by Natalie Davis
In light of the great presentation on social media / tech company privacy policies, I thought you might find this interesting. Microsoft has decided to apply the impending privacy statute out of California to its business across the US. You can read an article about it here. Here is Microsoft’s own blog post about it.
As a consumer, this certainly has me thinking of switching from Google to more Microsoft products. Certainly, Microsoft is trying to differentiate itself from the pack (they’re even re-developing their Edge browser) to win over more customers who are concerned about their privacy rights.
As an In-House law student, I wonder whether we can ever expect the other social networking behemoths to follow suit. If no other states implement similar laws, why would they bother? Unless there are concrete repercussions (ie a statute with teeth, class actions, or losing millions of customers), there is little incentive to implement such sweeping privacy changes.
– Natalie
As I am preparing for my upcoming in-house presentation, I was inspired to reply to your post from the context of North American corporations with foreign subsidiaries. I managed to draw some similarities between your post and my upcoming presentation.
In my analysis, when looking at companies like Microsoft and Apple, in order to comply with EU’s General Data Protection Regulation (GDPR), those companies had to ensure their privacy laws in the EU are compliant with this regulation. However, Microsoft and Apple decided to take things further and apply their new regulations globally as they would be the most stringent and beneficial for their customers. Currently, Apple’s CEO (Tim Cook) is calling for the US federal privacy law to be as stringent as the GDPR. So similar to your question, my question is: Why is Tim Cook adamant for the US to increase their privacy laws? Just because the EU has this very strict privacy regulation, and Apple operates there and is complying with that regulation, does not mean every country should impose these regulations too.
So, to answer your question and my question at the same time: I think companies want simplicity in their operations and truly want what is best for the user. To have consistent privacy laws globally, or in your case nationally, allows for easier litigation processes when issues arise, allows for a more uniform corporate compliance strategy plans across different offices, etc. It also allows for more jurisdictional compatibility in regard to privacy laws, between various businesses operating in different countries. I think these companies just want to make their operations easier and having a uniformity in privacy law can help them grow exponentially.
– Sarah Kaabar
Source used: https://9to5mac.com/2019/05/21/first-anniversary-of-gdpr/
I agree that uniformity of privacy law is the main reason for this. If you have to adhere to a stringent privacy law in one jurisdiction, you may as well implement it throughout your multinational operations. I also think another reason that Microsoft and Apple would push for this is because it raises the barrier to entry in their business sector. Tech and the internet of things have long been a sector with low barriers to entry, but as privacy becomes more of an issue and concern among the public, and the tech space becomes more legalized along the lines of older legacy industries (like utilities), this will entrench large corporations market shares.
I also agree with having more uniformity in privacy laws, as it allows for greater certainty to all users of Microsoft, Apple and even the internet. Further, this would allow for a greater sense of security for all users in the world, regardless of where they are residing. Not only that companies would benefit from this uniformity as it would simplify dealing with privacy issues that are currently arising as a result of having low barriers in the world of new technology.