FPF Statement on the House Energy and Commerce Subcommittee on Innovation, Data and Commerce’s May 23 unanimous House subcommittee vote on the American Privacy Rights Act
Today, the House Energy and Commerce Subcommittee on Innovation, Data and Commerce unanimously passed the revised draft of the American Privacy Rights Act.
FPF Statement on the adoption of the EU AI Act and New Resource Webpage
“Today the European Union adopted the EU AI Act at the end of a long and intense legislative process. At the Future of Privacy Forum we believe that multistakeholder global approaches and advancing common understanding in the area of AI governance are key to ensuring a future with safe and trustworthy AI, one that protects fundamental rights while promoting innovation to benefit society.
The EU AI Act is a comprehensive, binding law, with broad extraterritorial effect and is therefore poised to play a crucial role in the global debate on AI regulation. We welcome the openness and foresight of the European Union’s lawmakers to adopt a definition of AI systems that is interoperable with that proposed by the OECD.
At the same time, we acknowledge the long and complicated road ahead to make the provisions of the EU AI Act effective in practice. With personal data playing a key role in the development and deployment of AI systems, we at the Future of Privacy Forum are paying particular attention to how privacy and data protection norms around the world interact with AI governance frameworks such as the EU AI Act. We will continue to explore this complicated question with research, convenings, and evidence-based tools related to AI governance.”
Jules Polonetsky, CEO of the Future of Privacy Forum
For a list of existing FPF Resources on the EU AI Act, see our new dedicated webpage.
FPF Statement on President Biden’s 2024 State of the Union Address
“At this critical moment in time, the U.S. is positioned to demonstrate leadership to develop and regulate emerging technologies such as AI. These tools, while incredibly advantageous when deployed responsibly, also carry tremendous potential to cause harm. We commend the Biden administration for recognizing the multifaceted challenges and opportunities presented by AI technologies.
We’re also encouraged to hear President Biden reaffirm his commitment to enacting stronger privacy protections for kids online. Technology creates both terrific opportunities and real risks for young people, and as kids spend more time online and as AI and other technologies continue to evolve, finding that balance has become more difficult ― and more important ― than ever before. We stand by the fact that a comprehensive federal privacy law would address some of the most pressing privacy concerns associated with AI, including algorithms’ use of mass amounts of sensitive data.”
Today, almost everything we do online involves companies collecting personal information about us. Personal data is collected and used for various reasons – like when you use social media, shop online, redeem digital coupons at the store, or browse the internet.
Sometimes, information is collected about you by one company and then shared or sold to another. While data collection can benefit both you and businesses – like connecting with friends, getting directions, or sales promotions – it can also be used in invasive ways unless you take control.
You can protect your personal data and information in many ways and control how it is shared and used. On this Data Privacy Day or Data Protection Day in Europe, recognized annually on January 28 to mark the anniversary of Convention 108, the first binding international treaty to protect personal data, the Future of Privacy Forum (FPF) and other organizations are raising awareness and promoting best practices for data privacy.
FPF is partnering with Snap Inc. to provide a privacy-themed Snapchat filter to spread awareness of the importance of data privacy to your networks. Share the pictures you took using our interactive lens on social media using the hashtag #FPFDataPrivacyDay2024.
Here are 7 quick, easy steps you can take to better protect your privacy online and when using your mobile device.
1. Check Your Privacy Settings on Social Media
Many social media sites include options on how to tailor your privacy settings to limit how data is collected or used. Snap provides privacy options that control who can contact you and many other options. Start with the Snap Privacy Center to review your settings. You can find those choices here.
Snap also provides options for you to view any data they have collected about you, including account information and your search history. Downloading your data allows you to view what information has been collected and modify your settings accordingly.
Instagram allows you to manage various privacy settings, including who has access to your posts, who can comment on or like your posts, and manage what happens to posts after you delete them. You can view and change your settingshere.
TikTok allows you to decide between public and private accounts, allows you to change your personalized ad settings, and more. You can check your settingshere.
Twitter/X allows you to manage what information you allow other people on the platform to see and lets you choose your ad preferences. Check your settings here.
Facebook provides a range of privacy settings that can be found here.
