Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

One of the world’s biggest cosmetics retailers has agreed to pay $1.2 million in penalties and take corrective action after falling foul of the California Consumer Privacy Act (CCPA).

Announced by the state’s attorney general, Rob Bonta, this week, the settlement by Sephora is part of the administration’s efforts to enforce a law that came into force over two years ago.

“I hope today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law,” said Bonta in a statement.

“My office is watching, and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls.”

Owned by French luxury goods giant LVMH, Sephora was accused of failing to disclose to consumers that it was selling their personal information and failing to process user requests to opt out of this sale via user-enabled global privacy controls. The firm did not correct these issues within the 30-day period stipulated by the CCPA.

Thanks to online tracking software on Sephora’s website and app, third parties with which the firm struck commercial deals can create consumer profiles including details such as precise location, shopping basket contents and what device customers are using.

As part of the settlement, Sephora has agreed to:

  • Clarify its privacy policy to state that it sells data
  • Provide a way for consumers to opt out of the sale of personal information
  • Tweak its service provider agreements to meet the CCPA’s requirements
  • Provide reports to the attorney general relating to its sale of personal information and the status of its service provider relationships

A “number” of other businesses have also been targeted by Bonta and will have 30 days to comply with the CCPA.

The CCPA is narrower in scope and jurisdiction than the GDPR. However, it represents the first attempt by a state to improve privacy protections for consumers, while handing them more rights over how their personal information is used.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
Fraudsters Exploit Telegram’s Popularity For Toncoin Scam
The many faces of impersonation fraud: Spot an imposter before it’s too late
Alarming Decline in Cybersecurity Job Postings in the US

Leave a Reply

Your email address will not be published. Required fields are marked *