For those who came in late, Vole thinks the European Union's General Data Protection Regulation (GDPR) has very effective in changing the way that tech companies handle personal data, and feels the US should enact something similar at the federal level.
Brill wrote that companies have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose.
She said that GDPR has inspired other countries to adopt similar regulations.
Brill said that self-regulation was not good enough. While some states such as California and Illinois have strong data protection laws in place, Brill feels the US needs something like the GDPR at the federal level.
"No matter how much work companies like Microsoft do to help organisations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments", Brill states.
"Despite the high level of interest in exercising control over personal data from US consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today."
Brill suggests the federal government should enact regulation that models the California Consumer Privacy Act (CCPA), which goes into effect next year.
She said that consumers have the right to control their information and that companies need to be held to a higher degree of accountability and transparency with how they collect and use customer data.
Of course US politicians are waiting for the cheque to arrive from big lobby groups before they make up their mind.