At the 40th International Conference of Data Protection and Privacy Commissioner (the “ICDPPC”) last month, the annual convergence of the world’s data commissioners covered a variety of topics related to digital ethics. A few tech giants took the opportunity to come to the hemicycle of the European Parliament in Brussels to declare their support of a GDPR-like privacy law in the United States.
It started with Apple CEO Tim Cook’s keynote speech addressed on the first day of the ICDPPC. In his keynote, Cook not only claimed Apple’s support for a GDPR-like U.S. federal privacy law, he also called for his fellow tech companies to do the same. Shortly after Apple’s open endorsement, Facebook CPO Erin Egan professed unequivocally Facebook’s support of a GDPR-like privacy law in the United States. Next, Google Counsel Kent Walker was asked a similar question, and his answer was “Yes, we’ve been on record for some time calling for comprehensive privacy legislation in the past years.” He also referred to Google’s released Framework for Responsible Data Protection Regulation (the “Framework”) in September 2018. Google supports the Framework as part a federal bill. The Framework provides principles that organizations can follow when making decisions regarding the collection and use of personal information.
Finally, Microsoft’s Corporate Vice President and Deputy General Counsel Julie Brill showed support from Microsoft for comprehensive privacy legislation in the United States. Brill mentioned that Microsoft has extended many of the GDPR protections to its entire customer base and has been a supporter of a U.S. federal privacy bill since 2005. Brill, who was also a former FTC commissioner, endorsed a “strong, robust, and horizontally effective baseline privacy legislation.” She said that Microsoft has been using their voice as strongly as they can to encourage that to take place. Brill also commented that “the GDPR provided clarity about what the rules of the road should look like,” and “it provided clarity about what companies should do to be accountable and transparent.” She said the principles of accessibility, accountability, and transparency should be incorporated to U.S. law. In addition, Brill advocated that U.S. law should regulate the use of specific technologies, such as facial recognition, especially when it is used by law enforcement.
Both the EU Commissioner Věra Jourová and the CNIL President and former Article 29 Working Party Chair Isabelle Falque-Pierrotin both said that they were encouraged and welcomed the commitments to data protection and security made by Apple, Google, Facebook and Microsoft. The commitments from these technology giants might help to clear some hurdles for a U.S. federal privacy legislation. However, it is still unclear at the current stage whether or when a U.S. federal privacy law will be passed.
OneTrust will continue to monitor the situation and will provide more details as updates. OneTrust has a number of resources and assessments for companies looking to comply with existing U.S. privacy regulations, such as the upcoming California Consumer Privacy Act. For more information, visit onetrust.com.