California Attorney General Bonta Announces DoorDash Settlement Over Privacy Violations

California Attorney General Bonta Announces DoorDash Settlement Over Privacy Violations

By

California Attorney General Rob Bonta revealed a settlement with DoorDash, concluding an investigation that exposed the company's breaches of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA).

The California Department of Justice's probe disclosed DoorDash's unauthorized sale of personal information belonging to California customers, infringing upon both the CCPA and CalOPPA. The sale transpired within a marketing cooperative, where businesses shared customers' data without providing notice or an opt-out option, contravening state privacy laws.

Attorney General Bonta emphasized, "DoorDash’s participation in a marketing cooperative is a sale under the CCPA and violates its customers’ rights under our landmark state privacy law."

DoorDash, headquartered in San Francisco, participated in marketing cooperatives to expand its customer base. The violation occurred in January 2020, during the first month of CCPA enforcement, when DoorDash exchanged personal information of California consumers with a marketing cooperative to promote its services to other participating businesses.

The enforcement action alleges that DoorDash failed to comply with CCPA’s requirements for businesses selling personal data and did not rectify these violations. Additionally, the company violated CalOPPA by not disclosing in its privacy policy the disclosure of personally identifiable information to marketing cooperatives.

As part of the settlement, DoorDash will pay a $375,000 civil penalty and adhere to stringent injunctive terms, including compliance with CCPA and CalOPPA, reviewing contracts with vendors, and providing annual reports monitoring potential sale or sharing of consumer personal information.

This marks Attorney General Bonta's second CCPA enforcement settlement, highlighting the legal consequences for businesses violating consumer privacy laws. The case underscores the significance of businesses ensuring compliance with the CCPA, and Attorney General Bonta's ongoing efforts to enforce these regulations across various industries.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.