Search results

[…] optimize for task completion without sufficiently robust constraints on permissible actions. The resulting behavior may be difficult to predict or audit, as it emerges from the interaction between model outputs, tool responses, and external system states rather than from a single deterministic process. As organizations deploy agentic AI, institutional decisionmaking can risk becoming more […]

[…] and less prescriptive than what is required under the CCPA. Adopts Narrow Outlier Provisions: The bill selects particular narrow approaches used by only a handful of states: Virginia’s narrow biometric data definition (which broadly exempts photos, videos, and audio without limiting language), the pseudonymous data exception for consumer opt-out rights (Tennessee, Iowa, Florida, Alabama […]

We had to wait almost two years between when the 19th and 20th state comprehensive privacy laws were enacted, but the gap between the 20th and 21st proved to be a mere month. Governor Ivey signed HB 351, the Alabama Personal Data Protection Act (APDPA) into law on April 16. While this law is […]

[…] pave the path for privacy law and the modern Internet. He has had a hand in advising and shaping thinking on many leading-edge tech issues, including Internet free speech, Internet hate speech, and the parameters of government access to stored information. FPF staff who have known and worked with Christopher praised him as a […]

The way prices are set is changing: more accessible data, sophisticated algorithms, and ubiquitous online shopping have given retailers the ability to automatically tailor offers to customers in real-time or near-real-time based on increasing amounts of data about markets and consumers. A number of pricing strategies involving personal data, market data, and advanced machine learning—what […]

[…] Justine Gluck, Jared Bomberg, Soo Kang, Sean Perryman, and all other reviewers for their support on this report. ACKNOWLEDGEMENTS All FPF materials that are released publicly are free to share and adapt with appropriate attribution. Learn more . 1 Future of Privacy Forum | The Price is Right: Responsible Uses of Personal Data in […]

[…] otherwise the collection and use of biometric information is categorized as related to “high-risk” AI systems .  RBI systems can create a risk to the rights and freedoms of individuals simply by being deployed. The European Commission Guidelines and the AI Act Recitals both emphasize the risk of a “chilling effect” on the exercise […]

The West Coast now has a full set of chatbot laws on the books. Following California’s SB 243 (signed in 2025 and effective January 1, 2026) both Oregon (SB 1546) and Washington (HB 2225) enacted companion chatbot laws that will take effect on January 1, 2027. Together, these laws establish a new framework for regulating […]

[…] providing resources and take a more active role in mitigating harm. This ambiguity is notable in light of prior legislative proposals. For example, earlier (un-enacted) legislation in Virginia (SB 796) would have required operators to make reasonable efforts to notify emergency services or law enforcement in certain high-risk situations, an approach that raised significant […]

[…] the provision to apply. Section 2 takes a look at the situations that fall outside the scope of the prohibition, and, finally, Section 3 explores the interaction between the biometric categorization prohibition and the existing EU legal framework.  Several key takeaways emerge:  The AI Act prohibits specific biometric inference practices, not biometric categorization as […]