One of the most ubiquitous technologies on the web may become a liability risk for businesses. Learn about Google Analytics, wiretap lawsuits, and how to protect your company.
California Attorney Rob Bonta recently announced a $375,000 settlement with DoorDash over alleged violations of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). The Attorney General’s allegations centered around the food-delivery company’s sharing of consumers’ personal data with a marketing cooperative, which amounted to “selling” information under the CCPA.
“I hope today’s settlement serves as a wakeup call to businesses,” said Mr. Bonta. “The CCPA has been in effect for over four years now, and businesses must comply with this important privacy law. Violations cannot be cured, and my office will hold businesses accountable if they sell data without protecting consumers’ rights.”
At the heart of the allegations is DoorDash’s participation in a “marketing cooperative.” A marketing cooperative allows participating companies to advertise to each other’s customers. For example, the owner of a gym may want to reach the customers of a company that sells yoga pants, or vice versa. In exchange for this opportunity, each member gives the cooperative access to its customer data, and the cooperative acts as a data broker.
There is nothing inherently illegal about participating in a marketing cooperative. What got DoorDash into trouble was its (alleged) failure to do two things: (1) Disclose the fact of its participation in the marketing cooperative, and (2) offer consumers a way to opt out.
While the Attorney General’s press release does not go into great detail about its investigation or DoorDash’s alleged violations, other businesses can still learn a few lessons about privacy compliance from the case.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.