On August 24, 2022, California Attorney General announced a settlement with a multinational online retailer, Sephora, Inc. (Sephora), resolving allegations that the company violated the California Consumer Privacy Act (CCPA). This is the first settlement of a CCPA enforcement action.
On August 24, 2022, California Attorney General announced a settlement with a multinational online retailer, Sephora, Inc. (Sephora), resolving allegations that the company violated the California Consumer Privacy Act (CCPA). This is the first settlement of a CCPA enforcement action.
On August 24, 2022, California Attorney General announced a settlement with multinational online retailer, Sephora, Inc. (Sephora), resolving allegations that the company violated the California Consumer Privacy Act (CCPA). This is the first settlement of a CCPA enforcement action.
After conducting an enforcement sweep of online retailers, the Attorney General alleged that Sephora failed to disclose to consumers that it was selling their personal information, that it failed to process user requests to opt out of sale via user-enabled global privacy controls in violation of the CCPA, and that it did not cure these violations within the 30-day period currently allowed by the CCPA.
Many online retailers allow third-party companies to install tracking software on their website and in their app so that third parties can monitor consumers as they shop. These third parties track all types of data – in Sephora’s case, the third parties could create profiles about consumers by tracking whether a consumer is using a MacBook or a Dell, the brand of eyeliner or the prenatal vitamins that a consumer puts in their “shopping cart,” and even a consumer's precise location.
Sephora's arrangement with these companies constituted a sale of consumer information under the CCPA, and it triggered certain basic obligations, such as telling consumers that they are selling their information and allowing consumers to opt-out of the sale of their information. Sephora did neither.
This settlement requires Sephora to pay $1.2 million in penalties and comply with important injunctive terms. Specifically, Sephora must:
A GPC allows consumers to opt out of all online sales in one fell swoop by broadcasting a "do not sell" signal across every website they visit, without having to click on an opt-out link each time. Under the CCPA, businesses must treat opt-out requests made by user-enabled global privacy controls the same as requests made by users who have clicked the “Do Not Sell My Personal Information” link.
This settlement indicates that sharing personal information with third parties for targeted advertising or analytics purposes constitutes a sale under the CCPA, for which consumers must be offered an opportunity to opt out. It also sends a strong message that the Attorney General is serious about enforcing GPC compliance.
CipherCore introduces a new way of accessing and using data in which data remains confidential and allows for a robust and secure collaboration between many data owners, without disclosing their data to each other.
Homomorphic encryption (HE) is a privacy technology that enables computation on encrypted data. This post covers the different types of HE, compares HE to secure multi-party computation (SMPC), and discusses the benefits and limitations of HE. The post also provides guidance on when to consider using HE for a specific use case.
.png)
With the rapid increase in cloud computing, concerns surrounding data privacy, security, and confidentiality also have been increased significantly. Not only cloud providers are susceptible to internal and external hacks, but also in some scenarios, data owners cannot outsource the computation due to privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE) is a groundbreaking invention in cryptography that, unlike traditional cryptosystems, enables computation on encrypted data without ever decrypting it.
