The cosmetics chain owned by world’s biggest luxury company was thrust into the spotlight Wednesday as the target of the first enforcement action under California’s consumer data privacy law, the toughest in the US.
In a settlement announced by the state’s attorney general, Sephora will pay $1.2 million in penalties and will inform California customers that it sells their personal data, including their location and items in their online shopping cart, and let them opt out of a sale of such information.
The company is among more than 100 online retailers that were spot-checked for compliance with the California Consumer Privacy Act in an enforcement sweep. But Sephora failed to correct violations while others did, Attorney General
A Sephora spokesperson said the company has cooperated with Bonta’s office and understands “the importance of the continually evolving requirements around consumer privacy.”
“Sephora respects consumers’ privacy and strives to be transparent about how their personal information is used to improve their Sephora experience,” according to an emailed statement, which notes that the company didn’t admit to wrongdoing.
Consumers have the right to opt out of the sale of their data under global privacy regulations, Bonta said.
“Today’s settlement with Sephora makes clear we will not hesitate to enforce the law,” Bonta said. “It’s time for companies to get the memo, protect consumer data, honor their privacy rights.”
Sephora allowed third-party companies to create customer profiles with details, such as the brand of their laptops or eyeliner, for targeted marketing while keeping customers in the dark, according to a statement from Bonta’s office.
Separately, Sephora and other retailers are fighting a lawsuit
Another LVMH unit is pushing for dismissal of a
--With assistance from
To contact the reporter on this story:
To contact the editors responsible for this story:
© 2022 Bloomberg L.P. All rights reserved. Used with permission.