California regulator fines GoFan $1.1m for unlawful student data practices
Penalty imposed for blocking opt-outs and selling personal data
Change
California's privacy regulator fined GoFan $1.1 million for forcing consent and selling students’ personal data without lawful opt-out mechanisms.
Why it matters
The enforcement action establishes that consent flows must allow genuine opt-outs and accurate disclosures, with penalties for deceptive or coercive data practices.
Implications
- — Companies must provide compliant opt-out mechanisms — failure risks fines
- — Data handlers must update privacy disclosures — inaccuracies trigger enforcement
Full decision brief
See the decision layer
Use 1 free preview to unlock implications, who’s affected, what to watch, and Clarify for this brief.
2 free previews left this month · Resets 1 Jun
Source