US May Need to Show Other Countries It Takes Privacy Seriously, Microsoft's Brill Tells TPI
ASPEN, Colo. -- Updating privacy frameworks for consumer preferences, technology developments and regulatory actions in other countries and some U.S. states remains very much a work in progress, said speakers at a Technology Policy Institute conference. Microsoft Deputy General Counsel Julie Brill said Monday the U.S. may need to step up work to show the rest of the world this country takes privacy seriously. The ex-FTC member has shined a spotlight on privacy (see 1603220021) as have other Microsoft officials (see 1807130035) at past TPI and other events (see 1708210030).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
With the EU, Brazil, China and California starting privacy measures, some said the U.S. should catch up. Brill suggested the U.S. "move forward in an interoperable way" so "the rest of the world can trust the United States and our largest companies in terms of how we use data." She said "the Europeans have succeeded in their project to export their values to privacy and data" via the general data protection regulation and other steps and "established a standard that is being adopted more or less around the world." Amid potential EU concerns about how the U.S. is implementing their data-transfer privacy pact, "we are seeing some threats to interoperability through the Privacy Shield review," Brill said. U.S. failure to pick a permanent Privacy Shield ombudsperson is expected to come up when both sides meet in October for a review (see 1808090015).
Motivating Microsoft employees and others is "what can we do in the United States to really advance privacy," said Brill. She noted a recent "paradigm shift" that's "unlike any that I have seen" in her almost 30-year career. The U.S. has "to convince the rest of the world that we are responsible" so other countries don’t think they have to "more aggressively regulate" than needed, she advised. Already, some updates are taking place. "You’re seeing and are going to see a framework that allows responsible use and more use" of artificial intelligence, she said. Stakeholders in this nation could "bury our heads in the sand and pretend everything is going to be fine," she said, "but in five years, it won’t be." Microsoft didn't comment on what steps it seeks and through what regulatory or other means. Brill couldn't take questions as she had a meeting conflict, with the event behind schedule.
Not all are fans of standardizing privacy measures worldwide. "I would worry that we’re moving toward standardization a little too quickly," said Google Chief Economist Hal Varian. "We do need ... a more flexible system to deal with scientific and medical advances." He noted different approaches to regulating information obtained through facial recognition, with two states having rules against keeping such data in some circumstances, while China and elsewhere move in different directions. "Companies are going to be forced to deal with heterogeneous aspects" of privacy, Varian said. He also cited different approaches on autonomous-vehicle data sharing.
Not all thought the U.S. should consider what China is doing on privacy. In Q&A, TechFreedom Executive Director Berin Szoka took issue (and see his tweets such as here and here) with panelists citing the country. A fellow panelist asked Varian about Google's plans in China, and Varian said he isn't aware.
Szoka said later panelists didn't address the China "elephant in the room," even in Q&A, with the exception of Center for Strategic and International Studies Senior Fellow Samm Sacks. He noted she agreed the Chinese government would use privacy regulation for leverage over internet companies, which he described to us as "China's ulterior motives in crafting 'privacy' regulation." It's "naive to think that China's talk about protecting consumers isn't a fig leaf for" finding new ways to increase leverage over foreign tech providers, "while simultaneously favoring its own, tightly controlled tech companies," Szoka said.
User privacy preferences should be taken into account when updating standards, professors said. They cautioned it's hard to know what people want. It appears "they sort of care," said Ginger Jin of the University of Maryland, who led the FTC Economics Bureau 2016-17. For some, "it seems like 'I don’t care because I don’t have any information'" or someone else is interested but "act[s] as if" he or she doesn't care, thinking an individual can't influence the lawmaking process, she said. "A lot of the privacy paradox could probably be explained by the knowledge gap and also the helplessness in this space."
Another hurdle is that such preferences are "incredibly malleable," as shown in her and others' research, said Leslie John of Harvard Business School. "Our decisions to reveal or withhold information can be very context-dependent; we can be moved around by surprising factors." Bottom line: "The value of privacy is inherently difficult" to estimate, said John, as it's "amorphous and ethereal."