Bloomberg Law
Aug. 24, 2022, 7:38 PM

Sephora Fined in California’s First Enforcement of Privacy Law

Malathi Nayak
Malathi Nayak
Bloomberg News

LVMH’s Sephora, which touts itself as “championing all beauty fearlessly,” is paying a price for pushy marketing.

The cosmetics chain owned by world’s biggest luxury company was thrust into the spotlight Wednesday as the target of the first enforcement action under California’s consumer data privacy law, the toughest in the US.

In a settlement announced by the state’s attorney general, Sephora will pay $1.2 million in penalties and will inform California customers that it sells their personal data, including their location and items in their online shopping cart, and let them opt out of a sale of such information.

The company is among more than 100 online retailers that were spot-checked for compliance with the California Consumer Privacy Act in an enforcement sweep. But Sephora failed to correct violations while others did, Attorney General Rob Bonta said at a press conference.

A Sephora spokesperson said the company has cooperated with Bonta’s office and understands “the importance of the continually evolving requirements around consumer privacy.”

“Sephora respects consumers’ privacy and strives to be transparent about how their personal information is used to improve their Sephora experience,” according to an emailed statement, which notes that the company didn’t admit to wrongdoing.

Consumers have the right to opt out of the sale of their data under global privacy regulations, Bonta said.

“Today’s settlement with Sephora makes clear we will not hesitate to enforce the law,” Bonta said. “It’s time for companies to get the memo, protect consumer data, honor their privacy rights.”

Sephora allowed third-party companies to create customer profiles with details, such as the brand of their laptops or eyeliner, for targeted marketing while keeping customers in the dark, according to a statement from Bonta’s office.

Separately, Sephora and other retailers are fighting a lawsuit alleging they shared customer data without permission to determine shoppers’ likelihood of fraudulently returning product purchases.

Another LVMH unit is pushing for dismissal of a lawsuit accusing it of unlawfully collecting biometric data about shoppers who use its online tool to virtually “try on” sunglasses and frames. Lawyers for the company said in a court filing that it doesn’t actually collect biometric data.

--With assistance from Jeannette Neumann.

To contact the reporter on this story:
Malathi Nayak in San Francisco at

To contact the editors responsible for this story:
Katia Porzecanski at

Peter Blumberg

© 2022 Bloomberg L.P. All rights reserved. Used with permission.

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.