This program originally aired on December 7, 2022. Please note that the on-demand format of this program is not eligible for CLE/CPD credit.

On August 24, 2022, California's Attorney General Rob Bonta announced the first major enforcement of CCPA against the luxury retailer Sephora. Among other compliance failures, Bonta pointed out that Sephora's web sites did not properly handle the GPC signal, which directly equates to a violation of CCPA. This was the first time the GPC was explicitly included as part of privacy compliance, as it has only been a “recommendation” since it was proposed in 2020. The term “Global Privacy Control” appears 11 times in the press release, clearly indicating the AG's focus on it. The "Global Privacy Control" is an update to the "Do Not Track" browser signal that was successfully thwarted by lobbyists 10 years ago and has returned to attention as part of the CPRA update to CCPA.

Consent is now the key to unlock your customer relationship. It is time to re-think consent and notification infrastructure and improve your data ingestion flows with clear, understandable notices and a seamless consent path that fits each interaction to a “T”. When users feel important and in the know, their trust (and your consent uptake) is greatly improved.

This enforcement is a case study in noncompliance, how marketing and privacy intersect, and what companies should do to avoid the ire of the AG and the CPPA enforcement agency. Before understanding what companies should be doing to avoid a similar enforcement action, it's important to understand how privacy laws such as the California Consumer Privacy Act now interpret targeted advertising as a sale of data.

Come join our panel of experts as we discuss:

• Deep dive into the Sephora Enforcement case
• What are the new requirements – GPC, notification, consent/revoke, age-related consent or opt-ins and how it applies to your business.
• What does a post-cookie consent and preference approach look like?

Generously sponsored by Exterro