Careers

Diversity, Equity & Inclusion

Experience

Innovation

Interactive Maps

Locations

About

Pages

Meet our team of innovators
Ask us how we do it

Professionals

Insights

Services

Thompson Hine LLP, a full-service business law firm with approximately 400 lawyers in 8 offices, was ranked number 1 in the category “Most innovative North American law firms: New working models” by The Financial Times and was 1 of 7 firms shortlisted for The American Lawyer’s inaugural Legal Services Innovation Award. The firm has been recognized by the National Law Journal as a Legal Technology Trailblazer and featured by Bloomberg for its innovative service delivery models, which drive accuracy and predictability. The firm’s commitment to innovation is embodied in Thompson Hine SmartPaTHTM – a smarter way to work – predictable, efficient and aligned with client goals. For more information, please visit ThompsonHine.com and ThompsonHine.com/SmartPaTH.

Home | Thompson Hine LLP

Atlanta

Chicago

Cincinnati

Cleveland

Columbus

Dayton

Los Angeles

New York

Washington, D.C.

<a>On July 31 the California Privacy Protection Agency’s (CPPA) Enforcement Division </a><a href="https://cppa.ca.gov/announcements/2023/20230731.html" target="_blank" rel="noreferrer noopener">announced</a> that it will review the data privacy activities of connected vehicle (CV) manufacturers and related CV technologies to assess their compliance with the <a>California Consumer Privacy Act</a>, as amended (CCPA). The announcement comes just weeks after California’s attorney general made a <a href="https://www.thompsonhine.com/insights/california-investigates-employee-hr-data-processing-in-privacy-enforcement-actions/" target="_blank" rel="noreferrer noopener">public statement</a> of his office’s enforcement actions regarding CCPA compliance in the employment and HR context. With a broad range of enforcement actions being undertaken with respect to the CCPA, organizations should immediately reassess their data privacy compliance programs and policies.

contentpilot/introduction

core/heading

With significant technological advancements in recent years, CVs have been described as “smartphones on wheels.” They are WiFi-enabled, embedded with Bluetooth, and have their own central processing units.

core/paragraph

A CV’s sensors and automated components generate large amounts of data about the vehicle and the driver, including the vehicle’s precise location, the driver’s behavior (e.g., speed, distance between other vehicles, seat belt use, information about braking habits), car crash-related data, and overall vehicle performance.

According to the <a href="https://sgp.fas.org/crs/misc/R45985.pdf" target="_blank" rel="noreferrer noopener">Congressional Research Service</a>, “[h]ackers could use more than a dozen portals to enter even a conventional vehicle’s electronic systems, including seemingly innocuous entry points such as the airbag, the lighting system, and the tire pressure monitoring system. Requirements that increasingly automated vehicles accept remote software updates, so that owners do not need to take action each time software is revised, are in part a response to concerns that security weaknesses be rectified as quickly as possible.”

Importantly, certain motor vehicle trade associations have developed “Privacy Principles for Vehicle Technologies and Services,” which was recently reviewed for updates in <a href="https://www.autosinnovate.org/innovation/Automotive%20Privacy/Consumer_Privacy_Principlesfor_VehicleTechnologies_Services-03-21-19.pdf" target="_blank" rel="noreferrer noopener">March 2022</a>. These principles mirror several of the CCPA’s requirements.

The CPPA was created in 2020, when the CCPA was amended by the California Privacy Rights Act, and is the first independent data protection authority in the United States.

When announcing its decision to target CV manufacturers for privacy compliance audits, the CPPA noted that CVs “are embedded with several features including location sharing, web-based entertainment, smartphone integration, and cameras. Data privacy considerations are critical because these vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives.”

CPPA Executive Director Ashkan Soltani noted that CVs are “able to collect a wealth of information via built-in apps, sensors, and cameras, which can monitor people both inside and near the vehicle,” and that the CPPA “is making inquiries into the connected vehicle space to understand how these companies are complying with California law when they collect and use consumers’ data.”

Accordingly, organizations subject to this enforcement action should consider several of the key components of CCPA compliance, including:

core/list

<a></a><a><em>This advisory bulletin may be reproduced, in whole or in part, with the prior permission of Thompson Hine LLP and acknowledgment of its source and copyright. This publication is intended to inform clients about legal matters of current interest. It is not intended as legal advice. Readers should not act upon the information contained in it without professional counsel.</em></a>

<em>This document may be considered attorney advertising in some jurisdictions.</em>

https://admin.thompsonhine.com/wp-content/uploads/2023/08/Privacy-Cybersecurity-Update-California-Announces-Privacy-Audits-of-Connected-Vehicles-and-Related-Technologies.pdf

California Announces Privacy Audits of Connected Vehicles and Related Technologies

Services