There’s a decent chance your car knows more about you than your doctor does. It knows where you go at 11pm on a Tuesday, how hard you brake on the school run, whether you accelerated too quickly leaving the gym car park, and how often you drive past that particular stretch of motorway after midnight. And if you’ve enrolled in your insurer’s telematics programme — or if you simply own a modern connected vehicle — that information may already be flowing somewhere you never explicitly agreed to send it. That’s why you need to read up on telematics insurance privacy risks in 2026.
Telematics-based insurance was sold to drivers as a straightforwardly good deal: share your driving data, prove you’re safe behind the wheel, and pay less. For many people, it has delivered on that promise. But the story behind the data — who collects it, what they do with it, how AI interprets it, and who else ends up seeing it — is considerably more complicated than any app onboarding screen has ever made clear. In 2026, that story has also gotten a lot more legally consequential, and a lot of drivers are finding out about the fine print in the worst possible way.
Your Car Is Already a Surveillance Device — Whether You Opted In or Not
The telematics conversation tends to focus on the voluntary programmes: a plugin device from your insurer, or a smartphone app that tracks your trips in exchange for a potential premium discount. But the more unsettling reality is that the modern car doesn’t need an add-on to collect data. It already does it natively, from the moment you start the engine.
Modern cars function as rolling data collection machines. Connected vehicle services that promise emergency assistance, navigation, and crash detection are, underneath that consumer-friendly veneer, sophisticated platforms for harvesting location records, driving behaviour metrics, braking events, and speed data — continuously and by default. Most drivers accept this as an abstract reality without thinking about what it means in practice. The General Motors scandal made it impossible to look away.
Between 2020 and 2024, GM collected a staggering trove of personal information from OnStar users through its Smart Driver programme: names, phone numbers, home addresses, GPS coordinates, vehicle speeds, rapid acceleration events, and hard braking incidents. The company then sold this data to LexisNexis Risk Solutions and Verisk Analytics — data brokers who compile reports for insurance companies — generating approximately $20 million nationwide. The kicker is that GM’s own privacy policy had explicitly stated it would not sell driving or location data. The programme was supposed to help with emergencies and navigation. Consumer data brokers such as LexisNexis Risk Solutions and Verisk Analytics could then sell the data to car insurance companies for purposes such as setting higher rates for drivers considered riskier. At least one OnStar user reported their insurance premium rising by 21% based entirely on Smart Driver data they had no idea was being sold.
The FTC alleged that GM used a misleading enrollment process to get consumers to sign up for its OnStar connected vehicle service and OnStar Smart Driver feature, failing to clearly disclose that it collected consumers’ precise geolocation and driving behaviour data and sold it to third parties without their consent. The result: a proposed five-year ban on GM and OnStar disclosing customers’ geolocation and driver behaviour data to consumer reporting agencies, along with a requirement to obtain affirmative customer consent for connected vehicle data collection for 20 years. A separate California settlement followed, with GM paying $12.75 million after the California Attorney General confirmed the company sold data from hundreds of thousands of Californians without their knowledge or consent, despite previously stating it would not do so.
This is not a story about one rogue automaker. It’s a preview of how the connected vehicle economy actually works — and the GM settlement is the regulatory floor, not the ceiling, of what this data can be used for.
Where AI Enters the Picture — And Why It Changes Everything
Traditional telematics was largely retrospective: you drove, your data was collected, and an actuary reviewed it to decide whether your risk profile warranted a discount or a surcharge at renewal. That model still exists, but it’s rapidly being replaced by something considerably more powerful and considerably less transparent.
As driving data is collected, AI can now analyse it in real time. With many telematics programmes, drivers receive real-time feedback as they drive, alerting them to risky behaviour such as speeding or hard braking. AI can determine whether your driving behaviour is likely to result in a claim and suggest higher rates accordingly. Beyond individual behaviours, using location and time-of-drive data, AI can predict whether you’re statistically likely to be in an accident — and since more accidents occur at night or on highways, AI uses your typical driving patterns to assess risk continuously.
That last part deserves unpacking. It isn’t just scoring your driving anymore. It’s making probabilistic predictions about your future behaviour based on where you typically go, when you typically travel, and what your routes say about your lifestyle. An AI system that knows you regularly drive through an area with high accident rates at late hours will price you accordingly — regardless of whether you’ve ever had an incident. The model isn’t judging what you’ve done; it’s making inferences about who you are. That’s a fundamentally different thing, and it raises questions about discrimination and fairness that the insurance industry has not adequately answered.
