Sephora fined $1.2M in first public CCPA enforcement
Cosmetics retailer Sephora agreed to pay $1.2 million in the first public enforcement action under California’s landmark consumer privacy law.
Sephora violated the California Consumer Privacy Act (CCPA) and sold consumers’ personal data after they had requested their information not be sold, California Attorney General Rob Bonta said in a press release Wednesday.
The CCPA, which took effect in 2020, is the country’s first and only active comprehensive state data privacy law. Since the start of 2021, Virginia, Colorado, Utah, and Connecticut have passed privacy laws of their own, each set to take effect in 2023. Congress is considering whether a federal data privacy law is needed and how strong the protections should be.