Landmark $1.55M CCPA Settlement Reached with Healthline
- Katarzyna Celińska
- Jul 21
- 1 min read
In a major privacy enforcement milestone, California Attorney General announced the largest-ever settlement under the CCPA – $1.55 million against Healthline Media LLC, one of the world’s most visited health information websites.
This settlement sends a clear message: consumer health data privacy is non-negotiable, and the misuse of sensitive information —even through invisible third-party trackers—is a direct breach of trust.
The California DOJ found that Healthline:
✅ Violated opt-out rights, including via Global Privacy Control signals.
✅ Shared article titles implying diagnosis with ad tech companies.
✅ Lacked proper CCPA-compliant contracts with advertisers.
✅ Misled users with consent banners that failed to block trackers.
✅ Broke purpose limitation rules, using personal data for targeting without explicit permission.
What the Settlement Requires:
✅ Ban on transmitting medical implication metadata.
✅ Accurate privacy notices and functioning opt-out tools.
✅ Formal CCPA compliance program with contractual oversight.
✅ Internal audits ensuring data-sharing terms are enforced.
This settlement is not as high as the GDPR fines we see in Europe – for example, those tracked on www.enforcementtracker.com – but it shows U.S. enforcement is accelerating. At first, regulators in the U.S. gave companies a grace period, warning them rather than punishing. Now, we’re seeing a shift. Authorities are taking real action against companies that breach privacy laws, especially when health-related data is involved. The era of privacy enforcement ‘light’ is ending.”
Links to:
Author: Sebastian Burgemejster
留言