Sephora Fined $1.2M for Violating California's Privacy Law

By Joe Keenan

California Attorney General Rob Bonta announced on Wednesday that the state reached a settlement of $1.2 million with Sephora for breaching the California Consumer Privacy Act (CCPA) after it was determined the beauty retailer sold people’s data without telling them. After conducting an enforcement sweep of online retailers, Bonta found Sephora failed to process people’s requests to opt out of the sale of information to third-party companies. The settlement currently needs the approval of a state judge, however, Sephora is not required to admit liability or wrongdoing.

Total Retail's Take: Data privacy is an area of intense scrutiny for consumers and the lawmakers representing them, and this ruling is a signal to other retailers that their data practices are being watched — at least in California. Sephora, like many other retailers, is trying to monetize the vast amount of customer data that it has collected. However, it needs to ensure it's doing so transparently and following the desires of its customers (i.e., removing people that opt out). Data is one of retailers' most valuable assets, evidenced by the fact that retail media networks (RMNs) are being launched by numerous retailers, including Amazon.com, Walmart, Target, The Home Depot, among others. Retailers are selling their first-party data via RMNs to brands and other advertisers that will use it to target and personalize marketing to consumers. A win-win for all parties involved, as long as the rules are being followed.

0 Comments

View Comments

Joe Keenan Author's page Joe Keenan is the executive editor of Total Retail. Joe has more than 10 years experience covering the retail industry, and enjoys profiling innovative companies and people in the space.