Last year, the European Union passed some of the toughest privacy and data laws with its General Data Protection Regulation (GDPR). Since then, the GDPR has served as inspiration for California’s groundbreaking Consumer Privacy Act and Washington State’s privacy act.

When it comes to privacy laws, the United States isn’t that great. Poor federal regulations mean it’s generally up to states to protect consumers, but that’s not enough.

In a recent blog post, Microsoft’s corporate vice president and deputy general counsel, Julie Brill, reflected on what a privacy law could look like in the United States.

“The driving force behind the global movement to modernize privacy laws is the new understanding people have of their right to privacy as technology changes how people create and share information,” Brill wrote. “Around the world, there is a growing expectation that everyone should benefit from digital technology without losing control of their personal information.”

Growing expectations doesn’t mean it’s the norm, though. Within the blog post, Brill went on to add:

“Now, it’s Congress’s turn to adopt a new framework that reflects the changing understanding of the right to privacy in the United States and around the world. Like GDPR, this framework should uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect…California’s law is a good starting point. But federal legislation should go further and ensure that companies act as responsible stewards of consumers’ personal data. “

Digital technology has become an everyday aspect of most Americans’ lives. From social media to online banking to cellphones and beyond, people are more digitally connected than they tend to think.

Events like Facebook’s Cambridge Analytica scandal have helped people realize just how much data is being gathered about them. People’s growing awareness has translated to discomfort with data practices.

“The number of consumer complaints over privacy issues sent to the Federal Trade Commission jumped by more than 14 percent to 8,000,” according to a 2018 CNet article,

Part of the responsibility does fall on companies to be responsible with data and not collect too much. For example, there’s no reason for Google to track people’s purchases through their Gmail account, but they still do. However, the reality is that “preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments,” Brill wrote.

Tech companies absolutely need to do better when it comes to collecting and handling data. The United States government also needs to pass laws that are designed to protect individuals and not the companies themselves.