Just a few weeks after California Attorney General Bonta announced an investigative sweep through inquiry letters sent to California employers, today the California Privacy Protection Agency (CPPA) announced a California Consumer Privacy Act (CCPA) review of data privacy practices by connected vehicle manufacturers and related technologies, focusing on embedded features including “location sharing, web-based entertainment, smartphone integration, and cameras,” because “vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives.”

In 2020, California voters approved Proposition 24, the California Privacy Rights Act, which created the CPPA as an independent data protection authority to implement and enforce the CCPA. The CPPA and the California Attorney General both have powers to enforce the CCPA. The Attorney General can bring civil enforcement actions in court. The CPPA can bring administrative enforcement actions.

Our Top 5 Recommendations are:
  1. Implement / update contracts with service providers, affiliates and other parties to whom the company discloses personal information about drivers, riders and others, to avoid triggering or violating opt-out rights of such individuals (and implement an opt-out program if required);
  2. Issue / update privacy notices and the company’s online CCPA Privacy Policy;
  3. Update the company’s data subject request program as necessary;
  4. Revisit data deletion and retention policies given broad access rights for consumers and associated compliance costs and risks; and
  5. Prepare assessments concerning the use of “sensitive personal information” such as a consumer’s precise geolocation to support reliance on exceptions or offer opt-out rights to consumers.

Please see our California Privacy Law blog and resource page here.


Lothar has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto.


Helena practices international commercial law with a focus on assisting and advising technology companies with cross-border transactions, drafting and negotiating commercial agreements, and advising on global data privacy law compliance. Helena also advises software developers, e-commerce companies, and global mobile and web gaming developers on regulatory restrictions, intellectual property, contracting and data privacy.