect, use and share far more data than many realize — including precise location, driving behaviour and vehicle diagnostics.

In this article I’ll examine what data OnStar collects, how it is used, when it might be shared, the recent regulatory actions and what steps you can take (especially as someone focused on self-sovereignty and digital privacy) to take back control.

What Data Does OnStar Collect?

According to GM’s publicly available privacy statements and consent terms, the scope of data collection via OnStar is extensive.

Types of data collected

From GM’s U.S. Consumer Privacy Statement:

• Driver Behaviour Information: This includes vehicle speed, seatbelt status (latched or unlatched), braking and acceleration habits, trip time and duration. gm.com+2onstar.ca+2
• Precise Geolocation Information: The location of the vehicle (and possibly linked mobile devices) while in use, and in some cases even when disconnected. gm.com+1
• Exterior Vehicle Camera Images and Video: In certain safety or crash events, exterior camera footage can be collected. gm.com
• Vehicle Information and Usage: Such as VIN (vehicle identification number), mileage, oil/battery/fuel status, electrical system function, gear status, diagnostic trouble codes. onstar.ca+1
• Device/Infotainment Interaction: Data on how you use the vehicle’s infotainment or mobile-app linked features, IP address, browser type, cookie data. onstar.ca+1

When collection occurs

Importantly, collection can be continuous or event-based:

• For geolocation and driver behaviour, GM’s OnStar Services Consent says they collect while the vehicle is used and upon certain events. onstar.com
• In older disclosures, GM noted that information may continue to be collected even if you cancel OnStar’s plan (though circumstances may vary) ABC News

Why this matters

Collecting precise geolocation and driving behaviour is significant because it can reveal highly intimate patterns: where you live, work, go for errands, how late you travel, how safely you drive. The agency monitoring this says:

“Tracking and collecting geolocation data can be extremely privacy invasive, revealing some of the most intimate details about a person’s life, such as whether they visited a hospital or other medical facility…” Federal Trade Commission+1

How Is the Data Used and Shared?

Primary uses

GM states that data are used for legitimate services:

• To provide the OnStar services you signed up for (emergency crash services, stolen-vehicle assistance, remote commands via app, navigation assistance). onstar.com+1
• To improve product quality, safety, diagnostics, warranty support. onstar.ca
• For internal research, development of new features (e.g., autonomous driving, vehicle sharing). gm.com+1

Sharing / Disclosure

GM’s policy indicates the data can be disclosed under various conditions:

• With emergency service providers, roadside assistance, other service providers acting on GM’s behalf. onstar.com+1
• With business partners, research institutions, data analytics firms. onstar.ca
• Where required by law, regulatory or legal process. gm.com
• For marketing and joint partner offers (with consent or depending on jurisdiction). onstar.ca

The controversy: selling driver data

In a high-profile regulatory action in early 2025, the Federal Trade Commission (FTC) alleged GM and OnStar collected drivers’ precise geolocation and driving behaviour data (sometimes every three seconds) and sold or disclosed it to consumer reporting agencies, insurance companies and data brokers — without obtaining proper consent. Federal Trade Commission+2CarPro+2

As the FTC noted:

“GM monitored and sold people’s precise geolocation data and driver behavior information, sometimes as often as every three seconds.” CarPro+1

Under the proposed order, GM and OnStar were banned for five years from disclosing this data to consumer reporting agencies, must obtain explicit consent for collection, must allow consumers to request deletion of data, and provide opt-out mechanisms. Federal Trade Commission

In other words: yes, your car (if using OnStar) could be spying on you — at least your driving habits, location, and vehicle usage — and sharing that with third parties.

