HB Ad Slot
HB Mobile Ad Slot
What Honda's CCPA Penalty Means for Your Privacy Compliance
Monday, March 17, 2025

The California Privacy Protection Agency (CPPA) has reached a settlement with American Honda Motor Co., Inc. (Honda), as outlined in this Order of Decision. The Order is the CPPA’s first public enforcement action involving a significant monetary penalty of $632,500, arising from its investigation into the privacy practices of connected vehicle manufacturers that began in July 2023.  

The CPPA asserted that Honda violated the California Consumer Privacy Act (CCPA) by requiring consumers to undergo an extensive identity verification process, including for requests where verification is not permitted under the CCPA. Honda’s process for accepting data subject requests through authorized agents also included unnecessary and non-permitted steps.

Additionally, the CPPA asserted that Honda’s cookie management platform violated the CCPA, as it required a two-step process for opting out of advertising cookies and tracking technologies while consenting (or reconsenting) to cookies required just a single click, making it more burdensome to opt out of, rather than consent to such data processing. Honda was also unable to produce any of its contracts with third party advertising vendors to show that they were implementing the required contractual provisions under the CCPA. 

To resolve the CPPA’s allegations, Honda has agreed to pay $632,500 in monetary penalties and revise its privacy practices, including implementing a simpler process for consumers to exercise their privacy rights, minimizing data collection for verification purposes and modifying its contract management and tracking processes.  

The CPPA’s Order signals an intent to hold businesses accountable for their data subject request processes. Below are some steps you can take to ensure compliance and mitigate the risk of similar penalties:

  • Revisit your process for responding to data subject requests and ensure that your verification process is appropriately tailored.
  • Review (or implement) a process for receiving, verifying and responding to data subject requests.
  • Review your contracts with vendors to confirm they include the required provisions.
  • Assess (or implement) your cookie management platform to ensure opt-out processes are simple and symmetrical.
HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters.

 

Sign Up for any (or all) of our 25+ Newsletters