Microsoft Calls For Federal Regulation of the Tech Industry (techspot.com) 76
In a blog post, Microsoft Corporate Vice President and Deputy General Counsel Julie Brill says the European Union's General Data Protection Regulation (GDPR) has been very effective in changing the way that tech companies handle personal data, and feels the U.S. should enact something similar at the federal level. TechSpot reports: "[Companies] have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose," she wrote. Brill points out that the GDPR has inspired other countries to adopt similar regulations. She also pats her company on the back for being "the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe."
However, such self-regulation is not good enough. While some states such as California and Illinois have strong data protection laws in place, Brill feels the US needs something similar to the GDPR at the federal level. "No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments," Brill states. "Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today." Brill suggests the federal government should enact regulation that models the California Consumer Privacy Act (CCPA), which goes into effect next year.
"Brill says that consumers have the right to control their information and that companies need to be held to a higher degree of accountability and transparency with how they collect and use customer data," reports TechSpot. "The new laws also need to have teeth."
However, such self-regulation is not good enough. While some states such as California and Illinois have strong data protection laws in place, Brill feels the US needs something similar to the GDPR at the federal level. "No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments," Brill states. "Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today." Brill suggests the federal government should enact regulation that models the California Consumer Privacy Act (CCPA), which goes into effect next year.
"Brill says that consumers have the right to control their information and that companies need to be held to a higher degree of accountability and transparency with how they collect and use customer data," reports TechSpot. "The new laws also need to have teeth."
Market leaders often favor regulation... (Score:5, Insightful)
Re: (Score:2, Interesting)
Lots and lots of people are calling for regulation of this.
Lots of people are calling for regulation, but they have very different ideas about what that regulation should be. Microsoft wants to get out in front of the mob so they can shape the process.
Even I think we need regulation. I propose the following law: "The United States Constitution actually means what it says. Sorry we didn't make that clear the first time." That should handle any situation. If someone says something you don't like, see Amendment #1. If the government wants to read your email, s
Re: (Score:3)
If the GOVERNMENT does not like something you say, see Amendment $1.
Since regulations come from the government, I am not sure what your point is.
Re:Also notice (Score:4, Interesting)
Sure, or you can, you.... not wholesale collect every single data point you can possibly glean from every little thing, and instead just stick to your service.
If your a hotel booking site, why in all of the hells would you need to know what device I'm using to talk to your site with? Why does the bookstore need to know my sexual orientation?
I've got an idea. We make the new regs, and apply them to LICENSED DATA BROKERS, who can then sell this data to advertisers and everybody else who's willing to pay. Everybody gets to know up front who is a data broker.. no more of this "We're a blogging platform!" bullshit when 90% of the revenue comes from harvesting data. And when they spill this data all over the internet, or sell it to criminals, or abuse their position, the penalties are clearly laid out for them, including revocation of the brokers license, executive jail-time, and massive fines based on % annual revenue.
You will need certain bits of data to run your business, but religious views, political affiliation, and sexual preference are not likely among them.
We could use a little bit of extra education in our school system regarding this issue as well. The inevitable fines companies will pay can boost the education budget. Social media can be dangerous, and this needs to be explained to little Timmy before he grows up brainwashed.
True. Also can't be anything like GDPR (Score:1)
That's true. Also, any US law can't be anything like GDPR. The US could have some kind of privacy law, but it wouldn't resemble GDPR.
When you think of GDPR, you probably think of extremely large companies with vast databases of data that isn't directly needed for the service they offer. But the GDPR doesn't actually say anything at all about big companies. It applies to you just as much as it applies to Google.
The word "vast" doesn't appear anywhere in the directive. The directive basically says nobody i
Re: (Score:2)
The contact list in your phone is you storing people's names and numbers - probably a GDPR violation, though "no reasonable prosecutor ..."
Yes, it must be a violation, because you're totally the first person to think of that problem.
Let's try reading it (Score:1)
I'm pretty certain that you can read. I've read it. Maybe we can read it together.
Article 4:
'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Note it says "natural person" or legal person - it applies to individuals, not just companies.
That's you, you received somebody's phone number.
'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly
Re: (Score:1)
I'm pretty certain that you can read. I've read it.
