The California law is widely expected to harm profits over the long term for technology companies, retailers, advertising firms and other businesses dependent on collecting consumer data to track users and increase sales.The law raised fears among companies of a rise in a patchwork of state laws and prompted efforts in Washington to write federal legislation that would pre-empt state efforts. In September, Reuters was first to report reut.rs/2X4zhp0 that the federal privacy bill is not likely to come before Congress this year as lawmakers disagreed over several issues. “Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold. Exactly what will be required under CCPA to accomplish these goals is still developing,” Julie Brill, Microsoft’s chief privacy officer, wrote in the post.
“Microsoft will continue to monitor those changes, and make the adjustments needed to provide effective transparency and control under CCPA to all people in the U.S.,” Brill wrote. Microsoft products that collect data include its Cortana and Microsoft Edge browsers, Bing web search engine, Windows 10 system, Xbox and Skype. A source familiar with the matter said it may be easier for Microsoft than other tech platforms to comply with California’s privacy laws because much of Microsoft’s business can qualify as a “service provider.” CCPA offers special treatment to companies that can classify themselves as “service providers.”
A service provider is defined as having a written agreement with a business, stating that it will not retain, use, or disclose the personal information of consumers for any purpose other than for a specific purpose set forth in the contract.
Service providers are one of three types of entities generally affected by the CCPA. The others are businesses and third parties.
There are certain advantages to being considered a service provider as opposed to a third party.
For instance, if a business shares personal information with a third party, that can trigger certain disclosures that must be made to the consumer. Such third parties also must provide notice to consumers before selling personal information they receive, which in turn could allow consumers to opt out.
Transferring personal information to a service provider, by contrast, does not necessarily trigger those additional obligations, making it easier to comply with the law.Reporting by Diane Bartz and Nandita Bose in Washington; Editing by Jonathan Oatis and Leslie AdlerOur Standards:The Thomson Reuters Trust Principles.