The California Privacy Protection Agency’s (CPPA) Enforcement Division is conducting a review of data privacy practices by connected vehicle manufacturers and related technologies. The CPPA, which was established by the 2018 California Privacy Rights Act, has been primarily focused on developing regulations. This investigation marks its first significant enforcement effort.

Connected vehicles, with features like location sharing, web-based entertainment, smartphone integration, and cameras, automatically gather consumers’ personal information and details about their daily lives. The review aims to ensure that these companies comply with the California Consumer Privacy Act (CCPA), which grants Californians privacy rights, such as knowing the personal information collected about them, the right to delete that information, and the right to stop its sale or sharing.

Besides being the only state with a dedicated privacy enforcement body, California is perhaps the most logical state to regulate the connected auto industry. As the CPPA noted in its press release, California is home to 35 million registered automobiles. California is also home to the Silicon Valley companies spearheading the industry – Google and Apple are two giants in the market, and many foreign innovators like Xiaomi based their US operations in the Valley as well. California regulators are uniquely situated to apply pressure to this burgeoning industry in a way that may translate to the broader US market.