One of the most important policy discussions emerging this year is the effort to update privacy laws in Europe and the United States. This is welcome news. Key laws governing privacy and security on both sides of the Atlantic have not been overhauled in a significant manner for two to three decades, yet technology – and society – has changed dramatically.
This morning I spoke at the International Association of Privacy Professionals’ Global Privacy Summit about these efforts. At Microsoft, we support the work here in the U.S. and in Europe to update privacy laws to reflect changes in technology, and the many new and different ways people and organizations gather and use information.
Perhaps most importantly, the law needs to continue to evolve in ways that put people first by giving them control over the uses of their data and reinforcing the responsibility of organizations to protect appropriately the privacy and the security of that data.
Much has been written about the ways Europeans’ and Americans’ views on privacy differ and the resulting gaps that exist between European and U.S. regulatory approaches. While there are differences in language, culture and legal systems, it is also clear that citizens around the world share core human values around privacy and the rights of individuals to control their data.
Like many people, I value knowing what information is collected from me and how it is used. People want to know their data is used the right way. And they want to know that the products and services they use are built with privacy in mind.
Given those concerns, it’s time to update the conversation around privacy – and keep it current. We need to find ways to build bridges between U.S. and European regulatory regimes and establish a framework that is sufficiently flexible to be viable today and into the future, as well as globally interoperable so that people are protected wherever their data travel.
Fortunately, many of the recent proposals for privacy frameworks make a great deal of progress toward understanding what privacy will mean over the next few decades. On both continents, we have seen important steps forward toward striking the right balance between safeguarding privacy and promoting innovative uses of information.
For instance, one of the greatest challenges in current data protection regimes is that while data travel globally, privacy protections often stop at national borders. The European Commission’s recently proposed new regulation would promote harmonization of privacy laws across the European Union and provide greater clarity and certainty for European citizens and the multinational organizations that serve them.
The Commission’s proposed regulation also introduces new and streamlined mechanisms for data transfers outside the European Union, which is essential in an era when global flows of information are exploding.
In the United States, the Obama Administration’s proposed consumer privacy bill of rights recognizes the importance of transparency and sensitivity to context in implementing privacy protections. Still, much more needs to be done to flesh out the European and U.S. proposals before we settle on an approach that is effective and viable over the long term.
We also need to recognize that laws cannot do everything. Technology industry leaders need to continue to consider how they can put people first when we design and deploy technologies. We need to incorporate privacy protections early in the technology development cycle, and we need to enhance transparency so individuals can make fully informed and meaningful choices about how their data are used.
Ultimately, computing needs to remain personal, and we look forward to continuing to engage in these important privacy conversations with stakeholders in Europe, the U.S. and around the globe.