Executives from Microsoft and Google on Thursday gave a glimpse into the size of their privacy organisations, which are required for the companies to try to avoid running foul of complicated US privacy regulations and prepare for changes coming to privacy laws around the globe.
Microsoft has 40 people fully dedicated to working on privacy issues and another 400 who might spend some time on privacy, said Michael Hintze, associate general counsel at Microsoft. He spoke Thursday during a Law Seminars conference in Seattle.
Google has a team of about 60 engineers fully devoted to privacy, said Keith Enright, senior privacy counsel. They work across all of Google's products. At Google, the engineers work on developing products and then the legal team steps in to examine them, he said.
Dedicated lawyers for data privacy
In addition to its privacy engineers and legal pros, Google also now employs Anne Toth, formerly Yahoo's chief trust officer, who oversees privacy in Google+, Enright said.
The size of the teams is an indication of what's required today to keep pace with data privacy issues, said Kate Spelman, an attorney with Cobalt LLP. "People used to believe you could dip into privacy issues now and again," she said. "We've decided that's not possible any more. There is no ability to dabble in privacy." Instead, companies are hiring lawyers who are dedicated to handling data privacy.
The privacy experts at the companies spend a lot of time navigating US laws. Many people bemoan the lack of a single data privacy law in the US, because the country has many privacy regulations, but not one overarching directive like the one in Europe, Hintze said. US regulations tend to be targeted at vertical industries, such as health care.
The European Union has a data privacy directive that informs the individual laws in the 27 member countries. "We spend a lot of time answering questions from regulators in Europe and dealing with a lot of claims of noncompliance," Microsoft's Hintze said. "But at the end of the day, there's not a lot of enforcement activity."
European data privacy directive needs reworking
By comparison, there are many class-action lawyers in the US "just salivating" over privacy suits, he said. While they haven't been very successful, they have brought a lot of actions, and that has created negative publicity for a lot of companies, he said.
Hintze joked that the people who enjoy the best privacy protection in the world are European consumers dealing with American companies. That's because American lawyers tend to follow the letter of the law, while "Europeans, not so much," he said.
Hintze is keeping a close eye on a major review of the European data privacy directive that is in the works. While there was some hope that the review might bring US and European laws closer, a leaked early draft of the updated directive indicates that it is likely to add tougher restrictions than the current version. But the final, revised directive is unlikely to be finished for a couple of years, he said.