back to article USA needs law 'a lot like GDPR' – says Salesforce supremo Marc Benioff

Salesforce CEO Marc Benioff thinks America needs “a national privacy law … that probably looks a lot like GDPR.” “This is going to help our industry,” he said of Europe's new privacy rules on a conference call detailing Salesforce's Q1 2019 financial results. “It's going to set the guardrails around trust, around safety. It's …

  1. Timmy B Silver badge

    Any US company that holds any identifiable data for any European citizen has to follow GDPR anyway. That must be a whole load of them included already.

    1. Anonymous Coward
      Anonymous Coward

      "The Europeans definitely got that figured out”

      But that there is the problem Benioff... Europe has got it figured out... But the vast majority of Big-Data siphoning firms are not European.... Consider this: Facebook & Google have been lying to the world successfully for 2 decades just like Big Tobacco Banksters... Yet just like Tobacco, people don't want to quit!

      So lets call it as it is. This is an industry that has zero ethics and wants zero change. The last thing they plan to do is comply with overseas laws. Some will ask with all that wealth/monopoly, why don't they just play ball? They can't! They are cults run by Sociopathic leaders removed from reality and can't go back.

      Short of a revolution, its RIP freedom!

      1. Anonymous Coward
        Anonymous Coward

        'Short of a revolution, its RIP freedom!'

        Interesting... A prediction about a looming tech apocalypse, turns out to be a quite a divisive topic. But hey, don't take a commentard's word for it. How about the word of a former Facebook exec involved in designing FB's original Slurp algos?

        ````````````

        https://www.huffingtonpost.ca/2017/08/07/ex-facebook-exec-warns-of-revolution-caused-by-job-automation_a_23068976/

        ````````````

        http://www.theregister.co.uk/2016/07/07/facebook_drops_feed_of_philando_castile_shooting/

        https://www.bloomberg.com/view/articles/2018-03-26/protect-your-data-then-hope-for-a-tech-revolution

    2. joed

      I bet all they are looking for is a loophole (for EU laws) and a watered down (but formally sanctioned) GDPR-like law on this side that on one hand would help them spin positive PR to their customers while not adding any resistance to their data collection methods. Salesforce acts - for all intents and purposes - like creepy big brother and it's customers (businesses) opt in consumers with little regard to reasonable expectation of privacy.

  2. Adam 52 Silver badge

    Salesforce is interesting. On the one hand it's tempting to move all those spreadsheets of customer details into Salesforce, send all your email through Marketing Cloud and let Marketing Cloud manage opt-outs.

    On the other that puts all of your personal data in one place where any salesman chasing a target can use it, even if your lawful basis for processing doesn't cover sales. Salesforce's permission model isn't usable enough to enforce the lawful basis rules and it's a right pain to do data minimisation.

    So I'm curious what other people have done?

    1. Anonymous Coward
      Anonymous Coward

      So I'm curious what other people have done?

      Chinned off compliance and hope they don't get caught most likely.

    2. Anonymous Coward
      Anonymous Coward

      What others are doing ...

      Perhaps a little different working in a European company but I'm currently having the discussion with our data protection group about the fact they have cut our internal team off at the knees by slamming the doors on access to support call information from external clients. Some small teams who need to work with the clients (but weren't picked up in the audits - another story) don't have access anymore.

      Even though it's causing some short term internal friction and we have to jump through a range of hoops to regain necessary access, the company is erring on the side of caution for GDPR and limiting access to clients data. That means at least some companies are protecting customer data at the expense of freedom for employees to access. It isn't a complete data free-for-all and two fingers up to GDPR, at least here.

      Time (and prosecutions) will tell whether this is a common or necessary practice.

  3. DrXym Silver badge

    It already has a law a bit like it

    HIPAA is a US law that protects medical records and the sharing / divulgence of that information. It is not inconceivable that such a law could be extended to cover other areas.

    The problem of course is this is the United States we're talking about. If any lawmaker were to seriously try to go down this road, lobbiests would be muddying the waters with fearmongering and attack ads. They would cast the law in terms that it would prevent people from knowing if they were living opposite a child abuser or such nonsense.

    The reality is that there is big money to be made from almost unfettered data collection and aggregation and EU style privacy laws would be seen as the apocalypse for companies that harvest and sell that info.

    1. Wellyboot Silver badge

      Re: It already has a law a bit like it

      I agree with that.

      Anything remotely looking like a GDPR act going near Congress & Senate will initiate the biggest spending spree by lobby groups in history and obviously politicians are all trustworthy characters with nothing they'd prefer to keep quiet.

