Data Privacy Hub
Legal News

Sephora fined $1.2M in first CCPA enforcement

Sep 1, 2022
1
min read

International cosmetics retailer Sephora has become the first company to be penalized under the California Consumer Privacy Act (CCPA). The cosmetics has agreed to pay $1.2M to settle allegations. California Attorney General Rob Bonta alleged that Sephora failed to: 

  • disclose to consumers that it was selling their personal information
  • process user requests to opt-out of sale via user-enabled global privacy controls in violation of the CCPA
  • and that it did not cure these violations within the 30 days currently allowed by the CCPA

In addition to the $1.2M fine, the retailer must also: 

  • Clarify its online disclosures and privacy policy to include an affirmative representation that it sells data;
  • Provide mechanisms for consumers to opt-out of the sale of personal information, including via the Global Privacy Control;
  • Conform its service provider agreements to the CCPA’s requirements; and
  • Provide reports to the Attorney General relating to its sale of personal information, the status of its service provider relationships, and its efforts to honor Global Privacy Control.
The full guidelines can be found
here