This Friday marks an important step for consumer privacy in the European Union as new General Data Protection Regulation (GDPR) policies are scheduled to take effect. The policies put people in control of their personal information and are causing Microsoft to once again emphasize how they are champions for - and are supporting - user privacy in an ever-changing and connected online world.
Though GDPR is only for the European Union, Microsoft mentioned today that they've also extending GDPR rights to everyone worldwide via new Data Subject Rights policies. These policies enable users to see what data Microsoft collects, how it can be corrected, deleted, and taken elsewhere. It also makes Microsoft's privacy statement more clear and transparent, as seen here.
In addition, Microsoft is making sure all of their products and services company with GDPR, having more than 1,600 engineers work on GDPR related projects. They also have redesigned tools, systems, and processes to meet GDPR, with the next phase of focus starting soon. In the words of Julie Brill, Corporate Vice President and Deputy General Counsel, Microsoft.
The fact is that this complex regulatory framework is as new to privacy regulators as it is to us. The ongoing interpretation of the detailed aspects of this regulation will determine the steps that we all will need to take to maintain compliance. As our customers use our tools and experience other features we’ll also listen to their feedback and suggestions for improvements. Because regulatory interpretations change with experience and changing circumstances over time, we will constantly evaluate our products, services and data uses as understanding of GDPR evolves.
Microsoft has long been pushing for national privacy legislation here in the United States and will be helping businesses and organizations with their own GDPR compliance obligations. The company says that they will offer a "robust set of tools and services for GDPR compliance that are backed up by contractual commitments." More information on GDPR is available here.