California Attorney General Rob Bonta announced a resolution with DoorDash today, addressing breaches of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA).

An investigation found that DoorDash sold personal information of its California customers without proper notice or opt-out options, violating both laws. This occurred within DoorDash's involvement in a marketing cooperative, where businesses exchanged customer data for advertising.

Bonta emphasized DoorDash's obligation to disclose such actions and provide opt-out opportunities to Californians. The settlement includes a $375,000 civil penalty and mandates DoorDash to comply with CCPA and CalOPPA regulations, review vendor contracts for data sales, and submit annual reports to monitor data sharing. This marks Bonta's second enforcement action under CCPA, reinforcing that sharing customer data with marketing cooperatives constitutes a sale under CCPA. Ongoing efforts ensure consumer privacy protection.