It is broadly accepted that data and human ingenuity are the lifeblood of today’s most beloved, useful, and in-demand innovations. These advancements have brought us closer together, led to medical breakthroughs, increased our access to education through new ways of learning, and created economic opportunities for millions of businesses and workers.
But, the real key to innovation and pushing the boundaries of what’s possible is trust – increasingly that revolves around how the tech industry uses and protects personal information.
At the recent 40th International Conference of Data Protection and Privacy Commissioners in Brussels, privacy experts and tech leaders took a realistic and necessary assessment of our industry’s efforts to safeguard data. And the results are clear: we have much work to do. We realize we must do everything possible to protect individuals’ personal information and advance privacy in a way that is fair, responsible, and deepens trust.
That’s why our industry recently released legislative recommendations that demonstrate our continued commitment to improving transparency, choice, and control around how we use personal data and protect all individuals touched by technology.
Building on the strengths of existing global approaches, including the General Data Protection Regulation (GDPR), this framework advances the privacy rights of individuals in today’s digital reality and defines the responsibilities of companies in using personal data, while continuing to enable the innovations that transform our lives.
This framework is intended to serve as a model for governments worldwide, including the United States, to complement other privacy regimes already in place, like the GDPR.
Our framework gives consumers more control and a clear understanding of their choices regarding the use of their data. It provides individuals the right to expressly and affirmatively consent to the use of their sensitive personal data, and it empowers them to access, correct, port, and delete that data where appropriate.
Transparency is a cornerstone of our work. This framework requires that individuals be informed about the collection and use of their personal data in a way that is meaningful, clear, and helpful. It gives people a better understanding of what they are – or are not – consenting to. That includes being informed of the kinds of companies, including third parties, who are collecting their personal data and how they are using it, and giving individuals the right to permit or forbid further access to that data.
Any approach to privacy shouldn’t push all responsibility onto the individual. Our framework recommends that any privacy law require companies to identify, monitor, and document uses of known personal data, and ensure all uses are legitimate as defined by that law.
We are held accountable for our actions every day. If you break a law, you are liable. Tech companies should be no different. This framework lays out clear mechanisms to hold companies legally accountable, including subjecting companies in violation of a privacy law to a meaningful penalty on the first offense.
Importantly, it is developed to work in harmony with the way people live their lives and use technology – by providing both meaningful privacy protections and value for consumers regardless of where they live. The internet and data do not recognize borders and should be regulated in a way that reflects that reality. Individuals are better off with a uniform approach that provides strong protections and control no matter where they use their devices or access the internet.
As this global dialogue moves forward and we continue to discuss how best to bring the force of law behind individual privacy, we hope this framework can inform governments, like the United States and the European Commission as it finalizes its work on the ePrivacy Regulation, on a workable, interoperable approach to advance transparency, increase individual control, establish accountability, promote security, and foster innovation.
While our industry is made up of diverse companies of all sizes, we are connected by our commitment to innovation and trust, and by our belief that privacy is a fundamental human right. Individuals across the globe should have the ability to control the use of their personal data and know that their data will be used fairly, responsibly, and transparently. We believe this framework helps us move toward that goal. We stand ready to engage earnestly and work to get this right.