Selling Trust: Privacy Laws, Social Media, and Influencers

By: Shana Piotrowski – CIPP/U.S.
3L, Santa Clara University School of Law

Social media platforms became online marketplaces where targeted ads and influencer endorsements shape consumer choices, raising data privacy concerns. Laws like the California Consumer Privacy Act (CCPA) regulate data use, impacting marketing tactics, while the FTC’s Endorsement Guides (Guides) ensure transparency in influencer marketing. These regulations influence how businesses approach advertising. Two Sephora cases illustrate how businesses adapt to ensure transparency, protect consumer data, and maintain trust.

CCPA Impacts Data Use in Online Marketing

Social media platforms must comply with the CCPA by adjusting data collection, providing opt-out options, disclosing data practices, and safeguarding personal information for targeted ads. Large influencers using email lists or websites for data collection must also comply. Smaller influencers may not meet CCPA thresholds but should stay informed as they grow.

Key CCPA Rules for Marketing Compliance:

• Transparency: Businesses must disclose data collection and sharing practices.
• Consumer Rights: Consumers have the right to know how their data is used, particularly for targeted ads.
• Opt-Out Options: Consumers can refuse the sale or sharing of their data. This affects targeted ads, which rely on tracking technologies.
• Security Measures: Businesses must implement reasonable protections against unauthorized access.

Build Consumer Trust Through the Guides

The Guides promote transparency in influencer marketing by requiring the disclosure of material connections between influencers and brands, fostering consumer trust and preventing deceptive marketing.

Key Rules for Social Media Endorsements:

• Clear Disclosure: Endorsements must be labeled (e.g., #ad, “paid partnership”) where consumers can see them.
• Honest Reflections: Endorsements must reflect genuine opinions or experiences.
• Bona Fide Usage: If an influencer claims to use a product, they must have actually used it.
• Platform-Specific Considerations: Video-based platforms may require both audible and visual disclosures.
• Compliance: Failure to follow the Guides may result in FTC enforcement.

Lessons from Sephora

In 2022, Sephora settled a $1.2 million case for failing to disclose data sales and honor opt-out requests under CCPA. The company updated its privacy policies and compliance measures in response. In 2024, Sephora won a lawsuit regarding its “Clean at Sephora” label, with the court ruling that consumers would not interpret the label as indicating the products are entirely free of synthetic ingredients, thus preventing claims of deceptive marketing. Both cases highlight the importance of transparent practices.

Adapting to Transparency Demands

Businesses are evolving to meet privacy and marketing standards online:

1. Explicit Labeling: Platforms like Instagram require influencers to use paid partnership labels for transparency.
2. California Delete Act: Businesses must ensure compliance with expanding privacy state laws, like California’s new data broker rules, which require stricter consent for data sharing and preparation for the 2026 Delete Act.
3. Data Transparency: Industry leader Apple integrated privacy features its products, allowing users greater control over their data, in line with the privacy by design principle.

Conclusion

As privacy laws and marketing standards evolve, businesses that prioritize transparency will foster strong consumer relationships and ensure compliance. Clear disclosure, honest endorsements, and responsible data practices are the foundation of such success in the online marketplace.