In addition, you can check the privacy and security settings for other popular applications such as BeReal and Pinteresthere. Be sure to also check your privacy settings if you have a profile on a popular dating app such as Bumble, Hinge, or Tinder.
What other social media apps do you use often? Check to see which settings they provide!
2. Limit Sharing of Location Data
Most social media apps and websites will ask for access to your location data. Do they need it for some obvious reason, like helping you with directions, showing your nearby friends, or perhaps a store location you’re looking for? If not, feel free to opt-out of location data. Be aware that location data is often used to personalize ads and recommendations based on locations you have recently visited. Allowing access to location services may also permit sharing of location information with third parties.
To check the location permissions allowed for apps on an iPhone or Android, follow the below steps.
Navigate to “Settings,” then “Location,” and then “App Location Permissions.”
Select the app you would like to prevent from accessing your location.
Make sure “Not Allowed” is selected or “Allowed only while in use.”
3. Keep Your Devices & Apps Up to Date
Keeping software current and up to date is the only way to ensure your device is protected against the latest software vulnerabilities. Installing the latest security software, web browsers, and operating systems is the best way to protect against various online threats. By enabling automatic updates on your devices, you can be sure that your apps and operating systems are always up to date.
Users can check the status of their operating systems in the settings app.
For iPhone users, navigate to “Software Update,” and for Android devices, look for the “Security” page in settings.
4. Use a Password Manager
Utilizing a strong and secure password for each web-based account helps ensure your personal data and information are protected from unauthorized use. Remembering passwords for every account can be difficult, and using a password manager can help. Password managers save passwords as you create and log in to your accounts, often alerting you of duplicates and suggesting the creation of a stronger password.
For example, if you use an Apple product when signing up for new accounts and services, you can allow your iPhone, Mac, or iPad to generate strong passwords and safely store them in iCloud Keychain for later access. Some of the best third-party password managers can be found here.
5. Enable Two-Factor Authentication
Two-factor authentication adds an additional layer of protection to your accounts. The first authentication is the standard username and password combination used for years. The second factor is a text message or email with a code sent to a personal device. This added step makes it harder for malicious actors to access your accounts. Two-factor authentication only adds a few seconds to your day but can save you from the headache and harm that comes from compromised accounts. To be even safer, use an authenticator app as your second factor.
Remember to adjust your settings regularly, staying on top of any privacy changes and updates made on the web applications you use daily. Protect your data by being intentional about what you post online and encouraging others to look at the information they may share. By adjusting your settings and making changes to your web accounts and devices, you can better maintain the security and privacy of your personal data.
6. Use End-to-End Encryption for Secure Messaging
Using applications with secure end-to-end encryption, such as Signal and ProtonMail, ensures that only you and the intended recipient can read your messages. Other applications such as WhatsApp and Telegram are also end-to-end encrypted, though be sure to update your settings in Telegram as messages are not encrypted by default.
As many of us share sensitive information with our families and friends, it’s critical to be mindful of how our personal information is shared and who has access to it.
What better time to reassess our data practices and think about this important topic than during Data Privacy Day?
7. Turning off Personalized Ads
Take control of how companies use your personal information to advertise to you by going into the settings of your applications. See below for how-to guides with quick, step-by-step instructions to turn off ad personalization for popular apps you may be using:
If you’re interested in learning more about one of the topics discussed here or other issues driving the future of privacy, sign up for our monthly briefing, check out one of our upcoming events, or follow us on Twitter, LinkedIn, or Instagram.
FPF brings together some of the top minds in privacy to discuss how we can all benefit from the insights gained from data while respecting the individual right to privacy.
FPF in 2023: A Year in Review
As 2023 comes to an end, we want to reflect on a year that saw the Future of Privacy Forum (FPF) continue to expand its presence globally and domestically while organizing engaging events, publishing thought-provoking analysis, providing the latest expert updates, and more. FPF continues to convene industry experts, academics, consumer advocates, and other experts to explore the challenging issues in the data protection and privacy field.
The AI Impact
2023 was the year of AI. We saw AI technologies catapulted into the mainstream with Generative AI tools such as ChatGPT, Google Bard, and others. AI continues to have countries worldwide working to regulate the technology and companies scrambling to figure out how to navigate AI amongst their employees and their products and services.
