The alignment problem with sale of data
This white paper provides insights on how privacy pros responded to the Sephora enforcement, and the update of practices to account for the expansion of "sale."
Published: 20 Dec. 2022
In August 2022, the California Office of the Attorney General announced a $1.2 million settlement with international cosmetic retailer Sephora for violations of the California Consumer Privacy Act. Following this announcement came a wave of questions about the regulator’s emphasis on the broad interpretation of the CCPA’s “sale of data” and adoption of the Global Privacy Control. The interpretation of a “sale” of personal data has been a lingering issue since the passage of the CCPA. Variations between existing U.S. state consumer privacy laws and the proposed American Data Privacy and Protection Act, industry groups’ definitions and self-regulatory guidance and the California attorney general’s focus on technical compliance highlight a lack of consensus on how to implement compliant “sale” and sharing of personal data across organizations and industries.
This white paper provides insights on:
- How privacy professionals across ten industries responded to the Sephora enforcement action.
- How privacy professionals are updating their practices to account for the expansion of “sale.”
- The technical, legal and business lenses different organizations use to review existing processes and create new ones.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
The alignment problem with sale of data
This white paper provides insights on how privacy pros responded to the Sephora enforcement, and the update of practices to account for the expansion of "sale."
Published: 20 Dec. 2022
Contributors:
Anokhy Desai
Privacy Counsel
CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP
In August 2022, the California Office of the Attorney General announced a $1.2 million settlement with international cosmetic retailer Sephora for violations of the California Consumer Privacy Act. Following this announcement came a wave of questions about the regulator’s emphasis on the broad interpretation of the CCPA’s “sale of data” and adoption of the Global Privacy Control. The interpretation of a “sale” of personal data has been a lingering issue since the passage of the CCPA. Variations between existing U.S. state consumer privacy laws and the proposed American Data Privacy and Protection Act, industry groups’ definitions and self-regulatory guidance and the California attorney general’s focus on technical compliance highlight a lack of consensus on how to implement compliant “sale” and sharing of personal data across organizations and industries.
This white paper provides insights on:
- How privacy professionals across ten industries responded to the Sephora enforcement action.
- How privacy professionals are updating their practices to account for the expansion of “sale.”
- The technical, legal and business lenses different organizations use to review existing processes and create new ones.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
Related resources
US Data Privacy Litigation
Global AI Governance Law and Policy: United Arab Emirates
Global AI Governance Law and Policy: Japan