Tech giants like Facebook, Google and Apple have also called for a data privacy law, though the specific details vary. In Microsoft's vision for privacy regulation, it calls for shifting the burden of protecting your data from the person to the tech companies.
The majority of data protection is an "opt-out" experience, meaning that data collection is the default, and people have to find their privacy settings to shut it off. In March, lawmakers criticized Google over how difficult it was to actually opt out of its data tracking programs.
"This places an unreasonable -- and unworkable -- burden on individuals," Brill wrote in the post. "Strong federal privacy should not only empower consumers to control their data, it also should place accountability obligations on the companies that collect and use sensitive personal information."
Microsoft has the numbers to back up how often people actually take that extra step to protect their own privacy. In the year since GDPR came into effect and Microsoft released its Privacy Dashboard, Brill said more than 18 million people have used those tools.
Microsoft's call for privacy legislation is to make sure that tech companies are the ones responsible for your privacy, not the other way around. Brill also noted that privacy legislation should have strong enforcement.
"As I saw first-hand when I served on the Federal Trade Commission, laws currently on the books are simply not strong enough to enable the FTC to protect privacy effectively in today's complex digital economy," Brill said.
While the FTC is able to issue fines to tech companies, it needs a consent decree to do that, which would require offending businesses to agree to a future penalty if they violate the terms again. Of the 101 data privacy violations the FTC investigated in the past 10 years, nearly all of them ended without any penalties, a government watchdog agency found.
Microsoft's call for stronger enforcement aligns with what lawmakers in Washington, DC, have proposed. On Monday, Sen. Josh Hawley, a Republican from Missouri, announced plans to introduce the Do Not Track Act, which would give more power to the program first introduced in 2010.
"The vast majority of websites, including the Big Tech companies, ignore these signals because there is currently no penalty in doing so," Gabriel Weinberg, founder of privacy-focused search engine DuckDuckGo, said in an email.
Brill noted that the US' privacy legislation should go beyond California's privacy law. She called on Congress to pass privacy legislation that'd give people control over their data and require more accountability and transparency from tech giants.
Watch this: Google's head of advertising calls for privacy, but not by default