Rights and Responsibilities When It Comes to Data Privacy
Privacy is recognized as a fundamental human right by the United Nations Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other treaties.
Data-driven innovations and services should not impinge on this fundamental right. Privacy can and should be maintained in today’s highly connected digital world. At the same time, the collection, analysis, and use of data is an important engine of innovation. Responsibly used data can improve outcomes in healthcare, education, commerce, policymaking, and many other areas.
Both government and the private sector have a responsibility to protect data privacy. Many technology companies have made significant commitments to protecting consumer privacy—and to allowing consumers to control how their data is collected and used. Unfortunately, not all businesses have strong privacy practices. Many businesses are also looking to government to provide baseline rules to support customers’ privacy and strengthen trust in tech.
The Role of Government
Microsoft has been calling for federal digital privacy legislation since 2005. Since that time, members of Congress have introduced several legislative proposals to strengthen data privacy protections. However, despite this work, Congress has not yet enacted a comprehensive data privacy law that would provide a nationwide legal framework for both businesses and consumers.
In the meantime, many governments worldwide have responded to growing concerns about data collection by developing new laws and regulations to protect privacy in the digital age. Notably, the European Union’s General Data Protection Regulation (GDPR) went into effect in May 2018. Many other countries have adopted similar data privacy policies.
In the U.S., state lawmakers have taken action to fill the gap in federal policy. In California, lawmakers enacted the California Consumer Privacy Act (CCPA), which became effective in 2020. This law was updated in 2020 by the voter-approved California Privacy Rights Act (CPRA), which went into effect on January 1, 2023.
Since California passed its landmark legislation, many other states have passed comprehensive data privacy legislation. While state data privacy laws represent progress, a patchwork of state privacy laws creates compliance challenges, especially for small businesses, and drives up costs. A unifying federal law would help provide consumer protections, while limiting the burden on businesses.