Cosmetics giant was fined $1.2 million for failing to inform customers about selling their data.
Under the settlement, announced by California Attorney General Rob Bonta, Sephora agreed to pay $1,2 million in penalties and comply with requirements such as providing mechanisms for consumers to opt-out of the sale of personal information.
"Technologies like the Global Privacy Control are a game changer for consumers looking to exercise their data privacy rights. But these rights are meaningless if businesses hide how they are using their customer's data and ignore requests to opt-out of its sale," Rob Bonta said.
Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared.
"I hope today's settlement sends a strong message to businesses that are still failing to comply with California's consumer privacy law. My office is watching, and we will hold you accountable," Bonta warned.
He noted that consumers are constantly tracked online, and many vendors allow third-party companies to install tracking software on their websites and apps. That way, third parties can monitor all kinds of data.
For example, in Sephora's case, third parties could see whether a consumer is using a MacBook or a Dell, whether they are using prenatal vitamins, what eyeliner brand they prefer, and even their precise location.
General Bonta also sent notices today to a number of businesses alleging non-compliance relating to their failure to process consumer opt-out requests made via user-enabled global privacy controls. Firms that received letters today have 30 days to cure the alleged violations.
More from Cybernews:
Subscribe to our newsletter