CCPA Radar tracks publicly announced enforcement actions, settlements, and penalty decisions under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Its purpose is to provide a clear, practical view of how California regulators interpret and enforce privacy obligations in real cases.
The radar brings together key information on enforcement trends, including the regulator, the organization involved, the amount of the penalty, the legal basis of the violation, and the core compliance issues identified in each matter. By presenting these cases in one place, CCPA Radar helps privacy, legal, compliance, and security teams better understand which failures most often lead to regulatory action.
More than a list of fines, CCPA Radar is designed as a working compliance resource. It shows how regulators approach topics such as opt-out mechanisms, dark patterns, children’s data, privacy notices, vendor contracts, and the technical implementation of consumer rights. This makes it easier to translate enforcement activity into concrete lessons for internal privacy governance and risk management.
Ford Motor Company
Kara:
375,70 USD
Opt-out friction; unnecessary verification
Główny problem:
5 marca 2026
Data:
Główne ustalenia:
CPPA announced that Ford required consumers to provide additional information, including email verification, before processing opt-out requests, even though those requests could have been processed without that extra step.
Przyczyna naruszenia:
Opis wydarzeń
Zalecenia:
Źródło:
Ford designed its opt-out workflow in a way that imposed unnecessary friction and verification steps on consumers seeking to opt out of sale/sharing.
CPPA issued a decision requiring Ford to pay a civil fine and change its practices after finding that its consumer privacy rights form made opt-out requests harder than permitted under the CCPA. The order also required Ford to review its tracking technologies and improve compliance with opt-out obligations.
Do not require identity verification for standard opt-out requests; minimize the information requested from consumers; test opt-out workflows end-to-end; review cookies, pixels, SDKs, and other tracking tools regularly; ensure that technical implementation matches the legal design of the consumer choice flow.
