Skip to Main Content

Parker Poe

Keeping you informed

Robert Botkin Quoted in Cybersecurity Law Report on FTC Enforcement Action

    Media Mentions
  • March 17, 2026

Robert Botkin was quoted in Cybersecurity Law Report on the Federal Trade Commission’s landmark January 2026 settlement with General Motors over its data notice and consent practices in connected vehicles. The settlement — the first of its kind involving connected‑car data — highlights intensifying regulatory scrutiny of how automakers collect, use, and share sensitive information such as precise geolocation.

The article explains that GM failed to disclose that its Smart Driver program sold consumer geolocation data to third parties for a variety of commercial uses. “The sale of geolocation data for use in risk-based insurance pricing without notifying consumers triggered the enforcement action,” Robert explained. He contrasted GM’s practices with models where insurers directly collect data from consumers: “It is different than using a drive-safe-and-save application, where there is a direct relationship between the insurer and the consumer.”

Robert also suggested that if GM had limited the data’s use to targeted advertising, it likely would not have drawn regulatory ire. “If GM had only sold the information for targeted advertising — for example, offering a $2 coupon after passing a coffee shop — it also probably would not have been targeted,” he said.

A key issue in the settlement was GM’s consent interface, which bundled safety and maintenance alerts with enrollment in Smart Driver. As Robert explained, “Requiring only one click to accept two features denied consumers of free choice.” He added, “I think what the FTC probably would have loved to see is a toggle.”

One of the FTC’s central concerns was the way GM framed Smart Driver. As Robert put it, “Any business that frames data processing as safety-related — then turns around to sell that data to third parties without clear notice and disclosures to the consumer — will find themselves with an FTC enforcement action sooner rather than later.”

Subscribers can click here to read the full article: Connected Cars: FTC GM Settlement Anchors Regulatory Focus

The Cybersecurity Law Report provides business analysis of critical legal issues related to the cybersecurity, data protection, and data privacy challenges facing entities across industries.

To find additional analysis of this enforcement action from Robert and his colleagues, click here.

×
By using this website, you agree to our use of cookies.