In a surprising announcement, Microsoft said in a blog post today that it would apply California's upcoming strict privacy legislation to all its US users, and not just Californians.
The California Consumer Privacy Act, or CCPA, is currently set to go into effect on January 1, 2020. The upcoming law is considered one of the most restrictive privacy legislations in the world world.
Under the CCPA, companies must be transparent about the type of data they collect from users and how they use it. In addition, companies must also provide users with the option to prevent their personal information from being sold.
As you can imagine, the CCPA didn't go well with all the California-based tech companies, most of which get a large part of their yearly revenue from selling customer data to advertisers.
Ever since it was announced, the CCPA came under heavy fire from companies and lobby groups alike. Most efforts focused on delaying the law as much as possible and asking Congress to pass a federal, US-wide, legislation instead, to supersede the much stricter CCPA.
However, California officials ignored all pressure and opted to go through with enforcing the CCPA starting next year.
"We are strong supporters of California's new law and the expansion of privacy protections in the United States that it represents," said today Julie Brill, Microsoft's chief privacy officer.
"Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual. This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union's General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation," she added.
"Similarly, we will extend CCPA's core rights for people to control their data to all our customers in the U.S."
If Microsoft actually enforces the CCPA as it's supposed to be enforced remains to be seen. Even if Microsoft applied the GDPR legislation to all of its users across the globe, that doesn't mean the company is doing a good job about it. Currently, the company is under investigation in the EU for skirting some of the GDPR terms for its cloud services.