Consumer Privacy Enforcement Is Accelerating in 2026–2027 — What Dealerships Need to Know

Across the country, consumer‑privacy enforcement is entering its most aggressive period in decades. Both federal and state regulators have made it clear that businesses — including automotive, powersport, and RV dealerships — must ensure their privacy notices, website practices, and data‑handling operations accurately reflect what they actually do. The era of “copy‑and‑paste” privacy policies or outdated website disclosures is over.

Federal Enforcement: The FTC Is Expanding Its Reach

The FTC’s FY 2027 budget request emphasizes a sharp increase in enforcement activity tied to digital tracking, AI‑driven consumer deception, data‑sharing practices, and financial‑services privacy obligations. The agency has publicly stated that underfunding in FY 2026 forced prioritization, but 2027 is positioned for a renewed enforcement surge.

Recent FTC Enforcement Actions Relevant to Dealerships

Several high‑visibility cases illustrate the FTC’s priorities:

Tractor Supply (2025) — The California Privacy Protection Agency (CPPA) and FTC highlighted failures, including:

FTC’s 2024–2026 “Dark Patterns” and Deceptive Consent Crackdown — The FTC has repeatedly warned that businesses must stop using misleading cookie banners, pre‑checked boxes, or confusing opt‑out flows. Dealership websites using vendor‑supplied tools that track consumers without proper disclosures are now squarely in scope.

Safeguards Rule Enforcement — The FTC continues to pursue financial‑services entities (including dealerships) for failures in:

FTC Warning Letters to 97 dealerships – The agency flagged issues such as deceptive online pricing, undisclosed mandatory fees, and misleading “bait‑and‑switch” offers that did not match the terms available to consumers. The FTC is watching for misalignment between what a dealership promises and what a customer experiences.

State Enforcement: California Leads, Others Follow

California remains the most active privacy enforcer in the U.S. Recent developments include mandatory annual cybersecurity audits and risk assessments, new rules on automated decision‑making technology (ADMT), and active investigations into website tracking practices. The CPPA has repeatedly stated that misalignment between a business’s privacy policy and its actual website behavior is one of the most common violations.

Other States Increasing Enforcement

More than 20 states now have active consumer‑privacy laws, and several Attorneys General have launched investigations into:

States with active enforcement in 2025–2026 include: Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Tennessee, and Indiana. Dealerships operating in multiple states must now assume multi‑jurisdictional compliance is the norm, not the exception.

Why This Matters for Dealerships:

Dealerships sit at the intersection of consumer finance, digital marketing, and personal‑data collection, three areas under intense regulatory scrutiny.

1. Your privacy policy must match your actual practices

Regulators are penalizing businesses whose websites:

2. Vendor oversight is now a legal requirement

Dealerships rely heavily on website providers, CRM systems, chat tools, and marketing platforms. If those vendors collect or share data improperly, the dealership is still responsible.

3. Business continuity depends on trust and compliance

Privacy failures now lead to:

In an industry built on relationships, privacy is now a customer‑service issue as much as a compliance issue. Dealerships that take proactive steps now will be better positioned to avoid enforcement actions and maintain customer trust in 2026 and 2027.

A2C Helps Dealerships Stay Protected. Contact us for website privacy audits, safeguards rule compliance assessments, accurate privacy notices tailored to your operations, training for staff and leadership, and more!

References:

https://cppa.ca.gov/news/pr_2025_tractor_supply_enforcement.html

https://www.ftc.gov/news-events/topics/dark-patterns

https://verdict.org/ftc-requests-426-71m-budget-1183-positions-for-fy-2027

https://www.ftc.gov/reports/fy-2027-congressional-budget-justification

https://www.texasattorneygeneral.gov/consumer-protection/data-privac

https://www.oag.state.va.us/consumer-protection/privacy

https://coag.gov/resources/colorado-privacy-act/

https://www.ftc.gov/news-events/news/press-releases/2026/03/ftc-warns-97-auto-dealership-groups-about-deceptive-pricing

Matt Vatter

Chief Compliance Officer, Accelerate2Compliance