Hunton Andrews Kurth writes: On March 7, 2025, the California Privacy Protection Agency (“CPPA”) voted to authorize the agency to advance proposed data broker regulations concerning the Delete Request and Opt-Out Platform (“DROP”) to formal rulemaking. The CPPA’s proposed DROP regulations are part of the agency’s efforts to implement California’s Delete Act. The Delete Act requires the CPPA to establish…
Category: Laws
The differences between non-disclosure, exfiltration and notice – a court’s view
David Kessler and Sue Ross write: Although there is scant case law on the question, it is generally accepted that it is not a violation of one’s duty not to disclose information if it is stolen from you. Put another way, disclosure is an affirmative act, and, absent an affirmative duty to protect information from…
States Ramp Up Car Privacy Enforcement Using Tricks Old and New
Tonya Riley and Cassandre Coyer report: Carmakers are in the crosshairs of state enforcers, with California becoming the latest to target the industry’s data practices. The California Privacy Protection Agency announced on Wednesday an enforcement action and settlement accusing American Honda Motor Co. Inc. of violating state privacy law. Honda required consumers to provide excessive personal information for privacy…
CPPA Fines Honda $632,500 for CCPA Violations
Hunton Andrews Kurth writes: On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began…