top of page
Search

Largest CCPA Fine to Date

  • Writer: Katarzyna Celińska
    Katarzyna Celińska
  • 1 day ago
  • 2 min read

The California Attorney General has issued the largest CCPA settlement to date, a $2.75 million penalty against Disney for alleged failures related to opt-out rights implementation.

 

🔗 Link

 

From a financial perspective, the amount is not enormous, especially for a global organization like Disney.

 

But this case is important. It shows the direction of regulatory enforcement in California and beyond.

 

According to the Attorney General’s office, the issue was not a data breach. The enforcement focused on failures in the implementation of optout mechanisms, specifically across Disney’s streaming services  .


Photo: Freepik

 

The investigation found:

➡️ Opt-out toggles applied only to specific services or devices, not universally.

➡️ Webform opt-outs were limited in scope and did not fully stop data sales/sharing.

➡️ Global Privacy Control signals were not consistently honored across devices  .

 

The Attorney General made it clear:

➡️ If a company can unify consumer identity for advertising and analytics purposes,

➡️ it should also be able to unify opt-out rights.

 

✅ Mechanisms to enable opt-out from sale or sharing of personal information are not technically complicated to implement.

 

However, for organizations whose revenue models rely heavily on:

➡️ targeted advertising,

➡️ cross-platform identity tracking,

➡️ third-party data sharing,

➡️ robust and effective opt-out implementation may conflict with commercial incentives.

 

But regulators are increasingly signaling that business convenience does not override statutory rights.

 

The Disney settlement surpasses a previous $1.55 million CCPA settlement involving Healthline Media over similar opt-out issues  .

 

I hope that in the future, penalties will be significant enough to create real deterrence, particularly for organizations that treat personal data as a commodity rather than a protected asset.

 

From a governance standpoint, companies operating in California should:

➡️ Review opt-out mechanisms across all services and devices,

➡️ Ensure Global Privacy Control signals are properly honored,

➡️ Test whether identity unification applies equally to opt-out logic,

➡️ Align marketing systems with privacy architecture.


 
 
 

Stay in touch

p.welenc@metaformena.com

META FOR MENA Information Technology Consultants Est.

City Avenue, 7th floor, office 706-0114

2 27 Street, Port Saeed, Deira, Dubai, United Arab Emirates
P.O. BOX: 40138
Licence N.O.: 1049080

Privacy policy

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
bottom of page