CCPA Radar tracks publicly announced enforcement actions, settlements, and penalty decisions under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Its purpose is to provide a clear, practical view of how California regulators interpret and enforce privacy obligations in real cases.
The radar brings together key information on enforcement trends, including the regulator, the organization involved, the amount of the penalty, the legal basis of the violation, and the core compliance issues identified in each matter. By presenting these cases in one place, CCPA Radar helps privacy, legal, compliance, and security teams better understand which failures most often lead to regulatory action.
More than a list of fines, CCPA Radar is designed as a working compliance resource. It shows how regulators approach topics such as opt-out mechanisms, dark patterns, children’s data, privacy notices, vendor contracts, and the technical implementation of consumer rights. This makes it easier to translate enforcement activity into concrete lessons for internal privacy governance and risk management.
Jam City, Inc.
Penalty:
USD 1.4 million
No compliant in-app opt-outs; sale/sharing of teens' data without required consent
Core issue:
November 21, 2025
Date:
Main public findings:
California DOJ stated that Jam City did not offer CCPA-compliant opt-outs in any of its 21 mobile apps and that some games shared or sold data of consumers aged 13 to 16 without the affirmative consent required by the CCPA.
Cause of the violation:
Core issue:
Recommendations:
Source:
Jam City's privacy program did not align with the actual location of data collection and sharing, which occurred almost entirely inside its mobile apps, and controls for teenagers' data were insufficient.
No compliant in-app opt-outs; sale/sharing of teens' data without required consent
Where data collection occurs in-app, provide in-app privacy controls; implement specific controls for teen users; audit SDKs and mobile ad-tech regularly; verify that opt-out and opt-in flows work in production across all apps.