Sephora fined $1.2M in first CCPA enforcement
September 1, 2022
International cosmetics retailer Sephora has become the first company to be penalized under the California Consumer Privacy Act (CCPA). The cosmetics has agreed to pay $1.2M to settle allegations. California Attorney General Rob Bonta alleged that Sephora failed to: disclose to consumers that it was selling their personal informationprocess user requests to opt-out of sale via user-enabled global privacy controls in violation of the CCPAand that it did not cure these violations within the 30 days currently allowed by the CCPAIn addition to the $1.2M fine, the retailer must also: Clarify its online disclosures and privacy policy to include an affirmative representation that it sells data;Provide mechanisms for consumers to opt-out of the sale of personal information, including via the Global Privacy Control; Conform its service provider agreements to the CCPA’s requirements; and Provide reports to the Attorney General relating to its sale of personal information, the status of its service provider relationships, and its efforts to honor Global Privacy Control.
North America
CCPA