4 critical compliance areas companies should review after CPPA's Honda settlement

The recent California Privacy Protection Agency settlement with American Honda Motor Company over violations of the California Consumer Privacy Act, highlights four key areas companies should review and focus on immediately.

The USD632,500 settlement resolves claims around various aspects of Honda's privacy practices, including use of an "online privacy management tool that failed to offer Californians their privacy choices in a symmetrical or equal way" and sharing consumer data without "contracts that contain the necessary terms to protect privacy."

Cookie consent management

In the wake of the settlement, companies should review their cookie setup immediately.

Regulators don't like dark patterns. Customers don't either. Cookie consent technology needs to be properly established to comply with privacy laws and routinely reviewed and tested.

The CCPA requires symmetry in privacy choices. This means if companies have a cookie banner, there should be two equally prominent buttons: "Accept All" and "Reject All." If it takes one click to opt in, it should equally take just one click to opt out. 

Note that the CCPA wants companies to avoid dark patterns so these boxes shouldn't differ in color, font size, or have boxes around the more favorable option to the company. It's also important companies include a "Reject All" button within the manage settings section to make it easy for consumers to opt out.