Microsoft adopts GDPR worldwide, supports “fundamental right” to privacy
Microsoft president and chief legal officer Brad Smith (R) makes a statement to the news media, February 27, 2018. REUTERS/Leah Millis

Microsoft adopts GDPR worldwide, supports “fundamental right” to privacy

Apple follows suit with new privacy portal.

Microsoft has announced that it is extending the privacy rights cast into law by GDPR in Europe to all of its users worldwide.

The company made the announcement in a blog post on 22 May.

Praising the “strong leadership by the European Union” on data privacy, Microsoft corporate VP and deputy general counsel Julie Brill wrote, “As an EU regulation, GDPR creates important new rights specifically for individuals in the European Union. But we believe GDPR establishes important principles that are relevant globally.

“That’s why today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it, and even to take it somewhere else.”

The right to privacy

Microsoft said that is has had more than 1,600 engineers across the company working on GDPR projects, adding, “Today, GDPR compliance is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services.”

“We believe privacy is a fundamental human right,” continued Brill. “As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.

Privacy is also the foundation for trust. We know that people will only use technology that they trust. Ultimately, trust is created when people are confident that their personal data is safe and they have a clear understanding of how and why it is used.”

The global move may surprise some, given Microsoft’s intrusive use of self-marketing messages on the platforms it owns, such as Outlook and LinkedIn. In April, the US Supreme Court dropped its data privacy case against the company, over emails stored on a server in Ireland.

A hedge against the US

When GDPR was first discussed in Europe, it was partly as a hedge against US technology dominance, the rise of platforms such as Facebook, Amazon, and Google, and their ability to gather data about citizens on an unprecedented scale.

Since then, some US companies, including Microsoft, Apple, and SugarCRM, which provides Apple’s internal customer relationship management system, have seen the opportunity to focus on data privacy as a competitive differentiator, while others – notably Facebook and Alphabet/Google – have sought to build businesses in which their customers are their product.

Speaking to Internet of Business editor Chris Middleton in April, SugarCRM CEO Larry Augustin praised Europe’s prescience on data protection, adding, “Although GDPR may be the headline right now, there’s been enough public visibility of the issues, and there’s enough public interest, that it would not surprise me to see the US now go down the path of some kind of legislation related to data privacy for consumers.”

He said that self-regulation would appear in the US first – and Microsoft’s move is evidence of that – but added that he believed that GDPR-style regulation in the US is “inevitable” in the long run. “When you have the CEO of Facebook testifying on these issues in Congress, which makes all of the television and news, I’m not sure that self-regulation is going to be something that Congress will accept,” he said.

“Companies will certainly go down the self-regulation path, but I don’t think there’s a lot of trust for that right now. There have been too many incidents.”

An April survey of 10,000 consumers by IBM found that just 20 percent of respondents have complete faith that the businesses they interact with maintain the privacy of their data.

Last week, IBM published further research which found that, despite the headaches of GDPR compliance, most large organisations see the upside of the new data protection regime.

IBM found that 84 percent of business leaders think GDPR compliance will be perceived as a positive step by the public, while 76 percent said that GDPR will enable more trusted relationships with data subjects. In turn, this will create new business opportunities.

Meanwhile, a Capgemini survey found that customers will punish organisations that fail to protect their data, and actively support ones that put their privacy first by increasing their spending with them.

Facebook at bay

Appearing yesterday in the European Parliament, in a stage-managed event in which he avoided answering most MEPs’ questions, Facebook founder and CEO Mark Zuckerberg represented what GDPR opposes at its core: a remote, unaccountable data-driven advertising platform used by two billion people that sees regulation as an intrusion on its business.

As a worldwide network, Facebook should treat all parliaments equally and accord them equal respect, and yet Zuckerberg only took direct questions from US Congress, has ignored the UK’s request to face MPs, and managed yesterday’s appearance in such a way that he was able to disregard 90 percent of questions from Europe’s elected representatives. Make no mistake, this is a US corporation first and foremost, pushing a US-centric view of the world.

By behaving in this way, Zuckerberg risks presenting himself as the ‘pharma guy’ of the digital world: the man who smiles as his own overwhelming self-interest is presented to him.

Zuckerberg: The ‘pharma guy of the digital world’?

The company’s power and influence are not in doubt. Speaking to Zuckerberg yesterday, hard-right eurosceptic MEP Nigel Farage credited Facebook and other social platforms with the Brexit vote and Trump’s victory in the US election. A bold move even by the standards of this divisive figure, considering the well-documented use of troll farms, Russian advertising, and Republican-funded social engineering by Cambridge Analytica in recent political campaigns, all of which Zuckerberg has acknowledged.

Plus: Apple launches data privacy portal

In related news, Apple has launched a privacy portal, privacy.apple.com, allowing customers to manage, correct, or delete their data, including purchase, billing, and support information, app usage, history, calendars, and reminders, plus all photos and documents stored in iCloud. At present, the service is limited to users in the EU, Switzerland, Norway, Iceland, and Liechtenstein, but – like Microsoft – Apple says that it will be available worldwide in the coming months.

Internet of Business says

The battle lines are being drawn on data privacy and protection. On one side are Europe, the post-Brexit UK (which has cast GDPR into law under the Data Protection Act), and those US companies, such as Microsoft, Apple, and IBM, that recognise that customer data belongs to the data subject.

And on the other are behemoths such as Facebook, Amazon, and Google which would like nation states to bend to their will in their quest sell product and push advertising, no matter the social cost.

In the US [this is a 25 May 2018 update to this story – Ed] the Wall Street Journal has reported that several websites are ‘going dark’ to European readers, in response to GDPR going live – in other words, blocking an entire continent rather than engage with the new privacy rules. An extraordinary, self-defeating strategy.

Also among the naysayers is China, where a compulsory social ratings and monitoring scheme has the stated intention of using technology and personal data to control citizens’ behaviour and punish non-conformity. In the long term, therefore, companies such as Google/Alphabet and Facebook should beware of being seen as standing against citizens’ interests as a statement of their own global power.

“Much of the focus on GDPR during the past year has been on how large technology companies are ensuring that the products and services they provide comply with the obligations that go into effect on May 25. Clearly, this is important,” said Microsoft yesterday.

“But at Microsoft, our business is built on helping other businesses and organisations succeed. We create the technology and tools that others use to transform their own businesses and drive success. We succeed only when our customers succeed.”

Internet of Business commends Microsoft and Apple for their stance, and urges others to take a similar global position.

Chris Middleton
Chris Middleton is former editor of Internet of Business, and now a key contributor to the title. He specialises in robotics, AI, the IoT, blockchain, and technology strategy. He is also former editor of Computing, Computer Business Review, and Professional Outsourcing, among others, and is a contributing editor to Diginomica, Computing, and Hack & Craft News. Over the years, he has also written for Computer Weekly, The Guardian, The Times, PC World, I-CIO, V3, The Inquirer, and Blockchain News, among many others. He is an acknowledged robotics expert who has appeared on BBC TV and radio, ITN, and Talk Radio, and is probably the only tech journalist in the UK to own a number of humanoid robots, which he hires out to events, exhibitions, universities, and schools. Chris has also chaired conferences on robotics, AI, IoT investment, digital marketing, blockchain, and space technologies, and has spoken at numerous other events.