Microsoft says it will follow California's digital privacy law in U.S.

WASHINGTON (Reuters) – Microsoft Corp said in a blog post on Monday that it would honor California’s privacy law, known as CCPA, throughout the United States, expanding the impact of a strict set of rules meant to protect consumers and their data.

Microsoft said in the post it was a “strong supporter” of the California Consumer Privacy Act, which goes into effect on Jan. 1.

The California law is widely expected to harm corporate profits over the long term for technology companies, retailers, advertising firms and others dependent on collecting consumer data to track users and increase sales.

The law raised fears among companies of a patchwork of state laws and prompted efforts in Washington to write federal legislation that would pre-empt state efforts.

In September, Reuters was first to report reut.rs/2X4zhp0 that the federal privacy bill is not likely to come before Congress this year as lawmakers disagreed over several issues.

“Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold. Exactly what will be required under CCPA to accomplish these goals is still developing,” Julie Brill, Microsoft’s chief privacy officer, wrote in the post.

“Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S.,” wrote Brill.

A source familiar with the matter said the company’s announcement that it would follow California’s privacy laws across the United States is not substantial. That is because of the special treatment that CCPA offers companies like Microsoft, which are considered “service providers.”

The CCPA generally affects three types of entities: businesses, service providers and third parties.

Service providers are the ones which have a written agreement with a business, stating that it will not retain, use, or disclose the personal information of consumers for any purpose other than for a specific purpose set forth in the contract.

There are certain advantages to being considered a service provider as opposed to a third party.

For instance, if a business shares personal information with a third party, that can trigger certain disclosures that must be made to the consumer.

Such third parties also must provide notice to consumers before selling personal information they receive, which in turn could allow consumers to opt out.

Transferring personal information to a service provider, by contrast, does not necessarily trigger those additional obligations, making it easier to comply with the law.