    2. Charlie Clark Silver badge

      Re: It already has a law a bit like it

      The funny thing with the US is that there are reasonably strong controls over what the government can do with the data of US citizens but virtually nothing about companies. Hence, the idea that several companies like to tout about personal data being a tradable commodity. They always neglect to say that individuals will never be told the true financial value of any data they provide. Handy that.

      1. fidodogbreath Silver badge
        Big Brother

        Re: It already has a law a bit like it

        The funny thing with the US is that there are reasonably strong controls over what the government can do with the data of US citizens but virtually nothing about companies.

        Which provides a convenient loophole for government / LEOs, who can just obtain tracking data from private companies. No need for Constitutional impediments such as warrants, since the .gov is not technically performing the surveillance activity.

        A few examples (of many): wired techdirt zdnet etc

        Pro tip: Whenever an LEO describes something as "just another tool," the phrase "for creating an Orwellian dystopia" should be appended.

  4. Anonymous Coward
    Anonymous Coward

    "...an earnings call for Salesforces Q1 2019"

    Impressive time travelling by Benioff.

    1. Bob the Skutter

      Not sure why down votes I'm equally impressed at how they can report next year's figures

      1. Gordon 10 Silver badge

        Sales Forces Financial year ends in early 2019 so they decided to call the Financial Year by the Year in which it ends rather the year in which it starts. Probably made sense at some point. They aren't the only ones who do this.

  5. Anonymous Coward
    Anonymous Coward

    PMSL! Great Idea but....

    Are there any politicians willing to overlook the (bribes) campaign funds

    No doubt it will be talked about a lot but.... only to increase the values of campaign/lobbyist funds

  6. IGnatius T Foobar ✅

    Privacy policy law

    As far as most people can tell, all these privacy laws do is cause the distribution of privacy policies to come so fast and frequent that people are in a hurry to dismiss them as quickly as possible without reading them.

    Scott McNealy of Sun Microsystems (remember them?) once said, "You have no privacy. Get over it." He took a lot of heat for saying that but it's basically true. Privacy is up to us. Third parties simply cannot be trusted.

    1. strum Silver badge

      Re: Privacy policy law

      >Privacy is up to us. Third parties simply cannot be trusted.

      So, each of us should pass our own GDPR law? Don't be daft.

      Anything this big, wrangled by huge corporations, needs something even bigger to regulate it. That means government. Everything else is pissing in the wind.

    2. JohnFen Silver badge

      Re: Privacy policy law

      "people are in a hurry to dismiss them as quickly as possible without reading them."

      I'll confess that I don't bother reading them at all. I just assume that they say "we can do anything we want with any data we learn about you", as that's what 98% of them actually say once you run them through a legalese-to-English translator.

      Plus, I don't actually believe that companies are all that fussed about sticking to what the privacy policy says anyway.

      1. Doctor Syntax Silver badge

        Re: Privacy policy law

        "Plus, I don't actually believe that companies are all that fussed about sticking to what the privacy policy says anyway."

        Probably not. The EU regulators didn't think so either so that's why they came up with a law. What's more it's a law based on a few decades of past experience in trying to regulate this area.

        1. kschrock

          Re: Privacy policy law

          So the ethical, noble, enlightened politicians of Europe, (unlike their despicable counterparts in the US), will pass some wonderful regulations, and Zuc, Serg, Bezos, etc, and all the spy agencies around the world will just simply stop gathering our information? You must have some good drugs over there.

          1. Wellyboot Silver badge

            Re: Privacy policy law

            That's the thing about governments, they can legally make life really difficult if they want to.

            The EU political system is Byzantine is operation and includes some very powerful appointed bodies that are able to override nation state autonomy in the name of unity and acting on powers granted by EU member states through international treaty.

            GDPR will be enforced by the European Data Protection Board which operates above the nation state level and pretty much has the last word on any EU personal data matter (something that ICANN hasn't grasped)

            The FBI has in the past arrested a CEO from country 'A' (travelling to country 'B') at hub airports because their 'totally legal in country A' business had the nerve to not block US citizens where said business activity was on the naughty list. So there are precedents for actions against foreign CEO level company personnel, There's also the interesting fact that European countries still have quite a lot of other places around the world under their jurisdiction. That would make international travel interesting.

            As for European politicians, (and the world over), they'll throw someone else under the bus in a heartbeat if it makes them look good for 5 minutes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019