Wednesday, August 24 marked the end of the quiet period for enforcement of the California Consumer Privacy Act (CCPA).
Attorney General Rob Bonta’s office fined Sephora, a large cosmetics retailer owned by LVMH, $1.2 million. This is the first fine under CCPA. The AG’s office also sent notice and cure letters to more than 100 other businesses, giving them 30 days to correct violations.
Sephora allegedly installed third party trackers to build profiles on visitors. But what got them in real hot water with the AG was their claim they didn’t sell personal information. Under the CCPA, Sephora’s sharing of data qualified as a sale.
Now there’s no longer any doubt the “sale” of data includes the use of cookies and data sharing in targeted advertising.While $1.2 million is less than .1% of Sephora revenue, the company faces injunctions. It must file annual reports that name which entities receive personal information and why.The agreement with Bonta’s office “does not constitute an admission of liability or fault by Sephora,” said the company.
Bonta’s statement was unequivocal: “It’s time for companies to get the memo. Protect consumer data. Honor their privacy rights. The kid gloves are coming off.”While regulators are expected to have patience with companies that show good faith effort—like auditing with Boltive Privacy Guard—they will have a short fuse with companies that don’t enact privacy protections.The Sephora judgement reminds companies they must avoid:
Boltive helps businesses protect against all three areas.
Last year around this time Bonta’s office published an anonymized list of warning letters it sent out. This fine appears to be the kickoff for CCPA enforcement.
Watch out next year. In California on January 1, the stricter version of California’s privacy law, CPRA, takes effect, with stronger do not share provisions and tighter obligations to contract with and monitor third parties.
Also on that day, the 30 day cure period for companies to fix violations. goes away. Finally, there will be two sheriffs: the California Privacy Protection Agency (CPPA) and the Attorney General enforcing California privacy laws.
Other state laws will take effect, such as Virginia and January 1, Colorado and Connecticut July 1, and Utah December 31. Even in states without privacy laws, nearly all prohibit deceptive business practices such as false representations. These states could prosecute situations like Sephora’s where firms claim not to sell data but then allegedly do.Finally, at the federal level, we may have the national law (ADPPA) and or rulemaking and enforcement by the FTC.
“Following consumer outcry, regulators realize excessive data sharing is a threat to more people than data theft,” said Dan Frechtling, Boltive CEO. “Boltive Privacy Guard makes it simple for brands show the highest privacy standards to preserve consumer trust.”
Today, making sure consumers don’t see your ads is just as important as making sure they do. In a new privacy-oriented world, data sharing can create liability more often than data theft does. Privacy Guard uses patented technology to simulate your users journey on the web and captures and aggregates real ads being served in real time, delivering the key insights you need to keep your consumer data — and your brand reputation — safe.
Boltive Launches New Product Ad Monitor: Revolutionizing Ad Insights with AI-Powered Discovery Engine
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 2: What Regulators Want Us To Do – The Value of Proactivity
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 1: What Regulators Want Us To Know – Busting Common Myths
Go to Post
Text LinkPrioritizing Children's Privacy: Strategies for Ethical Advertising and the Use of AI
Go to Post
Text LinkBusiness Ninjas Podcast - Secure Protection for Advertisers Against Invasive Media
Go to Post
Text LinkBoltive and Slalom Consulting Join Forces to Bolster Data Privacy: A Powerful Alliance Against Emerging Risks
Go to Post
Text LinkAutomating Threat Detection: How Boltive is Harnessing Artificial Intelligence to Reshape Ad Security
Go to Post
Text LinkForbes Article - The Privacy Prescription: Rules Restricting Health Data Use And How To Employ More Holistic Security Measures
Go to Post
Text LinkOur CEO, Dan Frechtling, featured on Leadership Live podcast with Daphna Horowitz
Go to Post
Text LinkWhy Data Privacy is Being Overhauled in 2023: Dan Frechtling featured on the Security Weekly Productions podcast
Go to Post
Text LinkOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Go to Post
Text LinkGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Go to Post
Text LinkWe're fresh out of content!
All the news that's fit to print.
