CalPrivacy Hits Ford for Opt-Out Friction in Connected Car Sweep Under CCPA

Privacy Daily recently quoted Andrew Folk’s blog post in the article “CalPrivacy Hits Ford for Opt-Out Friction in Connected Car Sweep Under CCPA.” Ford’s overly difficult customer opt-out process was found to violate the California Consumer Privacy Act (CCPA), leading to a $376,000 settlement as part of the second enforcement sweep of connected‑vehicle manufacturers. Folk explains that the Ford settlement reinforces the fact that opt-outs are not verifiable requests under the CCPA, and that “ensuring these requests are honored separately and lawfully requires proper configuration within a business’s consumer‑request platform.” Ford created unnecessary friction for consumers by requiring them to verify their identity before opting out of the sale or sharing of personal information collected through digital properties and connected vehicles. The company also failed to process opt-outs until consumers completed an additional email‑verification step. CalPrivacy has ordered Ford to revise its practices by providing consumers with simple, low‑friction opt‑out methods. Ford must also audit the tracking technologies on its website to ensure compliance with the Global Privacy Control (GPC) and other opt‑out preference signals. Read the full article on privacy updates.