Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Tatiana Rice, Senior Director.
Contextualizing the Proposed SECURE Data Act in the State Privacy Landscape
Special thanks to FPF’s Dr. Gabriela Zanfir-Fortuna, VP of Global Policy, for her contributions to this analysis. The House Committee on Energy and Commerce’s Republican data privacy working group released their long-awaited comprehensive consumer privacy bill on April 22, titled the “Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act” (SECURE Data Act) […]
FPF on the Securing and Establishing Consumer Uniform Rights and Enforcement Over Data (“SECURE Data”) Act
The U.S. is overdue to adopt comprehensive federal consumer privacy legislation. Baseline protections for personal information in a federal privacy law would provide an essential foundation for progress on other Congressional priorities, including AI governance and youth online safety, and it’s encouraging to see Congress renewing its attention to this topic. In the absence of […]
The Alabama Personal Data Protection Act Brings Consumer Privacy to the Heart of Dixie
We had to wait almost two years between when the 19th and 20th state comprehensive privacy laws were enacted, but the gap between the 20th and 21st proved to be a mere month. Governor Ivey signed HB 351, the Alabama Personal Data Protection Act (APDPA) into law on April 16. While this law is based […]
The Rest of the West: Oregon and Washington Build on California Chatbot Law
Introduction The West Coast now has a full set of chatbot laws on the books. Following California’s SB 243 (signed in 2025 and effective January 1, 2026) both Oregon (SB 1546) and Washington (HB 2225) enacted companion chatbot laws that will take effect on January 1, 2027. Together, these laws establish a new framework for […]
2026 Chatbot Legislation Tracker
Co-authored by Rafal Fryc With nearly 100 chatbot-specific bills introduced across states in 2026, a complex and increasingly fragmented compliance landscape is quickly emerging. This tracker helps stakeholders understand that landscape by highlighting chatbot legislation advancing through initial chambers in state legislatures and Congress, and organizing key provisions across proposals to show what is coming […]
Privacy Protections Coming Sooner Rather Than Later to the Sooner State
Oklahoma has become the latest U.S. state to enact a comprehensive consumer privacy law after Governor Stitt signed SB 546 into law on March 20. This ends two long legislative droughts: First, this is the long-awaited 20th state comprehensive privacy law and the first since the Rhode Island Data Transparency and Privacy Protection Act was […]
Incentives or Obligations? The U.S. Regulatory Approach to Voluntary AI Governance Standards
By FPF Legal Intern Rafal Fryc As artificial intelligence gets increasingly deployed across every sector of the economy, regulators find themselves grappling with a fundamental challenge: how to govern a technology that defies traditional regulatory frameworks and changes faster than legislation can keep pace. One increasingly common approach can be found outside the text of […]
FPF Privacy Papers for Policymakers: Impactful Privacy and AI Scholarship for a Digital Future
FPF recently concluded its 16th Annual Privacy Papers for Policymakers (PPPM) events, hosting two dynamic virtual ceremonies on March 4 and March 11, 2026. This year’s program centered on the most pressing areas in privacy and AI governance, bringing together global awardees to discuss their research with leading discussants from industry, academia, and civil society. […]
The Chatbot Moment: Mapping the Emerging 2026 U.S. Chatbot Legislative Landscape
Special thanks to Rafal Fryc, U.S. Legislation Intern, for his research and development of the resources referenced. If there is one area of AI policy that lawmakers seem particularly eager to regulate in 2026, it’s chatbots. As state legislative sessions ramp up across the country, policymakers at both the state and federal levels have introduced […]
Q&A With FPF Vice President for U.S. Policy, Matthew Reisman
In a new Q&A, our Vice President for U.S. Policy, Matthew Reisman, takes a deeper look at the privacy landscape, particularly his interests in the space, what to look forward to in the U.S. and AI sector, and what is key for stakeholders to pay attention to. What brought you into the privacy and data […]