With the rise of connected vehicles being produced by automakers, several state and federal agencies have intensified monitoring and enforcement of data privacy regulations that are implemented by OEM manufacturers and other technology providers for connected vehicles.
In July 2023, the CPPA’s enforcement division began reviewing the data privacy practices of OEM manufacturers and technology providers for connected vehicles. According to a statement from CPPA, privacy issues are critically important because connected vehicles often automatically collect user data, including drivers' personal preferences.
Honda agreed to establish a streamlined process for California residents to help protect their privacy rights under a settlement with the CPPA. According to the company, the automaker will also revise its data handling practices and enhance customer privacy protection.
In addition, Honda is required to certify its compliance, train employees, and consult with user experience experts to review methods of handling customer requests for privacy protection. The company must also change its contracting process with third parties to ensure proper protection of personal information.
"We will not hesitate to use our enforcement powers to change business practices and will impose penalties depending on the number of violations," said Michael Matco, head of the CPPA's enforcement division. "Today's resolution reflects the initial cooperation and Honda's commitment to address the situation."
The penalty imposed on Honda follows a similar case involving General Motors in Texas.
In August 2024, Texas Attorney General Ken Paxton filed a lawsuit against the automaker for collecting data from more than 14 million connected vehicles since 2015 and selling that data to third-party companies, who used it to determine insurance premiums based on individual driver behavior. The lawsuit claims that GM collected data on 1.8 million drivers in Texas alone and failed to inform customers about the sale of their data to third parties.
GM is also under investigation by the Federal Trade Commission (FTC) regarding its data collection practices.
In January, the FTC announced a proposed settlement with the automaker that would bar GM from sharing confidential data with credit rating agencies for five years. According to the FTC, GM must also provide greater transparency to consumers regarding the collection, use, and disclosure of data on connected vehicles.
Also, in January, the U.S. Department of Commerce released an updated rule that bans the sale and import of hardware and software for connected vehicles from China and Russia due to similar data privacy issues and potential national security risks.