California’s Attorney General recently announced a settlement with Sling TV over alleged violations of the California Consumer Privacy Act (CCPA). While the details of this case echo themes we’ve seen in prior enforcement actions, it offers important reminders for businesses—especially those operating streaming services, paid TV platforms, or apps that may be accessed by children.
The Case Against Sling TV
The Attorney General alleged that Sling TV failed to provide consumers with an easy way to opt out of the sale and sharing of their personal information, as required under the CCPA and also fell short in providing adequate privacy protections for children. As part of the settlement, Sling TV agreed to pay $530,000 in penalties and implement significant changes, including:
- Making opt-out mechanisms simple and accessible across devices.
- Eliminating unnecessary steps for logged-in users.
- Providing in-app opt-out options on living-room devices.
- Offering kid-specific profiles that default to privacy protections.
- Giving parents clear disclosures and tools to safeguard children’s data.
Why This Enforcement Matters for You
One issue highlighted in this case is the confusion around cookie management and “Do Not Sell/Share” requests. Many businesses rely on off-the-shelf cookie tools that include a toggle labeled “Do not sell or share my personal information.” The problem? Clicking that toggle often only disables advertising cookies, which does not constitute a full opt-out under the CCPA. This can mislead consumers and expose businesses to enforcement risk.
Take Control of Cookie Management
If you’re using a cookie management tool, consider these best practices:
- Avoid misleading labels. Don’t use “Do not sell or share my personal information” on a cookie toggle unless it truly initiates a full opt-out.
- Offer clear choices. Provide options like “Reject all optional cookies” alongside “Accept all” for symmetry.
- Clarify scope. Make it clear that turning off cookies does not equal a complete opt-out of data sales or sharing.
- Customize your tools. Off-the-shelf solutions rarely fit every business model. Review and tailor them to meet legal requirements and consumer expectations.
Since its inception, the CCPA has been a cornerstone of U.S. consumer privacy rights. We’re seeing enforcement activity steadily increasing, with recent investigative sweeps targeting a variety of industries. Regulators expect businesses to go beyond technical compliance to deliver a user-friendly experience, and those that make opt-outs confusing or burdensome may find themselves squarely in enforcement crosshairs.