The scale of this is significant. Telematics technology captures data on speed, acceleration, braking, and mileage, allowing insurers to analyse individual trips rather than relying on generalised driving patterns — entering a genuinely personalised era of auto insurance. In parallel, insurers are increasingly adopting usage-based insurance and behaviour-based insurance models that evaluate how safely a driver operates their vehicle. What sounds like personalisation in the marketing material is, from a data perspective, continuous behavioural surveillance. And as the AI layer gets more sophisticated, the inferences it can draw from a dataset of GPS coordinates and braking events become more invasive, not less. This connects directly to the broader concerns explored in our piece on AI underwriting and how algorithms are setting your insurance premiums — where the variables feeding these models are expanding faster than consumer awareness of them.
What Data Is Actually Being Collected From Your Car
The gap between what most drivers think their telematics programme collects and what it actually collects is wider than the industry’s communication has acknowledged. While telematics can offer more personalised rates and discounts for safe driving, it’s a double-edged sword — some insurers may use the information to raise rates or sell data to third parties.
Telematics programmes typically collect: driving speed and consistency, braking patterns and force, acceleration behaviour, GPS location data and route history, time-of-day and day-of-week driving patterns, mileage and trip frequency, phone usage while driving where technically detectable, and in some advanced systems, vehicle diagnostics and maintenance data. When you add AI analysis on top of that data set, the outputs extend into inferences about your profession, your social habits, your economic situation, and your home address — none of which you explicitly consented to share with anyone.
The secondary data market is where things get most concerning. In 2024, the New York Times reported how GM tricked millions of drivers into being surveilled, and a subsequent Senate investigation found that automakers had been selling driver data for what amounted to pennies per individual record. The value wasn’t in the price per data point — it was in the aggregate. GM shared driving data from over 14 million vehicles with commercial data brokers like LexisNexis and Verisk, who analysed it to create driving scores that could influence insurance rates without drivers ever knowing it was happening.
The fact that this data flows through intermediaries is precisely what makes it so difficult to challenge. The insurer points to the data broker. The data broker points to the automaker. The automaker points to the terms of service you clicked through when you activated your navigation system four years ago. Nobody is clearly responsible, and the driver — whose data made everyone else money — is the last to know their premium went up because of it. For businesses worried about data exposure flowing in multiple directions at once, our piece on cyber insurance for remote workers covers some of the same coverage gap dynamics playing out in a different context.
The Regulatory Response: Patchy, Late, and Moving Fast
The legislative picture on telematics data in 2026 is characterised by genuine momentum in some jurisdictions and remarkable inaction in others. Privacy concerns have made their way to state lawmakers, attorneys and attorneys general, with lawsuits and proposed legislation cropping up across multiple states. EPIC’s 2025 State of Privacy report notes that six states — Arkansas, Idaho, Kansas, Nevada, North Dakota and Wyoming — have never considered, much less passed, a data privacy bill. Twenty-five have considered this type of legislation but have yet to pass it.
At the federal level, the FTC’s action against GM is the most significant intervention to date, though its scope is limited to that one company’s conduct. Lawmakers in Virginia, Maryland, New York, and North Carolina have introduced bills that place limits on how insurers collect and use telematics data. Transparency regarding data protection practices is increasingly cited as a key factor in telematics adoption going forward.
The telematics provider IMS has warned that insurers risk stalling the adoption of usage-based insurance policies in 2026 unless they address consumer concerns around data privacy and transparency. IMS noted that this reflects a trust deficit rather than technological constraints, with many motorists unconvinced that the trade-off between data sharing and premium savings consistently works in their favour. That finding matters commercially as well as ethically — if trust collapses, the entire telematics business model collapses with it. In a survey of over 5,000 drivers across five international markets, IMS found that in the UK, 72% of motorists said they were open to usage-based insurance but more than half were reluctant to share driving data due to concerns over misuse.
