The California Attorney General Rob Bonta announced a settlement with Sephora, Inc. involving certain alleged California Consumer Privacy Act (“CCPA”) violations.
The complaint against Sephora alleged that Sephora did not properly process certain consumer opt out requests, did not disclose to consumers that their personal information was being sold and failed to clearly and conspicuously post a “Do Not Sell My Personal Information” link in violation of the CCPA.
According to the complaint, Sephora also allegedly allowed third parties tracking software to create profiles on their customers in violation of the CCPA through the collection of the brand of customers’ computers, what customers placed in their “shopping cart” and even customers’ precise locations, among other information.
Under the settlement, Sephora is required to provide notice to consumers of the sale of their personal information and to process certain consumer opt out requests. Sephora has 180 days from the effective date of the settlement to comply with its terms and must enact a program to assess and monitor the effectiveness of certain required remedial measures. Sephora is also subject to a monetary penalty of $1.2 million. Read More