Sephora has recently undertaken to pay USD 1.2 million for violating California Consumer Privacy Act, which regulates, i.e., limits the collection and sharing of consumers’ personal data, and thus guarantees to consumers certain rights in that regard.
The said cosmetic brand has been subject to the critics after California Attorney General established that it failed to disclose to consumers that it was selling their personal information, nor did it allow them to withhold their consent to performing such activities.
Namely, Sephora illegally monitored online activities of its customers by allowing third parties to install tracking software on its website, and to monitor the location and activities of customers, which data was then used for consumer profiling and targeting them with personalized content.
By the way, this settlement agreement is the first one executed pursuant to the provisions of the Consumer Privacy Act since it entered into force on 1 January 2020.
The subject settlement, however, comes only as a part of the larger action taken by California Attorney General to enforce the law governing the consumer privacy.
Namely, he delivered notices to numerous entities that fall under the scope of this regulation, addressing that they are obliged to harmonize their operations therewith.
This law applies to the companies operating in California, which collect personal data of residents of this country (or on whose behalf collecting is carried out), which (independently or jointly with others) determine the purpose or means of such processing, and which either have at least USD 25 million in annual revenue or possess personal data of at least 50,000 individuals or generate at least 50% of the total annual revenue from the sale of consumer’s personal information.
This article is to be considered as exclusively informative, with no intention to provide legal advice. If you should need additional information, please contact us directly.