But obviously you didn't read Article 2:
This Regulation does not apply to the processing of personal data:
Recital 18. You started out intelligent (Score:1)
The first half of your post, referencing Article 2, was interesting - intelligent discussion. You missed how Recital 18 explains Article 2, so you missed what it means, but looking at Article 2 is smart, and interesting - even when you forget to rewd the explanation in the recitals.
Then you went full moron with an ad hominem.
Sometimes I'm wrong, sometimes I'm rude. I try not to be rude and arrogant while being wrong, because that's not a good look.
Recital 18:
1 This Regulation does not apply to the processin
Read what you pasted (Score:2)
Did you read what you pasted?
--
Individuals have the right to have the data erased if the data is no longer necessary for the purpose which you originally collected or processed it for;
--
Are you prepared to prove that it is NECESSARY for you to post about Stallman's toenails? I'd think Stallman could make a pretty strong argument that it's no longer necessary to have that posted on Slashdot.
> whether the statement was even true or not, in the context of the GDPR or otherwise.
You may want to Google "libel
Not in the last 50 years (newspapers have free spe (Score:2)
There was a time, after the Lochner era ended, when the court allowed the legistlature much discretion re commercial speech. Note even in that time period, it was well understood that one does not lose your free speech rights just because there is a commercial element. Benjamin Franklin, the father figure to the founding fathers, was a newspaper publisher. The right of his (commercial) newspaper to print without restriction by government was very much on their minds when they wrote and passed the first am
Re: (Score:2)
The directive basically says nobody is allowed to store or release personally identifiable information about anyone else.
No that isn't correct. It has very specific definitions on who the GDPR applies to, certainly I can store or release personally identifiable information about anybody, the GDPR does not prevent that except in some very special circumstances. I.e.
The contact list in your phone is you storing people's names and numbers - probably a GDPR violation
Why do you think that is a GDPR violation?
Remember the right to be forgotten? That's in the GDPR now. If Stallman doesn't want you to mention him eating toenail lint, it's illegal for you to mention it.
So that's not correct because a name alone does not constitute personally identifiable information. I can most certainly store the information "Ted ate a big cheeseburger" and nobody - even if they were named or referred to
Re: (Score:2)
Let's just address your first sentence or two as a start. You said:
> It has very specific definitions on who the GDPR applies to, certainly I can store or release personally identifiable information about anybody, the GDPR does not prevent that
GPDR Article 4 says who it applies to:
'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Note it says "natural person" or legal person - it applies to individ
Re: (Score:2)
I don't have time right now to go through all of your sentences and cite specifically which clause in the GDPR says otherwise for everything you said, but you can read the GDPR and we'll touch base after you've read it.
I
Re: (Score:2)
Re: (Score:2)
They know some regulation is (probably) coming. They want to get out in front of it and have their lobbyists and political protection money result in it being written for their benefit (it worked fabulously well [opensecrets.org] in getting the antitrust charges dismissed [wired.com] in the early 2000s). Standard stuff for any large company. If it harms competitors, well who could foreseen those unintended consequences? Certainly not the elite IQ lawyers, accountants and MBAs at the company.
Re: (Score:3)
Re: (Score:2)
In economy that concept is called a moat. With more regulation, they remain on top as new competitors have it harder to enter the field.
What's wrong with that? Something as critical as data privacy shouldn't be a free-for-all, it's hard to start up a pharmaceutical business too but that doesn't mean we should allow companies to play fast and loose with people's health just for the benefit of new market entrants.
Re: (Score:3)
Depends on the regulations. The kind Microsoft favors and will push for through their army of lobbyists would probably achieve that.
But to many people favoring regulation of the tech industry, it means helping new entrants, stopping consolidation and preventing overreach. And most and foremost, any such regulation needs to be accompanied by real, significant trustbusting. Not this chicago school bullshit about ‘consumer harm’ but actually stopping corporations from becoming too big and breaking
Re:Market leaders often favor regulation... (Score:4, Interesting)
It raises the cost barriers to new entrants/competitors. The large companies can more easily afford the cost of the regulations. Plus, the large companies are more likely to control and influence the regulatory system (regulatory capture) and thereby help create regulations that favor themselves.
Living under and being affected by GDPR, I have the opposite experience. Changing the old routines of handeling data is cumbersome, costly an disruptive. Building systems and organisations with the regulation already in place from scratch cannot possibly be harder than turning existing organizations on its head.
Re: (Score:2)
That's not the point.
