Microsoft plans to extend CCPA rights across U.S.

The tech giant plans to extend the core rights of the landmark data privacy law “to all our customers in the U.S,” Julie Brill, Microsoft’s chief privacy officer, wrote in a blog post this week. California will become the first state to boast sweeping privacy legislation as of Jan. 1, 2020, and Microsoft is one of a long list of companies to say the U.S. government needs to put forward a federal privacy law for all states to follow.

“CCPA marks an important step toward providing people with more robust control over their data in the United States,” Brill writes. “It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

Microsoft took a similar stance with the European Union’s General Data Protection Regulation (GDPR) when it went into effect in May 2018, Brill writing then that the company would extend the rights under the GDPR to customers worldwide. Microsoft touts its privacy dashboard as a way for all users to control their personal data.

The CCPA is all but finalized, with a comment period on the proposed regulations as they stand ending Dec. 6. A series of public hearings will take place before then, though the core principles of allowing individuals to inquire on how their data is collected, used, and shared aren’t likely to be affected.

“Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold. Exactly what will be required under CCPA to accomplish these goals is still developing,” Brill writes. “Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S.

“While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction.”

Brill writes Microsoft hopes the CCPA will serve as a “catalyst for even more comprehensive privacy legislation in the U.S.” Most Big Tech companies have struck a similar tone, an acknowledgment that they likely believe it’s a matter of when, not if, that kind of law will go into effect.

“As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately,” Brill writes.

Brad Smith, Microsoft’s president and chief legal officer, made similar remarks on privacy at a conference in Albania last month.

“The tech sector needs to step up, and regulators need to work faster,” Smith said.

Despite its public support of data privacy laws, Microsoft has found itself a recent target under the GDPR. The Dutch Data Protection Agency in August raised new privacy concerns against Microsoft’s Windows 10 operating system, referring its findings to the Irish Data Protection Commission, as Ireland is home to Microsoft’s regional headquarters. Further, the European Data Protection Supervisor last month cited “serious concerns” over the compliance of contractual arrangements between EU institutions and Microsoft regarding data protection rules.

Both investigations are ongoing.