SACRAMENTO, Calif. (AP) – Sephora Inc., one of the world’s largest cosmetics retailers, has settled a lawsuit alleging it violated California’s popular consumer privacy law and improperly sold customer information, state Attorney General Rob Bonta said. Wednesday.
Sephora failed to tell customers it was selling their personal information, failed to let customers opt out of the sale and didn’t fix the problem within 30 days as required by law, even after the breach was discovered, officials said.
Bonta said the company agreed to pay $1.2 million to immediately fix the problem, the state’s first enforcement action under the California Consumer Privacy Act.
Siphora says it is complying with the state’s laws after cooperating with Bonta’s office.
“Information is power, and nowadays everyone needs it,” said Bonta.
“Some very intimate details about your life are being collected,” he said. “The more information a company has on you, the more power it has over you, the more likely it is to target you to buy their goods and services.”
But state law gives consumers a way to block that collection and sale.
The action took place in Approved by state lawmakers in 2018 and expanded by voters in 2020. California, home to Silicon Valley, has what is considered the strongest US data privacy law, giving consumers the right to know what information is being collected about them online. , to delete that data and to opt out of the sale of their personal data.
Read more: Why your cosmetics should not be tested for safety
Bonta’s office issued more than 12 new notices on Wednesday warning more than 100 companies that they are out of compliance. He said that “the vast majority” is subject, but not Sephora, which sells cosmetics, perfumes, beauty and skin care products in 2,700 stores in 35 countries.
“Compared to others, their actions were terrible,” he said, adding that the settlement should serve as a warning to other companies.
The company does not accept any liability or wrongdoing under the agreement. The company is based in France and has its US headquarters in San Francisco.
Sephora said in a statement that the company respects consumers’ privacy and strives to be transparent about how their personal information is used to improve their Sephora experience. It said it will allow customers to opt out of the sale of personal data starting in November 2021.
The company says tracking will allow it to provide consumers with more relevant Sephora product recommendations, personalized shopping experiences and ads, but customers can now “opt out of this personalized shopping experience.”
Sephora allows third-party companies to install tracking software that allows them to build detailed user profiles that allow them to better target customers, Bonta said. But he promised on the website that “we do not sell personal information”.
A 30-day grace period for companies that violate the law expires next year, which companies must comply with without warning.
Also next year, Bonta’s office will begin sharing enforcement responsibilities with the new California Privacy Protection Agency. The agency is taking public comments this week on the proposed privacy rules in the 2020 expansion.
“There’s certainly overlap, but it’s a good thing that many watchdogs on the block are standing up for consumers, standing up for privacy, wanting to make sure that data decisions are in their hands and that their data isn’t being sold against them or misused, and we’re very happy about that,” Bonta said.
Bonta and other California officials want to make sure the state’s strict law isn’t violated, as the federal government considers less stringent national standards.
The state’s new privacy agency director sent a letter this month to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy of California, warning that the version being considered in the House would replace California’s protections with weaker protections. Governor Gavin Newsom and the speaker of the state House of Representatives were among those who objected.
Bonta said California law is unaffected as long as Congress makes the requirements “a floor, not a ceiling.” Don’t miss out on our amazing, nation-leading privacy protections here in California.
The Federal Trade Commission announced this month that it will also consider new regulations.