View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 3, 2005

Microsoft lobbies for US privacy law

Microsoft Corp has come out in support of a single federal consumer privacy statute, reversing an earlier position, saying that there are too many privacy provisions in other laws and they are hampering American business.

By CBR Staff Writer

In a speech and white paper, Microsoft general counsel Brad Smith said a bewildering jumble of overlapping state and federal laws is creating consumer confusion and major challenges for businesses trying to comply.

Currently, organizations in certain vertical markets in the US have to worry about the privacy implications of legislation such as Gramm-Leach-Bliley, the Communications Act and HIPAA, as well as laws not specific to certain markets, he said.

For example, personal information collected by a bank is covered by one privacy standard, but that same information collected by a hospital is covered by a different standard, Smith wrote.

If that information is from a child under the age of 13, it’s protected by yet another standard if it’s collected online, but it may not be protected at all if it’s collected offline, he added.

Microsoft has four goals here. First, the company wants uniformity — any federal law should pre-empt, that is overrule, any state law that purports to do the same thing. It should also be compatible with privacy laws outside the US.

Second, under the heading of Transparency, Microsoft wants ground rules on privacy policies, notifications when privacy policies are changed, and rights for consumers to know what data has been collected and whether it has been compromised.

Third, the company wants a law that describes companies’ responsibilities to provide opt-in or opt-out of data collection in a tiered structure where critical personal data is afforded much more protection than less important information.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Finally, Microsoft wants a security mandate, so company have to take reasonable steps to protect against unauthorized access, use, disclosure, modification or loss of private data. It does not want the law to specify what technologies should be used.

It’s all a far cry from Microsoft’s previous position of backing industry self-regulation. But Smith said that circumstances have changed in the last few years.

Disclosures of hacking incidents have led to increasing fears about identity theft among consumers, spyware has blossomed, and myriad laws introduced to tackle both problems are not always compatibly and never uniform.

Microsoft’s changed position is not entirely without precedent however. The company began lobbying for a federal anti-spam law when states started legislating themselves and, with the CAN-SPAM Act, it pretty much got what it asked for.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.