LawSnap
Privacy Law And Technology

CalPrivacy Issues $1.1 Million Fine for CCPA Violations Involving Student Privacy

Published
Source National Law Review open_in_new
Score
8

Why it matters

The California Privacy Protection Agency (CalPrivacy) fined PlayOn Sports (2080 Media, Inc.) $1.1 million on March 3, 2026, for CCPA violations stemming from its GoFan digital ticketing platform used by about 1,400 California schools. PlayOn collected personal information via tracking technologies (e.g., cookies, Meta Pixel) for targeted advertising, constituting "sale" and "sharing" under CCPA, but failed to provide effective opt-out mechanisms.[1][4][5][9] Violations included phone/email opt-outs that didn't block website trackers, reliance on third-party tools like NAI/DAA, non-recognition of Global Privacy Control signals, coercive "agree-only" banners forcing consent (especially from students), misleading privacy notices claiming no sales, and inadequate disclosures.[1][3][5][7]

Key parties are CalPrivacy (enforcer), PlayOn Sports (violator serving youth sports for ticketing/streaming/fundraising), and CCPA legislation, which prohibits selling/sharing minors' (13-15) data without opt-in consent and mandates accessible opt-outs. The Stipulated Final Order requires PlayOn to pay the fine within 30 days, implement compliant opt-outs, conduct quarterly tracker scans and board-reviewed risk assessments (addressing coercive consent for events), post annual consumer request metrics for three years, and secure CCPA-compliant third-party contracts.[1][5][7][9] This is CalPrivacy's first CCPA action involving student privacy and its second-largest fine (after Tractor Supply's $1.35M).[3][4][11]

The violations occurred from January 1, 2023, to December 31, 2024, amid CalPrivacy's expanding 2026 enforcement on opt-outs/trackers, following new CCPA regulations effective January 1, 2026, amid prior cases like Honda and Todd Snyder. PlayOn's platform captured student/parent data in a "captive audience" context (e.g., required for tickets), heightening risks for vulnerable minors.[2][5][7][11]

Newsworthy as CalPrivacy's first student privacy enforcement—emphasizing minors' protections and tracker compliance amid rising CCPA actions (four public by early 2026)—it signals stricter scrutiny on ed-tech/youth platforms, with fines escalating and remedies like risk assessments setting precedents. Announced March 3 (board decision March 23), it aligns with AG settlements (e.g., Disney $2.75M) and broader privacy pushes.[3][4][11][13]

Sources

[1] https://www.hklaw.com/en/insights/publications/2026/03/calprivacy-fines-playon-sports-1-1m-for-ccpa-opt-out-and-notice
[2] https://calmatters.org/education/2026/02/student-data-california/
[3] https://richtfirm.com/calprivacys-1-1-million-playon-sports-fine-what-every-business-needs-to-know-about-tracking-technologies-opt-outs-and-the-new-era-of-risk-assessments/
[4] https://www.hunton.com/hunton-retail-law-resource/calprivacy-issues-1-1-million-fine-for-ccpa-violations-involving-student-privacy-playon-sports
[5] https://natlawreview.com/article/calprivacy-issues-11-million-fine-ccpa-violations-involving-student-privacy
[6] https://www.bakerlaw.com/insights/california-privacy-in-2026-regulations-enforcement-ai-and-more/
[7] https://www.potomaclaw.com/news-California-Ramps-Up-Enforcement-of-Consumer-Privacy-Opt-Out-Rights-in-2026
[8] https://privacy.ca.gov/2026/01/calprivacy-brings-new-round-of-enforcement-actions-against-data-brokers/
[9] https://www.whitecase.com/insight-alert/california-privacy-protection-agency-issues-110-million-fine-against-youth-sports
[10] https://pandectes.io/blog/ccpa-in-2026-new-requirements-and-compliance-impacts/
[11] https://www.loeb.com/en/insights/passle/2026/03/california-privacy-protection-agency-issues-first-decision-involving-violation-of-ccpa-and-minor-stu
[12] https://www.workplaceprivacyreport.com/2026/01/articles/california-consumer-privacy-act/new-ccpa-regulations-go-into-effect-updated-faqs-summarize-key-compliance-requirements/
[13] https://privacy.ca.gov/2026/03/youth-sports-media-company-to-pay-1-1-million-fine-change-practices-over-privacy-violations/
[14] https://www.koleyjessen.com/insights/publications/lessons-for-businesses-from-2026s-first-california-privacy-enforcement-actions
[15] https://www.jdsupra.com/legalnews/california-privacy-agency-hits-student-9322375/
mail

Get notified about new Privacy developments

Primary sources. No fluff. Straight to your inbox.

Related

View all Privacy

See more entries tagged Privacy.