Microsoft commits to honouring California Consumer Privacy Act nationwide

It's the first company to make such a promise, but it might not be as rose-tinted as it seems

Microsoft has announced its commitment to honouring the principles of the upcoming California Consumer Privacy Act (CCPA) nationwide, the first big technology firm to do so.

It cited the success of Europe's General Data Protection Regulation (GDPR) as a key motivator in its decision to support the "landmark privacy law", adding that privacy should be seen more as a human right that shouldn't be violated.

The CCPA is due to take effect in the west coast state on 1 January 2020. Similar to the motivations of GDPR, the CCPA aims to introduce more robust rules to protect the privacy of California's citizens and compel companies to be more transparent in the way they handle their customers' data.

Also, like the GDPR, the CCPA will financially punish companies that suffer from damaging data incidents. Companies found to be breaching the CCPA could be fined up to $2,500 per violation or up to $7,500 if it's clear the violation was intentional.

Victims will also be afforded the right to file a class-action lawsuit against the offending company for damages ranging between $100 and $750. Businesses also have 30 days to rectify any incidents that fall foul of the CCPA's rules.

Although California citizens will have the legal right to hold companies to account, Microsoft customers outside of the state will have to simply rely on the company's promise.

"While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction," said Microsoft in a blog post.

"We are optimistic that the California Consumer Privacy Act - and the commitment we are making to extend its core rights more broadly - will help serve as a catalyst for even more comprehensive privacy legislation in the US.

"As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately."

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

However, Microsoft's commitment may not be as transformative as the company may wish to communicate. An individual close to the matter told Reuters that Microsoft will have a much easier time of committing to such data protection laws due to the way it structures its business divisions.

Many of its data-collecting divisions which include the likes of Edge, Cortana, Windows, Skype and Xbox Live can be classified as service providers - a type of business that is given special consideration under data protection laws.

For example, a business that shares an individual's data with a third-party company may be required to disclose that information with its customers in addition to providing them with advanced notice that the data may be sold or shared.

The same rules don't always apply to service providers receiving data from other businesses and those disclosure clauses may not be triggered, making it easier to comply with data protection law without having to drastically revamp the company's day-to-day operations.

It's believed that other states will enact their own privacy laws before Congress gets around to passing its own national law. The states of Washington and New York are both working on getting their own privacy laws through their respective legislatures and these will probably have different conditions to California's.

This means Microsoft will have to also commit to honouring these different rules if or when they are introduced which could prove to be a challenging feat.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020