Privacy & Cybersecurity Law Blog

On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began in 2023.

Specifically, the CPPA alleged that Honda violated the CCPA’s privacy rights provisions by:

• requiring California consumers to provide excessive personal information to exercise their rights, including the opt-out of sale/sharing right (which is not a right that must be verified with consumers’ personal information);
• using an online privacy rights management platform that did not offer consumers their privacy choices in a symmetrical or equal way (in violation of the requirement in Section 7004(a)(2) of the CCPA Regulations to provide symmetry in choice when offering consumers more privacy-protective options, and not create a more difficult path for consumers to exercise such options); and
• not providing a user-friendly method for authorized agents to submit privacy rights requests on consumers’ behalf.

The CPPA also alleged that Honda failed to provide to the CPPA copies of its contracts with ad tech providers containing the required CCPA contract provisions.

As part of the settlement Honda agreed to (1) pay the $632,500 fine, (2) implement a new and simpler process for consumers to submit privacy rights requests, (3) consult a user experience (UX) designer to evaluate its methods for submitting privacy requests, (4) train employees on CCPA compliance, and (5) change its contracting process with recipients of consumer personal information to ensure compliance with the CCPA.