Microsoft to extend California data privacy protections across U.S.
(Bloomberg) --Microsoft Corp. said it will extend the “core rights” in California’s new privacy law to customers across the U.S. and called for legislators to go further than the state provisions, which have sparked concern in industries from technology to retail.
The announcement by the software giant comes as tech companies and trade groups are calling for a national privacy law that would coordinate rules nationwide and override state statutes like California’s, potentially in favor of weaker protections.
The Redmond, Washington-based company has increasingly made policy concessions that other companies have resisted -- though often on issues that primarily affect internet companies such as Alphabet Inc.’s Google or Facebook Inc. Microsoft’s business model doesn’t rely on collecting data to the same extent as advertising giants such as Google or major retail companies.
Microsoft Chief Privacy Officer Julie Brill said in blog post that the company would still like to see a federal bill, calling the stalled congressional process a “serious issue,” but she signaled an openness to a proliferation of state laws that other companies have been quick to depict as a “patchwork” that will make compliance difficult, or impossible.
“We are optimistic that Congress will take the initiative to act,” Brill wrote, adding that federal protections should exceed California’s. “Whenever and wherever strong, sensible privacy laws are enacted, we will work to quickly extend the core protections those laws offer to our customers everywhere.”
The California Consumer Privacy Act, which will take effect next year, lets consumers opt out of the sale of their personal information by a business, and requires companies to delete that data when people ask. In her blog post Monday, Brill conceded that questions about implementation remain.
She said privacy laws should also require companies to collect the minimum amount of data they need, and specify why they are collecting the data.
Microsoft had previously extended new European privacy rules worldwide. Facebook has made similar moves, although the companies haven’t always promised to comply with every word of the rules worldwide because they contain Europe-specific definitions and enforcement mechanisms.