The California Privacy Protection Agency recently announced that its Enforcement Division is reviewing the data privacy practices of manufacturers that produce Internet-connected vehicles.
Connected vehicles, also known as CVs, can communicate bidirectionally with other systems outside of the cars. The privacy agency highlighted that these cars typically have several key features, including location sharing, web-based entertainment, smartphone integration and cameras.
“Data privacy considerations are critical because these vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives,” the agency said in its announcement.
Overall, there are more than 35 million vehicles registered in California, the privacy agency said.
“Modern vehicles are effectively connected computers on wheels,” said Ashkan Soltani, CPPA’s executive director. “They’re able to collect a wealth of information via built-in apps, sensors, and cameras, which can monitor people both inside and near the vehicle.”
”Our Enforcement Division is making inquiries into the connected vehicle space to understand how these companies are complying with California law when they collect and use consumers’ data,” Soltani continued.
The agency also said it is looking into the data privacy practices of “related CV technologies.”
The California privacy agency was created following voters’ passage of Proposition 24 in 2020. On July 1 CPPA began exercising its power to administratively enforce the landmark California Consumer Privacy Act, known as CCPA.
Just before those powers kicked in, a state court judge issued an opinion preventing the agency from enforcing some new regulations that recently went into effect.
However, Soltani said his agency was pleased the court “held that significant portions of Prop 24’s privacy protections” remained enforceable beginning at the start of last month.
The California Attorney General’s Office also can enforce CCPA, and it has publicly highlighted some of its enforcement efforts.
For example, AG Rob Bonta recently announced his office has launched an investigative sweep to examine how employers are complying with newer elements of California’s data privacy law.
The AG noted in a press release that starting this past Jan. 1, businesses must now comply with CCPA’s privacy protections in their handling of employee data.
Bonta’s office has conducted prior enforcement sweeps as well, including one of online retailers that resulted in a well-publicized settlement with Sephora.