Microsoft Pledges To ‘Honour’ California’s Privacy Rules

Tom Jowitt,
Microsoft cloud

Redmond pledges to roll out California’s strict CCPA privacy laws across the entire United States

Microsoft said that it will ‘honour’ California’s strict new privacy rights throughout the United States of America.

Microsoft has long been adopting a stricter approach to privacy, and it lambasted the US Congress over its failure to “pass comprehensive privacy legislation” for people “concerned about how their data is collected, used and shared.”

Earlier this month Microsoft President Brad Smith said that stricter controls are needed to safeguard people’s rights.

Privacy stance

Smith has previously gone on record earlier this year about how Microsoft had rejected a California law enforcement agency’s request to install facial recognition technology in officers’ cars and body cameras due to privacy and human rights concerns.

Then in June Microsoft deleted a large facial recognition (FR) database over privacy and bias concerns.

But now Julie Brill, Microsoft’s chief privacy officer, in a blog post revealed that Redmond will “honour” the California Consumer Privacy Act (CCPA) across the US when it comes into force on 1 January 2020.

CCPA, which passed in July last year, is very similar to Europe’s GDPR regulations. Companies are required to show users what data is collected on them, what the data will be used for, and identify third parties who have access to the data. Customers also have the right to opt-out of having their data collected and sold, and can request that their information is deleted.

“As digital technology becomes more and more essential in our day-to-day lives, the lack of action by the United States Congress to pass comprehensive privacy legislation continues to be a serious issue for people who are concerned about how their data is collected, used and shared,” blogged Brill. “There is good news, however. In the absence of strong national legislation, California has enacted a landmark privacy law, known as the California Consumer Privacy Act, or CCPA, which goes into effect on Jan. 1, 2020.”

“We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents,” said Brill. “Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual.”

“This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union’s General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation,” said Brill. “Similarly, we will extend CCPA’s core rights for people to control their data to all our customers in the US.”

Google and Facebook have perhaps unsurprisingly opposed California’s CCPA.

European investigation

But privacy can be a tricky mistress for tech firms.

Last month the EU’s data protection authority said it uncovered “serious concerns” over the way citizens’ data is treated under contracts between Microsoft and EU agencies.

In April the European Data Protection Supervisor (EDPS) began an investigation into whether Microsoft’s contracts with EU institutions such as the European Commission are fully compliant with the GDPR data protection regulations introduced last year.

Such agencies outsource the processing of large amounts of citizens’ personal data to software and services groups such as Microsoft, which are considered “data processors” under the GDPR.

Can you protect your privacy online? Take our quiz!