Penalty Amount
$375,703
The California Privacy Protection Agency settled with Ford Motor Company for $375,703 after finding that Ford violated the CCPA by requiring email verification for opt-out requests, creating unnecessary friction. Ford must implement easier opt-out methods, conduct a website audit, and comply with global privacy controls.
Ford must pay a $375,703 fine, change its business practices to provide easy opt-out requests with minimal steps, conduct an audit of tracking technologies on its website, and ensure compliance with opt-out preference signals like Global Privacy Control.
Entity
Ford Motor Company
Also known as: Ford
Industry
AutomotiveOfficial Press Release
https://privacy.ca.gov/2026/03/ford-to-change-practices-pay-fine-for-adding-unnecessary-friction-to-opt-out-process/
Order of Decision Ford Motor Co
https://privacy.ca.gov/wp-content/uploads/sites/357/2026/03/Order-of-Decision-Ford-Motor-Co.pdf
California Privacy Protection Agency Enforcement Page
https://cppa.ca.gov/enforcement/
$376K
The California Privacy Protection Agency (CalPrivacy) settled with Ford Motor Company requiring the company to pay a $375,703 fine and change its practices. Ford violated the CCPA by requiring consumers to complete an email verification step before they could opt-out of the sale and sharing of their personal information collected through digital properties and connected vehicle services. In addition to the fine, Ford must provide easy methods to submit opt-out requests with minimal steps, audit its tracking technologies, and ensure compliance with opt-out preference signals including Global Privacy Control.
$19.2M
Ford Motor Company agreed to a $19.2 million multistate settlement for falsely advertising the fuel economy of 2013–2014 C-Max hybrids and the payload capacity of 2011–2014 Super Duty pickup trucks. The settlement requires Ford to cease deceptive advertising practices and pay penalties to participating states.
$1.1M
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$45K
Datamasters, a data broker, failed to register with the California Data Broker Registry as required by the Delete Act. The company sold sensitive personal information including health conditions, age, race, and political views. As a result, it must pay a $45,000 fine and cease all sales of Californians' personal information.
$57K
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.