Dive Brief:
- The California Privacy Protection Agency is fining American Honda Motor Co. $632,500 to resolve claims that the company violated the state’s Consumer Privacy Act when collecting data from its vehicles, according to a March 12 press release.
- The CPPA alleges that Honda required California customers to provide excessive personal information, made it difficult for them to exercise their privacy rights, and shared personal information with ad tech companies without explaining terms in contracts, the release says.
- As part of the settlement with Honda, the CPPA authorized its enforcement division to impose administrative fines of up to $2,500 on the automaker for each data privacy violation and a fine of $7,500 for intentionally collecting sensitive data from customers.
Dive Insight:
With the launch of more connected vehicles by automakers, several state and federal agencies have stepped up their monitoring and enforcement of privacy practices by OEMs and manufacturers.
In July 2023, the CPPA’s enforcement division initiated a review of the data privacy practices of OEMs and manufacturers of connected vehicle technologies. According to the CPPA, privacy considerations are critical because connected vehicles often collect customer data automatically, including the personal preferences of drivers.
Honda agreed to establish a simpler process for California residents to help them assert their privacy rights as part of its settlement with the CPPA. The automaker will also change how it handles data and protects the privacy of its customers, according to the release.
In addition, Honda will be required to certify its compliance, train employees and consult a user experience designer to review methods for customers to submit privacy requests. The company must also change its contracting process with third parties to ensure they protect personal information.
“We won’t hesitate to use our cease-and-desist authority to change business practices, and we’ll tally fines based on the number of violations,” said Michael Macko, head of the CPPA’s enforcement division. “Today’s resolution reflects Honda’s early cooperation and commitment to make things right.”
The fine levied on Honda follows a similar case involving General Motors in Texas.
The state’s Attorney General Ken Paxton in August 2024 sued the automaker for collecting data from more than 14 million connected vehicles since 2015 and selling it to third-party companies that used it to set insurance rates based on individual driver behavior. The suit alleges that GM collected data from 1.8 million drivers in Texas alone and did not inform customers it was selling it to third-parties.
GM has also been investigated by the Federal Trade Commission over its data collection practices.
In January, the FTC announced a proposed settlement with the automaker that includes a ban on disclosing sensitive data to consumer reporting agencies for five years. GM must also provide greater transparency to consumers about the collection, use and disclosure of connected vehicle data, according to the FTC.
Also in January, the Department of Commerce issued a finalized rule banning the sale and import of connected vehicle hardware and software originating from China or Russia over similar data privacy concerns, as well risks to national security.
