Million Dollar Fine In The First Ever CCPA Settlement

October 6, 2022

millions of dollars

The first settlement ever under the California Consumer Privacy Act requires cosmetics retailer Sephora to pay $1.2 million in penalties. Sephora will also need to provide online disclosures stating the company sells data and provide mechanisms for opting out. Other injunctive terms, as described in a press release from California Attorney General Rob Bonta, include a requirement to provide reports to the attorney general regarding the company’s sale of personal information along with the status of service provider relationships, and the company’s “efforts to honor Global Privacy Control.” The latter term, the release explains, refers to an online method of enabling consumers “to opt out of all online sales in one fell swoop by broadcasting a ‘do not sell’ signal across every website they visit, without having to click on an opt-out link each time.”

“Under the CCPA, businesses must treat opt-out requests made by such user-enabled global privacy controls “the same as requests made by users who have clicked the ‘Do Not Sell My Personal Information’ link.”

The announcement also notes the attorney general has sent notices to numerous businesses regarding their failure to enable global privacy controls, with a warning they have 30 days to fix the problem. “My office is watching,” Bonta says, “and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses.”

The $1.2M penalty against Sephora is unlikely to make much of a dent in its operations. One of the world’s leading cosmetics retailers, its profits were said to have spiked 181% in the first half of 2022. Since 1997, the company has been part of the multi-billion dollar conglomerate Moët Hennessy Louis Vuitton (LVMH), whose CEO, Bernard Arnault, is currently ranked the fourth-richest person on earth, with a net worth upwards of $100 billion.

In light of the Sephora settlement, companies need to re-examine their data protection practice, says one cybersecurity manager quoted in Security Magazine. “This regulation [i.e., the CCPA] will be the benchmark for future state and federal privacy regulations across the United States,” he says. -Today’s General Counsel/DR

Read full article at:

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Scroll to Top