Microsoft to Support CCPA Everywhere in the U.S.

Posted on November 11, 2019 by Paul Thurrott in Microsoft with 14 Comments

Microsoft said today that it will support the California Consumer Privacy Act (CCPA) everywhere in the United States.

“In the absence of strong national legislation, California has enacted a landmark privacy law, known as the California Consumer Privacy Act, or CCPA, which goes into effect on January 1, 2020,” Microsoft corporate vice president Julie Brill writes in a new post to the Microsoft On the Issues Blog. “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents … Microsoft will provide effective transparency and control under CCPA to all people in the U.S.”

The CCPA is a set of strict rules designed to protect consumers and their personal data. However, the requirements are evolving, so Microsoft says that it will continue to monitor those changes to ensure that it is always in compliance. The long game, of course, is for pervasive privacy policies to be adopted at the national level.

“We are optimistic that the California Consumer Privacy Act—and the commitment we are making to extend its core rights more broadly—will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.,” Brill notes. “As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately.”

Finally, Microsoft says it will also work to ensure that its enterprise customers are in compliance with the CCPA.

“Our goal is to help our customers understand how California’s new law affects their operations and provide the tools and guidance they will need to meet its requirements,” she adds.

Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (14)

14 responses to “Microsoft to Support CCPA Everywhere in the U.S.”

  1. lvthunder

    This sounds like one of these laws that are out to get people (or in this case companies) that the lawmakers don't like. Statements like "The CCPA is a set of strict rules designed to protect consumers and their personal data. However, the requirements are evolving, so Microsoft says that it will continue to monitor those changes to ensure that it is always in compliance." is very worrisome. If the law is already passed why are the requirements evolving. The requirements should be in the law that was passed. So if it's not the lawmakers setting the requirements who is?

    • chrisrut

      In reply to lvthunder:

      "Why are the requirements evolving?"

      Because the technology is always evolving - and as I mentioned in my comment, social policy lags technology by years.

      • lvthunder

        In reply to chrisrut:

        You need to write laws that are technology independent. Or pass new laws to supplement the older ones. Having open ended laws puts someone other then the elected officials in charge. That's where "the swamp" and "deep state" comes in. They are the ones that actually set the rules instead of the accountable elected officials.

    • ebnador

      In reply to lvthunder:

      complicated laws usually "evolve" as edge cases and unintended consequences wind through the court. It's the court system that has to interpret what the law means . Lawmakers rarely write laws where everyone knows exactly what they need to do to comply.

    • wright_is

      In reply to lvthunder:

      Look at it in another domain, road use laws have been in place for decades, but they are often fine-tuned for edge cases. Then you have the surge in technology with self-driving cars, or self-braking, cars that communicate etc. The laws have to take that into consideration and whether the existing laws cover them or whether amendments are needed.

      In Europe electric cars now have to make a noise when travelling under 30km/h to warn pedestrians that they are coming. There are still discussions going on about who is responsible if an autonomous vehicle has an accident, the driver? The company that sold the car? The developer of the software?

      Or more mundane things, like making seatbelts compulsory, back in the 70s and 80s (at least here in Europe), high intensity rear lights for driving in fog and other reduced visibility situations; reflectors for parked vehicles, air bags, new cars having to have the equivalent of OnStar in Europe etc.

      Tax laws change on an annual basis, here in Germany.

      The world is constantly changing and the laws have to change to cope as new technologies make things possible that weren't even fantasy, when the laws were created.

      • lvthunder

        In reply to wright_is:

        I'm fine with laws changing if they are changed by the legislative process and they are clearly written. What I'm complaining about are laws that are written that leaves the details to be interpreted by un-elected bureaucrats.

  2. Winner

    Good for Microsoft!

  3. chrisrut

    The punchline in talks to technology groups I've given this year is that I believe mental privacy needs to be explicitly protected in the Bill of Rights.

    Consider this: it is well documented that computer-brain interfaces are under development. But while the public focus is on the benefits - most obviously the ability to help the visually and otherwise impaired regain functionality - said interfaces will inevitably become two-way: computers will be able to interject thoughts directly into human heads, bypassing the strictures of language and normal perception. That's not Sci-fi - that's easily foreseeable evolution of technology.

    To what person, company, party, or nation would you grant that privilege? Then, consider that social policy ALWAYS lags technological capacity by many years...

  4. warren

    This is sensible from a technological perspective -- it'd actually be more work to enforce different levels of privacy laws on a state-by-state basis, given freedom of movement and all that.

    • MikeGalos

      In reply to warren:

      Yes and no. The points you make are reasons why it's easier to make one policy but the difficulty comes from each individual nation wanting to enforce the "local data" parts that say that data on their citizens or residents must reside on servers in that country aside from specific technical reasons for data moving out of the country on a case by case basis. That involves LOTS of additional server farms and each of those has additional local laws on other items.

      I worked on one system as a consult where the client needed to keep data local in several countries they operated in but kept their technical support lines in their home country. To do that, the personal data was stored in the customer country and when a support person needed to access that data they had to use a system that would show them redacted data without private data. If they needed the private data (and usually did to ask the client questions) they had to fill out an incident screen identifying the data copied temporarily out of the customer country and the reason before they could see the unredacted data.

  5. MikeGalos

    Any responses from Google. Apple, Facebook, Twitter or on whether they're going to do the same?