Monday, November 28, 2022
Home TECH California data privacy law catches Sephora and sets the stage for the...

California data privacy law catches Sephora and sets the stage for the future

The recent first-time enforcement of the California Consumer Privacy Act (CCPA) laid the groundwork for national regulation of data privacy and how businesses can navigate the collection and use of customer data, including its sale to third parties.

Beauty and personal care retailer Sephora has agreed to pay a $1.2 million fine in an agreement with California in response to a complaint presented by Rob Bonta, the state attorney general. The accusations claimed that Sephora failed to inform consumers that his personal information was being sold and allegedly stated on his website that he did not sell personal information. The complaint further alleged that Sephora did not provide an easy-to-find link on the web or in its app that customers could use to opt out of the sale of their personal information.

Increasing regulations are beginning to take hold on privacy and data collection, though enforcement may be a trickle, for now, rather than a flood, says Cobun Zweifel-Keegan, managing director of the International Association of Information Technology Professionals. Privacy Policy (IAPP) in Washington, DC However, the Sephora settlement shows that the state is actively enforcing the law. “This shouldn’t completely surprise anyone who has been following … the way California regulators have been talking about their interpretations of [CCPA],” he says. “This is bringing those interpretations to life and making it clear that there are compliance teeth behind the CCPA requirements.”

Zweifel-Keegan says the introduction of more law enforcement agencies will likely lead to more cases, including in other states like Colorado, which is finalizing its data privacy regulations.

The California Attorney General’s focus on “Don’t Sell” and use of ad providers also wasn’t what the community expected regulators to act on first, says DataGrail CEO Daniel Barber. “I don’t think Sephora’s response was what the community really expected,” he says. “This kind of shakes up through the industry.”

The AG’s moves may have put privacy professionals on the back foot, says Barber, and raised questions about ad technology that relies on customer information, which companies might view as collection and processing rather than being sold. in doubt whether they are selling information or not,” she says.

What constitutes a sale?

There are different perspectives, says Barber, on what constitutes a sale. For example, what happens if information is exchanged between companies without the money changing hands? “Many in the community would have argued that it was not the ‘sale’ of information,” she says. “It is now very clear that the AG intends to take a position on this particular definition, an ad technology definition, which is included as part of the ‘Do Not Sell’ concept.” Other state-level regulations may have constructions similar to CCPA, Barber says. “The impact will continue for the next several months.”

Data collection and privacy is an increasingly complex issue that has come to include concerns about how consumers are targeted by advertisements, judged by financial lenders, and the inferences that can be made about women’s health as they age. numerous states enact laws against abortion.

Some of the language in the complaint and California’s settlement with Sephora helps frame the perspectives regulators might take. For example, the California lawsuit cited tracking software on Sephora’s website and app that allows third parties to monitor consumers, provides businesses with information about the types of computers consumers use, personal location and types of products added to your online shopping carts. Third parties could then submit analytics based on that information to Sephora to better target digital ads.

More regulatory legislation is in the works. For example, California lawmakers are working on a privacy law to prohibit the creation and use of so-called addictive features on social networks. California is also working on Privacy Protections for Minors Who Go Online. “They’re really built around the safety of kids and teens,” says Zweifel-Keegan. “They have privacy implications in that they will affect how companies collect and process personal information.”

Surveillance Practices

California regulators continued to describe such practices as “third party surveillance,” which is comparable to the Federal Trade Commission recently calling “business surveillance” in reference to the collection, analysis, and commercial profits made from data collected from the public.

Zweifel-Keegan says that organizations should have contracts between data controllers and data processors or between companies and their service providers to specify what the purpose behind the processing of customers’ personal information is and what the purposes should be. boundaries. “That’s something that came up in the Sephora case because it appears there were some third-party entities that may collect personal information through publisher websites,” she says.

There’s also the issue of presenting clear options for customers to opt out of having their information collected and sold. The privacy community, says Zweifel-Keegan, is thinking about what it means to offer usable choice mechanisms for consumers with debates about how they are presented “There’s a lot of talk about ‘choice fatigue’: having too many pop-ups, too many questions,” she says. “It leads consumers to not necessarily feel like they’re in the driver’s seat.”

Zweifel-Keegan says the Sephora-California deal puts into perspective that data collection, privacy and related analytics will likely face increased scrutiny across the market. “It’s not just big tech that needs to think about privacy,” she says. “That’s a clear message that California is sending by coming to a company like Sephora.”

What to read next:

What the FTC’s Data Collection and Security Scrutiny May Mean

Can Data Collection Persist Amid Post-Roe Privacy Questions?

roe v. Wade and the new murky swamp of data privacy

What would the federal privacy policy look like if it were passed?


How a small electoral business became a conspiracy theory target

At an invitation-only conference in August at a secret location southeast of Phoenix, a group of election deniers revealed a new conspiracy theory about...

A huge new data set pushes the limits of neuroscience

So neuroscientists use an approach called "dimensionality reduction" to make such a visualization possible: They take data from thousands of neurons and, by applying...


Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

4 Ways to Make Your Office Reception Area More Comfortable for Clients

Reception areas are the first thing your clients see when they visit your office, so you want to make sure it gives...

Top Tips for a Good Night’s Sleep

A good night's sleep is essential for our overall health and well-being, yet many people struggle to get the rest they need....

The Top Three Things You Can Do to Make Your Carnival Event More Spectacular

All kids love carnivals, and most adults do, too. What can be more thrilling and exciting than the...

The Importance of the Court Reporter’s Neutrality

The Importance of the Court Reporter’s Neutrality To listen and record with bias or judgement is a skill that’s...