Honda Promises to Change Privacy Ways Amid CPPA Auto Sweep
Honda must pay $632,500 and change various privacy practices under an agreement with the California Privacy Protection Agency announced Wednesday. The CPPA board decided Friday to approve a settlement resolving the privacy agency's claims that the car manufacturer’s North American subsidiary violated the California Consumer Privacy Act (CCPA).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
American Honda takes “our responsibility to protect consumer privacy seriously and are committed to continually striving to ensure that our practices meet the highest standards,” a spokesperson said in an emailed statement. “We have cooperated fully with the CPPA throughout their investigation and have already begun implementing the changes to our processes required by the order. These changes include modifications to our methods for submitting consumer privacy requests, enhancing our cookie management tools, and updating our contract management processes.”
The California agency’s Enforcement Bureau found that American Honda Motor Co. violated the CCPA by (1) requiring Californians to verify themselves and give "excessive personal information" to exercise their privacy rights to opt out and to limit use and disclosure of their sensitive personal information; (2) using an online cookie management tool that failed to offer consumers privacy choices in a symmetrical or equal way; (3) making it hard for consumers to select authorized agents to exercise privacy rights on their behalf; and (4) sharing consumers’ personal information with ad tech companies without producing contracts with necessary privacy terms. The CPPA action came as part of an ongoing sweep of connected car manufacturers' data privacy practices.
Honda also agreed to simplify the process for Californians to assert their privacy rights, the CPPA said. Additionally, Honda must certify its compliance, train its employees and consult a user-experience designer to evaluate its methods for submitting privacy requests; change its contracting process to ensure appropriate mechanisms are in place to protect personal information; and support the Global Privacy Control, a browser-based universal opt-out mechanism.
“We won’t hesitate to use our cease-and-desist authority to change business practices, and we’ll tally fines based on the number of violations," said Michael Macko, head of the CPPA's Enforcement Division. "Today’s resolution reflects Honda’s early cooperation and commitment to make things right.”