Since the European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on May 25, more than 5 million people from 200 countries have used Microsoft’s new privacy tools to manage their data. And on both an absolute and per capita basis, the largest number of people come from the U.S., a country not formally covered by GDPR, demonstrating a desire by American consumers for greater control over their personal data.
Until recently, our understanding of privacy in the United States hadn’t changed much since the great American legal expert and Supreme Court Justice Louis Brandeis defined it in 1890 as the “right to be let alone.” For more than a century, preserving that right centered on legal protections designed to ensure that ideas and information that we don’t want to share can’t be accessed by others.
But as people depend more and more on technology to express their ideas, connect with friends and family, run their businesses, and manage their health and finances — and as more and more of our interactions are captured and stored in digital form — how we think about privacy has shifted. Instead of focusing simply on the right to be let alone, people want to engage freely and safely using digital technology without losing control over how their data is collected and used.
Increasingly, this desire to maintain control of personal information is being reflected in modern privacy laws as an essential aspect of the right to privacy. We’ve seen this start to be reflected in decisions from the U.S. Supreme Court, and over the past few months, in landmark legislation passed by the state of California. This is why the GDPR is so important — because it sets a strong standard for privacy and data protection by empowering people to decide what happens to their data.
At Microsoft, we too recognize that privacy is a fundamental human right. We have been advocating for national privacy legislation in the United States since 2005 and we have been enthusiastic supporters of GDPR since it was first proposed in 2012. We also believe new rights at the heart of GDPR establish important principles that are equally relevant outside the European Union. Called “Data Subject Rights,” they include the right to know what data is collected, to correct that data, and to delete it or move it to a different place.
This is why when Europe’s GDPR went into effect in May, Microsoft announced that we were extending Data Subject Rights — the rights at the heart of GDPR that give people in the EU greater control of their data —to all of our consumer customers around the world. This wasn’t required by GDPR, but we chose to do it because we firmly believe that helping put people in control of their data is the right thing to do. To achieve that goal, we built a privacy dashboard where our customers can manage their privacy settings, see what data we have stored, and delete that data if they want to. This includes everything from browsing and search history to location activity, movies and TV viewed through a Microsoft app or service, and health data in Microsoft Health.
In the four months since then, more than 5 million people from over 200 countries have logged onto the Microsoft privacy dashboard to manage their information. Not surprisingly, many of our customers in the EU, where GDPR is now the law, have been actively engaged with our privacy dashboard. However, it has been striking to see the strong interest and engagement from around the world.
The highest level of engagement came from U.S. customers with approximately 2 million people using our privacy dashboard to manage their data. Also included in the top 10 countries for visits on a per capita basis were Japan, with nearly 400,000; Brazil, with over 200,000; and China and Mexico, each with over 135,000 customers logging on to manage their data.
The information from our privacy dashboard tells us two important and related things:
First, there is a high level of interest among consumers around the globe in having control over their personal data.
Second, Americans consumers are no exception, as they are actively engaging with control tools they are provided. This fact puts to rest the notion that Americans care less about their privacy than Europeans. It also lends greater urgency to the need for federal legislation that provides tools and protections that make it easier for American consumers to exercise control over their personal data throughout the ecosystem.
To ensure that the benefits of a new generation of technology innovation are available to and benefit everyone, modern privacy laws that better reflect how people use technology today are essential. We continue to urge the U.S. government to move forward with legislation that protects the right to privacy through stronger control of personal information.