The irony is that telematics, when implemented transparently and used only for its stated purpose, does deliver real consumer benefits. Drivers with usage-based insurance reduced speeding, hard braking, and rapid acceleration by between 11 and 25%, according to a 2026 scientific journal published by Elsevier. It also plays a meaningful role in fraud detection, as detailed in the related piece on how telematics and AI are reducing insurance fraud in 2026. The technology itself isn’t the problem. The problem is the infrastructure around it — the data brokers, the secondary markets, the AI inferences, and the consent frameworks that don’t actually give people meaningful choice.
The EU’s approach under the AI Act and GDPR is further advanced, requiring that AI systems used in insurance underwriting operate with documented transparency and bias testing. But as our coverage of fintech and insurance regulation compliance trends in 2026 outlines, even the most comprehensive regulatory frameworks are struggling to keep pace with how fast the data economy is evolving.
Frequently Asked Questions
Q: Can my insurer share my telematics data with third parties without my consent?
In many jurisdictions, the short answer is: it depends on what you agreed to and where you live. The FTC’s final order against GM requires the company to obtain affirmative customer consent to collect, use, or disclose certain types of connected vehicle data going forward — but this applies to GM specifically, and not to the broader industry. If your state hasn’t passed data privacy legislation, or if those protections exclude insurance companies, you may have very limited recourse. Checking your policy’s data-sharing provisions and your automaker’s privacy policy is the starting point — and for GM vehicles, affected consumers can request their data reports at consumer.risk.lexisnexis.com
Q: Can telematics data actually raise my premiums without me knowing?
Yes, and this has already happened to real drivers. One OnStar user reported their insurance payment rising by 21% based on their Smart Driver data — data they had no idea was being transmitted to brokers and then sold to their insurer. The mechanism is indirect: your automaker sells data to a broker, the broker packages it into a risk score, and your insurer buys that score as an external data point. You never see the pipeline. You just see the renewal quote.
Q: What specific driving behaviours does AI flag as high-risk?
AI-powered telematics systems flag behaviours including speeding, hard braking, rapid acceleration, phone usage while driving, and late-night driving. Location data and time-of-day patterns are also used — since more accidents occur at night or on highways, AI models factor in your typical driving times and routes when assessing your risk profile. The crucial point is that AI goes beyond what you did and attempts to predict what you’re likely to do, which has significant fairness implications.
Q: Can I opt out of telematics data collection?
You can opt out of voluntary insurer telematics programmes, but connected car features built into the vehicle itself are harder to disable and sometimes cannot be turned off entirely without losing core functionality like navigation or emergency response. Reading the connected vehicle terms of service before purchase — and checking the vehicle’s privacy report at vehicleprivacyreport.com — is the best way to understand what data your specific car shares by default.
Q: Is telematics insurance worth it despite the privacy concerns?
While some insurers offer up to a 40% discount for drivers using telematics programmes, the trade-off involves accepting continuous monitoring of your driving behaviour, location history, and travel patterns, with limited visibility into how that data is used downstream. For safe drivers who understand what they’re sharing and trust their insurer’s data governance, the discount can be meaningful. For everyone else, the privacy cost may outweigh the premium saving — particularly when the data can end up influencing rates in ways that are entirely opaque.
The Bottom Line
The deal with telematics insurance was always supposed to be simple: you share your data, you get a fair price. What the GM case made definitively clear is that the data often doesn’t stay within that bargain. It flows to brokers, gets repackaged by AI systems, influences scores you never see, and can end up raising the prices of people who thought they were doing everything right. The technology is real, the safety benefits are real, and the commercial logic is real. But so is the surveillance infrastructure underneath it.
Insurers must treat data access as a privilege and demonstrate genuine transparency, security, and real customer control — without which, usage-based insurance risks remaining a niche proposition despite its economic and safety benefits. As a driver, the most powerful thing you can do right now is read what you agreed to, check what data your car is already sharing, and understand that opting into a premium discount programme and opting into the data economy are, increasingly, the same decision.
Your car knows a lot about you. The question worth asking in 2026 is: who else does?
External Authority Links:
- FTC Final Order — GM/OnStar (Government — highest trust signal)
- Bankrate — Telematics Privacy Concerns
- Insurance.com — AI & Telematics Rates
- vehicleprivacyreport.com (Consumer tool for checking car data collection)
This article is for informational purposes only. Always verify your specific policy terms and applicable data privacy laws with qualified professionals in your jurisdiction.
