Sephora learns an expensive lesson about customer data privacy in California
Sephora ran afoul of California’s new data privacy laws, and the beauty retailer is paying the price for it.
Sephora will pay a settlement of $1.2 million to the state after selling customer data without informing its customers, according to NBC News.
Sephora took issue with California’s definition of the word “sale” but respected the “perspectives and guidance” provided by the office of Rob Bonta, the attorney general of California, and said it respects customer privacy. Sephora’s settlement does not require the company to admit wrongdoing or liability.
Mr. Bonta told NBC News that the move represents the first real enforcement of the California Consumer Privacy Act (CCPA). The law began going into effect via a phased implementation in 2020. Since California has begun pursuing enforcement in earnest, more than 100 notices of violations have been sent to other companies, which have 30 days to address the violations.
While the CCPA is the first data protection law of its kind in the U.S., it was inspired by privacy legislation developed earlier in the European Union.
In 2018, the European Union adopted the Global Data Protection Rule (GDPR), a law that gives EU citizens the right to have more granular control of their personal data. The GDPR goes as far as to grant EU citizens the right to have their data deleted at their request under certain circumstances. It also demands that businesses adhere to frameworks for data privacy, such as “data protection by design” and “data protection by default,” which ensure, respectively, that systems are built with privacy in mind and that the highest level of data privacy is the default setting for users.
A recent study found that in the U.K., nearly half of retailers large and small have been fined for GDPR violations, particularly violations pertaining to video surveillance and the storage of video data, according to Security Magazine.
- Cosmetics retailer Sephora to pay $1.2 million under sweeping California privacy law – NBC News
- California Consumer Privacy Act (CCPA): All You Need To Know! – Stealth Labs
- What’s next for data privacy? – RetailWire
- What does data protection ‘by design’ and ‘by default’ mean? – European Commission
- UK retailers fined for surveillance privacy violations – Security Magazine
DISCUSSION QUESTIONS: What impact do you see the Sephora settlement having on how retailers use and sell data, both in California and throughout the U.S.? Do you think the laws will benefit consumers?