California is home to one of the most rigid consumer privacy laws in the country. Originally passed in 2018 and later intensified in 2020, the law affords consumers the right to know the extent of information collected by companies online, the ability to have that private data deleted, and the capability to refuse the sale of their information to third party entities. The strength of this law led to the $1.2 million settlement of a civil suit, which pinned the cosmetics company, Sephora Inc., of violating consumer rights. The company failed to comply with the law and allegedly sold customer information without consent.
Even once the violation was discovered, the cosmetics empire did not exhibit the proper due diligence of amending the problem within 30 days, as required by the consumer protection law. Within the settlement, Sephora must not only shell out $1.2 million, but must also work to immediately correct the data distribution problem. It is the hope that this lawsuit will serve as a warning to additional companies that fail to comply with the law. The state Attorney General Rob Bonta has issued several warnings to over 100 companies that did not initially take the new law seriously.