Hunton Andrews Kurth writes:
On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began in 2023.
Specifically, the CPPA alleged that Honda violated the CCPA’s privacy rights provisions by:
- requiring California consumers to provide excessive personal information to exercise their rights, including the opt-out of sale/sharing right (which is not a right that must be verified with consumers’ personal information);
- using an online privacy rights management platform that did not offer consumers their privacy choices in a symmetrical or equal way (in violation of the requirement in Section 7004(a)(2) of the CCPA Regulations to provide symmetry in choice when offering consumers more privacy-protective options, and not create a more difficult path for consumers to exercise such options); and
- not providing a user-friendly method for authorized agents to submit privacy rights requests on consumers’ behalf.
The CPPA also alleged that Honda failed to provide to the CPPA copies of its contracts with ad tech providers containing the required CCPA contract provisions.
Read more at Privacy & Information Security Law Blog.