OnStar Reverse Terms and Conditions Changes

It appears the negative press and government scrutiny may have gotten to OnStar. Today, they announced that they would reverse changes to their Privacy Policy:

OnStar announced today it is reversing its proposed Terms and Conditions policy changes and will not keep a data connection to customers’ vehicles after the OnStar service is canceled.

I wonder if this change will suffice, or if legislation will still be drafted to head off future attempts.


OnStar Under Government Scrutiny

Just last Wednesday I wrote about OnStar updating their Privacy Statement, allowing them to sell data it harvests from your vehicle to third-parties. I was one of many to give a public opinion on the matter, and now U.S. Sen. Charles Schumer of New York is calling on the FTC to investigate OnStar for what he calls a blatant invasion of privacy. From the AP:

But the General Motors Corp. OnStar service says customers are thoroughly informed of the new practice. If a customer says he or she doesn’t want to have data collected after service is ended, OnStar disconnects the tracking.

OnStar did send out an announcement about changing their Privacy Statement, and I must admit that I did appreciate the simple bullet list of changes abbreviated at the top. It’s the last sentence that bothers me the most, “If a customer says he or she doesn’t want to have data collected after service is ended, OnStar disconnects the tracking.” Since when was canceling a service not all inclusive? If I am no longer paying for your service then I expect you to stop monitoring my vehicle.


OnStar To Sell Harvested User Data To Third-Parties

If you are an existing OnStar subscriber, or are looking to become one in the future, your privacy may be at risk. An article posted by Jonathan Zdziarski discusses the changes to OnStar’s Privacy Statement, and includes OnStar’s plans to share your information with third-parties, regardless if you are paying for the service. Yes, even if you aren’t a paying customer, OnStar may continue harvesting data from your car and share it with others.

What data does OnStar leave on the table to share? How about your GPS history, vehicle speed or safety belt usage? Although the GPS data is anonymized, if your vehicle is parked in your driveway for 75% of its life, it doesn’t take an expert to determine what physical address it’s linked to.

What’s even more concerning is that your data can be collected and shared, even if you aren’t a paying customer. You must request that your data connection is shutdown to opt out of the collection process. Unfortunately, it appears this process is less than perfect. From Jonathan’s post:

To make matters even more insulting, it was difficult to ensure the data connection was shut down after canceling. I still have no guarantee OnStar did what they were supposed to. I had to request the data connection be shut down repeatedly, after the OnStar rep attempted to leave it on and ignore my requests.

One commenter on the post recommended pulling the fuse to OnStar. For those vehicles without a dedicated fuse:

If you don’t have a dedicated fuse for the On Star radio (ours was 5A and clearly labeled) there are usually guides online for major models that outline where the antenna connection is made to the system. If you are an intrepid owner or have a shop/friend you trust you can disconnect the On Star system from the antenna mast and disable the GPS.

The thought of having to physically disconnect an antenna to ensure OnStar isn’t violating my privacy is outrageous.