What you need to know
- Microsoft committed to extended new privacy laws in California across the U.S.
- The new protections are granted under the California Consumer Privacy Act.
- The laws require companies to be "more transparent" about data collection and use, and allow people to opt out of having their data sold.
Microsoft announced today that it will extend privacy regulations put in place by a California privacy law across the U.S. The law, known as the California Consumer Privacy Act (CCPA), is similar to Europe's General Data Protection Regulations (GPDR), and is set to go into effect in January 2020.
"We are strong supporters of California's new law and the expansion of privacy protections in the United States that it represents," Microsoft chief privacy officer Julie Brill said in a blog post. "Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual."
Under the new law, companies will be required to inform customers about how their data is collected and used. People will also have the right to opt out of having their personal information from being sold. This could represent a blow to companies like Facebook and Google, which make money off of selling user data to advertisers. Both Facebook and Google have already made the necessary changes to comply with Europe's GDPR, and it's unclear how much of an impact the CCPA will have on their bottom lines. However, both companies reportedly fought to "water down" the legislation.
A source speaking with Reuters notes that Microsoft's decision to comply with the law across the U.S. may not be as "substantial" as it appears on the surface. Under the law, Microsoft is treated as a "service provider," a group designation that means it will likely have an easier time complying with the CCPA.
The other two categories, businesses and third parties, must disclose to consumers when data is shared between them, potentially allowing them to opt out. Service providers are companies that have agreed, under contract, not to keep or share any personal information for any reason other than the purposes defined in the contract.
For its part, Microsoft says that it hopes the CCPA will spur action at the federal level to implement privacy protections across the U.S., which would circumvent a need for a patchwork of legislation across states.
"We are optimistic that the California Consumer Privacy Act — and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.," Brill said. "As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately."
