Privacy and consumer protection enforcement actions tracked from official California Privacy Protection Agency sources.
Official enforcement page23
Total Actions
$4.4M
Total Fines
The California Privacy Protection Agency settled with Ford Motor Company for $375,703 after finding that Ford violated the CCPA by requiring email verification for opt-out requests, creating unnecessary friction. Ford must implement easier opt-out methods, conduct a website audit, and comply with global privacy controls.
$376K
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
Datamasters, a data broker, failed to register with the California Data Broker Registry as required by the Delete Act. The company sold sensitive personal information including health conditions, age, race, and political views. As a result, it must pay a $45,000 fine and cease all sales of Californians' personal information.
$45K
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
$57K
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.
$1.4M
The California Privacy Protection Agency, together with the Attorneys General of California, Colorado, and Connecticut, announced an investigative sweep targeting businesses that fail to honor Global Privacy Control (GPC) signals, which automatically communicate consumers' opt-out requests. The coalition is contacting identified businesses and demanding immediate compliance with state privacy laws. This coordinated effort highlights the states' commitment to enforcing consumers' right to opt-out of the sale of their personal information.
The California Privacy Protection Agency (CPPA) filed a petition in Superior Court to enforce a subpoena against Tractor Supply Company for alleged CCPA violations, including failure to honor consumers' right to opt-out of the sale and sharing of personal information. This is the CPPA's first judicial action to enforce an investigative subpoena, and the agency is seeking court assistance to compel the company's compliance.
The California Privacy Protection Agency (CPPA) ordered Accurate Append, Inc. to pay a $55,400 fine for failing to register as a data broker under the Delete Act by the January 31, 2024 deadline. The company registered only after being contacted during an enforcement sweep and agreed to injunctive terms, including paying attorney fees for future non-compliance.
$55K
The California Privacy Protection Agency ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under the Delete Act. The order was issued by default after the company did not contest the allegations, highlighting CPPA's enforcement of data broker registration requirements.
$46K
The California Privacy Protection Agency (CPPA) ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under California's Delete Act. The order was issued by default after the company did not contest the allegations. This enforcement action highlights the CPPA's efforts to ensure data broker compliance with registration laws.
$46K
The California Privacy Protection Agency (CPPA) settled with Todd Snyder, Inc. for violating the California Consumer Privacy Act (CCPA) by failing to process opt-out requests, requiring excessive information for privacy requests, and improperly verifying identities for opt-outs. The company must pay a $345,178 fine and overhaul its privacy practices, including configuring opt-out mechanisms and providing employee training.
$345K
The California Privacy Protection Agency settled with American Honda Motor Co. for CCPA violations, including making it difficult for consumers to opt-out of data sharing, using dark patterns in its privacy tool, hindering authorized agent requests, and sharing data with ad tech companies without proper contracts. Honda must pay a $632,500 fine, implement new processes for privacy requests, certify compliance, train employees, and ensure appropriate data sharing contracts.
$633K
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
The California Privacy Protection Agency (CPPA) settled with two data brokers, Infillion and The Data Group, for failing to register and pay annual fees as required by the Delete Act. Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms. This is part of a broader enforcement effort against non-compliant data brokers.
$101K
The California Privacy Protection Agency (CPPA) settled with two data brokers, PayDae, Inc. (Infillion) and The Data Group, LLC, for failing to register as required by Senate Bill 362 (the Delete Act). Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms to ensure future compliance with registration requirements.
The California Privacy Protection Agency (CPPA) settled with data brokers Growbots, Inc. and UpLead LLC for failing to register and pay annual fees under the California Delete Act. Growbots paid $35,400 and UpLead paid $34,400, and both agreed to injunctive terms including payment of attorney fees for non-compliance. This action enforces the Delete Act's requirements for data broker transparency and consumer privacy.
$70K
The California Privacy Protection Agency (CPPA) announced an investigative sweep to enforce data broker registration compliance under the Delete Act. Data brokers must register annually and pay fees, with penalties of $200 per day for non-compliance. The CPPA will take enforcement actions against unregistered data brokers and is developing a consumer deletion platform (DROP) for 2026.
The California Privacy Protection Agency (CPPA) issued an enforcement advisory clarifying that dark patterns—user interfaces that subvert consumer autonomy in making privacy choices—violate the California Consumer Privacy Act (CCPA). The advisory emphasizes that businesses must present opt-out options clearly and symmetrically, focusing on the effect rather than intent. It directs consumers to report suspected violations and provides resources for businesses to comply.
The California Privacy Protection Agency settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and agree to injunctive terms. This is the fifth enforcement action in a sweep against unregistered data brokers.
$56K
The California Privacy Protection Agency (CPPA) settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and comply with injunctive terms, including covering attorney fees for non-compliance. This is the fifth enforcement action in CPPA's sweep against unregistered data brokers.
$56K