Microsoft commits to honouring California Consumer Privacy Act nationwide

It's the first company to make such a promise, but it might not be as rose-tinted as it seems

Microsoft has announced its commitment to honouring the principles of the upcoming California Consumer Privacy Act (CCPA) nationwide, the first big technology firm to do so.

It cited the success of Europe's General Data Protection Regulation (GDPR) as a key motivator in its decision to support the "landmark privacy law", adding that privacy should be seen more as a human right that shouldn't be violated.

Advertisement - Article continues below

The CCPA is due to take effect in the west coast state on 1 January 2020. Similar to the motivations of GDPR, the CCPA aims to introduce more robust rules to protect the privacy of California's citizens and compel companies to be more transparent in the way they handle their customers' data.

Also, like the GDPR, the CCPA will financially punish companies that suffer from damaging data incidents. Companies found to be breaching the CCPA could be fined up to $2,500 per violation or up to $7,500 if it's clear the violation was intentional.

Victims will also be afforded the right to file a class-action lawsuit against the offending company for damages ranging between $100 and $750. Businesses also have 30 days to rectify any incidents that fall foul of the CCPA's rules.

Although California citizens will have the legal right to hold companies to account, Microsoft customers outside of the state will have to simply rely on the company's promise.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction," said Microsoft in a blog post.

"We are optimistic that the California Consumer Privacy Act - and the commitment we are making to extend its core rights more broadly - will help serve as a catalyst for even more comprehensive privacy legislation in the US.

"As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately."

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

However, Microsoft's commitment may not be as transformative as the company may wish to communicate. An individual close to the matter told Reuters that Microsoft will have a much easier time of committing to such data protection laws due to the way it structures its business divisions.

Advertisement - Article continues below

Many of its data-collecting divisions which include the likes of Edge, Cortana, Windows, Skype and Xbox Live can be classified as service providers - a type of business that is given special consideration under data protection laws.

For example, a business that shares an individual's data with a third-party company may be required to disclose that information with its customers in addition to providing them with advanced notice that the data may be sold or shared.

The same rules don't always apply to service providers receiving data from other businesses and those disclosure clauses may not be triggered, making it easier to comply with data protection law without having to drastically revamp the company's day-to-day operations.

It's believed that other states will enact their own privacy laws before Congress gets around to passing its own national law. The states of Washington and New York are both working on getting their own privacy laws through their respective legislatures and these will probably have different conditions to California's.

This means Microsoft will have to also commit to honouring these different rules if or when they are introduced which could prove to be a challenging feat.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/policy-legislation/general-data-protection-regulation-gdpr/355337/ico-will-reduce-gdpr-fines-due-to
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Visit/security/privacy/355304/nhs-working-with-apple-google-coronavirus-tracking-app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Visit/policy-legislation/data-protection/355250/health-sites-sharing-users-medical-data-with-major-tech
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/hardware/components/356405/is-it-time-to-put-intel-outside
components

Is it time to put Intel Outside?

10 Jul 2020