CCPA Radar

11 lutego 2026

Opt-out not effective across devices and streaming services

California DOJ alleged that Disney failed to fully effectuate consumers' requests to opt out of sale/sharing across all devices and streaming services linked to their accounts. DOJ described the settlement as the largest CCPA settlement in California history at the time of the announcement.

5 marca 2026

Opt-out friction; unnecessary verification

CPPA announced that Ford required consumers to provide additional information, including email verification, before processing opt-out requests, even though those requests could have been processed without that extra step.

17 czerwca 2024

Children's data; lack of parental consent; non-neutral age screen; misconfigured SDKs

California DOJ and the Los Angeles City Attorney announced that the SpongeBob: Krusty Cook-Off mobile app collected and shared children's data without required parental consent. The investigation also found that the age screen was not neutral and that third-party SDKs were misconfigured.

1 lipca 2025

Failure to allow opt-out of targeted advertising; insufficient third-party protections; handling of sensitive health-related inferences

California DOJ stated that Healthline failed to allow consumers to opt out of targeted advertising and shared data with third parties without CCPA-mandated privacy protections, including data suggesting that a person may have a serious health condition.

30 września 2025

Privacy notice failures; job-applicant privacy rights; GPC/opt-out failures; missing contract safeguards

CPPA announced that Tractor Supply failed to maintain a compliant privacy policy, failed to notify California job applicants of their privacy rights, failed to provide an effective opt-out including for Global Privacy Control, and disclosed personal information without contracts containing required privacy protections.

30 października 2025

Burdensome opt-out process; inadequate children's privacy safeguards

California DOJ announced that Sling TV failed to provide an easy-to-use opt-out method and that the settlement arose from the DOJ's streaming-services and connected-TV sweep. DOJ also said the company needed to improve protections relating to children.

3 marca 2026

Ineffective opt-out mechanisms; targeted advertising; minors' data

CPPA announced that PlayOn used tracking technologies for targeted advertising, failed to provide an effective first-party opt-out method, failed to honor opt-out preference signals, and had compliance issues affecting consumers aged 13 to under 16.

12 marca 2025

Consumer-rights request handling failures; asymmetrical choice design; barriers to authorized agents; missing contract safeguards

CPPA announced that Honda would pay USD 632,500 and change its business practices after claims that it violated the CCPA. The public materials describe issues including requiring verification or excessive information for certain requests, asymmetrical privacy choices, difficulties for authorized agents, and insufficient contractual protections with ad-tech recipients.

21 lutego 2024

Sale through a marketing cooperative without proper notice and opt-out

California DOJ announced that DoorDash sold California customers' personal information through participation in a marketing cooperative without providing notice or an opportunity to opt out. DOJ treated participation in that cooperative as a sale under the CCPA.

6 maja 2025

Opt-out requests not processed; excessive request burden; unnecessary verification

CPPA announced that Todd Snyder failed to process consumer opt-out requests for 40 days, required more information than necessary from consumers, and required identity verification before allowing them to opt out of sale/sharing.

21 listopada 2025

No compliant in-app opt-outs; sale/sharing of teens' data without required consent

California DOJ stated that Jam City did not offer CCPA-compliant opt-outs in any of its 21 mobile apps and that some games shared or sold data of consumers aged 13 to 16 without the affirmative consent required by the CCPA.