Should the California Consumer Privacy Act be strengthened?
Microsoft's top privacy lawyer explains why policymakers should pass even stronger consumer data and privacy regulations.
As the compliance deadline for the California Consumer Privacy Act approaches, Microsoft Corp. chief privacy lawyer Julie Brill is pushing state and federal policymakers to pass even stronger consumer data and privacy regulations.
Brill wrote in a blog post published Monday that the CCPA “marks an important step toward providing people with more robust control over their data in the United States. It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”
Brill, who serves as Microsoft’s corporate vice president and deputy general counsel for global privacy and regulatory affairs, went on to argue that the CCPA should be strengthened “by placing more robust accountability requirements on companies.”
For instance, businesses should have to minimize the amount of personal data that they keep, specify how and why they are collecting that data and be “more responsible for analyzing and improving data systems to ensure that they use personal data appropriately,” she wrote.
“More requirements for companies,” Brill added, “together with the rights and tools for people to control their data, will prevent placing the privacy burden solely on the individual, and will provide layers of data protection that are appropriate for the digital age.”
The CCPA, which is slated to take effect Jan. 1, 2020, has a relatively broad definition of what is considered to be protected personal information and requires companies to be more transparent about data collection and usage. But Brill noted that “what will be required under CCPA to accomplish these goals is still developing.”
Describing the CCPA as an “important milestone,” Brill wrote that “more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately.”
Her recent statement on privacy regulations echoes, in part, a post she wrote in May marking the first anniversary of the European Union’s General Data Protection Regulation. At the time, she called on Congress to enact a federal privacy law.
In her latest post, she wrote that she was “optimistic that Congress will take the initiative to act. In the meantime, we will continue to work with states that recognize the urgency to implement stronger laws to protect everyone’s privacy.”
This piece first appeared on sister site law.com.
Related: