Microsoft to roll out sweeping privacy law

Microsoft has announced that it would expand the privacy rights currently granted only to people in the State of California to the rest of the United States. Hopefully, in the future this could extend to the rest of the world.

Elaborating on the announcement, Microsoft’s Chief Privacy Officer Julie Brill said, “Just as we did with Europe’s General Data Protection Regulation (GDPR) last year, we will extend the landmark California data privacy law to cover the entire United States.” The landmark California Consumer Privacy Act is slated to come into effect on 1 January, 2020.

The CCPA, which was approved in June 2018, is one of the fiercest and most sweeping data privacy regulations in the US. It is similar to the European GDPR and under the new law companies must disclose to users what personal data of theirs is being collected, whether it is sold and to whom, and allow users to opt out of any sales. Users must also have access to their data and be able to request that a company delete it.

Meanwhile, the Senate and the House of Representatives in the United States are in the middle of their own data privacy fight. Many Democratic lawmakers argue that any national legislation should leave California as a baseline and extend those protections across the country and add more protections if necessary. Republicans and industry stakeholders disagree and are broadly convinced that CCPA goes too far and any federal law should nullify it and any other state laws in order to stave off a “patchwork” of privacy regulations.

The CCPA marks an important step toward providing people with more robust control over their data. It also shows that big tech firms can on their own make progress to strengthen privacy protections even when governments cannot or will not act.