By Todd Feathers Published January 14, 2025 | Comments (0) | Allstate is accused of violating Texas's comprehensive state data privacy law. Shutterstock Texas has sued one of the nations largest car insurance providers alleging that it violated the states privacy laws by surreptitiously collecting detailed location data on millions of drivers and using that information to justify raising insurance premiums. The states attorney general, Ken Paxton, said the lawsuit against Allstate and its subsidiary Arity is the first enforcement action ever filed by a state attorney general to enforce a data privacy law. It also follows a deceptive business practice lawsuit he filed against General Motors accusing the car manufacturer of misleading customers by collecting and selling driver data. Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstates tracking software, Paxton said in a statement. The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable. In 2015, Allstate developed the Arity Driving Engine software development kit (SDK), a package of code that the company allegedly paid mobile app developers to install in their products in order to collect a variety of sensitive data from consumers phones. The SDK gathered phone geolocation data, accelerometer, and gyroscopic data, details about where phone owners started and ended their trips, and information about driving behavior, such as whether phone owners appeared to be speeding or driving while distracted, according to the lawsuit.The apps that installed the SDK included GasBuddy, Fuel Rewards, and Life360, a popular family monitoring app, according to the lawsuit.Paxtons complaint said that Allstate and Arity used the data collected by its SDK to develop and sell products to other insurers like Drivesight, an algorithmic model that assigned a driving risk score to individuals, and ArityIQ, which allowed other insurers to [a]ccess actual driving behavior collected from mobile phones and connected vehicles to use at time of quote to more precisely price nearly any driver. Allstate and Arity marketed the products as providing driver behavior data but because the information was collected via mobile phones the companies had no way of determining whether the owner was actually driving, according to the lawsuit. For example, if a person was a passenger in a bus, a taxi, or in a friends car, and that vehicles driver sped, hard braked, or made a sharp turn, Defendants would conclude that the passenger, not the actual driver, engaged in bad driving behavior, the suit states.Neither Allstate and Arity nor the app developers properly informed customers in their privacy policies about what data the SDK was collecting or how it would be used, according to the lawsuit.Texass Data Privacy and Security Act is one of dozens of state privacy laws enacted in recent years. While other states have accused and reached settlements with companies for violating their privacy laws, the Texas complaint against Allstate is significant because the company allegedly passed up the opportunity to change its practices and avoid a lawsuit. Like many other state laws, the Texas DPSA has what is known as a right-to-cure provision, which says that companies who are notified that theyre violating the law have a certain amount of time (30 days, in Texass case) to fix the alleged violations and avoid an enforcement action. Allstate and Arity didnt do that, according to the lawsuit.In its complaint, filed in federal court, Texas requested that Allstate be ordered to pay a penalty of $7,500 per violation of the states data privacy law and $10,000 per violation of the states insurance code, which would likely amount to millions of dollars given the number of consumers allegedly affected. The lawsuit also asks the court to make Allstate delete all the data it obtained through actions that allegedly violated the privacy law and to make full restitution to customers harmed by the companies actions.Daily NewsletterYou May Also Like By Matthew Gault Published January 13, 2025 By Todd Feathers Published December 26, 2024 By Lucas Ropek Published November 17, 2024 By Matthew Gault Published September 10, 2024 By Matt Novak Published September 5, 2024 By Matthew Gault Published August 26, 2024