CCPA Radar tracks publicly announced enforcement actions, settlements, and penalty decisions under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Its purpose is to provide a clear, practical view of how California regulators interpret and enforce privacy obligations in real cases.
The radar brings together key information on enforcement trends, including the regulator, the organization involved, the amount of the penalty, the legal basis of the violation, and the core compliance issues identified in each matter. By presenting these cases in one place, CCPA Radar helps privacy, legal, compliance, and security teams better understand which failures most often lead to regulatory action.
More than a list of fines, CCPA Radar is designed as a working compliance resource. It shows how regulators approach topics such as opt-out mechanisms, dark patterns, children’s data, privacy notices, vendor contracts, and the technical implementation of consumer rights. This makes it easier to translate enforcement activity into concrete lessons for internal privacy governance and risk management.
American Honda Motor Co.
Penalty:
632,50 USD
Consumer-rights request handling failures; asymmetrical choice design; barriers to authorized agents; missing contract safeguards
Core issue:
March 12, 2025
Date:
Main public findings:
CPPA announced that Honda would pay USD 632,500 and change its business practices after claims that it violated the CCPA. The public materials describe issues including requiring verification or excessive information for certain requests, asymmetrical privacy choices, difficulties for authorized agents, and insufficient contractual protections with ad-tech recipients.
Cause of the violation:
Core issue:
Recommendations:
Source:
Honda's privacy request process and consent interface were designed in ways that made some rights harder to exercise than permitted, and its governance of downstream recipients was not sufficiently documented through compliant contracts.
Consumer-rights request handling failures; asymmetrical choice design; barriers to authorized agents; missing contract safeguards
Present privacy choices symmetrically; do not require more information than necessary; allow authorized agents to act without artificial barriers; keep a current inventory of recipients and contracts; test request-handling and consent tools in the same environments consumers use.