- With the impending Jan. 1, 2020 enactment of the California Consumer Privacy Act (CCPA), Microsoft is applying the law to every U.S. customer, not just California residents, said Julie Brill, corporate VP for Global Privacy and Regulatory Affairs and Chief Privacy Officer at Microsoft, in an announcement.
- The CCPA requires transparency regarding data collection and use, as well as the right to opt out of data sales. As "exactly what will be required under CCPA to accomplish these goals is still developing," Microsoft will make changes accordingly as they are finalized, said Brill.
- The company will also help its enterprise customers become CCPA compliant, providing the tools necessary for the law's transparency requirements, according to the announcement.
Digital giants, including Apple and Google, thrive off of disruption and are typically at the "pinnacle" of personalization. But personalization comes at a price: consumer data.
As the tech industry waits with bated breath for an unlikely federal data privacy law, Microsoft's actions are meant to "demonstrate our commitment in the absence of Congressional action," said Brill.
Before the EU's GDPR went into effect in May 2018, Microsoft pledged its commitment to extend the regulations to customers beyond the EU. The decision to do so was voluntary.
Because of this, customers already covered by Microsoft's GDPR application will likely find their rights are "stronger" than the CCPA, said Brill.
Core differences between GDPR and the CCPA include the definition of a consumer. GDPR gives rights to data subjects, or "identified or identifiable natural person," according to the Future of Privacy Forum (FPF). The CCPA recognizes a consumer as a "natural person who is a California resident."
GDPR also applies to controllers, or a "natural or legal persons ... whether their activity is for profit or not" and processors, which are "entities that process personal data on behalf of controllers, according to FPF. The CCPA is for a business that is for-profit, collects consumer data, does business in California and has an annual gross revenue that exceeds $25 million.
Companies that ingrain privacy into their core values are more desirable for customers to do business with, according to Bart Willemsen, VP analyst at Gartner, during the IT Symposium/Xpo in Orlando, Florida last month. It makes them more trustworthy. It's also a way for Microsoft to be ahead of the game when it comes to privacy legislation, something it's already involved in.
In its home state, Washington, Microsoft supported an initial draft of a privacy bill, which later failed. Microsoft took the stance that customers should not have to manually opt out of data transactions, but rather it is the duty of tech companies to carry the burden of data privacy.
Advocacy groups, including the American Civil Liberties Union (ACLU), said the bill failed to wholly protect consumers, in part, because it was written by "technology companies themselves."