Microsoft Calls For US Privacy Law For Tech Companies’ Responsibility

On May 20, Julie Brill, Microsoft Corporate Vice President, and Deputy General Counsel published a blog post on US privacy law. In this post, Brill claimed that everybody has a right to privacy, especially when people are more and more concerned about how much data the technology companies have collected from them. The post comes when nearly a year ago, the EU’s General Data Protection Regulation went into force.

Since there is no federal action, different states have to come up with their laws such as Illinois’ Biometric Information Privacy Act and California’s Consumer Privacy Act. In 2018, even a group of senators has proposed privacy bills to protect users data.

Besides Microsoft, there are also other tech giants who have called for a law on privacy like Google, Facebook, and Apple. Specific details on the requested law are different from each company. For Microsoft, it expects the privacy regulation to shift the data protection burden from person to technology companies.

In most cases, users have to enter the privacy settings to turn it off since the data collecting mode is on default. In March, Google was criticized for making the opt out of data tracking programs too difficult for users to shut off.

To back up its point on this, Microsoft even collected numbers to show how often users take the extra step to protect their data. Last year, Microsoft published Privacy Dashboard and reported that there had been over 18 million people using these tools. The fact that there are around 1.5 billion Microsoft devices makes it about 1 percent of the users have changed settings on their privacy. For Google products, upon 2.5 billion visits to the Accounts page, there are only around 20 million users entered the ads settings.

What Microsoft is trying to raise upon privacy legislation is that technology companies have to be responsible for users’ privacy, not the users themselves. It is also mentioned that privacy legislation needs to have solid enforcement.

Although the Federal Trade Commission (FTC) is able to fine violated tech companies, there is still a need for a consent decree to perform this action. And for a consent decree, offending companies have to agree to a future penalty for further violation. As of a finding from a government watchdog agency, in the past ten years, almost all of 101 privacy violation cases that were investigated by FTC ended up with no penalties.

In the last November, commissioners from FTC reported to senators that they “didn’t have enough resources” to protect users from data abuses.

What Microsoft is proposing matches with what Washington lawmakers have raised. On May 20, Senator Josh Hawley declared that he plans to introduce a new bill to create the Do Not Track Act, which is the same as the Do Not Call list but for data tracking.

According to Brill, the federal privacy law should surpass the privacy law in California. She also requested Congress to enact privacy law that gives users control over their own data and requires tech companies to be more accountable and transparent.