California Attorney General Bonta Announces Investigate Sweeps on Mobile Applications’ Compliance with the CCPAA

by Mengting Xu

On January 27, 2023, California Attorney General announced an investigative sweep focusing on businesses with mobile apps that fail to comply with the California Consumer Privacy Act (CCPA). The sweep covers businesses that allegedly failed to comply with the consumer opt-out requests (either submitted by consumers directly or via an authorized agent), or failed to provide mechanisms for consumers to opt-out the sale of personal information.

The CCPA secures privacy rights for California consumers, including the right to know how their personal information is collected, used, and shared, the right to opt-out the sale or sharing of personal information, and the right to delete personal information collected. Businesses that are subject to the CCPA are required to respond to these consumer requests and provide consumers a “notice at collection.” The notice must contain a link to the business’s privacy policy with a detailed description of its privacy practices and of consumers’ privacy rights.

In August 2022, the Attorney General announced its first CCPA settlement against Sephora, resolving allegations that the company violated the CCPA. Sephora allegedly failed to disclose to consumers that it was selling their personal information, and failed to process consumer opt-out requests submitted via global privacy controls. A global privacy control allows consumers to opt-out of the sale of personal information by sending a “do not sell” signal to each website they visit.