1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
California Attorney General Rob Bonta announced a $2.75 million settlement with The Walt Disney Company, the largest CCPA settlement in state history, resolving allegations that Disney violated the CCPA by failing to fully honor consumers’ opt-out requests for the sale or sharing of their personal data across all devices and streaming services linked to their accounts. Disney’s opt-out methods, including in-app toggles, webforms, and Global Privacy Control implementation, had gaps that allowed continued data sale or sharing even after consumers opted out. Under the settlement, Disney must pay the civil penalty and implement comprehensive opt-out methods that fully cease all sale or sharing of consumer data upon request.
$2.8M
California Attorney General Rob Bonta announced a $1.4 million settlement with mobile gaming company Jam City, Inc. for violating the CCPA by failing to provide consumers with compliant methods to opt out of the sale or sharing of their personal information across its 21 mobile apps. The settlement also resolves allegations that Jam City sold or shared personal data of users aged 13 to 16 without the required affirmative opt-in consent. In addition to the civil penalty, Jam City must implement in-app opt-out methods and obtain opt-in consent for minor users' data sales and sharing.
$1.4M
Connecticut Attorney General secured a $1 million multistate settlement with TFG Holding, Inc. for deceptive VIP membership program marketing and billing practices. The company must improve disclosures, obtain explicit consent, provide easy cancellation, and offer restitution to affected consumers.
$1.0M
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.
$1.4M
California Attorney General Rob Bonta announced a $1.55 million settlement with health information website publisher Healthline Media LLC, resolving allegations that the company violated the CCPA and Unfair Competition Law. Violations included failing to honor consumer opt-out requests, sharing sensitive health data with third parties without required privacy protections, and using deceptive consent banners that did not disable tracking cookies. The settlement imposes injunctive terms, compliance requirements, and a civil penalty, marking the largest CCPA settlement to date.
$1.6M
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
California Attorney General Rob Bonta announced a settlement with Sephora, Inc. resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to disclose it was selling consumers' personal information and failing to process opt-out requests via user-enabled Global Privacy Controls. Sephora agreed to pay $1.2 million in penalties and implement injunctive measures including updating privacy disclosures, enabling opt-out via GPC, conforming service provider agreements to CCPA, and reporting to the AG. The settlement is part of ongoing CCPA enforcement efforts, with the AG also issuing cure notices to other businesses failing to honor GPC opt-out signals.
$1.2M
Connecticut Attorney General filed a $5 million stipulation judgment against Safe Home Security for repeated non-compliance with court-ordered consumer protection measures, including blocking contract terminations and misrepresenting terms. The judgment requires immediate payment of $1 million and suspends $4 million pending compliance, with an independent monitor for five years.
$5.0M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
All data sourced from official government enforcement pages.