CCPA’s First Enforcement Action Targets Sephora

  • by Arlo Gilbert
  • · posted on September 1, 2022
  • · 3 min read
CCPA’s First Enforcement Action Targets Sephora

Happy Thursday, everybody! It’s been four years since the CCPA was first signed into law, and we’re now seeing the first enforcement action taken against a company violating the law.

The company in question is personal care and beauty brand Sephora, which has been hit with a $1.2 million penalty after it failed to address violations within the 30-day right-to-cure period. (See the news story below for all the details.)

It’s pretty big news. By now, we’re used to hearing about the multi-million euro fines coming out of the EU. Still, there haven’t been similar headlines for businesses in the relatively business-friendly US. California’s AG has now clarified that its law has the bite to match its bark. 

Notably, this enforcement is based on a CCPA violation and comes from the AG’s office; in the future, CPRA will be the relevant law businesses have to worry about violating, and enforcement will come from a dedicated agency (i.e., the California Privacy Protection Agency, or CPPA). 

With all the resources and time available to the CPPA, we can expect the agency to enforce California’s data privacy law rigorously.

Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

Best,

Arlo


California AG hits Sephora hit with $1.2M fine in first CCPA enforcement
California Attorney General Rob Bonta recently announced a $1.2 million action against Sephora. The penalty comes after Sephora failed to act within 30 days after being notified of violations. The violations included failing to disclose its sale of personal information, not providing a “Do Not Sell My Personal Information” button, and not acting on Global Privacy Control (GPC). The GPC is a new specification that allows internet users to indicate their privacy preferences across websites — in this case, Sephora did not act on preferences indicated via GPC.
Read more


Scanning students' rooms during remote tests violates privacy, judge rules
A federal judge sided with a Cleveland State University student, who asserted that the university had violated his Fourth Amendment rights when an exam proctoring software required him to take a scan of his room.

"Mr. Ogletree's privacy interest in his home outweighs Cleveland State's interests in scanning his room,” said Judge Calabrese. “Accordingly, the Court determines that Cleveland State's practice of conducting room scans is unreasonable under the Fourth Amendment."
Read more

Try Osano Free!


Influencer marketing surges after iOS privacy updates
Apple’s iOS 14.5 enabled users to opt-out of tracking across apps, including Facebook and Instagram, which was a major blow to direct-to-consumer brand advertising. Now that the effects of that update have been felt, more brands are turning to influencer marketing to plug the gap.
Read more


Meta moves to settle in Cambridge Analytica lawsuit
Facebook’s parent company, Meta, is attempting to settle a long-running class action lawsuit that resulted from the company illegally sharing millions of users' data with the UK-based analytics firm Cambridge Analytica. The settlement has not been disclosed, nor is the settlement finalized. In a court filing, Meta requested to put the class action on hold for 60 days until the lawyers for both plaintiffs and Facebook finalize a written settlement.
Read more


FTC sues Idaho company alleged to have tracked people at abortion clinics
The Federal Trade Commission (FTC) recently filed a lawsuit against Kochava Inc., a mobile analytics vendor, alleging that the company illegally sold sensitive geolocation data. The suit asserts that “The data may be used to identify consumers who have visited an abortion clinic and, as a result, may have had or contemplated having an abortion.”
Read more


Latest Privacy Abbreviated: The good, the bad, and the grey of targeted advertising
In the latest episode of PrivacyAbbreviated, Benjamin Shapiro, founder and CEO of I Hear Everything and host of the MarTech podcast, joins Dona Fraser, Senior VP of BBB National Programs, and Osano’s very own General Counsel and CPO, Catherine Dawson, to talk about how businesses can use targeted advertising responsibly and how advertisers can prepare for the upcoming changes in privacy laws.
Listen here

Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.

About The Author · Arlo Gilbert

Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 20 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.