California fines Tractor Supply $1.35 Million over consumer, job applicant privacy violations

CALIFORNIA – The California Privacy Protection Agency (CPPA) has fined Tractor Supply Company $1.35 million — the largest penalty in its history, for violating the state’s consumer privacy law.

The board’s decision requires the retailer, which operates more than 2,500 stores nationwide, to overhaul its business practices.

The company must review its websites and apps for tracking tools, inform customers about data collection, and provide clear opt-out options. A corporate officer must also certify compliance annually for the next four years.

The investigation began after a consumer in Placerville filed a complaint about the company’s privacy practices.

Regulators found multiple violations, including failing to provide consumers with a privacy policy explaining their rights, failing to notify California job applicants about their privacy rights, and failing to offer an effective opt-out for selling or sharing personal data — including through Global Privacy Control signals.

The company also shared customer information with third parties without contracts ensuring privacy protections.

While the fine is modest compared to multimillion-dollar settlements involving Big Tech, the case is significant. It’s the first CPPA decision to focus on job applicants’ privacy rights, not just customers’.

Ghost Jobs and Data Mining Concerns

Since 2023, California law has extended privacy protections to employees, contractors, and job seekers, meaning businesses can no longer treat employment data as outside consumer privacy rules.

There is growing evidence that some employers engage in data mining of job applicants, collecting personal information beyond what’s necessary for hiring and sometimes repurposing it for analytics, marketing, or profiling.

Companies have also been known to post “ghost job” listings to gather applicant information without a genuine intent to hire.

Academic and policy researchers warn that the “datafication of employment” is becoming routine. Tools once used to track consumer behavior are now being applied to screen and evaluate job candidates — often without adequate notice or consent, raising potential privacy concerns.

“We made it an enforcement priority to investigate whether businesses are properly implementing privacy rights, and this action underscores our ongoing commitment to doing that for consumers and job applicants alike,” said CPPA head of enforcement Michael Macko.