Friction Isn’t Free: Three Lessons from Sling TV’s $530,000 CCPA Settlement

On October 30, 2025, the California Attorney General’s office announced a $530,000 settlement with Sling TV LLC and Dish Media Sales LLC for alleged violations of the California Consumer Privacy Act. Although the matter arose from the  AG’s investigative sweep of streaming services, businesses across all industries should take note as the Sling TV complaint and proposed settlement provide several instructive themes.

What the AG Says Sling TV Did Wrong

1. Confusing the CCPA Opt-Out with Cookie Management

The AG first alleged that Sling TV failed to comply with the CCPA’s mandate to provide “easy-to-execute” methods for consumers to opt out of sales and sharing of their personal information.  According to the complaint, Sling TV directed consumers to online cookie preference settings that “deceptively characterized” cookie choices as “Do Not Sell/Share My Info,” even though disabling cookies did not fully effectuate a CCPA opt-out. Instead, alleged the AG, to fully opt out of sales and sharing, users were required to locate a hidden caret to access an opt-out form, which required logged-in users to provide information Sling TV already had.

The AG suggested that these design elements could lead consumers to believe they had fully exercised their opt-out rights when they had not, or could dissuade them from completing the process even if they understood what was required.

2. No In-App Opt-Out for Connected TV Users

Sling TV is a streaming platform, and most Sling TV customers access the service through their connected TVs (e.g., Roku, Samsung, or other smart-TV platforms). However, those smart-TV users could not exercise their CCPA rights while using their connected TVs because Sling TV did not offer an opt-out mechanism within its connected TV apps. Instead, Sling TV customers who wanted to submit an opt-out request had to switch to a separate device, open a web browser, and manually enter a 55-character URL before navigating a series of screens and forms.

The AG alleged that this multi-step, multi-device process violated the CCPA Regulations’ requirement to offer an opt-out method that reflects the manner in which the business “primarily interacts with the consumer.” Instead, according to the AG, Sling TV’s design choice increased friction at the very moment consumers attempted to exercise their rights, and reduced the likelihood that its customers would complete the process.

3. Insufficient Protections for Children

The CCPA imposes additional obligations when a business sells or shares the personal information of consumers under 16, including a requirement to obtain consent to the sale and sharing of their personal information. The AG alleged that Sling TV failed to meet these requirements.

According to the complaint, Sling TV knew, or had reason to know, that children under 16 were part of the intended or likely audience for certain channels and programs available through its platform. To that end, Sling TV allegedly collected and used data indicating the presence of children in households, offered well-known children’s programming, and maintained parental control features. The AG alleged, however, that Sling TV did not design its platform to avoid selling or sharing minors’ personal information by default.

The complaint pointed to several operational gaps the AG viewed as inconsistent with the CCPA’s opt-in framework for minors, including:

• No dedicated “kid profile” that automatically limited data collection, selling, or sharing.
• No age-screening to identify when users under 16 were watching.
• Targeted advertising that continued even when parental controls were enabled.
• Inconsistent or incomplete designation of children’s channels.

Taken together, the AG suggested that these design choices increased the likelihood that Sling TV sold or shared minors’ personal information without the opt-in authorization the CCPA requires.

Settlement Terms

In addition to paying a $530,000 fine, the proposed settlement requires Sling TV to adopt several compliance measures. These obligations include:

• Provide clear, conspicuous, and user-friendly opt-out mechanisms across all Sling TV platforms, including on connected devices.
• Offer simple toggle-based opt-outs for logged-in users, without requiring unnecessary additional information.
• Default to not sell, share, or engage in cross-context behavioral advertising for:
  • child or teen profiles, and
  • programming designated as made for children.
• Establish a system for programmers to identify children’s content and review those designations annually.
• Delete personal information associated with minors collected before the settlement.
• Conduct annual internal assessments for three years and share those results with the AG.

These requirements reflect the specific facts of this matter, but they also offer helpful examples of the types of design and operational elements the AG considers relevant when evaluating CCPA compliance.

Three Key Takeaways for Your Business

1. Opt-Out Means Opt-Out

The Sling TV settlement signals that businesses must provide a clear and easy-to-use mechanism that fully effectuates a consumer’s opt-out rights for all forms of selling or sharing, whether enabled by cookies or other online tracking technologies, or through offline disclosures.  Your business should confirm that your opt-out mechanism:

• Effectuates a complete opt-out for all forms of sales and sharing your business is engaged in;
• Is conspicuously placed on your website so consumers can easily find it; and
• Is easy to use and understand, avoiding labels or design choices that could lead users to misunderstand which choices affect opt-out rights.

A quick review of the language in and placement of your business’s opt-out tool can help identify areas where consumers might encounter friction or confusion.

2. Meet Users Where They Are (Especially if They’re in an App)

If your business primarily engages with users through apps, smart TVs, or other connected devices, a website-only opt-out may not be enough. Given the AG’s complaint against Sling TV, your business should evaluate:

• Whether your opt-out tools are available to your customers where they “primarily interact” with your business.
• Whether logged-in users can opt out without re-entering data.
• Whether users must engage in extra steps (e.g., unnecessary screens, links, or physical-device switches) to actually exercise opt-out rights.

Improving accessibility across platforms can reduce consumer confusion and lower enforcement risk.

3. Default Protections for Minors Are Not Optional

If your business offers child-friendly content, supports shared household profiles, or markets toward families, you should review the settings that apply when minors use the service. Consider assessing:

• Whether certain profiles or viewing modes should default to more limited data practices.
• Whether any default data collection and disclosure practices that apply to adults could result in selling or sharing of minors’ personal information.
• How your systems identify children’s content or likely child users.

* * * *

The Sling TV settlement marks the fifth public settlement under the CCPA. We expect enforcement to continue to ramp up as the AG and CalPrivacy (the agency formerly known as the CPPA) continue to allocate more resources toward enforcement. If you would like assistance with CCPA and state law privacy compliance or with regulatory inquiries or enforcement, please contact any member of the Wyrick Privacy and Data Security team.