Five states introduced legislation in 2026 to limit how auto insurers collect and share telematics driving data, as Allstate faces lawsuits for selling 45 million drivers' data to insurers without consent. Most bills have stalled — but a federal court ruling, a Texas AG enforcement action, and NAIC model law revisions are reshaping the landscape for 21 million U.S. policyholders already enrolled in telematics programs.
- Texas AG sued Allstate and Arity for secretly collecting and selling telematics data from 45M+ Americans — the first enforcement under Texas's new data privacy law
- Five states (Maryland, Missouri, New York, North Carolina, Tennessee) introduced telematics privacy bills in 2026; most have stalled, with NC HB 81 showing the most progress
- Connected car manufacturers — including GM and Toyota — share driving data with insurers by default, even for drivers who never opted into a telematics program
- NAIC is drafting model law amendments covering consumer consent, data minimization, and limits on selling nonpublic personal driving data
- The discount is still real — but you should know exactly what you're trading for it
What's Happening
Auto insurance telematics programs cover more than 21 million U.S. policyholders as of 2024 — a number that has grown at a 28% compound annual rate since 2018, according to the IoT Insurance Observatory. The premise is straightforward: share your driving data, earn a discount. But a growing wave of lawsuits and state legislation is exposing a more complicated picture of what that data trade actually involves.
In January 2025, Texas Attorney General Ken Paxton sued Allstate and its data analytics subsidiary Arity, alleging they had secretly embedded tracking software into third-party mobile apps — including Life360 — to collect location and driving behavior data from more than 45 million Americans without meaningful consent. Allstate then sold those driving profiles to other insurance companies, which used them to raise rates. The Texas suit was the first enforcement action under the state's newly enacted Data Privacy and Security Act.
A federal court in Chicago subsequently allowed a separate class action against Allstate to move forward in early 2026, ruling that plaintiffs could pursue wiretap and Fair Credit Reporting Act claims over the same data collection practices. A third lawsuit, filed in Texas, targets Progressive and Toyota for allegedly sharing connected car driving data — collected through Toyota's telematics systems — with insurers without explicit policyholder consent.
Five States Act — But Most Bills Have Stalled
The litigation wave prompted state legislators across the country to introduce new consumer protections. Five states introduced telematics-specific privacy bills in the 2025-2026 legislative session:
| State | Bill | Key Provision | Status (April 2026) |
|---|---|---|---|
| Maryland | SB 984 | Requires full disclosure of data collected; bars rate increases based solely on telematics within 6 months of policy start; insurers must allow data corrections | Active — Insurance Commissioner endorsed |
| Missouri | HB 1121 | Prohibits insurers from purchasing driving data from third parties, including vehicle manufacturers | Stalled in committee |
| New York | SB 5486 | Requires insurers to file telematics discount methodologies with the superintendent and disclose to the public | Stalled in committee |
| North Carolina | HB 81 | Requires written consent before insurers can collect, sell, share, or use vehicle telematics data; consent can be revoked | Most advanced — moving through legislature |
| Tennessee | SB 195 | Requires insurer consent and full disclosure of how telematics data is collected and used | Stalled in committee |
Source: Bankrate, LegiScan, Repairer Driven News, April 2026. Bill status reflects most recent legislative action as of publication date.
Maryland's bill has notable momentum: the state's acting Insurance Commissioner Marie Grant publicly backed SB 984, a signal that the insurance regulatory establishment is no longer aligned with the status quo. North Carolina's HB 81 has moved furthest through the legislature.
The Connected Car Problem Most Drivers Don't Know About
Even drivers who have never enrolled in a telematics discount program may be sharing their data. Automakers including GM (through OnStar) and Toyota (through Toyota Connected Services) collect detailed driving behavior data through in-vehicle systems — and have partnered with data brokers like LexisNexis and Verisk to make that data available to insurers.
A 2024 New York Times investigation found that GM OnStar had been sharing granular driving records — hard braking counts, speed patterns, mileage — with LexisNexis and Verisk, companies that insurers use to assess risk. Drivers whose data was shared reported surprise rate increases at renewal, with no awareness that their car manufacturer had been supplying behavioral data to their insurer. Missouri's HB 1121 specifically targets this practice by prohibiting insurers from purchasing any driving data collected by vehicle manufacturers without the driver's affirmative opt-in.
There is a critical distinction between opt-in telematics programs (Progressive Snapshot, State Farm Drive Safe & Save, GEICO DriveEasy — where you knowingly enroll for a discount) and connected car data sharing (where your vehicle's built-in systems share data with your manufacturer, who may then sell it to insurers). The lawsuits and most of the 2026 legislation are focused on the second category — but both affect your rates.
What Your Insurer's Telematics Program Collects
For drivers enrolled in opt-in programs, data collection is extensive. Here's what the major carriers typically track:
| Program | Carrier | Data Collected | Third-Party Sharing |
|---|---|---|---|
| Snapshot | Progressive | Speed, hard braking, rapid acceleration, time of day, mileage | Arity (Progressive subsidiary); may share with connected car partners |
| Drive Safe & Save | State Farm | Speed, braking, acceleration, phone distraction, mileage; OnStar integration for connected vehicles | OnStar/GM data partnership for enrolled vehicles |
| Drivewise | Allstate | Speed, hard braking, time of day, mileage; Arity SDK embedded in third-party apps | Arity (subject of Texas AG lawsuit) |
| DriveEasy | GEICO | Hard braking, speeding, phone distraction, mileage | Internal use; no disclosed third-party sales |
| SmartRide | Nationwide | Mileage, time of day, braking, acceleration | Internal use only per published privacy policy |
Source: Insurer privacy policies and program disclosures, Bankrate analysis, April 2026. Third-party sharing reflects current disclosures and may not reflect all data flows.
