The California Privacy Protection Agency, which enforces the California Consumer Privacy Act of 2018 (“CCPA”), recently ordered American Honda Motor Co., Inc. to pay a $632,500 fine to resolve allegations that the company’s data privacy practices violated the CCPA. According to the Agency, Honda violated the CCPA by making it difficult for consumers to exercise their right to opt-out of information sharing or limit Honda’s use or disclosure of sensitive personal information. Honda allegedly violated Californians’ privacy rights by engaging in the following practices:
- Requiring consumers to provide excessive personal information in order to verify the identities of consumers attempting to exercise their opt-out and limiting rights;
- Using an online privacy management tool that failed to offer privacy choices in a symmetrical or equal way;
- Making it difficult to customers to use “authorized agents’ to exercise privacy rights on their behalf; and
- Sharing customer’s personal information with ad tech companies while failing to produce contracts with these companies that contain required privacy protection terms.
To resolve the matter, Honda consented to the terms of a Stipulated Final Order that was adopted by the California Privacy Protection Agency Board on March 7, 2025. As part of the Order, in addition to the payment of the fine, Honda agreed to establish new processes that make it simpler for consumers to assert their privacy rights. The Order also requires Honda to provide periodic reports to the Agency regarding their efforts develop opt-out processes that comply with the CCPA, including consultation with a user experience designer regarding recommended changes to opt-out procedures, the provision of additional training to personnel that handle CCPA requests, and modifications to contracts involving consumers’ personal information.
California Privacy Protection Agency Announcement | Order of Decision and Stipulated Final Order