Microsoft calls for GDPR-like data privacy framework for the US

 A logo sits illumintated outside the Microsoft booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. (Photo by David Ramos/Getty Images) 

It’s almost a year since Europe implemented the General Data Protection Regulation (GDPR) law, which regulates how companies can process, use, store or exchange data belonging to citizens living in the EU. Microsoft published usage stats of its privacy dashboard to highlight a high level of interest in exercising control over personal data in the US, and is calling for a similar framework to be adopted by the Congress to uphold the fundamental right to privacy. 

“Now, it’s Congress’s turn to adopt a new framework that reflects the changing understanding of the right to privacy in the United States and around the world,” said corporate vice president and deputy general counsel Julie Brill, in a blog published on Microsoft’s website Monday. “Like GDPR, this framework should uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect,” she added.

Microsoft has also published a usage data of its privacy dashboard, which has been used by 18 million people globally since the GDPR law went into effect. About 6.7 million people have used the dashboard in the US, which Brill says is the highest level of engagement, both on a per capita basis and in absolute numbers. 

“Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today,” said Brill. 

The GDPR law, which came into effect on May 25, 2018 makes data processors and controllers responsible for data breach notifications, and levies penalties non-compliance (fines of up to €20 million or four percent of a company’s global revenues). It also grants EU citizens certain rights, such as the right to access, the right to be forgotten, and parental consent for processing children’s data.

While some US states have passed laws on data privacy, there is no US federal legislation. The state of California passed the California Consumer Privacy Act (CCPA) in June 2018, which goes into effect on January 1, 2020. The Act intends to provide California residents the right to know what data is being collected about them, who it is sold to or disclosed to, say no to the sale of personal data, and the right to access their personal data. 

DuckDuckGo, a privacy-focused search engine recently proposed a Do-Not-Track-Act draft legislation, calling for a law to respect the privacy of users who turn on the Do Not Track setting on the web browser.