Microsoft says it plans to extend the "core rights" set out by
California's new privacy law throughout the country.
“We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it
represents,” Microsoft's chief privacy officer Julie Brill wrote Monday in a blog
post.
She added that the company plans to extend the law's “core rights for people to control their data to all our customers in the U.S.”
The law, set to take effect
in January, gives consumers the right to learn what personal information has been collected about them by companies, to have that information deleted, and prevent the sale of that data to third
parties.
The bill's sweeping definition of “personal information” includes data that could potentially be linked to individuals -- including data used for ad targeting, such as
persistent identifiers, browsing history and IP addresses. The measure also defines “sale” as including transfers or disclosures to third parties -- though the law has some ambiguously
worded exceptions, including one that could apply when disclosures are made to "service providers" for business purposes.
It wasn't immediately clear how much of Microsoft's business could
fall within that exception.
Brill, a former Federal Trade Commission member, notes that Microsoft already follows the European General Data Protection Regulation worldwide, not just in the EU.
She says that the data controls Microsoft already offers to comply with the GDPR may be “stronger” than what's required under the new California law.
She adds that Microsoft
supports a national privacy law, and believes it should include requirements that companies minimize data collection.
“Indeed, we are calling upon policymakers in other states and in
Congress to build upon the progress made by California and go further by incorporating robust requirements that will make companies more responsible for the data they collect and use, and other key
rights from GDPR,” she writes. “More requirements for companies, together with the rights and tools for people to control their data, will prevent placing the privacy burden solely on the
individual, and will provide layers of data protection that are appropriate for the digital age.”
Microsoft belongs to the Silicon Valley lobbying group Internet Association, which
earlier this year ran an ad campaign aimed at weakening the measure. Ads in that campaign, which were shown to California residents on Twitter and Facebook, warned consumers that they could have to
pay to use sites and apps that are currently free.
The ads direct people to the site “Keep the Internet Free,” which was launched in July by the Internet Association. The lobbying group supported legislation that would have allowed companies to continue serving targeted ads to people who opted out of the sale of their
data.