Posted by Peter Cullen
Chief Privacy Strategist

Today, the U.S. Department of Commerce is holding a symposium in Washington, D.C. to examine the important nexus between privacy and innovation in the online world.  The meeting, hosted by Commerce Secretary Gary Locke, is part of the department’s recently announced comprehensive review of Information Privacy and Innovation in the Internet Economy.

I have been invited to participate on a panel at today’s event that will look at how U.S. and international privacy protections and enforcement are working in practice, and explore how the U.S. legal system can influence privacy protection in the private sector and abroad.

This review is coming at a critical juncture.  Social media and mobile computing are pushing societal boundaries and expectations around privacy.  At the same time, increasing flows and aggregation of data brought about by cloud computing, ambiguities in domestic privacy laws and fissures in the global regulatory framework are accelerating the need for updated online privacy protections.  Each of these trends present challenges for organizations seeking to responsibly manage data across geographical boundaries while minimizing risk.  Microsoft and our industry partners called on Congress to enact comprehensive federal privacy legislation four years ago, and the rapid pace of change in the Internet environment is making our call for baseline privacy protections even more urgent.

My comments today will focus on Microsoft’s fundamental belief that the right balance between innovation and privacy protection can indeed be achieved. To accomplish this goal, baseline privacy legislation needs to be flexible, applicable across sectors and technology neutral.  It can build upon the current regulatory framework and should operate in tandem with elements of existing self-regulation, enforcement, privacy-enhancing technologies and sound business practices. Getting the balance right will also require close cooperation between industry, government, advocates and consumers.  Today’s event is an important step in fostering that dialogue.

At the same time, it is increasingly clear that compliance with existing regulatory frameworks is not enough to ensure privacy online.  Nor is it enough to retrofit privacy protections into existing products and services.  Rather, privacy protections must be incorporated into every aspect of product development, from design through deployment.  At Microsoft, we consider this fundamental to responsible innovation.  

Innovation propels the technology industry and fuels our economy, so we must all continue to promote, encourage and facilitate it.  However, innovators have a responsibility to mitigate risks in new technologies and services by architecting strong privacy and security safeguards throughout every product’s development and deployment cycle. At Microsoft, we call this the Microsoft Standard for Privacy Development, and we make our approach publicly available for other organizations to guide their own privacy-centric development processes.

This imperative is also paving the way for some new policy concepts to take hold across the globe, specifically “privacy by design.”  The concept of privacy by design has long been espoused by Ontario Privacy Commissioner Dr. Ann Cavoukian and others and has been championed by European Data Protection Supervisor Peter Hustinx in a recent opinion to the European Commission.  To the extent privacy by design is incorporated into global technology standards or legislative frameworks, we need to ensure they are applied in ways that are technology neutral, globally harmonized and encourage innovation.  This concept bears consideration in the context of an evolving U.S. privacy framework as well. It is also clear that privacy by design includes a commitment to accountability and the fundamentals of responsible innovation.

To provide additional background on Microsoft’s comprehensive approach to privacy protection, we recently released a white paper entitled, Microsoft and Data Privacy.  We believe the paper reinforces our belief that privacy and innovation are not mutually exclusive but, rather, are complimentary goals.  We encourage the U.S. Government to jointly pursue both aims throughout this public review process, and I welcome the opportunity to participate in today’s event on Microsoft’s behalf.