California Attorney General Rob Bonta announced Wednesday that the state reached a $1.2 million settlement with Sephora for allegedly violating the state’s landmark privacy law.
The cosmetic retailer agreed to an injunction for selling customers’ personal information, which violates the California Consumer Privacy Act (CCPA). It is the first settlement Bonta’s office has reached under this law.
“Technologies like the Global Privacy Control are a game changer for consumers looking to exercise their data privacy rights. But these rights are meaningless if businesses hide how they are using their customer's data and ignore requests to opt-out of its sale,” said Attorney General Bonta. “I hope today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law.”
According to Bonta’s office, the allegations stem from an enforcement sweep of online retailers which found Sephora failed to disclose to consumers it was selling their personal information. The company also failed to process user requests to opt out of sales via user-enabled global privacy controls in violation of CCPA.
The news release said the arrangement was made between the cosmetic retailer and a third-party company that monitored customers as they shopped.
“It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls,” Bonta said in a statement.