Microsoft plans to make changes required by California’s new data privacy law available to all its U.S. customers, the company said Monday.
Microsoft privacy chief Julie Brill pledged the company’s support for the California Consumer Privacy Act in a blog post. The position sets Microsoft aside from many of its peers who are vexed by the law.
CCPA gives California residents new rights to the ownership and control of their personal data. The law gives consumers the right to know what information companies collect about them, why they are collecting it, and whether the data is shared with third parties. Under the law, companies must delete consumers’ data if they are asked to do so. The law was passed in a hurry last year to circumvent a ballot initiative that would have implemented broader privacy regulations on technology companies.
Several tech companies are unhappy with the law but pushed for it because they believed the ballot initiative would be more difficult to comply with. Microsoft alluded to CCPA’s complexity in the blog post but pledged support for the law nonetheless.
“Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold,” Brill wrote. “Exactly what will be required under CCPA to accomplish these goals is still developing.”
CCPA follows the European Union’s General Data Protection Regulation, a more expansive set of privacy rules that took effect last year.
“While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction,” Brill wrote.
Microsoft is also advocating for privacy protections in its home state, Washington. The company was a key player last legislative session in a bill that would have implemented new data privacy standards and facial recognition regulations. The bill did not clear the legislature but Microsoft and others plan to take the issue up again next session.
“CCPA marks an important step toward providing people with more robust control over their data in the United States,” Brill said. “It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”