In May, the White House released a report on Big Data and with it, recommendations for an overhaul of privacy laws.
Following this, the National Telecommunications and Information Administration (NTIA) requested comment with specific focus on how changes would impact the Consumer Privacy Bill of Rights.
In its submission, released this week, Microsoft takes the position that legislators need to establish a framework that enables realization of the potential of Big Data, while respecting the privacy rights of those whose information contributes to the data and not just stick cautiously to the status quo:
Experience has taught us that strong data protection practices are not the antithesis of innovative data usage. Rather, privacy and big data can and must go hand-in-hand.
It's a more radical approach than that taken by fellow tech players, including Facebook, Google and Amazon, which have adopted a more conservative line under the auspices of the Internet Association (IA), arguing that Big Data policies must fall in line with existing policy and legal frameworks:
We are concerned that any legislative proposal to address ‘big data’ may create a ‘precautionary principle problem’ that hinders the advancement of technologies and innovative services before they even develop.
The IA wants self-regulation to be the order of the day:
Many Internet companies adhere to self-regulatory codes, subject to enforcement by the Federal Trade Commission and actively engage in multi-stakeholder processes to set sector-specific codes of conduct.
Calling it the biggest challenge to building public confidence in the cloud and other emerging technologies that rely on Big Data, Microsoft’s David A. Heiner, Deputy General Counsel, Legal and Corporate Affairs, calls for the issue to be tackled more radically:
To fully address the protection of consumer privacy in the era of big data, legislative reform must also address how law enforcement, intelligence agencies, and other government agencies access and handle personal information. This is perhaps the biggest challenge to building public confidence in the cloud and other emerging technologies that rely on Big Data.
Heiner goes on:
Microsoft has supported privacy legislation at the federal level for many years, and the rise of Big Data only increases the need for action.
Our key trading partners understand the urgent need for privacy legislation that is suited to the big data era. The European Union is in the midst of reforming its privacy laws, developing new rules that will govern privacy in all 28 EU countries.
In Asia, Japan recently issued terms of reference for a new privacy bill to replace its 2003 law, and Korea and Singapore have new laws in place this year. Markets throughout Latin America are moving to adopt and update privacy frameworks. The United States should not stand still.
- Europe preaches from data privacy bully pulpit over right to be forgotten (diginomica.com)
- Europe stirs the crucible of data privacy (diginomica.com)
- European cloud adopters cautious on privacy (diginomica.com)
- Non-US citizens to get US privacy rights in the cloud under Obama Big Data overhaul? (diginomica.com)
Lack of action will hurt US interests, protests Heiner:
Without new privacy legislation, US companies will find themselves increasingly disadvantaged compared to foreign providers that will compete against US companies in their home and other jurisdictions based on more protective privacy regimes.
Over time, absent sound rules of the road, it will likely become harder for US companies to keep the trust of consumers worldwide. Already, some customers for cloud services in foreign markets are turning towards local solutions instead of US providers, precisely because they (and their regulators) do not trust to the sufficiency of US privacy laws.
This lack of trust also may be compounded over time as countries adopt new privacy frameworks that— following in the footsteps of the European Union—restrict data flows to the United States out of concern that data will not be robustly protected here. The US-based Big Data industry will not thrive if it is cut off from global data.
Meanwhile Microsoft finds itself with an unlikely ally in the shape of the European Commission, normally only too willing to lay into US tech firms over privacy concerns.
The two have become bedfellows as a results of the recent ruling by New York judge NY Loretta Preska that a US search warrant demanding access to the European Microsoft customer's email was legal.Preska said a search warrant approved by a federal magistrate judge required the recipient to hand over any data it controlled, regardless of where it was stored, claiming:
It is a question of control, not a question of the location of that information.
That’s not the view of the Commission which expects the US authorities to ask nicely - using the existing Mutual Legal Assistance Treaty (MLAT) - if they want access to data hosted in the European Union:
The Commission remains of the view that where governments need to request personal data held by private companies and located in the EU, requests should not be directly addressed to the companies but should proceed via agreed formal channels of cooperation between public authorities, such as the mutual legal assistance agreements.
Now to be completely accurate, the Commission is using the Microsoft ruling as an expedient tool to further its own dubious agenda of introducing more draconian data protection legislation that it expects non-EU countries, most particularly the US, to adhere to.
In a statement, the Commission said:
The European Commission has proposed a reform of EU data protection rules that will ensure that EU rules apply to all companies, even those not established in the EU, whenever they handle personal data of individuals in the EU.
But political opportunism aside, there are critically important issues at stake here and powerful/dangerous (delete as applicable) precedents to be set by the outcome.
Fortunately Microsoft is ready to dig its heels in, motivated undoubtedly by personal corporate interest but in the process doing the wider industry a favor.
In the words of Microsoft Executive Vice President and General Counsel Brad Smith upon hearing Preska’s ruling:
The only issue that was certain this morning was that the District Court’s decision would not represent the final step in this process. We will appeal promptly and continue to advocate that people’s email deserves strong privacy protection in the US and around the world.
On this at least, Microsoft is deserving of all our respect