An independent audit of web traffic from three major technology companies found systematic violations of California’s personal data protection laws. According to KQED, the audit examined Microsoft, Meta and Google — companies with significant operations in California.
Audit findings
The review examined data collection and processing practices across all three companies. According to KQED, the audit was conducted independently of the tech giants and analyzed actual web traffic patterns. The findings point to systematic violations rather than isolated incidents.
California has some of the strictest privacy protection laws in the country. The California Consumer Privacy Act (CCPA) and its expanded version, the California Privacy Rights Act (CPRA), require companies to disclose what data they collect and give users the right to delete that information. The law also requires companies to honor requests to opt out of selling personal data to third parties.
Companies that violate these regulations face substantial fines. The state’s oversight body, the California Privacy Protection Agency (CPPA), has authority to initiate investigations and impose sanctions.
Scale of the problem
Microsoft, Meta and Google control a significant share of global internet traffic. Their platforms process data from billions of users, including millions of California residents. Any deviation from legal requirements affects a massive audience.
Meta operates Facebook and Instagram. Google controls the world’s largest search engine, YouTube and the Android operating system. Microsoft owns Bing, LinkedIn and the Azure cloud platform.
All three companies have previously stated their commitment to protecting user data. However, the audit results call those statements into question.
Bay Area connections
Google’s headquarters is located in Mountain View. Meta is based in Menlo Park. Microsoft operates a major office in Mountain View and San Jose. Thousands of Bay Area residents not only use these companies’ products but also work for them.
For ordinary Californians, the situation comes down to a simple question: do the laws enacted to protect them actually work. The CCPA took effect in 2020. The CPRA expanded its scope in 2023. Five years later, the largest technology corporations allegedly continue to circumvent these regulations, according to the audit.
What’s next
According to KQED, the main open question is whether the state can actually force Big Tech to comply with its own legislation. The CPPA has not yet commented on the specific audit results. None of the three companies has been held accountable in this matter.
The California Privacy Protection Agency continues to expand its inspector staff and increase the number of investigations. The first major fine for violating California privacy law — $1.2 million — was imposed on Sephora by the California Attorney General’s office in 2022. It remains unknown whether the recent audit will lead to formal investigations of Microsoft, Meta or Google.