Sephora fined $1.2M in first public CCPA enforcement


Cosmetics retailer Sephora agreed to pay $1.2 million in the first public enforcement action under California’s landmark consumer privacy law.

Sephora violated the California Consumer Privacy Act (CCPA) and sold consumers’ personal data after they had requested their information not be sold, California Attorney General Rob Bonta said in a press release Wednesday.

The CCPA, which took effect in 2020, is the country’s first and only active comprehensive state data privacy law. Since the start of 2021, Virginia, Colorado, Utah, and Connecticut have passed privacy laws of their own, each set to take effect in 2023. Congress is considering whether a federal data privacy law is needed and how strong the protections should be.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.