Microsoft has promised to follow California’s privacy law throughout the United States after the regulation goes into effect on Jan. 1.
The California Consumer Privacy Act (CCPA) gives consumers in California the right to access any and all personal data that a company has on them and request that it be deleted and not sold. Companies who fail to meet those demands will be subject to fines equating to $750 per affected consumer.
Since Congress is not expected to pass a federal data protection bill by the end of this year, tech firms must comply with numerous state laws that are stricter than a federal bill would probably be. While California’s new regulation is expected to harm the bottom lines of big tech firms, as well impact an estimated half-million businesses in the state, Microsoft calls it “an important step toward providing people with more robust control over their data in the United States. It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”
“We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents,” Julie Brill, Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, wrote in a blog post. “Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual. This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union’s General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation. Similarly, we will extend CCPA’s core rights for people to control their data to all our customers in the U.S.”