Search results

[…] Article 1 of the LGPD identifies the objective of the law as ensuring the processing of personal data protects the fundamental rights of freedom, privacy, and the free development of personality3. At the same time, Article 2 of the LGPD recognizes data protection is “grounded” on economic and technological development and innovation.  The study […]

Today, the Future of Privacy Forum (FPF) published a new paper—Data Minimization’s Substantive Turn: Key Questions & Operational Challenges Posed by New State Privacy Legislation. Data minimization is a bedrock principle of privacy and data protection law, with origins in the Fair Information Practice Principles (FIPPs) and the Privacy Act of 1974. At a […]

In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common […]

[…] Benifei (Member of European Parliament, co-Rapporteur of the AI Act), John Edwards (Information Commissioner, U.K. Information Commissioner’s Office), and Louisa Specht-Riemenschneider (Federal Commissioner for Data Protection and Freedom of Information, Germany), on Cross-regulatory Cooperation Between Digital Regulators.  Their panel began by painting a detailed portrait of how the proliferation of digital regulations has created […]

[…] lowest numerical applicability thresholds of any of the state comprehensive privacy laws when the law was enacted in 2023. At that time, prior comprehensive privacy laws in Virginia, Colorado, Utah, Connecticut, Iowa, and Indiana all applied to controllers that either (1) control or process the personal data of at least 100,000 consumers (“the general […]

[…] high utility loss for QIs) Masking Obscure parts of data values (e.g., XXXX) Obscure direct identifiers Simple; Preserves format Limited privacy protection; Can reduce utility; Hard for free text Low (Insufficient for QIs in queries) Generalization Replace specific values with broader categories Reduce identifiability via QIs Basis for k-anonymity Significant utility loss, especially in […]

[…] 2060. This rapidly aging population presents complex challenges and opportunities, particularly in the increased demand for resources necessary for senior care and the use of AgeTech to promote improved autonomy and independence. FPF will lead rigorous, independent research into these issues, with a particular focus on the privacy expectations of seniors and caregivers, cost […]

[…] such as determining whether the system falls under the AIA, whether it is classified as “high-risk”, and who is responsible for conducting the CA. CAs are not new in the EU context; the AIA builds on product safety legislation under the New Legislative Framework (NLF) to ensure that high-risk AI systems meet both legal […]

[…] approach differs in its simplified risk categorization, including absence of prohibited AI practices, comparatively lower financial penalties, and the establishment of initiatives and government bodies aimed at promoting the development and use of AI technologies. The intent of this comparison is to assist practitioners in understanding and analyzing key commonalities and differences between both […]

[…] like “personal information” and “operator,” but in a few instances switches to “personal data” and “controller,” perhaps from borrowing language from more modern privacy laws like the Virginia Consumer Data Protection Act.     The substantive data minimization trend continues While the federal COPPA framework is largely focused on consent, former Commissioner Slaughter noted in 2022 […]