The market leaders like to add regulation because they've already spent years building up a large sum of cash so that when the regulation hits, they can easily afford to enact it. However any new competition will find it a LOT harder to even get off the ground let alone gain traction.
I understand that it is the point trying to be made, I just don't agree. With GDPR as is my example, buying and constructing systems for handling data is as expensive as it was previously, as is getting consent from the customer. Changing existing systems, restricting data, while trying to provide the same service as previously is an expensive and frustrating experience.
Re: (Score:2)
It raises the cost barriers to new entrants/competitors. The large companies can more easily afford the cost of the regulations. Plus, the large companies are more likely to control and influence the regulatory system (regulatory capture) and thereby help create regulations that favor themselves.
Living under and being affected by GDPR, I have the opposite experience. Changing the old routines of handeling data is cumbersome, costly an disruptive. Building systems and organisations with the regulation already in place from scratch cannot possibly be harder than turning existing organizations on its head.
While that's possible (a GDPR-a-like might or might not prove to be be an exception in its effects), MS's motive is almost certainly the usual, that big businesses love regulation because it is expensive and difficult for upstarts, while MS has vast resources to handle it, and also to engage in capture of the regulators and regulation process.
The GDPR is a rare and precious exception ... (Score:2)
... an excellent example of grassroots lobbying. It does have a few loopholes, but the interesting part is that the authorities can fine and/or sue you for a hefty fine if you are sloppy with data and don't give a damn. Which right up to the GDPR most people did. The very nice and neat important is that they can *also* sue and fine internet megacorps into next wednesday and have those fines make a real visible blip on Facebooks anual balance sheet. That's a novelty. And I like it.
Re: (Score:2)
Microsoft isn't the leader any more. as more and more of what people do moves from the desktop to a web browser, Microsoft becomes less and less relevant. Sure, they are a cloud provider, but they are both completely replaceable, and also not permitted to grab data from clients' virtual machines. Consequently, they are in the position of assisting others with collecting data that they don't even have access to, and this makes them mad.
In addition, as users continue to abandon desktops for Chromebooks, table
Not just tech companies (Score:4, Interesting)
Great! Let's start with Windows 10 (Score:2)
Another transparentt distraction.
Let's demand open protocols on all public communications to prevent lock in.
Re: (Score:2)
Another transparentt distraction.
Let's demand open protocols on all public communications to prevent lock in.
Here you go:
Viewing telemetry data (transparency):
https://blogs.windows.com/wind... [windows.com]
The protocol:
https://docs.microsoft.com/en-... [microsoft.com]
Informative 3rd party articles:
https://arstechnica.com/inform... [arstechnica.com]
https://www.computerworld.com/... [computerworld.com]
https://wccftech.com/windows-1... [wccftech.com]
Will M$ send no Telemetry before explicit opt-in? (Score:2)
If not, then all this is just bullshit-PR.
Re: (Score:2)
It has been documented, there is a link in this discussion. But so what? You can't trust the documentation without source access for verification, and you can't trust source unless you build it yourself with your own compiler.
Easy peasy (Score:3)
preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments,
The law says you may not collect any data in any form from anyone without them explicitly authorizing such collection. That means no tracking of where you are, what you're looking at, what buttons you're clicking, how you move about on your computer, what web pages you go to, and any and everything else that people do with technology.
There. A simple law. It can be written up in two or three sentences, voted on, and enacted in about an hour.
What? What are you laughing at? Stop it!
interesting (Score:2)
It's interesting that Microsoft favors this approach, when they have in the past been selectively predatory in how they deploy their OS's and the way they apply site license costs for their products. While that has nothing to do with privacy and wanting to emulate the GDPR, the flip side of privacy is security and Microsoft has an interesting long term stance on security and digital compliance:
MSFT still thinks in this day and age that they are the central arbiter when it comes to permitting and aggregating
"Increased incidence of Head Revolutions detected" (Score:1)
I had the (mis)fortune of being born and growing up through 1990's and 2000's when Microsoft was spelled as "M$" and was generally reflected upon as being about the most evil tech company around...
Today, so much as changed in such a short amount of time... Older tech-heads around here must have their collective heads spinning over these kinds of statements and developments.
Between a (slightly) more stable Windows, a Subsystem for Linux (WSL), and actually *wanting* to be regulated... it's probably reality-b
Translation... (Score:3)
Sure, but.. (Score:2)