On the first anniversary of the European Union’s data protection and privacy law GDPR coming into effect, Microsoft’s Julie Brill called for a similar federal legislation on privacy in the United States. In a blog, Brill argued that “preserving a strong right to privacy will always fundamentally be a matter of law that falls to the government”. Regardless of how much companies work to secure data, “current laws are simply not strong enough for the FTC to protect privacy in today’s complex digital economy,” she said. “While California state’s own privacy law CCPA is to come into effect next year, the US Congress needs to adopt a framework that upholds the right to privacy, to give people control over their data and makes companies accountable in their use of personal data.” The current opt-in/opt-out model in the US places the responsibility of privacy on consumers, requiring them to make a decision for every website they visit.

“California’s law is a good starting point. But federal legislation should go further and ensure that companies act as responsible stewards of consumers’ personal data. One way to achieve this is by requiring assessments that weigh the benefits of data processing against potential privacy risks to those whose data is processed.”

Microsoft CEO Satya Nadella has previously called for more responsibility from tech companies, saying that they couldn’t ‘abdicate their responsibilities’. In February, he said competition among tech companies without self-regulatory checks could lead to an aggravated problem. He also called for a framework to regulate artificial intelligence and facial recognition, because “in a digital world, everybody can grow if we realise that the web is interconnected”.