GM keeps your personal data for as long as it considers necessary for business, legal, and service purposes, without specifying fixed retention periods for most data types.
This analysis describes what General Motors's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Open-ended retention language means that sensitive data including vehicle location history and driving behavior may be held indefinitely, increasing the risk of exposure and limiting consumers' practical ability to have data deleted.
Interpretive note: The verbatim retention clause was not available in the truncated document; language is inferred from the policy's general data retention disclosures and standard automotive privacy policy structures.
Without specific retention timelines for telematics, location, and biometric data, your personal information including driving history may be retained for extended periods; submitting a deletion request is the primary mechanism for limiting retention.
How other platforms handle this
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. The criteria used to determine our retention periods include: the length of ...
We may retain de-identified or aggregated information that can no longer be used to identify you for any period of time, including indefinitely.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise permitted or required by applicable law.
Monitoring
General Motors has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal information for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements.— Excerpt from General Motors's GM Privacy Statement
REGULATORY LANDSCAPE: Indefinite or open-ended retention language engages CCPA/CPRA, which requires reasonable retention periods proportionate to the purposes for which data was collected (CPRA Section 1798.100(a)(3)). GDPR's data minimization and storage limitation principles (Articles 5(1)(c) and 5(1)(e)) are not directly applicable given the U.S. scope of this policy, but serve as a benchmark for international governance programs. BIPA requires a specific retention schedule and destruction policy for biometric data, making generic retention language potentially non-compliant in Illinois. GOVERNANCE EXPOSURE: Medium. The absence of specific retention schedules for sensitive data categories such as biometric identifiers and precise geolocation creates compliance gaps under BIPA and CPRA. Regulators have increasingly scrutinized vague retention language as inconsistent with minimization principles. JURISDICTION FLAGS: Illinois BIPA explicitly requires a written retention schedule for biometric data, making generic retention language insufficient for compliance in that state. California CPRA requires disclosure of retention periods or the criteria used to determine them in the privacy notice. States enacting comprehensive privacy laws are increasingly adopting similar retention disclosure requirements. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with third-party recipients of GM consumer data should include contractual retention limits consistent with the purposes for which data was shared. Without such limits, onward retention by third parties may exceed what GM's policy discloses. COMPLIANCE CONSIDERATIONS: Legal teams should develop and publish category-specific retention schedules, particularly for biometric data (required by BIPA), precise geolocation, and telematics data. Retention schedules should be incorporated into the privacy notice to satisfy CPRA disclosure requirements. Data minimization audits should confirm that data is not retained beyond documented retention periods.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Open-ended retention language means that sensitive data including vehicle location history and driving behavior may be held indefinitely, increasing the risk of exposure and limiting consumers' practical ability to have data deleted.
Without specific retention timelines for telematics, location, and biometric data, your personal information including driving history may be retained for extended periods; submitting a deletion request is the primary mechanism for limiting retention.
ConductAtlas has identified this type of provision across 15 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by General Motors.