Microsoft CEO Satya Nadella digressed from standard earnings call topics two weeks ago to discuss the importance of ethics, privacy, and cybersecurity.  While he did not provide a specific reason for the digression, the Facebook hearings and impending GDPR implementation were likely motivators.

Nadella noted that the intelligent cloud and intelligent edge are “tremendous opportunities” for Microsoft customers, but that it is critical that both Microsoft and its customers “ensure trust in technology” across three dimensions: privacy, cybersecurity, and ethics. Nadella argued that “privacy is a fundamental human right” and that the firm has implemented an “end-to-end privacy architecture” which is GDPR compliant.

“For customers, we will provide robust tools backed by our contractual commitments to help them comply with GDPR,” said Nadella. “In fact, for most customers it will be more effective and less costly to host their data in Microsoft’s GDPR-compliant cloud than to develop and maintain GDPR compliance tools themselves.”

With respect to cybersecurity, the company spearheaded a coalition of 34 global tech and security companies for the Cybersecurity Tech Accord, “an important first step by the industry to help create a safer and more secure online environment for everyone.”

Nadella also announced the establishment of an AI and Ethics in Engineering and Research Committee at Microsoft “to ensure we always advance AI in an ethical and responsible way to benefit our customers and the broader society. This includes new investments in technology to detect and address bias in AI systems. Microsoft stands for trust, and this will continue to be a differentiating focus for us moving forward.”

Up until recently, information technology and social media have been viewed as social goods with few drawbacks, but now that we are all tied into the social communications fabric, we are beginning to worry about the dark side of such connectivity whether it be job losses through automation, the stripping away of privacy, the vulnerability of our networks to hacks, or the undermining of objective truth and democratic systems.

One step towards addressing these problems is the GDPR Chief Privacy Officer requirement with its focus on privacy and cybersecurity.  At most companies, this role is likely to be one of compliance, not ethics or broader social questions.  At a few, however, this role may grow beyond mere compliance and begin to address the broader social and economic issues posed by information technology.