To respond to the demand for understanding in AI, FPF worked with stakeholders on best practices, provided in-depth training on AI-related topics, and discussed the evolving impact of this technology with many of you at roundtable discussions, expert panels, and more.
Here are some of FPF’s biggest AI moments of 2023:
Hosted our first-ever Japan Privacy Symposium where Data Protection and Privacy Commissioners of the G7 DPAs discussed their approaches to regulating AI.
Discussed alternative solutions for processing of (personal) data with Machine Learning at CPDP Brussels and generative AI systems in Asia-Pacific during Singapore’s PDP Week.
Participated in a Capitol Hill briefing hosted by the Wilson Center and Seed AI in conjunction with the Congressional Artificial Intelligence Caucus “AI Primer: AI in the Workplace,” highlighting FPF’s Best Practices.
Provided testimony on the responsible use and adoption of AI technologies in New York City classrooms.
Published insightful op-eds in WIRED discussing the intersection of AI and immersive technologies and The Hill on generative AI and elections.
Held stakeholder workshops on the current regulation of generative AI throughout the APAC region.
Organized a session at the Global Privacy Assembly on the use of public information for LLM training.
Relaunched the FPF Training program, providing in-depth expert sessions on topics such as the EU AI Act, the fundamentals of AI and machine learning, and more.
Continuing FPF’s Global Reach
In 2023, FPF closely followed and advised upon significant developments in Asia, the European Union, Africa, and Latin America. We also discussed privacy and data protection with many of you at key conferences and events across the globe, including in Washington, DC, Brussels, Tokyo, Singapore, Bermuda, and Tel Aviv.
As India’s Digital Personal Data Protection Act sprinted through its final stages in August after several years of debates, postponements, and negotiations, FPF provided an in-depth, comprehensive explainer of its important aspects and key provisions, as well as discussed its extraterritorial effects in a LinkedIn Live conversation. The Act also focused on protections for the processing of personal data of children and introduced the concept of “verifiably safe” measures and, FPF in partnership with The Dialogue released a Brief containing a Catalog of Measures for “Verifiably Safe” Processing of Children’s Personal Data Under India’s Digital Personal Data Protection Act (DPDPA) 2023. In partnership with NASSCOM, FPF also hosted a webinar series on the consent regime under India’s new Digital Personal Data Protection Act of 2023.
FPF saw its presence in Asia continue to grow as the FPF Asia-Pacific office entered its third year. FPF and S&K Brussels hosted the first-ever Japan Privacy Symposium in Tokyo, providing insight into the regulatory priorities of the G7 DPAs and global thought leadership on the interaction of data protection and privacy laws with AI. During Singapore’s PDP Week, our Asia-Pacific team held a roundtable on the governance implications of generative AI systems, spoke at the Asia Privacy Forum, and hosted an in-person training on the EU AI Act.
FPF remains consistently active in the European Union, with several engaging events bringing together the European data privacy community and numerous thought-provoking blogs, reports, and analyses published in 2023. FPF launched its in-depth report on enforcement of the EU’s GDPR Data Protection by Design and by Default obligations and hosted our 7th Annual Brussels Privacy Symposium with the Brussels Privacy Hub of Vrije Universiteit Brussel, which included opening remarks by European Commissioner for Justice Didier Reynders and European Data Protection Supervisor Wojciech Wiewiórowski. We also analyzed the regulatory strategies of European DPAs for 2023 and beyond in our continuing series.
In addition, our global experts provided analysis on privacy and data protection developments in Vietnam, Nigeria, Australia, Tanzania, and the African Union and published an overview comparing three regional model contractual frameworks for cross-border data transfers.
U.S. Legislative Activity
In 2023, FPF played a key role in informing regulatory agencies and state legislatures on privacy in various emerging technologies, such as AI. Our experts testified before state legislatures, provided informative analysis, submitted regulatory comments, and more.
We provided recommendations and filed comments with the:
U.S. Department of Health and Human Services Office for Civil Rightsregarding the Notice of Proposed Rulemaking on extending additional protections to reproductive health care data under the Health Insurance Portability and Accountability Act.