What This Means for You (Especially in Canada)

For off-grid, self-sovereign living

Given your interest in self-sovereign living, preparedness, digital privacy and resilience — this is significant:

• A vehicle might be part of your “mobility asset” but also a potential vulnerability point for location tracking and profiling.
• If you are linking your vehicle to apps, mobile device IDs or WiFi hotspots, you may be increasing the risk surface.
• The data collected isn’t just “anonymous” — vehicle behaviour and location patterns when tied to a VIN or account can be de-anonymised. GM’s own statements emphasise the data is “linked or reasonably linkable to you.” gm.com
• In Canada (and especially Manitoba) you may want to check local privacy laws, your vehicle’s configuration, and whether the service is enabled or optional.

For insurance or risk exposure

• The collected driving behaviour data (speed, braking, late night driving, location) has been used by insurers or data brokers in the US to set premiums or deny coverage. CarPro
• Even if you don’t opt into “usage-based insurance” programs, your vehicle may collect data that can be shared with data brokers if policy and consent allow.
• If you switch vehicles, sell the car, or change ownership, you may inherit previous data trails in the vehicle system unless cleared. GM’s policy specifically alerts sellers to delete information from the vehicle’s system. onstar.ca

What about Canada?

• GM’s Canadian privacy statement (OnStar included) says they may collect name, address, vehicle diagnostics, location, etc., and they share data to provide services and for marketing. onstar.ca
• You should check whether your Canadian GM/OnStar contract differs in data-sharing conditions, and exercise opt-out rights where available.

What You Can Do to Protect Yourself

Here is a checklist to evaluate and reduce risk:

1. Review your vehicle’s telematics settings – In the vehicle menu or mobile app, look for OnStar settings, data collection choices, location services, driving behaviour tracking.
2. Read the privacy policy – For your model-year, region (Canada vs US) check what data is collected, how it’s used, how it’s shared. (For example GM’s U.S. statement cited above.)
3. Opt-out or limit data collection where possible – If the service allows you to disable geolocation tracking, behaviour monitoring, or app linking, do so.
4. Delete old data when selling or transferring the vehicle – Clear stored contacts, saved navigation addresses, unlink the OnStar account or mobile app, and ask for a data purge if available.
5. Use separate mobile device for vehicle connectivity – Avoid linking your primary personal smartphone with the vehicle unless you’re comfortable with the access.
6. Treat the vehicle as part of your digital footprint – Your car isn’t just mechanical, it’s a data-platform. Include it in your privacy and threat surface review (alongside phones, computers, home networks).
7. Watch for insurance implications – If your vehicle is collecting driving behaviour data, ask your insurer whether that data is being used or could be used in your region.
8. Understand the legal landscape – The FTC action highlights how data collection in vehicles is now under regulatory scrutiny. While the settlement is in the U.S., the precedent may affect Canadian practices too. Reuters+1

Conclusion

For many owners of vehicles equipped with OnStar or similar telematics services, the promise has been safety, convenience and connectivity. But the trade-off is that your car may continuously collect and share sensitive data: location, driving behaviour, diagnostics and possibly even infotainment usage.

The regulatory action against GM/OnStar in the U.S. underscores just how broad and invasive that data collection can be — “every three seconds” for some users. For a creator and builder operating in self-sovereign, resilient living mode, this should raise red flags: your vehicle is part of your ecosystem, and your data is part of your identity.

In short: your car might actually be spying on you.

At a minimum, treat it as an active sensor in your life, not just a mode of transport. Review the permissions, the settings, the contracts, and reclaim as much control as you can.

Recent coverage of GM/OnStar data issue

• FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data
• GM Agrees to Five Year Ban on Selling Drivers’ Location Data
• FTC’s Ban on GM and OnStar Selling Driver Behavior Is a Good First Step
• GM’s Driver Data Sharing May Have Impacted Millions of Drivers
• Texas Sues General Motors Over Allegedly Collecting and Selling Drivers’ Private Data
• Nebraska Sues GM and OnStar Over Allegations of Data Harvesting and Sales
• GM Claims OnStar Data Collection Lawsuits Do Not Hold Up
• GM Banned From Selling Your Driving Data For Five Years
• GM to Stop Sharing Driving Data After Settlement With US Regulators