Microsoft commits to honouring California Consumer Privacy Act nationwide

It's the first company to make such a promise, but it might not be as rose-tinted as it seems

Microsoft has announced its commitment to honouring the principles of the upcoming California Consumer Privacy Act (CCPA) nationwide, the first big technology firm to do so.

It cited the success of Europe's General Data Protection Regulation (GDPR) as a key motivator in its decision to support the "landmark privacy law", adding that privacy should be seen more as a human right that shouldn't be violated.

Advertisement - Article continues below

The CCPA is due to take effect in the west coast state on 1 January 2020. Similar to the motivations of GDPR, the CCPA aims to introduce more robust rules to protect the privacy of California's citizens and compel companies to be more transparent in the way they handle their customers' data.

Also, like the GDPR, the CCPA will financially punish companies that suffer from damaging data incidents. Companies found to be breaching the CCPA could be fined up to $2,500 per violation or up to $7,500 if it's clear the violation was intentional.

Victims will also be afforded the right to file a class-action lawsuit against the offending company for damages ranging between $100 and $750. Businesses also have 30 days to rectify any incidents that fall foul of the CCPA's rules.

Although California citizens will have the legal right to hold companies to account, Microsoft customers outside of the state will have to simply rely on the company's promise.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction," said Microsoft in a blog post.

"We are optimistic that the California Consumer Privacy Act - and the commitment we are making to extend its core rights more broadly - will help serve as a catalyst for even more comprehensive privacy legislation in the US.

"As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately."

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

However, Microsoft's commitment may not be as transformative as the company may wish to communicate. An individual close to the matter told Reuters that Microsoft will have a much easier time of committing to such data protection laws due to the way it structures its business divisions.

Advertisement - Article continues below

Many of its data-collecting divisions which include the likes of Edge, Cortana, Windows, Skype and Xbox Live can be classified as service providers - a type of business that is given special consideration under data protection laws.

For example, a business that shares an individual's data with a third-party company may be required to disclose that information with its customers in addition to providing them with advanced notice that the data may be sold or shared.

The same rules don't always apply to service providers receiving data from other businesses and those disclosure clauses may not be triggered, making it easier to comply with data protection law without having to drastically revamp the company's day-to-day operations.

It's believed that other states will enact their own privacy laws before Congress gets around to passing its own national law. The states of Washington and New York are both working on getting their own privacy laws through their respective legislatures and these will probably have different conditions to California's.

This means Microsoft will have to also commit to honouring these different rules if or when they are introduced which could prove to be a challenging feat.

Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/privacy/355211/google-releases-location-data-to-showcase-effectiveness-of-coronavirus
privacy

Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

2 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020