Sephora to pay $1.2 million in settlement over California consumer privacy law

The company was accused of violating the CCPA

The California attorney general's office announced Wednesday that Sephora must pay $1.2 million as part of a settlement in connection to state's consumer privacy law.

The settlement comes after California Attorney General Rob Bonta accused Sephora of violating the California Consumer Privacy Act (CCPA) by allegedly failing to inform consumers it was selling their personal information and failing to process requests to opt out of sales "via user-enabled global privacy controls," according to the release from Bonta's office. The cosmetics giant also allegedly failed to cure the violations within 30 days of being notified in June 2021.

The company allowed third-party companies to track certain data about consumers as they shopped online, Bonta's office said. A spokesperson for Sephora told FOX Business in a statement that the cosmetics giant "uses data strictly for Sephora experiences."

"The California Consumer Privacy Act ("CCPA") does not define ‘sale’ in the traditional sense of the term. ‘Sale’ includes common, industry-wide technology practices such as cookies, which allow us to provide consumers with more relevant Sephora product recommendations, personalized shopping experiences and ads," the statement from Sephora said.


The settlement, still pending judge approval, required Sephora to include an "affirmative representation that it sells data" in its online disclosures and privacy policy, provide ways including via global privacy control for customers to opt out of their personal information being sold, and to make its service provider agreements conform with the CCPA, according to the release. It also has a requirement to provide the state AG's office with reports about "its sale of personal information, the status of its service provider relationships, and its efforts to honor Global Privacy Control," Bonta's office said.

osmetics Shopping Manhattan

Women can be seen through a Sephora store window as they shop for cosmetics in New York City on March 8, 2012. (iStock / iStock)

"We have always cooperated fully with the OAG and Sephora's practices are already in compliance with the CCPA," the Sephora spokesperson said, noting the settlement is not an admission of liability or fault by the company. The spokesperson said Sephora has allowed customers to opt out of the sale of personal information, including via global privacy control tools since November.


The settlement marked California's first public enforcement action under the CCPA, according to Bonta's office.