On October 30, 2025, California Attorney General Bonta announced a $530,000 settlement related to allegations that Sling TV, an internet-based live TV service, violated the California Consumer Privacy Act (“CCPA”) and the California Unfair Competition Law. This is the first enforcement action arising from the California Department of Justice’s (“DOJ”) investigative sweep of streaming services and connected TVs, which was announced in January 2024.

The AG alleges Sling TV committed the following violations:

  • Failed to Provide Easy-to-Execute Methods for Opt-Outs. The AG alleges that Sling TV’s opt-out methods on its website, on mobile, and on various devices using the app were difficult for consumers to effectuate their right to opt-out. For instance, the complaint alleges that Sling TV posted a “Your Privacy Choices” link, which directed consumers to cookie preferences, but did not provide an easy-to-execute method to exercise the opt-out right. The AG alleges that the steps to opt-out were hard to find with links embedded in text or unlabeled. When consumers located the link, the complaint alleges that consumers continued to face a burdensome process that required multiple steps to log-in and redundant information requests. Consumers using the Sling TV app had to use an additional device separate from the app to effectuate the opt-out. The complaint also alleges Sling TV failed to consider the methods by which it primarily interacts with consumers on app-based devices.
  • Failed to Provide Adequate Privacy Protections for Minors Under 16. Where a business has actual knowledge that a consumer is under 16 years old, the CCPA prohibits the business from selling or sharing that minor’s personal information without the teen’s consent or a parent’s consent for users under the age of 13. A business that willfully disregards the consumer’s age is deemed to have actual knowledge of the minor’s age. Nothing in the complaint alleges that Sling TV had actual knowledge that any specific viewer was a minor under the age of 16. Rather, the complaint alleges that Sling TV knew generally that minors under 16 years old were likely using the service and that Sling TV did not age screen users or create an option for parents to designate a profile as a “kid’s profile.” Notably, nothing in the statute requires age assurance and the California Age-Appropriate Design Code Act, which would require age assurance or that businesses by default treat users as minors, is currently enjoined.

Under the terms of the voluntary settlement, which is binding on Sling TV, the company agrees to the following:

  • Inform consumers if they collect personal information about consumers from third parties, whether they sell or share such information, and that they conduct cross-context behavioral advertising based on this third-party information;
  • Provide consumers with an obvious “Do Not Sell or Share My Personal Information” or similar link on its homepages that does not use dark patterns;
  • Provide consumers with an easy-to-find and simple to execute link for opting out;
  • Stop requiring logged-in customers to fill out a webform with information already available to the business;
  • Provide an opt-out mechanism that is acceptable from within the Sling TV app used on a television, such as an on-screen toggle or if not technically feasible, a QR code that links to an opt-out on a smart phone;
  • Apply choices made for logged-in users across their account for all devices and browsers;
  • Allow parents to designate a “kid’s profile” that defaults off the sale and sharing of personal information or cross-context behavioral advertising;
  • Maintain a system for programmers to designate channels as made for children or minors, which must not display advertising that is based on or inferred from consumers’ personal information;
  • Assess at least annually, and as new channels are added, whether additional channels should be designated and classified as made for children or minors;
  • Delete personal information collected from or regarding users who Sling TV has actual knowledge are children or minors;
  • Implement and maintain a compliance program for at least three years to assess and monitor the effectiveness of Sling TV’s opt-out methods and actions to protect children and minor privacy; and
  • Pay $530,000 in civil penalties.

This is the California AG’s fifth action against entities alleged to have violated the CCPA. We summarized several past AG’s prior actions in blog posts here, here, and here. The settlement demonstrates that the AG continues to scrutinize online advertising practices and children’s privacy violations under the CCPA.

Tags: "California AG", California Consumer Privacy Act (CCPA), Children's Privacy, State Privacy
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less
Photo of Jenna Zhang Jenna Zhang

Jenna Zhang advises clients across industries on data privacy, cybersecurity, and emerging technologies. 

Jenna partners with clients to ensure their compliance with the rapidly evolving federal and state privacy and cybersecurity laws. She supports clients in designing new products and services, drafting privacy…

Jenna Zhang advises clients across industries on data privacy, cybersecurity, and emerging technologies. 

Jenna partners with clients to ensure their compliance with the rapidly evolving federal and state privacy and cybersecurity laws. She supports clients in designing new products and services, drafting privacy notices and terms of use, responding to cyber and data security incidents, and evaluating privacy and cybersecurity risks in corporate transactions. In particular, she advises clients on substantive requirements relating to children’s and student privacy, including COPPA, FERPA, age-appropriate design code laws, and social media laws.

As part of her practice, Jenna regularly represents clients in data privacy investigations and enforcement actions brought by the Federal Trade Commission and state attorneys general. She also supports clients in proactive engagement with regulators and policymakers to ensure their perspectives are heard.

Jenna also maintains an active pro bono practice with a focus on supporting families in adoptions, guardianships, and immigration matters.

Read more about Jenna ZhangEmail
Show more Show less
Photo of Natalie Maas Natalie Maas

Natalie is an associate in the firm’s San Francisco office, where she is a member of the Food, Drug, and Device, and Data Privacy and Cybersecurity Practice Groups. She advises pharmaceutical, biotechnology, medical device, and food companies on a broad range of regulatory…

Natalie is an associate in the firm’s San Francisco office, where she is a member of the Food, Drug, and Device, and Data Privacy and Cybersecurity Practice Groups. She advises pharmaceutical, biotechnology, medical device, and food companies on a broad range of regulatory and compliance issues.

Natalie also maintains an active pro bono practice, with a particular focus on health care and reproductive rights.

Read more about Natalie MaasEmail
Show more Show less