CPPA Action Against Honda Not Just About Cars: Wiley
California Privacy Protection Agency allegations against Honda “are not specific to the automotive industry, and instead should be viewed as instructive for any business subject to California’s broad and prescriptive CCPA and implementing regulations,” Wiley privacy attorneys blogged Friday.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Honda agreed to pay $632,500 and change various privacy practices as part of a settlement with the CPPA, which was unveiled Wednesday (see 2503120037). While the CPPA said it was part of a sweep of connected car companies, the order lacks “mention of any connected vehicle-specific issues,” the Wiley attorneys noted.
Also, the lawyers pointed out that the CPPA acted against a company that possessed data on more than 100,000 customers, even though the enforcers alleged violations against just 153 of them. “Comparing these numbers, the Agency appears to be prepared to take issue with any violation of the law, even where, as here, the alleged violations make up a fraction of a percentage of consumer interactions.”
While the agency has discretion to provide a right to cure violations before taking enforcement action, the CPPA didn't appear to give Honda that chance, based on the order's text, added the Wiley lawyers.
Among other takeaways, the attorneys highlighted the CPPA’s charge that Honda’s cookie consent manager wasn’t symmetrical. That allegation “reveals a strict reading of the Agency’s prescriptive rules, which also require that these mechanisms be easy to understand, easy to execute, avoid elements that are confusing, and avoid designs that impair or interfere with consumer choice.”