In a landmark move, the state of Texas has taken legal action against Allstate, one of the country's largest car insurance providers, alleging that it violated the state's privacy laws by secretly collecting detailed location data on millions of drivers and using this information to justify raising insurance premiums. The lawsuit marks the first enforcement action ever filed by a state attorney general to enforce a data privacy law.

Texas Attorney General Ken Paxton stated that the investigation revealed Allstate and its subsidiary Arity paid mobile apps millions of dollars to install tracking software, collecting personal data without knowledge or consent, in violation of the law. "Texans deserve better," Paxton emphasized, "and we will hold all these companies accountable."

In 2015, Allstate developed the Arity Driving Engine software development kit (SDK), a package of code that mobile app developers installed in their products to collect sensitive data from consumers' phones. The SDK gathered geolocation data, accelerometer and gyroscopic data, details about where phone owners started and ended their trips, and information about driving behavior, such as speeding or distracted driving.

Apps that installed the SDK included GasBuddy, Fuel Rewards, and Life360, a popular family monitoring app. Allstate and Arity used this data to develop products like Drivesight, an algorithmic model assigning a driving risk score to individuals, and ArityIQ, which allowed other insurers to access actual driving behavior collected from mobile phones and connected vehicles.

However, the companies failed to inform customers about what data was being collected or how it would be used. The lawsuit highlights that if someone was merely a passenger in a vehicle, Allstate and Arity would incorrectly conclude they were engaging in "bad" driving behavior.

The Texas Data Privacy and Security Act is one of many state privacy laws enacted in recent years. While other states have accused companies of violating their privacy laws, the Texas complaint against Allstate is significant because the company allegedly didn't take advantage of the opportunity to change its practices and avoid a lawsuit.

In its complaint, filed in federal court, Texas requested that Allstate be ordered to pay a penalty of $7,500 per violation of the state's data privacy law and $10,000 per violation of the state's insurance code. The lawsuit also asks the court to make Allstate delete all the data it obtained through actions that allegedly violated the privacy law and provide full restitution to customers harmed by the companies' actions.

This case serves as a reminder of the importance of transparency in fitness app development and data collection.