March 4, 2026
PlayOn Sports Fined $1.1M for Opt-Out Failures
California regulators keep up the pressure on businesses nationwide, this time targeting a popular ticketing platform used by thousands of schools.
The California Privacy Protection Agency (CalPrivacy) has released the details of another privacy settlement under the CCPA, this time against Ford Motor Company. Coming just days after its announcement of a $1.1M settlement with PlayOn Sports, it would appear that CalPrivacy approved multiple enforcement cases at its last board meeting.
The case against Ford is relatively straightforward, so let’s jump right in.
In the order of decision, CalPrivacy only accuses Ford of one thing: Requiring consumers to confirm their email address before processing requests to opt-out of selling and sharing their personal information.
Why is that a problem? Under the CCPA, businesses cannot require authentication of requests to opt-out. This stands in contrast to other request types like deletion and access requests which must be authenticated.
The reasoning is that there is virtually no downside to the consumer if an opt-out is fraudulently submitted in their name, and requiring authentication potentially discourages consumers from submitting requests. Further, businesses must honor opt-out requests submitted via Global Privacy Control, and requiring authentication for such requests would essentially nullify opt-out signals.
Privacy compliance is complicated, and even big companies like Ford can make mistakes. Ford relied on a poorly configured, out-of-the-box privacy solution from a major vendor, and perhaps never knew they were out of compliance until regulators came knocking.
TrueVault brings deep expertise to every aspect of our product to make sure it is compliant, and our team works closely with every customer to help them understand their obligations under data privacy law. Our opt-out forms have never required consumer authentication, because we pay meticulous attention to detail. By taking advantage of our guided workflows and automation, your business can be confidently compliant in a matter of days.
Contact our team to learn more about privacy compliance with TrueVault.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.
