This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Our Take on Privacy & Cybersecurity

| less than a minute read

Recent DoorDash Settlement Underscores the High Stakes of Data Sharing Practices

California Attorney General Rob Bonta announced a settlement with DoorDash on Wednesday, ending a years-long saga between the state’s Department of Justice and the food delivery platform.  

The complaint alleged that the sale of personal information occurred in connection with DoorDash’s participation in a marketing cooperative, where businesses contribute personal information of their customers in exchange for the opportunity to advertise their products to each other’s customers. In a blog post on its website, DoorDash said it ended its relationship with all marketing cooperatives in 2020.

As part of the settlement, DoorDash will pay a $375,000 civil penalty and must comply with CCPA and CalOPPA. The agreement also requires the company review contracts with marketing and analytics vendors to evaluate if it is selling or sharing consumers’ personal information. DoorDash will also be required to provide annual reports to the AG’s office that monitors any potential sale or sharing of consumer personal information.

This settlement emphasizes the importance of compliance with privacy laws and the need for transparent handling of consumer data, especially in the context of marketing and advertising practices. 

“DoorDash’s participation in a marketing cooperative is a sale under the CCPA and violates its customers’ rights under [California's] landmark state privacy law. [B]usinesses must disclose when they are selling personal information and offer Californians a way to opt out of that sale . . . .” [T]oday’s settlement serves as a wakeup call to businesses: The CCPA has been in effect for over four years now, and businesses must comply with this important privacy law. Violations cannot be cured, and [the AG's] office will hold businesses accountable if they sell data without protecting consumers’ rights.”


ccpa, opt-out, selling personal information, privacy enforcement, privacy violations, consumer privacy rights, caloppa