Posted by Peter Cullen Chief Privacy Strategist
On January 28th, in conjunction withData Privacy Day, the Federal Trade Commission (FTC) convened its second “Exploring Privacy” Roundtable in Berkeley, California. The roundtable brought together some of the preeminent privacy thinkers from academia, industry, civil society and government to discuss complex and nuanced issues around technology policy, mobile computing, social networking and cloud computing.
One of the main topics of the day was the intersection of technology and policy. Specifically, given the importance of today’s technology-enabled, information-based services, what type of policy would help strengthen privacy protections, while at the same time allowing innovation to flourish? The dialogue reinforced that technology will almost always outpace policy, so we need to be careful as we think through what policy and or regulatory approaches might be required while ensuring we do not deny new and innovative products to the public. Microsoft General Counsel Brad Smith laid out some of Microsoft’s views on this important topic in a recent speech on cloud computing at the Brookings Institution.
Fundamentally, regulating privacy or the use of information is about defining and assessing specific risks and harms, and mitigating those risks and harms through a balance of law, policy, standards education and encouraging market innovation. Indeed, accountability and the “use and obligations model” - discussed extensively at the FTC hearing in December – are increasingly used as examples of a privacy framework that better matches today’s information flows while ensuring the requirements and obligations of data protection are appropriate, and ensures risks can be assessed and mitigated on an ongoing and dynamic basis.
For many years Microsoft has advocated for omnibus privacy legislation in the U.S. based on the Fair Information Practices Principles, which establish a baseline of common privacy requirements that are not specific to any one technology, industry or business model. We believe that consumer privacy protection requires a multi-faceted approach that includes self-regulation, well-crafted legislation, education and innovative privacy-enhancing technologies.
These issues will require on-going deliberation by government, industry and the advocacy community in determining the right approaches. Events like yesterday’s FTC Roundtable represent important milestones in this continued dialogue. Microsoft commends the FTC for fostering such critically important discourse and we look forward to the opportunity to continue participating in this important discussion.