On Monday, July 31, the California Privacy Protection Agency’s (“CPPA”) Enforcement Division stated that it is in the process of reviewing the privacy practices of automakers and vehicle technology companies. Specifically, the CPPA has concerns about how connected vehicle (“CV”) manufacturers and related technologies are collecting data, and if such collection is a violation of consumers’ privacy rights.

CV vehicles typically contain relevant features like web-based internet, smartphone integration, cameras, and location sharing. Ashkan Soltani, CPPA’s Executive Director, stressed the significance of this investigation by stating, “Modern vehicles are effectively connected computers on wheels. They’re able to collect a wealth of information.”

The CPPA’s announcement comes as little surprise due to the growing amount of data that cars collect and the many California residents and visitors possibly affected. With over 35 million vehicles registered in California and additional cars visiting, anyone who drives, hops in a rideshare, or even walks near a car with CV technologies could be at risk.

The review will be conducted under the 2018 California Consumer Privacy Act (“CCPA”) and signals that the CPPA is pressing ahead with enforcement of the CCPA while the Superior Court has delayed enforcement of the California Privacy Rights Act (“CPRA”) regulations. Moreover, this announcement follows recent letters issued by the California Attorney General’s office, indicating California is getting ready to actively enforce the CPRA.

Though the CPPA did not explicitly mention which companies it is reviewing, automakers and vehicle technology companies should asses their data protection policies and any collection of protected data to confirm compliance with the CCPA.