Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
On October 30, FPF provided testimony before a hearing of the Massachusetts Joint Committee on Education regarding H.532/S.280, an Act Relative to Student and Educator Data Privacy. Read our written testimony in full. Our testimony focused on highlighting relevant FPF resources for policymakers (including a case study on student privacy in Utah, our state student […]
FPF Submits Comments with the National Telecommunications and Information Administration (NTIA) on Kids Online Health and Safety
On November 15, the Future of Privacy Forum filed comments with the National Telecommunications and Information Administration (NTIA) in response to their request for comment on Kids Online Health and Safety as part of the Biden-Harris Administration’s Interagency Task Force on Kids Online Health & Safety. Read the comments here. Young people increasingly engage with […]
The Biden-Harris AI plan is incredibly comprehensive, with a whole of government approach and with an impact beyond government agencies. Although the executive order focuses on the government’s use of AI, the influence on the private sector will be profound due to the extensive requirements for government vendors, worker surveillance, education and housing priorities, the […]
FPF Weighs In on the Responsible Use and Adoption of Artificial Intelligence Technologies in New York City Classrooms
Last week, Future of Privacy Forum provided testimony at a joint public oversight hearing before the New York City Council Committees on Technology and Education on “The Role of Artificial Intelligence, Emerging Technology, and Computer Instruction in New York City Public Schools.” Specifically, FPF urged the Council to consider the following recommendations for the responsible adoption […]
The Future of Privacy Forum (FPF) invites privacy scholars and authors with an interest in privacy issues to submit finished papers to be considered for FPF’s 14th annual Privacy Papers for Policymakers (PPPM) Award. This award provides researchers with the opportunity to inject ideas into the current policy discussion, bringing relevant privacy research to the […]
FPF Files Comments for the FTC Health Breach Notification Rule Addressing Specific Definitions and Clarity of Scope
On August 8th, the Future of Privacy Forum (FPF) filed comments with the U.S. Federal Trade Commission (the Commission) regarding the Notice of Proposed Rulemaking (NPRM) to clarify the scope and application of the Health Breach Notification Rule (HBNR). The HBNR was promulgated in 2009 as part of the American Recovery and Reinvestment Act as […]
Old Laws & New Tech: As Courts Wrestle with Tough Questions under US Biometric Laws, Immersive Tech Raises New Challenges
Extended reality (XR) technologies often rely on users’ body-based data, particularly information about their eyes, hands, and body position, to create realistic, interactive experiences. However, data derived from individuals’ bodies can pose serious privacy and data protection risks for people. It can also create substantial liability risks for organizations, given the growing volume of lawsuits […]
On June 30, 2023, in the final hours of the Delaware legislative session, lawmakers in Dover passed House Bill 154, the Delaware Personal Data Privacy Act (“DPDPA”). If enacted by Governor Carey, the DPDPA will take effect on January 1, 2025 and follows the general model established by the Connecticut Data Privacy Act (CTDPA), with […]
FPF Files Comments with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights
On June 15, the Future of Privacy Forum (FPF) filed comments with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) regarding the Notice of Proposed Rulemaking (NPRM) on extending additional protections to reproductive health care data under the Health Insurance Portability and Accountability Act (HIPAA). One year ago last […]