The California Attorney General announced a settlement with DoorDash following allegations of unlawfully selling consumers’ personal data without their knowledge or consent, violating the state’s stringent consumer privacy law. The charges stemmed from DoorDash’s involvement in marketing cooperatives, where it exchanged customers’ personal information with other businesses to collectively expand their customer bases. Attorney General Rob Bonta emphasized that DoorDash’s participation in these cooperatives constituted a sale under the California Consumer Privacy Act (CCPA), infringing on consumers’ rights under the landmark privacy law.
Under the terms of the settlement, DoorDash agreed to pay a $375,000 civil penalty and undertake measures to ensure compliance with consumer privacy regulations. This includes reviewing agreements with vendors to assess if customer information is being sold or shared and providing annual reports to the Attorney General’s office disclosing any potential sale or sharing of consumer data. The settlement underscores the importance of businesses adhering to the CCPA, which is regarded as the nation’s most robust consumer privacy law and establishes stringent rules for the collection and sale of personal data.
DoorDash maintains that the incident in question occurred over four years ago, coinciding with the initial implementation of the CCPA, and states that it ceased engagement with marketing cooperatives in 2020. The company expressed satisfaction in resolving the matter, affirming its commitment to privacy and good faith in addressing the issue. However, the settlement serves as a reminder to businesses of the ongoing obligation to uphold consumer privacy rights, even as the regulatory landscape evolves and enforcement actions increase under the CCPA.
