Microsoft has pledged to honor California‘s landmark digital privacy law across the entire US.
“Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual,” Microsoft’s chief privacy officer Julie Brill said.
Called the California Consumer Privacy Act (CCPA), the law emulates the EU GDPR framework to protect the privacy of California’s citizens. It compels companies to be more transparent in the way they collect and use their customers’ data, and gives users more control over their personal information, particularly when being sold.
In addition to offering opt-outs, the companies must be able to delete any data it holds about a customer upon request. And just like the GDPR, companies found to be breaching the CCPA could be fined up to $2,500 per violation or up to $7,500 if it’s clear the violation was intentional.
Although the CCPA is expected to go into effect on January 1, 2020, exactly what’s required of the companies to abide by the regulations is still being developed.
Brill said Microsoft — which has data collecting products like Edge browser, Cortana, Windows, Bing, Skype, and Xbox Live — will continue to monitor any enforcement changes, and make appropriate adjustments to meet the new transparency and control requirements under the CCPA.
The need for a national data privacy law
The CCPA is no doubt the most sweeping privacy law in the US. But it’s also likely to make companies wade through a legal minefield that would force them to yield to a patchwork of discrete privacy laws as opposed to one federal regulation, making compliance extremely onerous and expensive.
Meanwhile, efforts to pass a federal privacy law have made little progress in the US, with lawmakers disagreeing over issues like whether the bill should preempt state rules.
The fact that Microsoft is treating the state law as a federal legislation is telling. But then again, the tech giant may have had it easy.
According to Reuters, “it may be easier for Microsoft than other tech platforms to comply with California‘s privacy laws because much of Microsoft‘s business can qualify as a ‘service provider'” — a type of business that is given special treatment under the CCPA.
But in the absence of a federal law, it won’t be altogether surprising if the CCPA turns out to be the ipso facto privacy rule of the land.