Headline
Sling TV turned privacy into a game you weren’t meant to win
California has fined Sling TV for misleading privacy controls that made opting out nearly impossible. Even children’s data ended up in ad targeting.
Streaming service Sling TV has settled with the California Attorney General over allegations that it blocked users from exercising their privacy rights.
The company will pay $530,000 after being accused of making it difficult for customers to opt out of its data collection practices.
The California Consumer Privacy Act (CCPA) says consumers must be able to easily see how companies use their data and opt out if they choose. But according to a press release from the Attorney General’s office, Sling misled users who tried.
When users attempted to opt out of having their data shared, Sling redirected them to a page for changing cookie settings. Cookies are small files that help websites recognize users and track activity. However, changing the cookie controls on this page didn’t actually stop data sharing. To do that, users had to find and fill out a separate online form—even logged-in customers had to provide their name, address, email, and phone number, which Sling already had.
Users couldn’t opt out from connected devices either. Instead, they had to manually type a complex URL into a separate browser, the complaint said.
Children in the crosshairs
Sling also failed to protect children’s privacy. It didn’t age-screen users or offer kids’ profiles that avoided targeted advertising. The company even bought data from brokers to build detailed viewer profiles—including information about children in the home, the complaint alleged.
The complaint stated:
“Sling TV uses data about the presence of children in the household, and, in some cases, their age ranges, to build specific groups of viewers that can be targeted for cross-context behavioral advertising.”
The Sling case follows a string of privacy controversies in streaming. We recently wrote about how Roku faced similar accusations of selling children’s viewing data to advertisers and data brokers.
Falling subscriber numbers, rising revenue
Sling has been losing subscribers fast—down to 1.78 million—but it’s still making more money per viewer. How? By raising prices and leaning on targeted advertising, the very practice that just got it fined. Sling is a division of DISH Media, which says in its marketing material:
“DISH Media is helping brands and agencies reimagine their media mix to maximize return on ad spend… helping advertisers optimize reach, frequency, and return on investment through more strategic platform planning.”
What the settlement changes (and what it doesn’t)
Under the settlement, Sling TV must stop sending users who opt out to a cookie settings page, stop requiring logged-in users to fill out forms with data it already holds, and add a direct opt-out mechanism to its app. It must also let parents create kids’ profiles and explain how to protect children’s privacy.
This is Sling’s first major privacy violation, but DISH Network has faced scrutiny before. In 2020, it paid a $210 million penalty—the largest ever under the FTC’s Telemarketing Sales Rule—for making millions of unlawful telemarketing calls.
We don’t just report on data privacy—we help you remove your personal information
Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.