Global Beauty Brand Settles Violations of CCPA over Shared Consumer Data
Last month, the California Attorney General announced a $1.2 million settlement resolving allegations that an international beauty retailer violated the California Consumer Privacy Act (CCPA) when the Company failed to disclose it was selling consumer information, misleading consumers to believe the Company did not sell their information.
The initial complaint stemmed from a June 2021 enforcement effort by the AG’s Office to determine whether any large online retailers failed to comply with the CCPA by providing consumers the opportunity to opt-out of third-party analytics and sharing of their information through user-enabled global privacy controls (GPC).
Through its initial investigation, the California Attorney General’s Office determined that the Company allowed third-party companies to install tracking software on its website, enabling the company to monitor consumer activity beyond just what consumers purchased. Further, the Company’s website did not register GPC prompts that would have enabled consumers to opt out of sharing their information, and failed to disclose their sale of consumer information required by the CCPA.
Following this initial discovery, the Company was informed of the Attorney General’s findings and was given 30 days to cure, but failed to take any of the steps advised by the Attorney General.