Major car brand settles with California for $630,000 over privacy violations

CALIFORNIA – The California Privacy Protection Agency (CPPA) announced, March, 12 that American Honda Motor Co. must pay a $632,500 fine for violating privacy laws with its connected vehicles and related technologies.

Connected vehicles are embedded with several features including location sharing, web-based entertainment, smartphone integration, and cameras.

As of 2024, it’s estimated that over 97% of new vehicles sold worldwide are connected, reflecting the rapid integration of internet connectivity in modern automobiles.

Connected vehicles automatically gather details about daily lives

CPPA says data privacy considerations are critical for connected vehicles because they often automatically gather consumers’ locations, personal preferences, and details about their daily lives.

The CPPA alleges Honda violated Californians’ privacy by:

requiring excessive personal information for privacy rights;
using a biased privacy tool;
making it difficult to authorize agents, and;
sharing data with ad tech companies without proper privacy contracts.

The agency said the investigation stemmed from its ongoing review of data privacy practices by companies that manufacture connected vehicles and related technologies.

CPPA can fine businesses up to $2,500 for each violation

To resolve the allegations, Honda agreed to implement a new and simpler process for Californians to assert their privacy rights.

In addition, Honda will pay a $632,500 fine.

The agency can fine businesses up to $2,500 for each violation ($7,500 for intentional violations), with possible inflation adjustments, in addition to ordering them to stop the illegal practices.

“We won’t hesitate to use our cease-and-desist authority to change business practices, and we’ll tally fines based on the number of violations,” said CPPA Enforcement Division head Michael Macko.

The CPPA is the first state agency in the U.S. focused on enforcing privacy laws.