Ad-H Ad-H

Beauty products retailer to pay $1.2M to settle Calif. privacy charges


Beauty products retailer Sephora Inc. will pay $1.2 million to settle charges it violated the California Consumer Privacy Act, the California attorney general’s office said Wednesday.

California AG Rob Bonta said in a statement that Sephora, whose U.S. headquarters is in San Francisco, failed to disclose to consumers it was selling their personal information and to process user requests to opt out of this information’s sale. It also did not address these violations within the 30-day period allowed by the CCPA, the statement said.

Among terms of the settlement, Sephora must clarify its online disclosures and privacy policy; provide mechanisms for consumers to opt out of the sale of their personal data; confirm its service provider arrangements meet CCPA requirements, and provide reports to the attorney general on its efforts to honor global privacy control.

Mr. Bonta said in a statement that many online retailers allow third-party companies to install tracking software on their websites which, in Sophora’s case, permits them to create customers’ profiles by tracking the computer they use, the items they put in their online shopping carts or their precise location.

This permits retailers such as Sephora to more effectively target potential customers, he said.

Sephora issued a statement that said in part it respects consumers’ privacy, and the settlement does not constitute an admission of liability or fault by the company.

It said also the CCPA’s definition of data includes “common, industry-wide technology practices such as cookies, which allow us to provide consumers with more relevant Sephora product recommendations, personalized shopping experiences and ads.

“Consumers have the opportunity to opt-out of this personalized shopping experience by clicking the ‘CA – Do Not Sell My Personal Information’ link on the footer of the Sephora.com website or by using a browser that broadcasts the Global Privacy Control,” it said.

The CCPA, which was signed into law by then-Gov. Jerry Brown in June, 2018 became effective Jan. 1, 2020, and is similar in some respects to the European Union’s General Data Protection Regulation. 

 

 

 

 



Source link

Leave a Comment