Microsoft said in a blog post on Monday that it would respect California privacy laws throughout the United States, expanding the impact of a string of stringent rules intended to protect consumers and their data.
Microsoft said in the post it was a “strong supporter” of the California Consumer Privacy Act, known as the CCPA, which will take effect on 1 January.
California law is widely expected to damage long-term profits for technology companies, retailers, advertising companies, and other businesses that depend on collecting consumer data to track users and increase sales.
The law raised concerns among companies about the rise in state legal patches and prompted efforts in Washington to write federal laws that would prevent state efforts.
In September, Reuters first reported that federal privacy laws would not appear before Congress this year because lawmakers did not agree on some issues.
“Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold. Exactly what will be required under CCPA to accomplish these goals is still developing,” Julie Brill, Microsoft’s chief privacy officer, wrote in the post.
“Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S.,” Brill wrote.
Microsoft products that collect data include its Cortana and Microsoft Edge browsers, Bing web search engine, Windows 10 system, Xbox and Skype.
A source familiar with the matter said it may be easier for Microsoft than other tech platforms to comply with California’s privacy laws because much of Microsoft’s business can qualify as a “service provider.” CCPA offers special treatment to companies that can classify themselves as “service providers.”
The service provider is defined as having a written agreement with the business, which states that he will not store, use or disclose consumer personal information for any purpose other than for the specific purposes set out in the contract.
Service providers are one of three types of entities that are generally affected by CCPA. The others are business and third parties.
There are certain advantages to being considered a service provider compared to third parties.
For example, if a business shares personal information with third parties, it can trigger certain disclosures that must be made to consumers. These third parties must also provide notice to consumers before selling the personal information they receive, which in turn may enable consumers to opt out.
Transferring personal information to service providers, does not necessarily trigger additional obligations, making it easier to comply with the law.