We at Microsoft focus on privacy protections for our customers every day of the year. On Jan. 28, we join others across private and public sectors around the world to mark Data Privacy Day (DPD) – which is also known as Data Protection Day in Europe where it began in 2006. In support of the day’s focus on educating and empowering people, I’ll be participating in a DPD panel discussion hosted by the National Cyber Security Alliance (NCSA) in Washington, D.C. on Jan. 28, and will share the results of a new Microsoft commissioned survey that measured online privacy perceptions among technology savvy individuals in the U.S. and four European countries (Belgium, France, Germany and the UK).
Our panel discussion will focus on “Notice and Consent: Innovating a New Path Forward,” where we’ll explore the complex opportunities and challenges that businesses, civil society and government must overcome to adapt traditional privacy models for the era of big data and the Internet of Things.
At Microsoft, we’ve helped to convene a series of global dialogues to understand the challenges that a strong focus on notice and consent at the time of data collection pose in an increasingly data-intensive world. Much of the responsibility of privacy protection currently rests with individuals when they are expected to read the lengthy and complex privacy statements and disclosures of service providers. Given the sheer number of statements they increasingly encounter, using these tools as the basis for privacy decisions places unrealistic expectations on individuals. Indeed, our research suggests that people don’t typically read these statements, perhaps due to the burdens of time and complexity. Over time, our reliance on this model will erode privacy and trust unless we evolve to an alternate model.
While not eliminating the concept of notice and consent, an alternative approach could be to hold organizations more accountable for data practices and management, and focus more on appropriate uses of data while still ensuring that consumers have the opportunity to manage their personal information in many contexts. As we engage in longer-term discussions about how global privacy models should evolve, we’re also very focused on how individuals are managing their online information today.
During the NCSA discussion, I will share new survey results that demonstrate that individuals are very interested in understanding how their information is being used online. At the highest level, our results show that in the U.S., people estimate they have control over the way their information is used online only about 50 percent the time. In European countries surveyed, it’s about 40 percent combined.
Those surveyed indicated they saw online privacy as a shared responsibility between themselves, industry and their governments. They would also prefer that technology companies help protect their privacy through a combination of efforts that include delivering technology innovations that automatically protect individual privacy; offering simple controls that individuals can use to make the right privacy choices; and being transparent about how consumer information is collected, shared and protected.
These results reinforce what we hear directly from customers; they expect us to prioritize their privacy and incorporate strong privacy protections into our products and services. As part of our commitment to a Trustworthy Computing experience for our customers, Microsoft has invested in a comprehensive privacy program for more than a decade. We know that a steady, consistent approach to privacy will help us maintain and build customer trust, and we are constantly looking for ways to innovate on privacy in support of our customers.
As we at Microsoft set time aside on Data Privacy Day to reflect on how to address consumer privacy needs in the technology landscapes of today and tomorrow, we have an opportunity to challenge existing practices and imagine what we can build together in support of consumer privacy that enables everyone to benefit from the responsible use of data.