The move is similar to steps some tech companies have taken in recent weeks as GDPR’s Friday, May 25 enforcement deadline approaches. Under GDPR, companies and organizations that target services and products to residents living in Europe, or have business partners and employees in the EU and UK, are required to inform these users of their privacy rights.
These rights include the ability to know what data is being collected about them, make corrections if they are needed, deletions if they desire, transfer the data to another vendor, and file a complaint with the appropriate EU compliance authority.
And although the U.S. and other countries do not have requirements as rigorous as GDPR, Microsoft and a smattering of other tech companies are willing to apply the higher privacy bar when it comes to interacting with customers outside of the EU and UK.
“As an EU regulation, GDPR creates important new rights specifically for individuals in the European Union. But we believe GDPR establishes important principles that are relevant globally,” Julie Brill, Microsoft vice president and deputy general counsel, stated in a Microsoft blog post, adding that “... we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide.”
Some GDPR Changes Go Worldwide
Facebook in April announced that it would apply some of GDPR’s privacy requirements to its more than 2 billion users around the world.In ablog post, Facebook’s Erin Egan, vice president and chief privacy officer, policy, and Ashlie Beringer, vice president and deputy counsel, stated, “We’re introducing new privacy experiences for everyone on Facebook as part of the EU’s General Data Protection Regulation (GDPR), including updates to our terms and data policy. Everyone — no matter where they live — will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook.”
Facebook took a turnabout and is now allowing residents in Europe and Canada to turn on, or opt in, to its automatic facial recognition feature that identifies people in photos. Previously, European residents were not allowed to access that feature, according to the Associated Press. Facebook’s blog post notes that all of its users have the ability to make the face recognition entirely optional, however, it is currently set to automatically opt in users for those outside of Europe and Canada.
Google, intwo blog posts last year, detailed the changes it was making relating to GDPR, such as its privacy policy. But although the blog posts were initially posted in its Google in Europe site, a Google spokeswoman said the changes are available to its users worldwide.
“The products we have improved to meet GDPR compliance, as well as Google's new privacy policy, are available to all our users globally,” Flavia Sekles, a Google spokeswoman, told Government Technology.
One Size Does Not Fit All
An editorial from Bhaskar Chakravorti, senior associate dean of International Business and Finance at The Fletcher School at Tufts University in the Harvard Business Review, points out that GDPR cannot easily address privacy issues for all countries outside of Europe.“Support for regulation varies widely from country to country — and of course, within countries. Public opinion in some EU member states shows support for stringent rules, but that support is not always shared in other countries,” he said.
For example, Chakravorti cites a Pew Research Center survey question in which 85 percent of Germans surveyed favored more stringent European data privacy standards, while only 29 percent of Americans surveyed felt the same.
