Learning From Sephora: How to Avoid a Data Privacy Lawsuit

Learning From Sephora: How to Avoid a Data Privacy Lawsuit

Consumer privacy is more important than ever, with California taking the lead in protecting consumers’ rights. The CCPA ensures that consumers have the right to:

  • Know about the personal information a business collects about them and how it is used and shared
  • Delete personal information collected from them
  • Opt out of the sale of their personal information
  • Non-discrimination for exercising their CCPA rights.

What Went Wrong for Sephora:

Recently, the multi-billion dollar cosmetics corporation, Sephora, has been under hot water for data privacy violations. The claim was filed by California’s attorney general Rob Bonta claiming that Sephora allegedly stated on its website that it did not sell consumers’ personal information while they were selling the data and without informing the consumers whose information was purchased by third parties. The complaint also argued that Sephora’s privacy policy was unnecessarily difficult to find and that the brand did not offer its customers an easily accessible opt-out link on the website and shop app.

The company’s point of contention came from the “loose” definition of the word sale under the law, as the CCPA defines the word sale differently from the commonly known denotation. Under the CCPA, “sale” is described as the selling or transferring of a consumer’s personal information through business to business (B2B) or a third party in exchange for monetary compensation or “other valuable consideration.”

The loose translation of what constitutes the selling of consumers’ data under the CCPA creates confusion for businesses, particularly those in the marketing and advertising industries. The State of California recognizes its role in the chaos of these new data privacy and regulation laws and does not require Sephora to admit liability or wrongdoing. However, the beauty corporation is required to pay $1.2M in fines and penalties for violating the CCPA and comply by:

  • Clarifying its online disclosures and privacy policy to include an affirmative representation that it sells data
  • Providing mechanisms for consumers to opt-out of the sale of personal information
  • Conforming its service provider agreements to CCPA requirements
  • Providing ongoing reports to the Attorney General relating to its sale of personal information, the status of its service provider relationships, and its efforts to honor Global Privacy Control.

Understanding the Settlement:

Sephora’s recent settlement underscores the importance of protecting consumers’ privacy rights to fight commercial surveillance. In addition, it emphasizes how seriously the State of California is pursuing justice for the protection of consumers’ right to privacy and the right not to have their personal information sold. As time goes on, privacy laws will continue to get updated while receiving revisions and clarifications since the internet is a constantly evolving landscape. Sephora’s settlement signals that the Attorney General and the State of California will vehemently go after companies they find violating the privacy laws.

How You Can Get Compliant in 60 Days or Less:

As a business, the thought of violating the CCPA and having to pay significant settlements is surely terrifying. Fortunately, UnsubCentral has a slew of solutions to help prevent privacy violations and ensure data compliance. With our team’s efforts, we can make your outbound marketing efforts reach compliance within 60 days. Here’s how we do it: 

  1. Scrub

    In less than a minute, our software can offer one million clean records. Just submit your list to the platform, and our staff will do the grunt work of cleaning it up by deleting duplicate and incorrect addresses.

  2. Store

    Make your email opt-outs safe and simple to find. We offer you the power to decide which lists your partners and staff may see in order to verify your suppression compliance.

  3. Sync

    Standardize your settings and email exclusion lists across all systems. We will integrate directly with existing platforms using FTP/SFTP/FTPS, API, or direct integration. Sharing your lists to third-party partners becomes much simpler when everything is in one central location.

  4. Scale

    Exchange email opt-out lists without personally transferring suppression data. To easily automate your email compliance, we integrate with the most reliable CPA networks and affiliate management platforms available.

    For more information on how to avoid data privacy pitfalls and ensure that you adhere to the most recent compliance standards, please contact our team at UnsubCentral.

Get Ahead of Your Organization’s Compliance

Download our free compliance handbook to understand why companies are getting fined thousands of dollars and see how you can start improving your company’s email compliance.


Subscribe For Email Updates

Ready to Get Compliant?

Request a demo with our team to see how our customizable solutions can generate more revenue from your outbound marketing efforts.