Sephora, one of the world’s biggest cosmetic retailers, has agreed to pay a $1.2 million in penalties after allegedly violating the California Consumer Privacy Act (CCPA). California law enforcement claims that the company failed to disclose to customers that it was selling personal information. In addition, the vendor did not process user requests to opt out of the sale of data via user-enabled global privacy controls mandated by the Act. Furthermore, the company did not take corrective action within the 30-day notification period.
The punitive actions were announced by CA attorney general Rob Bonta earlier this week. The settlement is reportedly part of the administration’s efforts to enforce the law, which was enacted roughly two years ago. Bonta addressed the law, stating that the office would hold companies accountable for failing to protect consumer privacy.
Read More: Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement