Microsoft CEO Calls for Global Implementation of GDPR-like Legislation

Microsoft CEO Satya Nadella

Microsoft CEO Satya Nadella, speaking recently during an on-stage interview at World Economic Forum in Davos Switzerland, lead the calls for the global introduction of legislation that enshrines data privacy as a human right.

Nadella is a major supporter of the European Union General Data Protection Legislation (GDPR) that became enforceable on May 25 2018. He said: “My own point of view on GDPR is it’s a fantastic start on really treating privacy as a human right. I’m hopeful that in the United States we will have something that is along the same lines.”

The latter point echoed the recently expressed views of Apple CEO Tim Cook in relation to the introduction of GDPR-like legislation in the United States. You can read more here.

Following the introduction of GDPR last year, Microsoft moved quickly to announce that it would apply EU GDPR rights globally. In addition to this, the computing giant set up an entire privacy center which lists the type of data that Microsoft collects, what use this data is put to and how data owners can manage how this data is used.

Nadella said that individuals need to be in complete control of their own private data, not just in the the U.S. but on a global basis. He was delivering a speech on privacy, data and Artificial Intelligence. Throughout his talk he referred to the need for a common standard in how privacy is dealt with.

Coming not long after Microsoft actively lobbied for the introduction of more lenient data protection rules to be introduced in California, he said that he feels that there should be a global acceptance of privacy as a basic human right. Nadella stated: “In fact I will hope that the world over, we all converge on a common standard. One of the things we do not want to do is fragment the world and increase transaction costs, because ultimately it’s going to be born in our economic figures. I hope we all come together, the Unites States and Europe first, and China. All the three regions will have to come together and set a global standard.”

Nadella said that it is not enough to expect companies to self regulate as it is too difficult for businesses to ascertain what the correct and ethical use of private data is. He said: “In the marketplace there’s no discrimination between the right use and the wrong use… We welcome any regulation that helps the marketplace not be a race to the bottom.”

The US Senate is due to draft GDPR-like legislation in the near future. California, as mentioned previously, introduced state data protection legislation in 2018 and is due to hold six public forums on the California Consumer Privacy Act (CCPA) over the coming months and weeks. As recently as last week, U.S. Senate and House of Representative committees conducted separate hearings to review the possibilities for national privacy legislation. While they were mostly in agreement about the need for federal privacy legislation, they have failed to agree on the finer points of the possible legislation.

Nadella’s comments come at a time when Microsoft remains under investigation in the Netherlands in relation to a potential GDPR breach. Amid allegations that Microsoft Office is collecting the contents of privates email correspondence the company released a statement which said: “We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws. We appreciate the opportunity to discuss our diagnostic data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a successful resolution of any concerns.”

If Microsoft is found guilty then, as per GDPR legislation, it could face a highest possible fine of €20m or 4% of annual global revenue for the previous financial year.

All of this, in tandem with what appears to be the initial backing of Microsoft and Apple for Federal data privacy legislation, further highlight the importance for U.S. companies to now begin ensuring that they are doing everything possible to protect the private data that they are gathering.