Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant to the settlement, Sephora, a French cosmetics brand, will pay $1.2 million in fines and abide by a set of compliance obligations. The attorney general alleged Sephora failed to disclose to consumers it was selling their personal information; failed to honor user requests to opt out of sale via user-enabled global privacy controls; and did not cure these violations within the 30-day period allowed by the law. Data, Privacy & Cybersecurity partner Omer Tene and associate Gabe Maldoff explain more in the International Association of Privacy Professionals.