California Attorney General Rob Bonta has announced a significant settlement with Healthline Media LLC, pending court approval. The agreement addresses allegations that the company’s use of online tracking technology on its website, Healthline.com, breached the California Consumer Privacy Act (CCPA). The investigation by the California Department of Justice revealed that Healthline did not allow consumers to opt out of targeted advertising and shared data with third parties without adhering to CCPA-mandated privacy protections. This included data suggesting a person might have a serious health condition.
The proposed settlement includes $1.55 million in civil penalties and strict injunctive terms. One notable provision prohibits Healthline from sharing article titles that could reveal a consumer’s medical diagnosis.
Attorney General Bonta stated, “Our settlement with Healthline underscores that Californians have critical privacy rights under the CCPA to fight online surveillance — including by website publishers. Healthline shared data with third parties that could have revealed consumers’ private medical diagnoses, and while doing so, disregarded consumer’s rights to opt-out of the sale and sharing of this data.”
Healthline.com is a prominent health information website generating revenue through ads, some personally targeted at readers. To maximize ad revenue, it uses online trackers like cookies and pixels to communicate reader data to advertisers and other third parties. Some article titles suggested serious illnesses, such as “You’ve Been Newly Diagnosed with MS. What’s Next?” These trackers operate invisibly when webpages load, often without consumer awareness.
The complaint alleges several violations by Healthline:
– Failing to allow consumers to opt out of personal information sharing for targeted advertising.
– Violating the Purpose Limitation Principle by using personal information beyond its collected purpose.
– Not maintaining CCPA-required contracts ensuring privacy protections.
– Deceiving consumers about privacy practices through ineffective consent banners.
Under the settlement terms, Healthline must ensure opt-out mechanisms function correctly; cease disclosing information linking specific consumers to articles suggesting disease diagnoses; maintain a CCPA compliance program; audit contracts for required privacy terms or confirm third-party adherence; and maintain accurate disclosures and privacy policies.
This case marks Attorney General Bonta’s fourth enforcement action under the CCPA. Previous actions include settlements with Tilting Point Media LLC for collecting children’s data without parental consent, DoorDash for selling personal information without notice or opt-out options, and Sephora for undisclosed personal information sales.
In March, Attorney General Bonta initiated an investigative sweep into the location data industry due to concerns over widespread collection and sale impacting immigrant communities and healthcare access in California.
For more details on the CCPA or to report violations, visit oag.ca.gov/ccpa or submit complaints online at oag.ca.gov/report.
