CCPA Radar

California DOJ stated that Jam City did not offer CCPA-compliant opt-outs in any of its 21 mobile apps and that some games shared or sold data of consumers aged 13 to 16 without the affirmative consent required by the CCPA.

CPPA announced that Tractor Supply failed to maintain a compliant privacy policy, failed to notify California job applicants of their privacy rights, failed to provide an effective opt-out including for Global Privacy Control, and disclosed personal information without contracts containing required privacy protections.

CPPA announced that Todd Snyder failed to process consumer opt-out requests for 40 days, required more information than necessary from consumers, and required identity verification before allowing them to opt out of sale/sharing.

California DOJ and the Los Angeles City Attorney announced that the SpongeBob: Krusty Cook-Off mobile app collected and shared children's data without required parental consent. The investigation also found that the age screen was not neutral and that third-party SDKs were misconfigured.

CPPA announced that Ford required consumers to provide additional information, including email verification, before processing opt-out requests, even though those requests could have been processed without that extra step.

California DOJ alleged that Disney failed to fully effectuate consumers' requests to opt out of sale/sharing across all devices and streaming services linked to their accounts. DOJ described the settlement as the largest CCPA settlement in California history at the time of the announcement.

California DOJ announced that Sling TV failed to provide an easy-to-use opt-out method and that the settlement arose from the DOJ's streaming-services and connected-TV sweep. DOJ also said the company needed to improve protections relating to children.

California DOJ stated that Healthline failed to allow consumers to opt out of targeted advertising and shared data with third parties without CCPA-mandated privacy protections, including data suggesting that a person may have a serious health condition.

CPPA announced that Honda would pay USD 632,500 and change its business practices after claims that it violated the CCPA. The public materials describe issues including requiring verification or excessive information for certain requests, asymmetrical privacy choices, difficulties for authorized agents, and insufficient contractual protections with ad-tech recipients.

California DOJ announced that DoorDash sold California customers' personal information through participation in a marketing cooperative without providing notice or an opportunity to opt out. DOJ treated participation in that cooperative as a sale under the CCPA.

CPPA announced that PlayOn used tracking technologies for targeted advertising, failed to provide an effective first-party opt-out method, failed to honor opt-out preference signals, and had compliance issues affecting consumers aged 13 to under 16.