Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
Featured
FPF Statement on the House Energy and Commerce Subcommittee on Innovation, Data and Commerce’s May 23 unanimous House subcommittee vote on the American Privacy Rights Act
Today, the House Energy and Commerce Subcommittee on Innovation, Data and Commerce unanimously passed the revised draft of the American Privacy Rights Act.
Peak Privacy: Vermont’s Summit on Data Privacy
Immediately prior to the close of the state legislative session on May 10, 2024, the Vermont legislature passed H. 121, “An act relating to enhancing consumer privacy and the age-appropriate design code.” If enacted by Governor Scott, Vermont could become the state with the farthest-reaching comprehensive privacy law. While the Vermont Data Privacy Act (VDPA) […]
The North Star State Joins the State Privacy Law Constellation
On May 19, 2024, the Minnesota Legislature passed HF 4757, an omnibus budget bill that includes the Minnesota Consumer Data Privacy Act (MNCDPA). The bill now heads to Governor Walz for signature. Developed by State Representative Steve Elkins over nearly five years and multiple legislative sessions, the MNCDPA is among the strongest iterations of the […]
Little Users, Big Protections: Colorado and Virginia pass laws focused on kids privacy
‘Don’t call me kid, don’t call me baby’ – unless you are a child residing in either Colorado or Virginia, where children will soon have increased privacy protections due to recent advances in youth privacy legislation. Virginia and Colorado both have broad-based privacy laws already in effect. During the 2024 state legislative sessions, both states […]
Colorado Enacts First Comprehensive U.S. Law Governing Artificial Intelligence Systems
On May 17, Governor Polis signed the Colorado AI Act (CAIA) (SB-205) into law, establishing new individual rights and protections with respect to high-risk artificial intelligence systems. Building off the work of existing best practices and prior legislative efforts, the CAIA is the first comprehensive United States law to explicitly establish guardrails against discriminatory outcomes […]
Now, On the Internet, Will Everyone Know if You’re a Child?
With help from Laquan Bates, Policy Intern for Youth and Education How Knowledge Standards Have Changed the Status Quo As minors increasingly spend time online, lawmakers continue to introduce legislation to enhance the privacy and safety of kids’ and teens’ online experiences beyond the existing Children’s Online Privacy Protection Act (COPPA) framework. Proposals have proliferated […]
FPF Responds to the OMB’s Request for Information on Responsible Artificial Intelligence Procurement in Government
On April 29, the Future of Privacy Forum submitted comments to the Office of Management and Budget (OMB) in response to the agency’s Request for Information (RFI) regarding responsible procurement of artificial intelligence (AI) in government, particularly regarding the intersection of AI tools and systems procurement with other risks posed by the development and use […]
New Age-Appropriate Design Code Framework Takes Hold in Maryland
On April 6, the Maryland legislature passed HB 603/SB 571, the “Maryland Age-Appropriate Design Code Act” (Maryland AADC), which is currently awaiting action from Governor Moore. While FPF has already written about Maryland’s potentially “paradigm-shifting” state comprehensive privacy law, the Maryland AADC may similarly pioneer a new model for other states. The Maryland AADC seeks […]
Setting the Stage: Connecticut Senate Bill 2 Lays the Groundwork for Responsible AI in the States
NEW: Read Tatiana Rice’s op-ed in the CT Mirror on SB2 Last night, on April 24, the Connecticut Senate passed SB 2, marking a significant step toward comprehensive AI regulation in the United States. This comprehensive, risk-based approach has emerged as a leading state legislative framework for AI regulation. If enacted, SB 2 would stand […]
FPF Develops Checklist & Guide to Help Schools Vet AI Tools for Legal Compliance
FPF’s Youth and Education team has developed a checklist and accompanying policy brief to help schools vet generative AI tools for compliance with student privacy laws. Vetting Generative AI Tools for Use in Schools is a crucial resource as the use of generative AI tools continues to increase in educational settings. It’s critical for school […]