• by Wendy Davis  @wendyndavis, November 12, 2019

Microsoft says it plans to extend the "core rights" set out by California's new privacy law throughout the country.

“We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents,” Microsoft's chief privacy officer Julie Brill wrote Monday in a blog post.

She added that the company plans to extend the law's “core rights for people to control their data to all our customers in the U.S.”

The law, set to take effect in January, gives consumers the right to learn what personal information has been collected about them by companies, to have that information deleted, and prevent the sale of that data to third parties.

The bill's sweeping definition of “personal information” includes data that could potentially be linked to individuals -- including data used for ad targeting, such as persistent identifiers, browsing history and IP addresses. The measure also defines “sale” as including transfers or disclosures to third parties -- though the law has some ambiguously worded exceptions, including one that could apply when disclosures are made to "service providers" for business purposes.

It wasn't immediately clear how much of Microsoft's business could fall within that exception.

Brill, a former Federal Trade Commission member, notes that Microsoft already follows the European General Data Protection Regulation worldwide, not just in the EU. She says that the data controls Microsoft already offers to comply with the GDPR may be “stronger” than what's required under the new California law.

She adds that Microsoft supports a national privacy law, and believes it should include requirements that companies minimize data collection.

“Indeed, we are calling upon policymakers in other states and in Congress to build upon the progress made by California and go further by incorporating robust requirements that will make companies more responsible for the data they collect and use, and other key rights from GDPR,” she writes. “More requirements for companies, together with the rights and tools for people to control their data, will prevent placing the privacy burden solely on the individual, and will provide layers of data protection that are appropriate for the digital age.”

Microsoft belongs to the Silicon Valley lobbying group Internet Association, which earlier this year ran an ad campaign aimed at weakening the measure. Ads in that campaign, which were shown to California residents on Twitter and Facebook, warned consumers that they could have to pay to use sites and apps that are currently free.

The ads direct people to the site “Keep the Internet Free,” which was launched in July by the Internet Association. The lobbying group supported legislation that would have allowed companies to continue serving targeted ads to people who opted out of the sale of their data.