In the first enforcement action of the California Consumer Privacy Act (CCPA) – the US’s most sweeping state-level consumer data protection law – the state’s attorney general Rob Bonta last week announced that it’s settled a $1.2m lawsuit with beauty retailer Sephora over alleged violations. CCPA went into effect in January of 2020.

And although Sephora’s brand reputation may not be on the line, the ears of other organizations may be perking up at the news.

“[This] should effectively put to rest any remaining perceived ambiguity … [concerning] the opt-out of sale requirement as it relates to tracking,” says Arielle Garcia, chief privacy officer at ad agency UM Worldwide.

She suggests that organizations everywhere are under the gun to ensure the details of their privacy policies are compliant with data sales and opt-out requirements. “For brands that may have maintained a position that they ‘do not sell,’ this should serve as a catalyst to bring together privacy, legal, IT and marketing to ensure that advertising and marketing data use is fully contemplated in their CCPA approach.”

Read more in The Drum.