Julie Brill, Microsoft's chief privacy officer, said that the company will extend the main principles of the California Consumer Privacy Act (CCPA) across the US just as it did with Europe's General Data Protection Regulation (GDPR) last year.
The law goes into effect in California on January 1st, 2020. CCPA, which was approved in June 2018, is one of the fiercest and most sweeping data privacy regulations in the US. It's somewhat similar to GDPR.
Under CCPA, companies must disclose to users what personal data of theirs is being collected, whether it is sold and to whom, and allow users to opt out of any sales. Users must also have access to their data and be able to request that a company delete it.
Writing in her bog Brill said: "Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold," Brill wrote. "Exactly what will be required under CCPA to accomplish these goals is still developing." Brill continued, saying that Microsoft will closely monitor any changes to how the government asks companies to enforce the new transparency and control requirements under CCPA.
"CCPA marks an important step toward providing people with more robust control over their data in the United States," Brill wrote. "It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can't or won't act."