CCPA Radar tracks publicly announced enforcement actions, settlements, and penalty decisions under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Its purpose is to provide a clear, practical view of how California regulators interpret and enforce privacy obligations in real cases.
The radar brings together key information on enforcement trends, including the regulator, the organization involved, the amount of the penalty, the legal basis of the violation, and the core compliance issues identified in each matter. By presenting these cases in one place, CCPA Radar helps privacy, legal, compliance, and security teams better understand which failures most often lead to regulatory action.
More than a list of fines, CCPA Radar is designed as a working compliance resource. It shows how regulators approach topics such as opt-out mechanisms, dark patterns, children’s data, privacy notices, vendor contracts, and the technical implementation of consumer rights. This makes it easier to translate enforcement activity into concrete lessons for internal privacy governance and risk management.
PlayOn Sports
Penalty:
USD 1.10 million
Ineffective opt-out mechanisms; targeted advertising; minors' data
Core issue:
March 3, 2026
Date:
Main public findings:
CPPA announced that PlayOn used tracking technologies for targeted advertising, failed to provide an effective first-party opt-out method, failed to honor opt-out preference signals, and had compliance issues affecting consumers aged 13 to under 16.
Cause of the violation:
Description of events
Recommendations:
Source:
PlayOn relied on ad-tech and consent flows that did not provide consumers with a legally sufficient ability to reject sale/sharing, and its notice and signal-handling practices were inadequate.
CPPA issued a decision requiring PlayOn Sports to pay USD 1.10 million and change its practices. The case concerned privacy controls connected to school-sports media and ticketing services, including how users were presented with advertising-related choices and how those choices were technically implemented.
Provide a direct first-party opt-out method; honor browser-based opt-out preference signals such as GPC; separate service access from consent to tracking; review notice language regularly; apply enhanced controls when teenage users may be affected.