GDPR for everyone, cries Microsoft: We'll extend Europe's privacy rights worldwide
Euroland is the new California – but not everyone is happy
Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide.
The promise was outlined in a blog post on Tuesday written by the Windows giant's new deputy general counsel, Julie Brill, who was until recently a commissioner at the Federal Trade Commission (FTC).
"We've been enthusiastic supporters of GDPR since it was first proposed in 2012," Brill argued. "It sets a strong standard for privacy and data protection by empowering people to control their personal information."
Somewhat unusually, it goes on: "We appreciate the strong leadership by the European Union on these important issues" and espouses a view that until recently would have seemed positively anti-American.
"We believe privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever."
It seems as though Microsoft has gone the Apple route and realized that privacy rights can be a key differentiator in a market where Google and Facebook have increasing control but possess a distinctly looser view of what can be done with private user information.
Not so, says Microsoft: "We've been advocating for national privacy legislation in the United States since 2005," it argues, linking to a push by Microsoft general counsel Brad Smith to introduce new data legislation.
It should be noted though that that push was in the context of cyber criminals and identity theft and is a very different situation to the one we find ourselves in in 2018, when vast sums of money are made from gathering and selling personal information to advertisers.
Facebook previews GDPR privacy tools and, yep, it's the same old BSREAD MORE
Regardless, Microsoft seems to be serious in its goal to extend European privacy legislation, aka GDPR, worldwide – it has an updated privacy page and lists the not-insignificant ways it has changed its policies.
Some predicted that this would happen and Europe would act like California frequently does in the US when it comes to changes in corporate behavior: new rules in a big enough market that make it easier to simply change the rules wholesale rather than run two different sets.
The online world continues, largely, to ignore national boundaries so Europe's privacy legislation has had a significant impact on US corporations (with some notable begrudging examples.)
Perhaps unsurprisingly, this has not pleased some who could be loosely termed free marketeers but are probably more accurately described as American exceptionalists.
"Four ways the US can leapfrog the EU on online privacy," a strikingly discordant headline from the American Enterprise Institute (AEI) blog reads. It's written by anti-net neutrality campaigner Roslyn Layton.
Ah, yes, of course
But don't fear, the world hasn't flipped. Despite the headline, the post has nothing to do with giving US citizens more privacy rights and comprises little more than an attack on GDPR and Europe's dastardly plan to try to tell freedom-loving Americans what to do.
How does America "leapfrog" European privacy standards? By not imposing any controls, of course. Instead, the free market will come up with all sorts of innovative ways to give consumers the power to decide, rather than rely on "heavy-handed government supervision." Users, for example, can take "privacy training." And, you know, other things too.
Except it's difficult not to notice that despite years of complaints about companies like Facebook abusing their position and selling personal data, the only thing that has finally caused a real shift in their policies is the imposition of legislation giving citizens new rights over their own data.
While Microsoft is to be applauded for taking its users' privacy more seriously, it is worth noting that there was nothing to stop it from making such changes itself many years ago before GDPR was passed, or in the two years since the law was formally approved. Still, every little helps. ®
Sponsored: Becoming a Pragmatic Security Leader