HelpNetSecurity.com reported that Julie Brill (Microsoft chief privacy officer) said “Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold. Exactly what will be required under CCPA to accomplish these goals is still developing. Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S…” The November 13, 2019 article entitled “Microsoft to honor California’s digital privacy law all through the U.S.” included these comments from Emily Wilson (VP of Research at digital risk protection provider Terbium Labs):
…that this move illustrates just how much Microsoft sees the writing on the wall, as do the other tech giants in the space – either they can embrace the overarching and detailed California legislation, or they can attempt to push for a national standard.
While pushing for a national standard may sound like an easier path to compliance (a unified set of requirements, rather than needing to make adjustments on a state-by-state basis), tech giants are also hoping that the process of creating a national framework will be a slow and tedious process, ultimately resulting in legislation that is less stringent in its requirements,
Organizations have no inherent incentive to limit their data collection practices or provide consumers with increased privacy; the data economy is lucrative, and the more companies can collect and analyze, the greater their competitive advantage and potential profit.
Microsoft choosing to lean in on CCPA is likely to be an outlier amongst the other major tech companies who would rather bide their time, and certainly an outlier among smaller enterprise organizations.
What do you think?