ARTICLE
31 July 2025

California Privacy Enforcement Continues: CPPA's Largest Fine To Date

TS
Taft Stettinius & Hollister

Contributor

Established in 1885, Taft is a nationally recognized law firm serving individuals and businesses worldwide, in both mature and emerging industries.
On July 1, 2025, the California Attorney General, Rob Bonta, announced that the California Privacy Protection Agency (CPPA) entered into a settlement with Healthline Media LLC (Healthline)...
United States California Privacy

On July 1, 2025, the California Attorney General, Rob Bonta, announced that the California Privacy Protection Agency (CPPA) entered into a settlement with Healthline Media LLC (Healthline), which included a fine of $1,550,000, the largest fine by the CPPA to date, for various alleged violations of the California Consumer Privacy Act (CCPA). This settlement and fine follow the CCPA's $632,500 fine against American Honda Motor Co. in March of this year. These actions continue to show California's increased focus on CCPA enforcement.

Per the announcement, Healthline.com is a health and wellness information website that is one of the top 40 most visited websites in the world and generates revenue by showing advertisements on the website.

The settlement, which is pending court approval, includes the following allegations that Healthline:

  • Failed to opt consumers out of targeted advertising. The CPPA alleged that Healthline disclosed consumer data with third-party advertisers, even after consumers exercised their right to opt-out through global privacy controls as required under the CCPA.
  • Used consumer data outside of the original purpose for collecting their data. The CPPA alleged that Healthline used consumer data for purposes outside the original scope for why the data was collected. Specifically, due to the use of cookies and other technologies on the website, article titles that consumers viewed on the website were disclosed to third-party service providers. This resulted in third parties accessing article titles that suggested consumers may have been diagnosed with specific medical conditions.
  • Failed to maintain CCPA compliant contracts. Healthline maintained contracts with third-party advertisers that did not contain the required CCPA contract language, including privacy protection requirements.
  • Deceived consumers through its cookie consent banner. While Healthline maintained a consent banner on its website, the CPPA alleged that the banner did not actually disable any tracking cookies when a consumer unchecked the consent box.

As part of the settlement, Healthline will face injunctive terms. This includes a first-of-its-kind prohibition on sharing article titles to third parties that may suggest a consumer's medical diagnosis or condition.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More