Microsoft on Monday said it would apply the privacy protections stipulated in a relatively stringent California law to customers across the U.S. in an effort to push other states to adopt similar measures.
“We are optimistic that the California Consumer Privacy Act [CCPA]— and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.,” Julie Brill, Microsoft’s chief privacy officer, wrote in a blog post.
The CCPA, which will take effect Jan. 1, 2020, gives Californians the right to know the personal data companies are collecting on them, and the ability to stop that data from being sold to third parties.
The law is controversial. An independent assessment warned that complying with the law would initially cost companies $55 billion. The Internet Association, a trade group of big tech companies that includes Microsoft, ran ads harping on the costs of the new law.
“[W]e hope this step will show our commitment to supporting states as they enact laws that take us in the right direction,” Brill wrote.
Brill endorsed even stronger privacy protections than those in the California law. Across the U.S., she said, more needs to be done to assure consumers that companies are respecting their privacy, she said. That means minimizing the data the companies collect and being clear about why they are collecting it.
As privacy-protecting legislation has stalled in Congress, California is one of a handful of states that have taken action. In July, New York enacted a new law that requires businesses to notify New Yorkers as quickly as possible when their information is compromised in a security incident.
Microsoft’s announcement came the day The Wall Street Journal revealed that Google was working with one of country’s biggest health-care systems to collect personal health information on millions of Americans.