“This week, more than 400 policymakers, privacy advocates and industry representatives will be converging in Israel for the 32nd International Conference of Data Protection and Privacy Commissioners. “
These privacy guidelines have served as the basis for numerous privacy laws in place across the globe. Yet, even these privacy principles need to keep pace with the changing information environment. In my remarks today at a panel discussion titled “Notice and Consent: Illusion or Reality?”, I suggested that individual participation through mediums such as notice and consent remains important to safeguarding users’
privacy, but by itself does not afford enough protection. This is
particularly true given the explosion of information collection and use that is the fuel of today’s Internet economy. The same is true of the various legal frameworks that govern data collection, usage, and sharing. Both are important, but neither is sufficient on its own.
Alongside individual participation and regulatory oversight, another vital aspect of privacy protection is often overlooked: the role and responsibility of the organization in maintaining and protecting personal data.
Microsoft’s view, as outlined in a new white paper released
today at the conference, is that organizations’ privacy policies and data management practices most directly influence whether users’ personal information is kept safe or exposed to risk. Therefore, we believe that organizations—including Microsoft—must hold themselves accountable for acting to protect users’ interests and taking appropriate measures to safeguard privacy and personal data, even in the absence of specific regulatory mandates.