To protect people, promote trust in technology, drive innovation, and support U.S. leadership in the global digital economy, Salesforce has renewed its call for the United States Congress to pass a national, comprehensive privacy law that interoperates with global standards.
At its core, privacy is simple: it’s about people and their data. For people to have control over their own data, they must know what data is being collected about them and then be allowed to decide how that data is stored and used. And to offer this kind of control, standards are needed for how businesses enable — and can be held accountable for enabling — transparency and control.
Salesforce recognizes privacy as a fundamental human right and business imperative. Without a national law in place, however, people in the United States struggle to control their privacy journeys. Businesses, too, are struggling as they contend with a patchwork of state privacy laws related to how they operate and how they interact with their customers.
As COVID-19 continues to wreak havoc in yet another phase of the pandemic, we are seeing new urgency from our customers — organizations of every industry, sector, and vertical — to build work-from-anywhere environments that balance innovation, privacy, and a stellar customer experience. Against the backdrop of this new normal, Salesforce is focused on empowering our customers to responsibly unlock the value of their data while putting privacy first, no matter where they are working. To realize these benefits, Congress must pass a federal privacy law.
Comprehensive, effective privacy laws have been introduced, yet not enacted
Salesforce supports federal legislation that includes four fundamental concepts:
- Clear corporate obligations: Include obligations such as data minimization, purpose specification and limitation, and obligations that apply specifically to service providers/processors that align with Article 28 of the E.U.’s General Data Protection Regulation (GDPR), including those related to customer audit rights and authorization of subprocessors.
- Rights for individuals: Include the ability to access, correct, delete, and obtain a copy of their data. These rights appear in most global privacy laws, including the three recently-passed U.S. state laws. Americans are increasingly exercising these rights with companies that enable them.
- Meaningful transparency and control: Effective privacy laws should require companies to provide individuals with control over their data, including thorough just-in-time information about impactful data processing that points to controls that can be easily and effectively exercised throughout the data lifecycle.
- Effective enforcement: Strong privacy laws include a strong, empowered, expert central regulator, and some form of individual redress for individuals harmed by violative practices.
Complying with differing privacy requirements state by state is a difficult and costly task that adds complexity for individuals and businesses. Many of our customers are small and medium-sized businesses, and a federal privacy law that interoperates with existing regulations would enable them to comply more effectively with laws across state lines, and confidently enter global markets at a lower cost.
No federal privacy law will be perfect, but bills introduced in both chambers of Congress — and by members of both parties — build upon the existing global standard and significantly increase consistent privacy protections across the United States meaning, privacy protection would not vary by your zip code.
Absence of a national privacy standard hinders U.S. leadership and innovation
In the three years since Marc Benioff, Chair, Co-CEO & Co-Founder of Salesforce called on Congress to pass a federal privacy law, over 100 privacy bills have been introduced at the state and federal levels. Three — in California, Virginia, and Colorado — have passed, and more will be introduced as legislatures reconvene. Globally, comprehensive privacy legislation is now in effect in China, Brazil, Kenya, and Thailand, all sharing concepts and interoperating with the global standard set by the EU General Data Protection Regulation (GDPR).
The lack of a comprehensive national U.S. privacy standard has created a trust deficit, impeding organizations’ ability to compete in a global market where trust is paramount and is key to delivering technologies that could produce significant economic and social benefits. The United States can facilitate global cooperation on privacy and issues impacting digital trust and trade by exercising leadership in moving global privacy law forward and demonstrating shared values with our allies.
For these reasons, Salesforce has renewed its call — with increased urgency — for Congress to pass a comprehensive privacy law that builds upon, and is interoperable with, the current global privacy standard. We stand ready to support a U.S. privacy law that will protect people, build trust in the technology industry, and strengthen global partnerships.
To learn more about Salesforce’s efforts to protect privacy, go here.