Resource Center / White Papers / The Alignment Problem with "Sale of Data"
The Alignment Problem with "Sale of Data"
This white paper provides insights on how privacy pros responded to the Sephora enforcement, and the update of practices to account for the expansion of "sale."
Published: December 2022
Contributor:
In August 2022, the California Office of the Attorney General announced a $1.2 million settlement with international cosmetic retailer Sephora for violations of the California Consumer Privacy Act. Following this announcement came a wave of questions about the regulator’s emphasis on the broad interpretation of the CCPA’s “sale of data” and adoption of the Global Privacy Control. The interpretation of a “sale” of personal data has been a lingering issue since the passage of the CCPA. Variations between existing U.S. state consumer privacy laws and the proposed American Data Privacy and Protection Act, industry groups’ definitions and self-regulatory guidance and the California attorney general’s focus on technical compliance highlight a lack of consensus on how to implement compliant “sale” and sharing of personal data across organizations and industries.
This white paper provides insights on:
- How privacy professionals across ten industries responded to the Sephora enforcement action.
- How privacy professionals are updating their practices to account for the expansion of “sale.”
- The technical, legal and business lenses different organizations use to review existing processes and create new ones.
Approved