Last week, California Attorney General Rob Bonta announced a new enforcement focus on streaming apps’ failure to comply with the California Consumer Privacy Act (CCPA). This investigation will examine whether streaming services are complying with the opt-out requirements for businesses that sell or share consumers’ personal information as required by the CCPA. Specifically, the agency will examine those services that do not offer an easy mechanism for consumers to exercise this opt-out right.

Attorney General Bonta said that he “urge[s] consumers to learn about and exercise their rights under the [CCPA], especially the right to tell these businesses to stop selling their personal information.” He also warned that the agency will be “taking a close look at how these streaming services are complying with requirements that have been in place since 2020.”

Under the CCPA’s right to opt-out, companies that sell or share personal information for targeted advertising purposes are required to provide consumers with the right to opt-out of such sales or sharing. Not only must the opt-out be available, but the ability to exercise the right must be easy and involve minimal steps. The agency provided an example: on your SmartTV, you should be able to enable a “Do Not Sell My Personal Information” setting in a streaming service’s app. Further, you should not have to opt-out on different devices if you are logged into your account once the opt-out request has been submitted. Lastly, a streaming service’s privacy policy should also be easily accessible to the consumer and include details on individual CCPA rights. Letters of non-compliance are forthcoming.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.