Microsoft Urges U.S. to Adopt Laws Similar to EU’s GDPR

Microsoft corporate vice president/deputy general counsel Julie Brill believes that the federal government is essential in guaranteeing “a strong right to privacy” in the United States. She noted that California and Illinois have enacted serious data protection laws, but that the U.S. needs federal regulation. She came to that conclusion after observing that the European Union’s General Data Protection Regulation (GDPR), enacted almost one year ago, has been “very effective” in transforming how companies manage personal data.

TechSpot reports that Brill wrote on the company blog that the GDPR puts “new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose.” Adding that the GDPR has “inspired other countries to adopt similar regulations,” she stated that Microsoft has been “the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe.”

But, she warned, “no matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments.”

Brill noted the California Consumer Privacy Act (CCPA) is a “model for federal policy,” pointing out that, “the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today.” She added that “current privacy laws … are problematic when it comes to enforcement.”

“Laws currently on the books are simply not strong enough to enable the FTC to protect privacy effectively in today’s complex digital economy,” she said.

The Federal Trade Commission, which in principle enforces these laws, “cannot fine a company without a consent decree,” which makes the violator liable for penalties only if it is “caught in the act again.” Both Facebook and Google have been served consent decrees; however, “according to the Government Accountability Office, over the last 10 years, the FTC has filed 101 enforcement actions … [and] nearly all of these carried no civil penalties,” but resulted in settlement agreements.

Apple chief executive Tim Cook has also called for government regulation.