Microsoft is committed to complying with the law of the land when it comes to data privacy and will honour data localisation requests from all countries, including India.
“We will have to comply with data laws of various countries. That is mandatory for us. We are already fully compliant with the EU General Data Protection Regulation (GDPR) and will do the same with other countries’ data protection laws,” Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group at Microsoft, told IANS.
As the tech companies demand data to flow freely, Johnson said in order to improve current security and intelligent systems against cybercriminals who are well funded, certain sets of data have to move freely among the countries.
“I care about the flow of anonymous sets of encrypted data that must flow freely among the countries. New cyber threats are emerging and in this scenario, knowing such set of triggers can help us build improved security systems, especially at a time when bad actors are very well funded,” Johnson added.
Over 1.2 billion people use Microsoft Office in 140 countries and 107 languages around the world so the task to safeguard their data is humongous.
From device to platform, Microsoft is building solutions to meet the needs of the most security-conscious organisations and the regulatory guidelines in which they operate.
According to Microsoft Intelligent Security Graph, the security researchers are today analysing trillion of cyber-threat signals – including 400 billion Outlook emails, 1.2 billion Microsoft devices, over 750 million Azure Cloud accounts and over 200 global partners and commercial services.
“We are working very hard on the subject where to build our data centres. We are in nearly 40 countries now. There are government demands on a theory which is well established that if the data is located in a country, the government has more control over it,” David Heiner, Strategic Policy Advisor at Microsoft, told IANS.
“We are trying hard to think through what country we want to be in. Some countries where human rights are a big issue, we don’t want to be there. We don’t want our data to be turned over to such governments,” Heiner noted.
Microsoft has taken a lead in the data protection with the EU GDPR.
“It ups the stakes for tech companies for data privacy and security as penalties are gigantic. Privacy never had such hefty fines and it does have now as it has set high international standards for others to emulate,” the Microsoft executive emphasised.
On a question that there should be a single global data privacy law, Heiner said that tech companies will be very happy if there is a standard set of rules.
“But we will never get there as governments have different values and we respect that. Brazil has put a law in place which is identical to GDPR and we welcome that,” he told IANS.
When it comes to Artificial Intelligence (AI), the need of the hour is to build “trustworthy AI” that is fair and does not differentiate between religion, caste and colour.
“The whole idea is to build applications around AI in a trustworthy way. People will not share data and they must not be. With respect to users’ privacy, we need trusted AI systems that are safe and transparent,” Heiner explained.
To address such challenges, Microsoft has formulated a committee called AI and Ethics in Engineering and Research (AETHER), bringing together senior leaders from across the company to focus on proactive formulation of internal policies and how to respond to specific issues in a responsible way.
AETHER has the task of ensuring Microsoft AI platform and experience efforts remain deeply grounded within the company’s core values and principles and benefit the broader society.
Among other steps, the company is investing in strategies and tools for detecting and addressing bias in AI systems and implementing new requirements established by the EU GDPR.