ARTICLE
18 November 2025

Sling TV To Pay $530K For Alleged CCPA Violations As Regulators Continue Focus On Privacy Controls

HK
Holland & Knight

Contributor

Holland & Knight logo
Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
Explore Firm Details
A recent settlement with Sling TV specifically targets an allegedly "deceptive" user interface design that directed consumers to cookie preferences instead of full California Consumer Privacy Act...
United States California Privacy
Rachel Marmor,Ashley Lynn Shively, and Kevin Angle
Your Author LinkedIn Connections
Rachel Marmor’s articles from Holland & Knight are most popular:
  • within Privacy topic(s)
  • in United Kingdom

Highlights

  • A recent settlement with Sling TV specifically targets an allegedly "deceptive" user interface design that directed consumers to cookie preferences instead of full California Consumer Privacy Act (CCPA) opt-outs, highlighting the California attorney general's focus on potentially misleading consumer choice architecture.
  • The settlement also highlights the unique challenges faced by services that operate across multiple device types (TVs, mobile apps, gaming consoles), including the capability of the opt-out mechanism to work across platforms and whether the mechanism is offered on platforms where consumers primarily interact.
  • The settlement requires Sling to create dedicated "kids (or similarly named) profiles" that default to privacy-protective settings and requires Sling TV to annually review child-directed programming – going beyond basic options around consumer choice to require proactive child safety measures.
  • Although the monetary value of the settlement is relatively low, the settlement terms require implementation of robust, additional privacy controls and compliance monitoring.

The California attorney general (CA AG) announced a $530,000 settlement with Sling TV L.L.C. and Dish Media Sales L.L.C. on Oct. 30, 2025, for violations of the California Consumer Privacy Act (CCPA), alleging that Sling TV made it difficult for consumers to opt out of data "sales" and allegedly failed to protect children's privacy on their streaming platforms.

Background

This is the first settlement resulting from the CA AG's investigative sweep of streaming services and connected TVs, which began in January 2024. It also comes on the heels of enforcement actions by several states' attorneys general against Roku related to the streaming platform's collection and disclosure of data related to child end users.

Factual Allegations

Sling TV operates an internet-based live TV and streaming service that collects consumer personal information for targeted advertising. The CA AG's complaint alleged that Sling TV engaged in several practices that violated consumers' CCPA rights:

  • Deceptive Opt-Out Design. Sling TV's "Your Privacy Choices" link directed consumers to a page where they could manage cookie preferences but did not provide an opt-out for in-product data sales. These cookie controls did not actually stop all data selling and sharing, only those involving the use of cookies, allegedly misleading consumers about the scope of their privacy protection.
  • Burdensome Multi-Step Process. Consumers who realized cookie preferences were insufficient had to navigate through hard-to-find links embedded in text, fill out webforms with personal information (even when already logged in), and complete confirmation screens asking, "Are you sure?"
  • App-Based Access Barriers. Most Sling TV customers access the service through apps on in-room devices (Roku, Apple TV, gaming consoles, etc.), but the company provided no in-app opt-out method. Instead, customers had to use a separate device to navigate to a complex 55-character URL and work through multiple additional steps to submit an opt-out request.
  • Insufficient Child Protections. Despite knowing children under 16 watch Sling TV and offering channels directed to children, Sling TV failed to provide profiles for children without data collection and targeted advertising. The service also did not age-screen users or obtain required parental consent for data processing involving minors. Sling TV also did not provide an option for parental "opt-in" consent for children less than 13 years of age.

Alleged Violations of Law

The CA AG's complaint alleges that Sling TV committed the following violations:

1. CCPA Opt-Out Violations

  • Failing to provide easy-to-execute opt-out methods, and understandable consumer disclosures explaining opt-out choices.
  • Requiring logged-in consumers to provide additional information when submitting an opt-out request.
  • Failing to provide accessible opt-out methods reflecting how the business primarily interacts with customers (i.e., through apps on various connected devices rather than web browsers).
  • Selling or sharing personal information of consumers under 16 without required affirmative authorization, or willfully disregarding consumers' ages when processing their data for targeted advertising.

2. Unfair Competition Law Violations. Engaging in unlawful, unfair and fraudulent business practices through deceptive "dark patterns" that purported to allow consumers to stop data selling but failed to do so.

Consequences for Sling TV

Under the terms of the stipulated judgment, Sling TV will pay $530,000 in civil penalties and implement expanded compliance measures, in particular:

  • Enhanced Opt-Out Requirements. Provide clear, conspicuous opt-out links on all platforms; implement consumer-friendly toggles for logged-in users to opt out of data sales without requiring additional information; and create simplified in-app opt-out methods for each device type, including QR codes where toggles aren't feasible.
  • Children's Privacy Protections. Allow consumers to designate "kids (or similarly named) profiles" that default to privacy-protective settings; maintain systems for programmers to designate child-directed content; conduct annual reviews of channels to identify additional child-directed programming; and delete existing personal information collected from known children and minors.
  • Compliance Monitoring. Implement three-year compliance programs with annual reporting to the CA AG's office covering both opt-out effectiveness and children's privacy protections.

Implications

The settlement provides important guidance for streaming services, connected TV platforms and other businesses that interact with consumers across multiple devices or platforms. The settlement suggests that modern digital services must provide privacy controls that are accessible via the different places where consumers interact with the platform, not just via desktop websites, and implement choices account-wide. It also highlights the importance of providing consumers with methods for opting out of all selling and sharing, not just data sharing via cookies and similar technologies. Companies should also expect regulatory investigations and enforcement actions to examine not just whether opt-out mechanisms exist, but whether they are genuinely accessible and effective for consumers via the methods that the business typically interacts with them.

For platforms serving households with children, this action further highlights the CA AG's expectation that age-appropriate privacy protections should be built into product design. The expectation for proactive identification and protection of child-directed content goes beyond minimum compliance to establish a more comprehensive child safety framework.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Rachel Marmor
Rachel Marmor
Photo of Ashley Lynn Shively
Ashley Lynn Shively
Photo of Kevin Angle
Kevin Angle
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More