Earlier this month, the California Privacy Protection Agency (“CPPA”) filed a petition in Sacramento County Superior Court to enforce an investigative subpoena against Tractor Supply Company (“Tractor Supply”).
The CPPA issued the subpoena in January, and alleges that Tractor Supply objected to the scope of the interrogatories. Among other things, the company argued that its practices before 2023 “fall outside the scope of the agency’s enforcement authority,” because the CPPA had not yet issued its 2023 regulations and thus Tractor Supply lacked “actual knowledge of what is prohibited under the CCPA.” The CPPA’s filing asks the court to order Tractor Supply “to provide full and complete responses to the interrogatories.”
The petition describes certain findings of apparent violation of the CCPA as part of its “ongoing investigation:”
- Privacy Policy Updates and Disclosures: The CPPA states in its petition that Tractor Supply appeared to have not updated its privacy policy “since November 2021, well beyond the 12-month requirement established by the CCPA.” The agency also alleges that the privacy policy doesn’t include the required notices to consumers.
- Honoring Sale Opt-Out and Browser Signals: The CPPA alleges the company’s link for opting consumers out of the sale of personal information was ineffective because it “did not appear to effectuate that right for consumers’ online activity.” It also alleges that the company did not honor “consumers’ requests to opt out of the sale or sharing of their personal information transmitted using opt-out preference signals from their browsers.” The petition alludes to “Agency technologists review[ing] data flows to and from TractorSupply.com” to evaluate if the opt-out preference signals were honored.
We covered the CPPA’s first privacy enforcement action in March here, and its second in May here.