AP

Cosmetics giant Sephora settles customer data privacy suit

Aug 24, 2022, 1:22 AM | Updated: 3:33 pm

FILE - California Attorney General Rob Bonta talks at a news conference in Sacramento, Calif., June...

FILE - California Attorney General Rob Bonta talks at a news conference in Sacramento, Calif., June 28, 2022. California has settled a lawsuit against one of the world's largest cosmetics retailers that it accused of selling customer information without proper notice in violation of the state's landmark consumer privacy law, Bonta said Wednesday, Aug. 24, 2022. (AP Photo/Rich Pedroncelli, File)

(AP Photo/Rich Pedroncelli, File)

SACRAMENTO, Calif. (AP) — Sephora Inc., one of the world’s largest cosmetics retailers, has settled a lawsuit claiming that the company sold customer information without proper notice in violation of the California’s landmark consumer privacy law, state Attorney General Rob Bonta said Wednesday.

Sephora failed to tell customers that it was selling their personal information, failed to allow customers to opt out of that sale, and didn’t fix the problem within 30 days as required by the law, even after it was notified of the violation, state officials said.

The company agreed to pay $1.2 million and immediately correct the problem under the settlement, the state’s first such enforcement action under the California Consumer Privacy Act, according to Bonta.

Sephora said it is already complying with the state law after cooperating with Bonta’s office.

“Data is power, and these days everyone wants it,” Bonta said.

“Some of the most intimate details about your life are being harvested,” he said. “The more data a company has on you, the more power they have over you, the more they can target you to buy their goods and services.”

But the state law gives consumers a way to block that collection and sale.

The act was passed by state lawmakers in 2018 and expanded by voters in 2020. It gives California, home to Silicon Valley, what is viewed as the strongest U.S. data privacy law, providing consumers with the right to know what information companies collect about them online, to get that data deleted and to opt out of the sale of their personal information.

Bonta’s office has warned more than 100 companies that they were out of compliance and sent more than a dozen new notices on Wednesday. The “vast majority” complied, he said, but not Sephora, which sells cosmetics, perfumes, beauty and skincare products in 2,700 stores in 35 countries.

“Their actions compared to others was egregious,” he said, saying the settlement should be a warning to other companies that don’t comply.

The company did not admit any liability or wrongdoing under terms of the settlement. The company was founded in France and has its U.S. headquarters in San Francisco.

In its settlement, Sephora agreed to clarify its website disclosures and privacy policy to tell customers it sells their data, and allow them to opt out of that sale –steps it said it has already taken. It will file reports with Bonta’s office on its sale of personal information and compliance with the law.

Sephora said in a statement that the company “respects consumers’ privacy and strives to be transparent about how their personal information is used to improve their Sephora experience.” It said it allowed customers to opt out of the sale of personal information starting in November 2021.

The company said its tracking allows it “to provide consumers with more relevant Sephora product recommendations, personalized shopping experiences and ads” but that customers can now “opt-out of this personalized shopping experience” easily.

Sephora allowed third-party companies to install tracking software that allowed them to build detailed consumer profiles that allowed them to better target customers, Bonta said. But on its website it promised “we do not sell personal information,” according to the lawsuit.

The 30-day grace period for companies violating the law will end next year, when companies will be required to be in compliance without warning.

Also next year, Bonta’s office will begin sharing enforcement responsibility with a new California Privacy Protection Agency. The agency is taking public comment this week on proposed privacy regulations under the 2020 expansion.

“Certainly there is overlap,” Bonta said, but “multiple watchdogs on the block standing up for consumers, standing up for their privacy, making sure that data decisions are in their hands and that their data isn’t being sold or misused against their wishes is a good thing and we’re excited about that.”

Bonta and other California officials also want to make sure the state’s strict law isn’t undermined as the federal government considers what are likely to be less stringent nationwide standards.

The executive director of the state’s new privacy agency sent a letter this month to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy, both from California, warning that a version being considered in the House would replace California’s protections with weaker protections. Gov. Gavin Newsom and the state Assembly speaker are among others who have objected.

Bonta said California’s law wouldn’t be affected so long as Congress makes its standards “a floor, not a ceiling. That they do not preempt the incredible privacy protections, nation-leading privacy protections that we have here in California.”

The Federal Trade Commission said this month that it will also consider new rules.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Photo: President Joe Biden speaks at a news conference following the NATO Summit in Washington, Thu...

Zeke Miller, Seung Min Kim, Lisa Mascaro and Colleen Long, The Associated Press

Biden says during news conference he’s going to ‘complete the job’ despite calls to bow out

Biden used his highly anticipated news conference to deliver a defense of his policies and batted away questions about his ability to serve.

18 hours ago

Photo: Former New York Mayor Rudy Giuliani talks to reporters as he leaves the federal courthouse i...

Associated Press

Judge says Rudy Giuliani bankruptcy case likely to be dismissed. But his debts aren’t going away

A judge said he was leaning toward throwing out Rudy Giuliani's bankruptcy case. A dismissal would end his pursuit of bankruptcy protection.

2 days ago

biden democrats...

Lisa Mascaro, The Associated Press

Biden tells Hill Democrats he ‘declines’ to step aside and says it’s time for party drama ‘to end’

President Joe Biden stood firm against calls for him to drop his candidacy and called for an "end" to the intraparty drama.

4 days ago

BEVERLY HILLS, CA - SEPTEMBER 24: Actor Martin Mull attends FOX Hosts "The Cool Kids" Outdoor Scree...

ANDREW DALTON, THE ASSOCIATED PRESS

Comedic actor Martin Mull, star of ‘Roseanne,’ ‘Arrested Development,’ dies at 80

Martin Mull, whose droll, esoteric comedy and acting made him a hip sensation in the 1970s and a frequent guest star of sitcoms, has died.

13 days ago

In this photo provided by NASA, Boeing Crew Flight Test astronauts Butch Wilmore, left, and Suni Wi...

By ADITHI RAMAKRISHNAN, AP Science Writer

Astronauts will stay at the space station longer for more troubleshooting of Boeing capsule

Two NASA astronauts will stay longer at the International Space Station as engineers troubleshoot problems on Boeing’s new space capsule.

14 days ago

moore redmond washington...

Associated Press

U.S. Supreme Court rules against Redmond couple challenging foreign income tax

The court ruled in the case of Charles and Kathleen Moore, of Redmond, Washington after they previously challenged a $15,000 tax bill.

22 days ago

Cosmetics giant Sephora settles customer data privacy suit