Record-Breaking Privacy Fine Out of California

Hello all, and happy Thursday! 

Apparently, California doesn't just keep all those regulations around for show. California’s attorney general just handed out the largest CCPA fine to date, with a $1.55 million settlement with Healthline Media LLC. The violations generally centered around failing to honor consumer opt-outs for targeted advertising and data transfers to third parties. 

Here’s what stood out to me: 

• US privacy enforcement is finally catching up to the EU. Used to be these six-figure fines were only something you saw come out of France or Ireland. Looks like those days are over. 

• This underscores why targeted advertising can be such a privacy violation. Healthline visitors were reading articles about potentially sensitive medical conditions and—even though they opted out—received ads related to articles they read on Crohn's disease, MS, and more. What business is it of some random advertiser to know that you might have Crohn’s disease?! 
• Businesses need to prioritize privacy management and stop treating it as a box to check off. Healthline had all the trappings of compliance, including three separate opt-out mechanisms. But none of them actually functioned as intended. The AG said it best in their complaint: “Borrowing the old phrase, businesses should trust—but verify—that their privacy compliance measures work as intended.” If it’s nobody’s job to verify, then all you’re left with is trusting that you’re compliant. 

Scroll down to read the attorney general's press release on the action.

Best, 

Arlo 

 P.S. Tomorrow’s the 4th of July! As such, the Osano team will be out of the office. Hope you’re spending the day grilling with your loved ones—maybe soaking up some rays at the beach? 

Highlights from Osano

New From Osano 

Blog: Customer Data Privacy: Why It’s Important and How to Protect It 

Data subjects, consumers, residents—privacy regulations have a lot of names for the people whose privacy you need to protect. When it comes down to it, what do you need to do for your customers? Our blog lays it all out. 

Read more 

In Case You Missed It... 

Case Study: Gear Patrol Automates DSARs, Manages Consent, and Secures User Trust 

Wondering what an Osano implementation could do for your subject rights workflow? Check out how Gear Patrol, a leading product review publication, uses Osano to manage subject rights and consent in service to their readers. 

Read more 

Top Privacy Stories of the Week

noyb Files Complaint Against Bumble for Its AI Icebreakers 

The dating platform Bumble introduced AI Icebreakers powered by OpenAI’s ChatGPT, designed to help you start a conversation by providing an AI-generated message. Privacy advocacy group noyb (“None of Your Business”) alleges Bumble feeds users’ personal profile information into the AI system without Bumble ever obtaining your consent in violation of EU privacy law. 

Read more 

Denmark Gives People Copyright Over Their Own Faces to Fight Deepfakes 

On Thursday, the Danish government announced plans to strengthen protections against digital impersonation, in what it says is the first law of its kind in Europe. Denmark intends to amend its copyright law to give individuals ownership rights over their own body, facial features, and voice. The proposed changes would allow people to request the removal of AI-generated content that uses their likeness without consent and seek compensation. 

Read more 

US Student Visa Applicants Must Make Social Media Public 

Recently, the US State Department said foreign nationals seeking to study in the US must make their social media profiles public. The State Department indicated that the online presence of those seeking study and exchange visas will be scrutinized. "To facilitate this vetting, all applicants for F, M, and J nonimmigrant visas will be instructed to adjust the privacy settings on all of their social media profiles to 'public,'" the State Department said. 

Read more 

US Senate Votes to Strike Controversial AI Regulation Moratorium from Trump Agenda Bill 

The US Senate has voted nearly unanimously to remove a 10-year moratorium on the enforcement of state artificial intelligence regulations from Republicans’ sweeping domestic policy bill, known as the “Big Beautiful Bill.” As of this writing, the bill has been sent back to the House to rectify the Senate and House versions of the bill. 

Read more 

Attorney General Bonta Announces Largest CCPA Settlement to Date, Secures $1.55 Million from Healthline.com 

California Attorney General Rob Bonta today announced a settlement with website publisher Healthline Media LLC, resolving allegations that its use of online tracking technology on its health information website, Healthline.com, violated the California Consumer Privacy Act (CCPA).  

Read more 

Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page!