Microsoft believes we are on the cusp of a “sea change” that will set a new standard for big tech companies storing private information about their users.
On May 25, the European Union will begin enforcing a broad set of regulations governing how companies handle private data. General Data Protection Regulation (GDPR) unifies the patchwork of privacy policies maintained by European Union states into a single set of rules. It applies to all companies that deal with private data, regardless of where they are headquartered.
Microsoft’s Brad Smith and Carol Ann Browne describe GDPR’s launch date as a “key milestone” in a new blog post titled, “The Top 10 Tech Issues for 2018.”
Related: What is the GDPR? GeekWire’s guide to new European data protection laws that impact the cloud
“In effect it prescribes new business processes and even product features,” the post says.
GDPR outlines a strict new set of standards for companies that hold onto any personal information belonging to a consumer in an EU state — from email addresses to credit card numbers. The rules include a “right to be forgotten,” allowing users to demand that their personal information be deleted. GDPR also requires companies to disclose how they are using customer data in “clear and plain language” and notify users of a security breach within 72 hours.
Here’s how Microsoft characterizes the significance of GDPR taking effect:
While the regulation applies to companies of every sort, much of the practical burden falls on the tech sector. This is due in part to the large amount of information held by online firms, but it’s also because, with digital transformation trends, every company is relying more on cloud services. For Microsoft and other tech companies that provide these services, architectural and engineering changes that support GDPR’s new requirements are foundational not only for ourselves, but for all our customers who use our services to store or process consumer information.
Although the U.S. isn’t likely to pass similar regulations under the current administration, GDPR could provide a model for other nations seeking to rein in personal data collection. It will also shed a light on the practices of American companies that do business in Europe.
A strong political current runs through Microsoft’s entire 2018 blog post, which also covers issues like immigration, diversity, net neutrality, and sustainability. It describes 2018 as “a year when democratic governments can either work together to safeguard electoral processes or face a future where democracy is more fragile.”
“In the year ahead, this needs to include work to protect campaigns from hacking, address social media issues, ensure the integrity of voting results, and protect vital census processes,” the post continues. “While technology companies have a high responsibility to help, there is no substitute for the effective and unified voices of democratic governments themselves.”