Microsoft VP calls for U.S. to align privacy laws with GDPR
May 25 is the first anniversary of the EU’s GDPR taking effect, and in its first year, 18 million people around the world used Microsoft’s privacy dashboard to interact with their personal data, according to a corporate blog post on the anniversary.
Microsoft Corporate Vice President and Deputy General Counsel Julie Brill writes that the regulation has inspired new privacy laws in many countries. Brazil, China, India, Japan, South Korea, and Thailand have all passed new laws, proposed legislation, or are currently considering changing laws to more closely align their privacy regulations with GDPR, according to Brill.
Microsoft blog posts have become much more widely known in the biometrics industry since the company’s President Brad Smith called for government regulation of facial recognition last July.
Of the 18 million people who have used Microsoft’s privacy dashboard since May 25, 2018, more than 4 million are from the EU, but the country with the most people interacting with it is the U.S., as 6.7 million Americans have used the dashboard in the past year. The high level of interest in the U.S. is also reflected in the recent passage of strong data protection laws in California, and Brill says federal legislation in the U.S. is the next step towards aligning with GDPR.
“California’s law is a good starting point. But federal legislation should go further and ensure that companies act as responsible stewards of consumers’ personal data,” according to Brill. “One way to achieve this is by requiring assessments that weigh the benefits of data processing against potential privacy risks to those whose data is processed.”
Brill calls the prevailing opt-in/opt-out model “unreasonable” and “unworkable,” and notes that her time on the Federal Trade Commission taught her that strong enforcement provisions are also necessary. Making U.S. law interoperable with GDPR would reduce costs and compliance complexity for American businesses, she claims.
While comprehensive privacy and data protection legislation has yet to be proposed in Congress, a bill to regulate facial recognition was introduced in March.