What a difficult year this has been. During the past nine months, COVID-19 has disrupted almost every aspect of our lives, our work and our social interactions to a degree most of us never imagined possible. The economic damage may take years to repair.
Here in the United States, the shocking deaths of George Floyd and Breonna Taylor call us to acknowledge and address the systemic racial inequalities that have shaped our nation for too long.
It is a lot to deal with.
But amid all this disruption, we have also experienced an incredible digital transformation. In just a few months, we have jumped forward years in our use of advanced digital tools for interacting with one another, running our businesses, sending our kids to school and understanding what is going on in the world.
Now, as we begin to move from responding to the coronavirus crisis toward recovery, data will play an important role. Data is critical not just in rebuilding our economy but in helping us understand societal inequalities that have contributed to dramatically higher rates of sickness and death among Black communities and other communities of color due to COVID-19. Data can also help us focus resources on rebuilding a more just, fair and equitable economy that benefits all.
Let’s not waste this opportunity. Much of the data needed to make positive progress is personal information – data about our location, our health and our work. To achieve the full benefits that the digital transformation promises, people must trust their information is used responsibly and respectfully.
Trust is fragile, and consumers have plenty of reasons to be wary of how their data is used. This is particularly true in the United States where companies and government are not doing enough to protect the privacy of personal information. Today, it is simply too difficult for people to find out what personal data is collected about them or how it will be used. And there have been more than enough high-profile data breaches and stories about the misuse of personal data in recent years to give people pause about whether companies and government are good stewards of their personal data.
A new study conducted by the international research firm YouGov on behalf of Microsoft makes clear just how tenuous trust is in the United States. In that study, 90% of the people surveyed said they are concerned about sharing their information.1
The United States has fallen far behind the rest of the world in privacy protection
One reason trust is so tenuous in the United States is the lack of a strong national privacy law. Since the European Union’s General Data Protection Regulation (GDPR) was adopted just two years ago, many countries, including Brazil, India, Japan, Kenya, South Africa, South Korea and Thailand, have adopted, revised or proposed new frameworks for privacy protection that recognize people own their personal data and have a right to view, correct and delete it. In total, over 130 countries and jurisdictions have enacted privacy laws.
Yet, one country has not done so yet: the United States. Current laws in the United States govern only limited types of information, and all of them are more than two decades old.
The YouGov survey also found that the American public is overwhelmingly in favor of stronger privacy protection law. Seven out of 10 people surveyed said they don’t think government does enough to keep their personal data private, and the same large majority would like to see privacy regulation addressed during the next administration.
As countries around the world pursue new legal frameworks, global standards are being developed without U.S. involvement. In contrast to the role our country has traditionally played on global issues, the U.S. is not leading, or even participating in, the discussion over common privacy norms.
If the U.S. wants to join the global conversation about how to develop robust privacy and data protection laws that will enable innovation through responsible data use, it will need to act fast. If Congress does not act soon, we will see the balance of power on these critical issues shift away from Washington, D.C., and move to Brussels, Berlin, New Delhi and Tokyo.
The good news is that states are stepping in through legislation such as the California Consumer Privacy Act (CCPA), which includes provisions that reflect some of the individual rights granted by GDPR. Other states are considering their own proposals. There are also signs of real interest among some members of Congress, who have proposed new privacy legislation that would reestablish American leadership in privacy protection and provide the legal framework essential for consumers’ trust that their data will be handled safely.
Placing the responsibility for privacy where it belongs – on companies
Strong privacy legislation is important. But the simple truth is that the onus to create and maintain trust must fall on the companies that collect, process and store personal data. No matter what the law says, if companies aren’t responsible, transparent and accountable when using personal information, their customers will not trust them and they will fail.
Our recent research bears this out. The YouGov study found that significantly more people believe companies bear the primary responsibility for protecting data privacy – not government.
And yet prevailing practices in this country place the vast bulk of responsibility for privacy protection on individuals. Although this approach complies with current U.S. law, it seems almost perfectly designed to undermine trust. The large number of websites, devices and apps that people rely on to remain connected and engaged – a number that has grown even larger during this health crisis – makes it nearly impossible for individuals to navigate the privacy information overload and make informed decisions about how their data is used. Too often, we deliver that information in notices difficult for lawyers and engineers to understand – much less consumers.
Instead of lobbying Congress or state legislatures to water down or block privacy legislation, it is time for businesses to advocate for stronger privacy laws in this country. In addition to engendering greater trust with their customers, a strong privacy law will provide companies with clear guardrails about how they can use data for responsible innovation with greater assurance.
And whether new laws are passed or not, it is essential that companies develop their own strong privacy standards and assume accountability for how they use customers’ data.
Creating a framework of trust – both for congressional action and corporate accountability – should begin with these four principles:
- Transparency about how companies collect, use and share personal information. Consumers are clamoring to understand what data companies have and how they will interact with it
- Consumer empowerment that guarantees the right of individuals to access, correct, delete and move personal information
- Corporate responsibility that requires companies to be good stewards of consumer information
- Strong enforcement through a strong central regulator and vigilant state’s attorneys general offices that have the authority and funding to enforce the laws and take action to hold violators accountable
I’m confident all this is achievable. The imperative to do so has never been more urgent, and the momentum toward progress has never been stronger.
As difficult as the past nine months have been, they have also been filled with signs of great human resilience and ingenuity. You can see it in the heroic work of frontline health-care workers, the rapid progress made toward creating a vaccine, and the commitment of a new generation of young activists to work toward ending systemic racism. Health-care providers are now using telemedicine to treat patients in ways that protect them from exposure to coronavirus and are finding new ways to deliver care to people who would otherwise have difficulty accessing a doctor. Businesses are using powerful new digital capabilities to foster collaboration, engage with customers and reinvent business models in a world facing unprecedented constraints.
This must be just the start. Now is the time to build on these promising steps forward. But to do so, trust is essential. It is time for government and business to work together to pass laws and reinvent practices to recognize the individual right to own and control personal data and to place the responsibility for protecting privacy where it belongs – on companies.
This is the best and only way to create the conditions that will make trust possible. It is also an essential foundation for building a recovery that is robust and sustainable and serves everyone equally.
1 YouGov Study (2020, October 5). Commissioned study conducted on behalf of Microsoft Corp. by YouGov, an international survey research firm. The poll was conducted between September 28 and October 5, 2020, with a representative sample of 5,000 registered voters nationwide. The margin of error for the poll was +/- 1.5 points.