Microsoft Wants the US to Have Its Own GDPR

Posted on May 21, 2019 by Mehedi Hassan in Microsoft with 18 Comments

It’s been almost a year since GDPR went into effect in the European Union. GDPR forced companies to be transparent about the data they are collecting from users, how the data is being used, and provide users with complete control over their own data. And on the first anniversary of GDPR, Microsoft is calling for US government to introduce something similar.

Julie Brill, a CVP and Deputy General Counsel at Microsoft, called for a new framework for a privacy law that works for everyone. Brill is asking Congress to introduce new privacy laws based on the GDPR that puts the responsibility for privacy on tech companies. “Like GDPR, this framework should uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect,” Brill said.

Brill praised some of the state laws–like the upcoming California Consumer Privacy Act–that is coming into effect to protect user’s privacy, but believes federal law will be more effective at protecting user’s privacy by holding companies responsible for user data.

“This is important because the prevailing opt-in/opt-out privacy model in the United States forces consumers to make a decision for every website and online service they visit. This places an unreasonable—and unworkable—burden on individuals. Strong federal privacy should not only empower consumers to control their data, it also should place accountability obligations on the companies that collect and use sensitive personal information,” Brill wrote.

The idea for a privacy framework like the GDPR is very sensible, especially with companies like Facebook that aren’t really paying the price for essentially messing with users’ data. Microsoft’s Julie Brill is also calling for a unified system that works with GDPR so that companies do not have to build a separate system to abide by the new laws.

Tagged with , ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (18)

18 responses to “Microsoft Wants the US to Have Its Own GDPR”

  1. dontbe evil

    Cant' wait to see this apply to scroogle

    • jbinaz

      In reply to dontbe_evil:

      I'm pretty sure that's half the reason MS is doing it.

      It's pretty odd for a corporation to call for regulation, so they must think it will help them, or at least slow down a competitor.

      • MikeGalos

        In reply to jbinaz:

        Actually, it makes a lot of sense for Microsoft to call for this.

        1. They're having to do this already in the EU so having one similar set of site designs that complies with all the major markets makes sense
        2. With state laws starting to add up having a single overarching US law means less versions to have to maintain

        Of course, since they, unlike Google and Facebook, don't base their profit margin on selling user data they're not losing their income source by complying so the cost of complying is much less of a problem than it is for companies that do use user targeting as their primary revenue source so Microsoft can afford to advocate for making their lives simpler rather than trying to hold back the tide as long as possible in as many markets as possible.

  2. robinwilson16

    I think one of the annoying things about this has been large alerts on websites telling me they use cookies which can sometimes be hard to dismiss. Generally I think a lot of smaller businesses are not really sure if they are complying with all of this, thinking making all their forms opt in is sufficient. Also it can be used as an excuse for councils not to share data between their own depts, a bit like health and safety being the reason no one is allowed to do anything such as drinking coffee in case they uncontrollably throw it over themselves and try to sue someone.

  3. AnOldAmigaUser

    Amendment IV

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    IANAL but I do not see where it says anything about this being restricted to the government, though that is how it is applied, except within 30 miles of the border and at ports of entry, where it is seemingly suspended.

    Perhaps we already have the equivalent of GDPR but have not been enforcing it.

    • Greg Green

      In reply to AnOldAmigaUser:

      The problem is the corporations aren’t taking the information, they’re asking for it. Then the consumers tosses them the keys to the house, vault, garage, family jewels and fortune. Repeatedly.

      • AnOldAmigaUser

        In reply to Greg Green:

        Technically, they are not asking for it; they are stating that they will take it if one chooses to use the application. If I remember correctly, there has been some success in pushing back against onerous TOS and EULAs (sort of redundant as they are all onerous on the user and hold the publisher blameless) in courts.

        I think though, that if the terms were stated in a way that actually explained what was happening, more people would decide the trade-off is not actually worth it. Then again I am probably being naive. One can never underestimate what people will agree to if something is "free".

  4. Rob_Wade

    NO NO NO NO NO!!!!! I'm am SO sick of ignorant initiatives to be more like Europe. SCREW THEM!

  5. waethorn

    Just to be clear, "transparency" != "private control".

    People will still click the "I agree" without reading the contract.

    "Strong federal privacy should not only empower consumers to control their data, it also should place accountability obligations on the companies that collect and use sensitive personal information"

    This only works if there are negative ramifications for the company RELATIVE TO THEIR REVENUES.

    • AnOldAmigaUser

      In reply to Waethorn:

      Perhaps the contract should state in clear, concise terms, rather than legalese, what one is agreeing to. How about this for the boilerplate:

      We are going to suck up every bit of information you enter in this application.

      We are going to sell this information to third parties, and we have no idea what they will use it for.

      We, and said third parties, are going to combine this information with other data we collect or purchase from other public and private entities to create a data set that identifies you.

      We know where you live and the route you take home from work.

      We know where your children are.

      You cannot stop us

      All your bases are belong to us

      ...cue evil laughter.

  6. provision l-3

    I’m guessing that Microsoft and Apple see writing on the wall. Regulation is coming and it makes more sense to get in front of it and have a voice in the process rather have it be some reaction to another Facebook privacy clusterf*ck.

  7. melinau

    About time too.

    Companies like Google & Facebook treat our data as though it were their property, rather than the other way around. If we are ever to control them we need proper respect for our data. GDPR is far from perfect, but better than the laissez-faire jungle we have at present.

Leave a Reply