Microsoft embraces California data privacy law – don’t expect Google to follow suit

Software giant promises to extend protections across US

Microsoft has said that not only will it embrace a new data privacy law in California, due to come into force in the New Year, but will extend the same protections to everyone in the US.

In a blog post by the software giant’s chief privacy officer, Julie Brill is enthusiastic about the new law which has been the subject to extensive lobbying by tech giants like Google and Facebook to water down its contents.

Microsoft, as with Apple, appears to view strong privacy as an opportunity to differentiate itself from its online competitors. “Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual,” Brill wrote, adding: “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents.”

She also took several pot shots at Congress’ ongoing failure to agree on a federal data privacy policy, noting that “a lack of action by the United States Congress to pass comprehensive privacy legislation continues to be a serious issue for people who are concerned about how their data is collected, used and shared… In the absence of strong national legislation, California has enacted a landmark privacy law.” Brill is a former commissioner of the Federal Trade Commission (FTC).

That law – the California Consumer Privacy Act (CCPA) – “marks an important step toward providing people with more robust control over their data in the United States,” she wrote, adding that it “also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

Data privacy for everyone!

As it did with Europe’s GDPR legislation, when Microsoft said it would extend the same privacy rights to all its users across the globe, Microsoft will also extend the CCPA’s protections to all its US users, the post announced.

In many respects, the GDPR legislation is stronger that CCPA and so there is little in real terms that Micorosoft will have to undertake in adopting CCPA wholesale. Microsoft also benefits from being considered a “service provider” under the CCPA so much of the time it will not have to notify consumers before it sells personal information that it receives.

Regardless, Microsoft’s pro-privacy is notable and seemingly principled and stands in stark contrast to the efforts of other tech companies who have done everything in their power to undermine personal privacy protections. When it became clear that those tech firms had been unable to exert sufficient influence in the California legislative process, they immediately switched to Washington DC in an effort to pass federal legislation that would override California’s laws.

Under the CCPA, companies have to be open and transparent about their data collection and use of material gathered. The urles also have to allow Californian residents to see what data a company holds on them and to give them to option to stop it from being sold.

The law had an extraordinary genesis: three individuals concerned about the amount of data stored by tech companies developed a proposal to place on California’s ballot system where voters are allowed to make it law without having to go through the normal lawmaking process.

It quickly became clear that widespread concern over what companies like Facebook have done and continue to do with personal data meant that the ballot was very likely to pass. That led to a mad scramble by lawmakers in Sacramento to pass a law before the ballot deadline.

Rush law

By going through traditional channels, the law more flexible, and the ballot founders agreed to withdraw their measure if a California privacy law was passed in time. It duly was in what may be the fastest ever bill approval, but the approach also gave lawmakers a law to make changes.


California’s Attorney General joins the long list of people who have had it with Facebook


Tech companies then flooded Sacramento with lobbyists in a persistent effort to undercut the CCPA but ultimately, with privacy advocates carefully watching events and politicians fearful of a public backlash, the law was passed pretty much intact.

Efforts to pass a federal privacy law – which have been a decade in the making (or, more accurately, stalling) – continue to make little progress. The most recent effort by two Silicon Valley lawmakers was released last week.

“We are optimistic that the California Consumer Privacy Act – and the commitment we are making to extend its core rights more broadly – will help serve as a catalyst for even more comprehensive privacy legislation in the US,” wrote Brill.

“As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately.” ®

Sponsored: How to get more from MicroStrategy by optimising your data stack

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips