In a seemingly generous move, Microsoft has announced plans to ‘honor' California's incoming privacy law across the US. The California Consumer Privacy Act (CCPA), will go into effect on January 1, and it brings some important new protections.
The act is reminiscent of the European Union's GDPR, the tools for which Microsoft has already rolled out worldwide. Crucially, the CCPA gives users the right to know what personal data is being collected, whether it's sold and to whom. It also lets them say no to the sale of their data, access it, and request deletion. Companies are unable to discriminate against users who exercise these rights.
Microsoft says it will extend the core tenets of this agreement to all of its US customers, highlighting its support for more robust privacy legislation. Interestingly, the company says it will support the legislation despite it not yet being entirely clear what CCPA will require.
“While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction,” said Julie Brill, chief privacy officer, in a blog post.
It's also helping its enterprise customers transition and comply with the act and understand how CCPA will affect them, with tools rolling out in due time.
Pushing for Further Improvements
With any commitment like this, though, there's always the question of whether the company's actions will line up with its words. Despite its commitments to GDPR, Microsoft has been accused of breaking it with Office telemetry and is under investigation by the EU for GDPR concerns surrounding its contracts with third-parties. Implementing such legislation is complicated for a large company.
Either way, Microsoft says it will continue to push for privacy legislation across the US.
“We are calling upon policymakers in other states and in Congress to build upon the progress made by California and go further by incorporating robust requirements that will make companies more responsible for the data they collect and use, and other key rights from GDPR,” said Brill.
In the long-term, the company wants to see regulation that was forces companies to minimize data collection and specify the purpose of the collection.