Microsoft says it will apply California privacy law across the country

As privacy-protecting legislation has stalled in Congress, California is one of a handful of states that have taken action.
Microsoft ccpa
(Getty Images)

Microsoft on Monday said it would apply the privacy protections stipulated in a relatively stringent California law to customers across the U.S. in an effort to push other states to adopt similar measures.

“We are optimistic that the California Consumer Privacy Act [CCPA]— and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.,” Julie Brill, Microsoft’s chief privacy officer, wrote in a blog post.

The CCPA, which will take effect Jan. 1, 2020, gives Californians the right to know the personal data companies are collecting on them, and the ability to stop that data from being sold to third parties.

The law is controversial. An independent assessment warned that complying with the law would initially cost companies $55 billion. The Internet Association, a trade group of big tech companies that includes Microsoft, ran ads harping on the costs of the new law.


Nonetheless, Brill described Microsoft’s move to support the California law as a show of support for privacy policy changes across the country.

“[W]e hope this step will show our commitment to supporting states as they enact laws that take us in the right direction,” Brill wrote.

Brill endorsed even stronger privacy protections than those in the California law. Across the U.S., she said, more needs to be done to assure consumers that companies are respecting their privacy, she said. That means minimizing the data the companies collect and being clear about why they are collecting it.

As privacy-protecting legislation has stalled in Congress, California is one of a handful of states that have taken action. In July, New York enacted a new law that requires businesses to notify New Yorkers as quickly as possible when their information is compromised in a security incident.

Microsoft’s announcement came the day The Wall Street Journal revealed that Google was working with one of country’s biggest health-care systems to collect personal health information on millions of Americans.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts