Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Senior Director.
Little Rock, Minor Rights: Arkansas Leads with COPPA 2.0-Inspired Law
With thanks to Daniel Hales and Keir Lamont for their contributions. Shortly before the close of its 2025 session, the Arkansas legislature passed HB 1717, the Arkansas Children and Teens’ Online Privacy Protection Act, with unanimous votes. As the name suggests, Arkansas modeled this legislation after Senator Markey’s federal “COPPA 2.0” proposal, which passed the […]
FPF’s Year in Review 2024
With contributions from Judy Wang, Communications Intern 2024 was a landmark year for the Future of Privacy Forum, as we continued to grow our privacy leadership through research and analysis, domestic and global meetings, expert testimony, and more – all while commemorating our 15th anniversary. Expanding our AI Footprint While 2023 was the year of […]
FPF Submits Comments to Inform New York Children’s Privacy Rulemaking Processes
At the end of the 2024 legislative session, New York State passed a pair of bills aimed at creating heightened protections for children and teens online. One, the New York Child Data Protection Act (NYCDPA), applies to a broad range of online services that are “primarily directed to children.” The NYCDPA creates novel substantive data […]
Contextualizing the Kids Online Safety and Privacy Act: A Deep Dive into the Federal Kids Bill
Co-authored by Nick Alereza, FPF Policy Intern and student Boston University School of Law. With contributions from Jordan Francis. On July 30, 2024, the U.S. Senate passed the Kids Online Safety and Privacy Act (KOSPA) by a vote of 91-3. KOSPA is a legislative package that includes two bills that gained significant traction in the […]
Reflections on California’s Age-Appropriate Design Code in Advance of Oral Arguments
Co-authored with Isaiah Hinton, Policy Intern for the Youth and Education Team Update: On Wednesday, July 17th, the U.S. 9th Circuit Court of Appeals heard oral arguments for an appeal of the District Court’s preliminary injunction of the California Age-Appropriate Design Code Act (AADC). Judges Milan Smith Jr., Mark Bennett, and Anthony Johnstone appeared interested […]
Chevron Decision Will Impact Privacy and AI Regulations
The Supreme Court has issued a 6-3 decision in two long-awaited cases – Loper Bright Enterprises v. Raimondo and Relentless, Inc. v. Department of Commerce – overturning the legal doctrine of “Chevron deference.” While the decision will impact a wide range of federal rules, it is particularly salient for ongoing privacy, data protection, and artificial […]
AI Forward: FPF’s Annual DC Privacy Forum Explores Intersection of Privacy and AI
The Future of Privacy Forum (FPF) hosted its inaugural DC Privacy Forum: AI Forward on Wednesday, June 5th. Industry experts, policymakers, civil society, and academics explored the intersection of data, privacy, and AI. In Washington, DC’s southwest Waterfront at the InterContinental, participants joined in person for a full-day program consisting of keynote panels, AI talks, […]
Comprehensive Privacy Anchors in the Ocean State
On June 25, 2024, Governor McKee transmitted without signature H 7787 and S 2500, the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), making Rhode Island the nineteenth state overall and the seventh state in 2024 to enact a comprehensive privacy law. The law will take effect on January 1, 2026, and the majority […]
Top Six Major Privacy Enforcement Trends: A U.S. Legislation Retrospective
Enforcement activity intensifies as U.S. consumer privacy laws continue to evolve and come into effect. In 2023 and 2024 alone, there have been dozens of enforcement actions at the U.S. federal and state levels, some of which reveal or touch on significant throughlines for privacy policy issues, such as what constitutes a privacy violation or […]
Little Users, Big Protections: Colorado and Virginia pass laws focused on kids privacy
‘Don’t call me kid, don’t call me baby’ – unless you are a child residing in either Colorado or Virginia, where children will soon have increased privacy protections due to recent advances in youth privacy legislation. Virginia and Colorado both have broad-based privacy laws already in effect. During the 2024 state legislative sessions, both states […]