Microsoft to follow landmark California privacy law nationwide

Microsoft on Monday announced that it intends to follow California’s landmark online privacy law nationwide when it goes into effect next year, a move that comes as federal efforts to draw up the country’s first comprehensive privacy law have stalled.

In a blog post, Microsoft called Congress’s “lack of action” on privacy legislation “a serious issue.” 

{mosads}”As digital technology becomes more and more essential in our day-to-day lives, the lack of action by the United States Congress to pass comprehensive privacy legislation continues to be a serious issue for people who are concerned about how their data is collected, used and shared,” Microsoft’s chief privacy officer, Julie Brill, wrote in the post. 

“We will extend [the California law’s] core rights for people to control their data to all our customers in the U.S.,” Brill wrote.

It likely will not involve much work for Microsoft to comply with the California law in its operations across the country, as the company already agreed in May to follow Europe’s tough privacy law, the General Data Protection Regulation (GDPR), as it builds products around the world. 

But the announcement could put significant pressure on other top tech giants to follow Microsoft’s lead and pledge to follow California’s law, which many of the companies lobbied against. And it also heightens the stakes in Congress, where there has been little forward motion to work up a privacy law in months.

Earlier this month, Microsoft wrote that it is in an “excellent position” to meet the California law’s requirements after implementing GDPR’s data restrictions and limitations across the company’s operations.   

Most players in the tech industry have pushed hard against California’s privacy legislation, which is set to go into effect in January, since it was drawn up and signed into law last year. Facebook and Google in particular have lobbied aggressively against the California law, which will draw significant limitations around what companies are allowed to do with user data, the core of the social networks’ revenue. 

Microsoft has positioned itself as friendlier to privacy legislation and even supported a privacy law in Washington — the company’s home state — before it died in the state Senate earlier this year. 

“By being transparent about the data we collect and how we use it, and by providing solutions that empower businesses to safeguard personal data and comply with privacy laws, we can demonstrate our commitment in the absence of Congressional action,” Brill wrote on Monday.

The California privacy law requires websites to show users what data is collected on them, what the data will be used for and to identify third parties who have been given access to the data. Internet users will also have the right to opt out of having their data collected and sold and to request that their information be deleted.

Last month, California Attorney General Xavier Becerra (D) proposed a first set of regulations designed to help businesses navigate the California privacy law. Those regulations are now open to public comment until Dec. 6.