Microsoft to Apply California’s Privacy Law to All U.S. Users

The move takes a broader stand to protect user data and support the requirements of CCPA nationwide.

Microsoft is extending a California law aimed at protecting users privacy to all of its users in the United States, an unexpected move supporting tougher requirements  to disclose exactly how the company uses the consumer data it collects.

The California Consumer Privacy Act, known as CCPA, is scheduled to go into effect on Jan. 1. It demands more transparency from companies about how user data is being used and disseminated and requires them to give consumers a way to opt out of these actions.

In a blog post about the move, Julie Brill, Microsoft’s chief privacy officer, praised the law and the “robust control” it gives people over their data.

“We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents,” she wrote in the blog post. “Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual.”

Though the specifics of CCPA and how companies must comply are still being ironed out, Brill said Microsoft will stay up to date on these policies and ensure it is compliant with them regarding all of its users when the law goes into effect.

“Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S.,” she wrote.

The company also will work with its enterprise customers to help them comply with CCPA and provide them with any tools and guidance they need, Brill added.

Not everyone is so enthusiastic about CCPA, however, not least of all Microsoft competitors. But more than opposing data privacy, technology leaders rather have taken a stand that they wish to promote a national law that provides consistent guidelines rather than be subject to individual state laws, which will require more investment on their part.

In September, a group called the Internet Association (IA) comprised of companies like Amazon, Google and Facebook released a national privacy framework comprised of policy considerations to modernize national privacy legislation. Part of this framework also urged pre-emption of state laws in favor of a broad national policy. Separately, Apple CEO Tim Cook also called on Congress to pass comprehensive data-privacy regulation.

Indeed, companies whose profits depend on tracking and using data to boost their sales–including Internet giants as well as retailers and advertising firms–are expected to take a financial hit in the long term from CCPA. Following a national policy certainly would be easier than adjusting policies and rules specific to each state.

Privacy advocates applauded Microsoft’s move, suggesting that it will force companies with lackluster privacy records to rethink how they protect consumer data and force them to make necessary changes.

“Great signal to send to the market,” Tweeted Jason Kint, CEO of Digital Content Next. “A number of major players in the Internet Association that failed in running misleading campaigns to try to dilute CCPA, now have an opportunity to lead here and leave Google and Facebook with a larger trust deficit.”

What are the top risks to modern enterprises in the peak era of data breaches? Find out: Join breach expert Chip Witt from SpyCloud and Threatpost senior editor Tara Seals, in our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.

Suggested articles