California has long been known for its progressive privacy protection laws, and the California Consumer Privacy Act (CCPA) is no exception.
The CCPA, which came into effect in 2020, provides California residents with similar rights to the European GDPR law. These rights include the ability to review their personal information, monitor its transfer to third parties, and demand its deletion.
However, the enforcement mechanism for the CCPA has been slow to take off. It is only now that companies are starting to face the consequences of non-compliance.
Cosmetics retailer Sephora recently agreed to pay a $1.2 million fine for violating the CCPA. The company failed to inform customers that it was collecting and selling their personal information and did not respond to requests to stop selling their data.
The CCPA's definition of "data sales" includes sharing information with third parties, even if no money is exchanged. Sephora shared data with others through cookies on its website to personalize the shopping experience and display personalized ads.
It's not just Californians who are affected by the CCPA; the law also applies to the processing of information of residents outside the state, including in Israel. Companies using cookies should be transparent about it and give users the ability to refuse.
The Sephora case serves as a warning to companies that privacy protection is not optional. As consumers become more aware of their rights, companies must comply with privacy laws or face the consequences.
Comments