U.S. Federal Trade Commissionregarding the Notice of Proposed Rulemaking to clarify the scope and application of the Health Breach Notification Rule, and again regarding the use of “Privacy-Protective Facial Age Estimation” as a potential mechanism for verifiable parental consent under the Children’s Online Privacy Protection Act Rule.
California Privacy Protection Agency to inform the Agency’s rulemaking to implement the California Privacy Rights Act amendments to the California Consumer Privacy Act’s provisions on cybersecurity audits, risk assessments, and automated decision-making.
National Telecommunications and Information Administration in response to their request for comment on privacy, equity, and civil rights, and again in response to their request for comment on Kids Online Health and Safety as part of the Biden-Harris Administration’s Interagency Task Force on Kids Online Health & Safety.
Consumer Financial Protection Bureau in response to their request for comment regarding data portability for financial products and services, and again in response to their Request for Information (RFI) Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information.
2023 also saw developments in various U.S. state commercial privacy laws. We found that the number of state laws increased from five to twelve (or, arguably, thirteen), and in response, provided timely analysis in Iowa, Indiana, Montana, Tennessee, Florida, Texas, Connecticut, Oregon, Utah, and Delaware. In addition, Washington and Nevada became the first to pass broad-based consumer health data privacy legislation. Earlier this month, our Director for U.S. Legislation Keir Lamont took a look ahead at the state privacy landscape in 2024.
For the 13th year, FPF recognized leading privacy research and analytical work with the Privacy Papers for Policymakers Award held on Capitol Hill. The winners spoke about their research in front of an audience of academic, industry, and policy professionals in the field. The event featured keynote speaker FTC Commissioner Alvaro Bedoya.
Youth & Education Privacy
Federal and state policymakers turned to the protection of children online, with President Biden notably mentioning it for a second year in a row during this year’s State of the Union address.
In partnership with LGBT Tech, we outlined recommendations for schools and districts to balance inclusion and student safety in technology use. Our analysis builds on thorough research, including interviews with recent high school graduates who identify as LGBTQ+, to gather firsthand accounts of how student monitoring impacted their feelings of privacy and safety at school.
Over the summer, we published one of our popular infographics examining age assurance technologies. The infographic’s authors unpacked the risks and potential harms associated with attempting to discern someone’s age online and potential mitigation tools in this LinkedIn Live conversation.
Privacy by design for kids and teens also expanded globally in 2023. As policymakers, advocates, and companies grapple with the ever-changing landscape of youth privacy regulation, we hosted a well-attended webinar with a wide range of global experts discussing the current state of kids’ and teens’ privacy policy.
The Rise of Emerging Technologies, Examining the Open Banking Ecosystem, & Analysis on Research Data Sharing
As stakeholders became increasingly interested in immersive technologies, notably AR/VR/MR, we responded by releasing the Risk Framework for Body-Related Data in Immersive Technologies, whichassists organizations in safely and responsibly handling body-related data. Our team also held a series of webinars exploring the intersection of immersive technology with topics like AI, advertising, education, and more.
In March, we published an infographic breaking down the complex U.S. open banking ecosystem, supported by over a year of meetings and outreach with leaders in banking, credit management, financial data aggregators, and solution providers to comprehensively understand the developing industry of open banking, with the infographic’s authors discussing its privacy implications in a LinkedIn Live conversation.
In 2023, we continued to examine privacy and research data sharing by producing Data Sharing for Research: A Compendium of Case Studies, Analysis, and Recommendations, demonstrating how, for many organizations, data-sharing partnerships are transitioning from being considered an experimental business activity to an expected business competency. We also held the 3rd Annual Award for Research Data Stewardship, honoring representatives from Optum and the Mayo Clinic for their outstanding corporate-academic research data-sharing partnership. During this virtual event, we opened with a keynote address by U.S. Congresswoman Lori Trahan.
Bringing Together Leaders in Privacy and Data Protection
On a different track, FPF also built out a wide range of peer-to-peer meetings and calls for the senior executives working on data protection compliance issues. We hosted virtual meetings on key topics of interest on an every other month basis, smaller meetings for specific sector leaders, and in-person meetings in multiple cities.
