CCPA Settlement: Retailer Accused of Violation of Privacy Laws Agrees to Pay $1.2 Million Penalty to California Attorney General
By Alan S. Wernick, Esq., Aronberg Goldgehn
In the California Attorney General’s (“CAG”) ongoing enforcement of the California Consumer Privacy Act of 2018 (“CCPA”), retailer Sephora USA, Inc. (“Sephora”), entered into a recent settlement agreement to resolve allegations that they violated the CCPA. Sephora, without making any admissions concerning allegations against it, agreed to, among other things, the following:
- Pay CAG $1.2 million dollars in penalties.
- Clarify Sephora’s online disclosures and privacy policies to include an affirmative representation that it sells consumers’ data, and provide processes for consumers to opt out of the sale of personal information, including via the Global Privacy Control.
- Provide reports to the CAG relating to Sephora’s sale of personal information and its efforts to honor Global Privacy Control. These reports will include the identities of all entities to which Sephora makes available the consumer’s personal information, and whether such entity is considered, under CCPA, to be a service provider.
In his statement about this matter, the CAG noted, “I hope today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law. My office is watching, and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls.” Even if your business does not have a physical location in California, if your business handles California residents’ personal information, you may nonetheless be liable under the CCPA.
© 2022 Alan S. Wernick and Aronberg Goldgehn.