Federal and Industry Response
The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group is drafting amendments to the model Privacy of Consumer Financial and Health Information law (MDL 672). The revisions would add new requirements for consumer consent, data minimization (limiting how much data can be collected in the first place), notification, and restrictions on the sale of nonpublic personal driving data to third parties. At the NAIC's 2026 Spring Meeting, cybersecurity and data privacy emerged as top priorities for state regulators.
A consumer advocacy group, the Electronic Privacy Information Center (EPIC), reviewed all 19 state data privacy laws passed since California's CCPA in 2018 and found most received "D" or "F" grades. The primary critique: existing laws place the burden of privacy protection on consumers — requiring them to read lengthy disclosures and take action to opt out — rather than restricting how much data companies can collect in the first place.
"Basically, companies — including the insurance companies and the car companies themselves — can do what they want [with customer data] as long as they've put what they're doing in a privacy policy." — Kara Williams, law fellow, Electronic Privacy Information Center
What You Should Do Now
Check What Your Insurer Collects
Your insurer's privacy policy and telematics program terms should list what data is collected, how long it's retained, and whether it's shared with third parties. Look for a dedicated telematics disclosure — not just the general privacy policy.
Check Your Car's Connected Services Settings
If you drive a connected vehicle (most 2020+ models), log into your automaker's connected services portal (OnStar, Toyota Connected Services, Ford Pass, etc.) and review what data is shared. Look for an option to opt out of data sharing with third parties.
Know Your State's Protections
Drivers in North Carolina and Maryland have the strongest pending protections in 2026. California's Proposition 103 requires prior regulatory approval before telematics data can be used in rating calculations. If you're in a state with no pending legislation, your primary protection is reading program disclosures carefully before enrolling.
Weigh the Discount Against the Trade-off
Telematics discounts are real — Progressive and State Farm both report average savings of 10-15% for qualifying drivers. If you're a safe driver, the data trade-off may still be worth it. But understand what you're enrolling in before you sign up. See our car insurance hub for state-by-state rate comparisons if you're shopping for lower rates without enrolling in a telematics program.
What to Watch Next
The Allstate lawsuits will be the most consequential developments to follow. If the Texas AG's enforcement action or the federal class action result in significant penalties or a settlement, it could reshape industry data-sharing practices more effectively than state legislation alone. The NAIC model law amendments — expected to go out for public comment in 2026 — will determine whether states adopt a uniform national framework for telematics privacy or continue the current patchwork approach.
For consumers shopping for coverage in states like Maryland and North Carolina, it's worth monitoring whether this year's legislation passes. If North Carolina's HB 81 becomes law, it would be among the first state statutes to require written opt-in consent specifically for vehicle telematics data — a meaningful shift in the baseline. For more on how rates vary by state, see our state car insurance guides. If you're in North Carolina specifically, our North Carolina car insurance page covers the latest rate and regulatory updates.
Frequently Asked Questions
No. Telematics programs are voluntary opt-in programs tied to discounts. However, if you drive a connected vehicle, your automaker may already be sharing data with insurers by default — separate from any program you've chosen to enroll in. Check your vehicle's connected services settings to review and manage this.
Yes, in most states. If you enroll in a telematics program and the data shows high-risk driving patterns (speeding, hard braking, late-night driving), your insurer can use that data to adjust your rate at renewal. Maryland's SB 984 would specifically prohibit rate increases based solely on telematics data within the first six months of coverage — but that law hasn't passed yet.
Arity is a data analytics company founded by Allstate that collects and analyzes telematics data. According to the Texas AG's lawsuit, Arity embedded tracking software into third-party apps — including Life360 — to collect driving data from over 45 million Americans without clear disclosure. That data was then sold to insurance companies. The lawsuit is ongoing and Allstate has disputed the characterization.
Yes. California's Proposition 103, passed in 1988, requires insurers to get prior approval from the state Insurance Commissioner before using telematics data in rate calculations. This makes California both the strongest state for telematics privacy and one of the slowest states to adopt usage-based insurance programs.
- Texas Attorney General — AG Paxton Sues Allstate and Arity for Unlawfully Collecting and Selling Driving Data
- Bankrate — Telematics Insurance Facing New Heat Over Privacy Concerns (May 2025)
- Carrier Management — Telematics and Trust: How Usage-Based Insurance Is Transforming Auto Coverage (February 2026)
- Repairer Driven News — Maryland Insurance Commissioner Backs Telematics Regulation Bill
- NAIC — Privacy Protections (H) Working Group
- National Law Review — Federal Court Keeps Wiretap and FCRA Claims Alive in Allstate/Arity Class Action
- Electronic Privacy Information Center — State of Privacy 2025 Report
- North Carolina Legislature — HB 81: Restrict Use of Vehicle Telematics