The “Current State of Global Opt-Out Technology” event in March provided members with insights into regulator discussions, along with a vendor showcase featuring solution demonstrations.
Hosted 50+ in-person and virtual peer-to-peer meetings across the globe for intimate discussions among privacy executives focused on their top-of-mind issues.
Launched Privacy Metrics 2.0 to help advance industry OKRs and the underlying metrics, provide privacy leaders with the tools they need to have effective conversations with their boards, and provide useful information for ESG reporting and investor communications.
This is by no means a comprehensive list of all of FPF’s important and engaging work in 2023, but we hope it gives you a sense of our work’s impact on the privacy community and society at large. We believe our success is due to deep engagement with privacy experts in industry, academia, civil society, and government and our belief that collaborating across sectors and disciplines is needed to advance practical safeguards needed for data uses that benefit society. Keep updated on FPF’s work by subscribing to our monthly briefing and following us on LinkedIn, Twitter/X, and Instagram.
On behalf of the FPF team, we wish you a very Happy New Year and look forward to celebrating 15 years of FPF in 2024!
FPF Statement on Biden-Harris AI Executive Order
The Biden-Harris AI plan is incredibly comprehensive, with a whole of government approach and with an impact beyond government agencies. Although the executive order focuses on the government’s use of AI, the influence on the private sector will be profound due to the extensive requirements for government vendors, worker surveillance, education and housing priorities, the development of standards to conduct risk assessments and mitigate bias, the investments in privacy enhancing technologies, and more. Also important is the call for bipartisan privacy legislation, the most important precursor for protections for AI that impact vulnerable populations.
FPF Statement on White House Executive Order to Implement the European Union-U.S. Data Privacy Framework
October 7, 2022— Statement from Future of Privacy Forum’s CEO Jules Polonetsky:
With this step, the U.S. puts in place practical surveillance limitations, oversight, and individual redress that are unmatched almost anywhere else in the world in the context of national security. Leading democracies are converging on surveillance standards with this progress. Constitutional limitations prevent a U.S. system that is identical to the European Union, but the Court of Justice of the EU has helped bring about U.S. reforms that will significantly protect privacy in the context of national security. Although there are important legal discussions to have about the exact nature of the judicial redress and the oversight mechanism, as well as the restrictions on bulk collection, this is a momentous achievement.
Particularly important is the reciprocity requirement for redress, which requires any country to implement safeguards for US citizens’ data to benefit from this system and will help advance global standards.
Read the White House Executive Order here and the White House Fact Sheet here.
FPF’s VP for Global Privacy, Dr. Gabriela Zanfir-Fortuna, spoke about the EO at an IAPP LinkedIn Live on ‘The EU-U.S. Data Privacy Framework & Next Steps for Data Transfers’ on Friday, October 7. Watch it here.
FPF Statement on the EU/US Transatlantic Data Agreement
March 25, 2022 — This morning the European Union and the United States came to a breakthrough agreement in principle, which allows Europeans’ personal data to flow to the United States.
Future of Privacy Forum’s CEO Jules Polonetsky said:
We are encouraged to see progress in the important effort to ensure that cross-border EU-U.S. research, communication, and commerce can continue without disruption. Both the European Commission and U.S. negotiators understand that any deal needs to meet the standard set by the European Court of Justice. Recent U.S. proposals have included significant oversight and extensive redress structures, beyond the Privacy Shield agreement that the European Court of Justice invalidated. We look forward to the details of the latest proposals, including those related to ensuring proportionality of government access to Europeans’ data. We appreciate that the Biden Administration has supported new models of redress and hope that Congress will build on these efforts as it addresses reforms of surveillance legislation in the near future.
We also encourage both the U.S. and EU to recognize the need to ensure surveillance oversight and trusted data flows among democratic allies globally and support the ongoing work of the OECD in this regard.
Read the White House Fact Sheet: the United States and European Commission Announce Trans-Atlantic Data Privacy Framework here. You can also read VP of Global Privacy Dr. Gabriela Zanfir-Fortuna’s analysis here.