Calif. AG Settles Privacy Allegations vs. DoorDash for $375,000 Penalty
DoorDash agreed to pay $375,000 to the office of California Attorney General Rob Bonta (D) to settle allegations that it violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling consumers’ personal information without notice or an opportunity to opt-out of the sale, said a proposed final judgment Wednesday in San Francisco County Superior Court. DoorDash, beginning in 2018, belonged to two marketing cooperatives where unrelated businesses contribute the personal information of their customers for the purpose of advertising their own products to customers from the other participating businesses. The marketing co-op then combines, analyzes and uses the information to target mailed advertisements to potential new customers on behalf of participating businesses. The AG alleged that DoorDash sent the personal information of its California customers to a marketing co-op in exchange for the opportunity to send mailed advertisements to customers of the other participating businesses. The AG alleged that DoorDash failed to comply with CCPA’s requirements for businesses that sell personal information, and that it also violated CalOPPA by failing to state in its posted privacy policy that it disclosed personally identifiable information to the marketing co-ops.