Even as politicians in D.C. struggle to come up with national privacy legislation, Box CEO Aaron Levie says there is a growing consensus on what should be expected of companies.
Why it matters: As large companies adopt policies to comply with EU and California laws, federal legislation becomes more a formality and less of a battleground.
- "We're stumbling our way there," Levie told Axios on Thursday in an interview at the company's San Francisco office.
The big picture: Specifically, he said, there is growing convergence around several key points.
- Customers should know how their data is being accessed.
- They should have some degree of a right to revoke access.
- There should be limits to how third parties can access that data.
- Companies should probably be required to provide some level of auditing or reporting to the federal government.
What he's saying: "It's a very blurry image but you can start to see the contours of what a global privacy set of laws might look like."
- "We're probably 5 years out from this being anything that gets standardized. But I think it is not unrealistic that things could start to converge more on this stuff."
Meanwhile, Levie expects big companies to largely adopt the California rules that go into effect in January, just as most companies adopted the EU's GDPR requirements globally. Google, for example, committed Thursday to doing just that.
- "It's just how you will build your systems," he said.
The bottom line: Increased regulation is good for Box's business. "The more complex the world gets from a data privacy standpoint," Levie said, "the more companies want partners that can abstract that."
Go deeper: The global shortage of privacy professionals
