Photo courtesy of the author
On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began in 2023.
Specifically, the CPPA alleged that Honda violated the CCPA’s privacy rights provisions by:
- requiring California consumers to provide excessive personal information to exercise their rights, including the opt-out of sale/sharing right (which is not a right that must be verified with consumers’ personal information);
- using an online privacy rights management platform that did not offer consumers their privacy choices in a symmetrical or equal way (in violation of the requirement in Section 7004(a)(2) of the CCPA Regulations to provide symmetry in choice when offering consumers more privacy-protective options, and not create a more difficult path for consumers to exercise such options); and
- not providing a user-friendly method for authorized agents to submit privacy rights requests on consumers’ behalf.
The CPPA also alleged that Honda failed to provide to the CPPA copies of its contracts with ad tech providers containing the required CCPA contract provisions.
As part of the settlement Honda agreed to (1) pay the $632,500 fine, (2) implement a new and simpler process for consumers to submit privacy rights requests, (3) consult a user experience (UX) designer to evaluate its methods for submitting privacy requests, (4) train employees on CCPA compliance, and (5) change its contracting process with recipients of consumer personal information to ensure compliance with the CCPA.
Jenna N. Rode is a Counsel at Hunton Andrews Kurth LLP. This post first appeared on the firm’s blog.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).