by Mengting Xu
On January 27, 2023, California Attorney General announced an investigative sweep focusing on businesses with mobile apps that fail to comply with the California Consumer Privacy Act (CCPA). The sweep covers businesses that allegedly failed to comply with the consumer opt-out requests (either submitted by consumers directly or via an authorized agent), or failed to provide mechanisms for consumers to opt-out the sale of personal information.
In August 2022, the Attorney General announced its first CCPA settlement against Sephora, resolving allegations that the company violated the CCPA. Sephora allegedly failed to disclose to consumers that it was selling their personal information, and failed to process consumer opt-out requests submitted via global privacy controls. A global privacy control allows consumers to opt-out of the sale of personal information by sending a “do not sell” signal to each website they visit.