back to article Microsoft embraces California data privacy law – don't expect Google to follow suit

Microsoft has said that not only will it embrace a new data privacy law in California, due to come into force in the New Year, but will extend the same protections to everyone in the US. In a blog post by the software giant’s chief privacy officer, Julie Brill is enthusiastic about the new law which has been the subject to …

  1. This post has been deleted by its author

    1. RyokuMas Silver badge
      Paris Hilton

      Re: Embrace, Extend, Extinguish.

      Colour me curious, but to what exactly do you believe that the "Extinguish" part of this phrase will be applied, and how?

      ... or is it the fact that this article mentions the words "Microsoft", "embrace" and "extend"?

      For the record, I hate Microsoft's telemetry as much as the next reasonably clued-up person. But right now, I would trust them over a company who would, say, claim it doesn't need consent to store a person's health data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Embrace, Extend, Extinguish.

        For the record, I hate Microsoft's telemetry as much as the next reasonably clued-up person. But right now, I would trust them over a company who would, say, claim it doesn't need consent to store a person's health data.

        As it so happens, last week I gave an EU official in Brussels instructions on how to gather evidence that MS isn't quite as accurately following EU law as it purports to be.

        They don't deserve your trust.

  2. Paul 195
    Headmaster

    Hi - good article, but not proofed to El Reg's usual meticulous standards, with a few sentences that aren't grammatical, have misspellings, or just don't quite make sense. Would someone like to run a ruler over it?

  3. Dinanziame
    Meh

    Considering that I don't see much what has changed under the GDPR, even though it is apparently more restrictive, I'm not sure what to expect of this.

    Though I suppose that the fact this law directly applies to California ensures that they won't be able to get around it, so that's a plus.

    1. Charlie Clark Silver badge

      EU judicial practice is a little different than in the US and, while GDPR was introduced with a lot of fanfare, the expectation was that there would be little court action in the first two years with data commissioners expected to help website owners understand what they have to do. Nevertheless, in some countries quite a lot has already changed: one of my customers now sees around 35% website traffic than before adopting opt-in only statistics and contracts for data processing, with attendant liabilities are becoming more common. This, together with the scrapping of being able to choose which jurisdiction for any court cases, one of the reasons why Ireland was so popular, will put pressure on larger companies and inevitably their suppliers.

      Most international companies have already adopted most of the practices that GDPR mandates for most of their countries because it simplifies procedure and reduces legal risk, especially important in California, home of the class action.

      1. Cronus

        35% more or 35% less? It seems you missed a word out of that sentence.

        1. heyrick Silver badge

          Take a third option

          Maybe 35% of what it was before?

          1. sabroni Silver badge

            Re: Take a third option

            I've yet to encounter a site that allows you in with a single click with no tracking. So none that satisfy gdpr. They all take your "ok" as informed consent but that's against the regulations too

            So can you point me at a site that genuinely satisfies gdpr?

            1. heyrick Silver badge

              Re: Take a third option

              Half of them are worse than that. They set cookies and then give you some boilerplate bull about using the site consents to you accepting cookies.

              It's a good thing the cookie monster lives in my browser. They can do what they want, the moment that tab is closed, pooof! The cookies are stomped upon with extreme prejudice.

              I used to have something to wipe Flash cookies too, but I found it less bothersome to just wipe Flash.

  4. Pascal Monett Silver badge

    "our commitment to provide robust protection for every individual"

    That dates way back to the apparition of GDPR, yeah. Oh, and the jury is still out on whether or not Office 365 is GDPR-compliant, might want to clear that up.

    Oh well, at least Microsoft is paying lip service to the notion of privacy. We'll just have to wait for the inevitable cock-up to find out how much it is fooling around behind our backs.

  5. thondwe

    Different Strategies

    Microsoft has a different strategy to Google/Facebook - it wants to make money from corporates by selling software and services. Google/Facebook want to make money from their data using adverts... So MS HAVE to please the corporates, so privacy is their new USP?

    Also, I don't get the telemetry moans...

    1) People moan - Windows 10 has bugs

    2) MS - so we'll gather "real world" telemetry to help diagnose those bugs, focusing on the features people actually use? BTW, there's pages of information on what information we collect on our web site...

    3) People moan - but I want 1 without 2!

    Go figure!

    1. Paul Crawford Silver badge

      Re: Different Strategies

      No people moan because (a) the default has way more than needed for problem fixing, and (b) the consumer version of win10 will not allow you to turn off the telemetry completely.

      As for it being necessary to solve bugs that is open to question, they could have easily added a crash detector and dialogue box so folk could decide at the point of an obvious bug to submit their info or keep it private.

      1. RyokuMas Silver badge
        Trollface

        Re: Different Strategies

        "they could have easily added a crash detector and dialogue box"

        ... but this is Microsoft we're talking about here: why do something sensible when you can shoot yourself in the foot?

      2. Mage Silver badge

        Re: crash detector and dialogue box so folk could decide

        They used to, over 17 years ago. Did they stop? I now only use Win10 on an x86 10" tablet to read PDFs.

    2. Missing Semicolon
      Devil

      Re: Different Strategies

      The correct approach is to actually test stuff before shipping it, like wot used to happen. This "the User is the tester" crap is only being allowed by Stockholm Syndrome.

    3. Wade Burchette Silver badge

      Re: Different Strategies

      "1) People moan - Windows 10 has bugs"

      That is not what we moan about. We do not expect something so complex to be perfect. What we do expect is updates to be as reliable as they were with Windows 7, Vista, XP, 2000.

      "2) MS - so we'll gather "real world" telemetry to help diagnose those bugs, focusing on the features people actually use? BTW, there's pages of information on what information we collect on our web site..."

      Funny, Microsoft was able to release much more reliable updates without any of that stuff before. What changed? Oh, I know. Microsoft got rid of their quality control people and made us their quality control people so that they could be more agile. Tell me why something that worked quite well in the past no longer works?

      1. Qumefox

        Re: Different Strategies

        Because this method is cheaper for them. And most people have no other alternative and can't just jump ship to a different OS due to having windows-only software.

      2. Michael Wojcik Silver badge

        Re: Different Strategies

        What we do expect is updates to be as reliable

        And under the control of the system administrator, not the whims of Microsoft.

  6. Mage Silver badge

    Service Providers?

    Service Providers can sell your data under this law? Am I mistaken?

    No-one, EVER, should be allowed to pass on personal data or usage without a warrant. Like for a search of a building. Selling on information gathered should simply be illegal no matter how it's gathered or the kind of company.

    Still it's a start. Google, Facebook and cronies are despicable parasites.

  7. Anonymous Coward
    Anonymous Coward

    Microsoft: "privacy is a fundamental human right"

    Quite ironic considering your OS requires a privacy policy.

  8. waserman

    California privacy law may make user data more vulnerable?

    a. “Microsoft embraces California data privacy law”

    b. “Microsoft .. sells personal information that it receives.”

    c. a !== b

    This CCPA sounds a lot like the CAN-SPAM Act, as in it does nothing for user privacy and legitimates companys amalgamating and selling on your 'private' information.

    > Since the law requires businesses to turn over any individual’s personal information upon request, businesses will have to store that data in a way that is connected to each unique individual. Data that previously was stored anonymously or de-identified would be directly attached to you under CCPA,

    https://www.sacbee.com/opinion/op-ed/article223327375.html

  9. fidodogbreath Silver badge

    "Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual" we can and will slurp whatever personal data we choose from your computer and our various web services, and you will bend over and enjoy it"

    FTFY

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019