The first anniversary of GDPR, Europe’s gold-standard privacy law, is later this week – and Microsoft has marked the occasion by backing Apple’s call for a US version.
Microsoft, like Apple, responded at the time by committing to offer GDPR-level protections to all its customers globally, but thinks voluntary moves by tech giants are not enough …
Europe’s General Data Protection Regulation has 99 separate articles, but at the heart of the law are four requirements for companies wanting to store and process your personal data:
- There must be a specific, lawful reason to process the data
- Personal data must be encrypted
- You have a right to a copy of your data
- You can ask for your data to be deleted
Apple CEO Tim Cook has repeatedly called for a US federal privacy law that would offer similar protections to GDPR, most notably in a TIME magazine op-ed.
Microsoft has now lent its support in a blog post, noting that many other countries have already followed Europe’s example.
The company says that compatibility with GDPR is crucial.
No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments. Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today […]
Now it is time for Congress to take inspiration from the rest of the world and enact federal legislation that extends the privacy protections in GDPR to citizens in the United States.
There is bipartisan support for a federal privacy law, but no consensus on the exact approach. In particular, there are differing views on the role of the FTC.
Is the first anniversary of GDPR a good time to ask Congress to stop debating and act? Is there really a need for separate rules in the US, or could Congress simply mirror GDRP protections so that the exact same standards apply? Let us know your thoughts in the comments.
Photo: Shutterstock