Jennifer L. Mitchell, Taylor A. Bloom, and Danielle A. A. Richardson of Baker Hostetler write:
On July 1, the California attorney general (CA AG) announced the largest CCPA settlement to date, $1.55 million, and the first settlement against a website publisher, Healthline Media LLC (Healthline). The settlement (pending court approval) resolves allegations against Healthline, a health and wellness information website, for violating the California Consumer Privacy Act (CCPA) and the California Unfair Competition Law (UCL) and would involve novel injunctive requirements. This is the first CCPA enforcement action focused on health-related data, following years of heightened federal enforcement trends triggered by healthcare entities’ treatment and disclosure of this category of sensitive personal information.
The California Department of Justice (DOJ) investigation into Healthline was triggered by a finding that the opt-out functionality on its website was not functioning as required under the CCPA, namely that consumers could not effectively opt out of numerous behavioral advertising cookies that were allegedly used to transmit health information to third-party advertising vendors. In CA AG Rob Bonta’s press release accompanying this settlement, Bonta emphasized the DOJ’s authority under the CCPA to “fight online surveillance,” as well as the sensitive nature of the underlying data, which “could have revealed consumers’ private medical diagnosis.”
Read more at BakerHostetler.