noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Professional and Business Services

Covington & Burling LLP

03/12/2024 | News release | Distributed by Public on 03/12/2024 18:56

California Attorney General Announces Second CCPA Settlement

The California Attorney General recently announced a settlement with DoorDash to resolve allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA).

According to the complaint, this enforcement action arose from DoorDash's alleged participation in a "marketing cooperative." The California Attorney General claimed that such cooperatives, where businesses disclose their customer's personal information to the cooperative in order to mail advertisements to consumers on behalf of participants, constitute a "sale" under the CCPA. The Attorney General alleged that DoorDash did not post a "Do Not Sell My Personal Information" link on its website and mobile app.

The Attorney General sent DoorDash a "notice of alleged CCPA noncompliance" related to this behavior in 2020. At the time, the CCPA provided for a cure period, which allowed businesses to avoid liability for CCPA violations if they cured the alleged violation within 30 days of notice. However, although DoorDash had ceased participation in marketing cooperatives by the time it received the notice, the Attorney General took the position that DoorDash had not cured its previous sale of data because it did not "restore them to the same position they would have been in if their data had never been sold."

The complaint further alleges a CalOPPA violation because DoorDash did not disclose in its privacy policy that it shared personally identifiable information with marketing cooperatives.

Under the terms of the settlement, DoorDash will pay a civil penalty of $375,000. The settlement reiterates DoorDash's obligation to comply with both CCPA and CalOPPA, and specifically to disclose any future participation in marketing cooperatives in its privacy policy and notice at collection. DoorDash must also implement and maintain a compliance program for three years, and report annually to the Attorney General summarizing its compliance program and certifying its compliance with the terms of the settlement.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format