Privacy & Cybersecurity Law Blog

On July 8, 2025, Nebraska Attorney General (“AG”) Mike Hilgers announced that the AG’s office is suing General Motors LLC and its subsidiary OnStar LLC (collectively, “General Motors”) over violations of Nebraska’s consumer protection laws. The complaint alleges that General Motors’ disclosures misled vehicle purchasers and did not adequately disclose that GM would collect and sell their driving data.

According to the lawsuit, General Motors collected data through telematics systems installed in vehicles, including speed, seatbelt usage, driving habits, and location. The AG alleges that General Motors sold driver data to third parties who used it to create “driving scores” that were sold to insurance companies and used to raise rates, deny coverage or cancel policies. The lawsuit alleges that General Motors obtained the data by using deceptive and unlawful tactics, such as overwhelming vehicle purchasers with pages of materially misleading disclosures, including privacy policies that were “false or misleading because they never explained that [General Motors] would collect, analyze, and sell Nebraska consumers’ Driving Data.” 

The announcement states that AG Hilgers’ office filed the lawsuit “because one large company decided that it wouldn’t honestly tell Nebraskans that their data was going to be used to impact their insurance rates. This is wrong. Our office will hold companies that mislead Nebraskans accountable, no matter how large.”

The AG seeks civil penalties, restitution, injunctive relief, and attorney’s costs and fees.

This lawsuit follows actions by the FTC, the Texas Attorney General, and the Arkansas Attorney General over similar data-sharing allegations, and is part of a larger trend of state regulators examining the privacy practices of connected vehicle manufacturers.