Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
FPF Offers Input on Massachusetts Student Data Privacy Proposal
On October 30, FPF provided testimony before a hearing of the Massachusetts Joint Committee on Education regarding H.532/S.280, an Act Relative to Student and Educator Data Privacy. Read our written testimony in full. Our testimony focused on highlighting relevant FPF resources for policymakers (including a case study on student privacy in Utah, our state student […]
FPF Submits Comments with the National Telecommunications and Information Administration (NTIA) on Kids Online Health and Safety
On November 15, the Future of Privacy Forum filed comments with the National Telecommunications and Information Administration (NTIA) in response to their request for comment on Kids Online Health and Safety as part of the Biden-Harris Administration’s Interagency Task Force on Kids Online Health & Safety. Read the comments here. Young people increasingly engage with […]
FPF Weighs In on the Responsible Use and Adoption of Artificial Intelligence Technologies in New York City Classrooms
Last week, Future of Privacy Forum provided testimony at a joint public oversight hearing before the New York City Council Committees on Technology and Education on “The Role of Artificial Intelligence, Emerging Technology, and Computer Instruction in New York City Public Schools.” Specifically, FPF urged the Council to consider the following recommendations for the responsible adoption […]
FPF Releases Report on Verifiable Parental Consent
Today, FPF released a new report on the effectiveness of a key federal children’s privacy requirement known as verifiable parental consent (VPC). The Children’s Online Privacy and Protection Act (COPPA) requires operators of child-directed services to provide parents with detailed, direct notice and obtain parents’ affirmative express consent – verifiable parental consent – before collecting […]
Connecticut Shows You Can Have It All
On June 3rd, Connecticut Senate Bill 3 (SB 3), an “Act Concerning Online Privacy, Data and Safety Protections,” cleared the state legislature following unanimous votes in the House and Senate. If enacted by Governor Lamont, SB 3 will amend the Connecticut Data Privacy Act (CTDPA) to create new rights and protections for consumer health data […]
Shining a Light on the Florida Digital Bill of Rights
On May 4, 2023, the Florida ‘Digital Bill of Rights’ (SB 262) cleared the state legislature and now heads to the desk of the Governor for signature. SB 262 bears many similarities to the Washington Privacy Act and its progeny (specifically the Texas Data Privacy and Security Act). However, SB 262 is unique given its […]
Utah Considers Proposals to Require Web Services to Verify Users’ Ages, Obtain Parental Consent to Process Teens’ Data
Update: On March 23, Governor Spencer Cox signed SB 152 and HB 311. While amendments were made to both bills, the concerns raised in FPF’s analysis remain. SB 152 leaves critical provisions, such as methods to verify age or obtain parental consent, to be established in further rulemaking, but questions remain regarding whether these can […]
Five Big Questions (and Zero Predictions) for the U.S. State Privacy Landscape in 2023
Entering 2023, the United States remains one of the only global economic powers that lacks a comprehensive, national framework governing the collection and use of consumer data throughout the economy. Congress made unprecedented progress toward enacting baseline privacy legislation in 2022. However, the apparent impasse in the efforts to move H.R. 8152, the American Data […]
FPF Releases Analysis of California’s New Age-Appropriate Design Code
FPF’s Youth & Education team is pleased to publish a new policy brief that builds on this first brief by providing a comparative analysis of the United Kingdom’s Age Appropriate Design Code (UK AADC) to the California AADC, which was modeled after the UK AADC. Learn more and download the UK and CA AADC Comparative policy brief here. […]
Age-Appropriate Design Code Passes California Legislature
Update: On Sep 15, 2022, California Governor Gavin Newsom signed AB 2273, the California Age-Appropriate Design Code Act. The law will apply to businesses that provide online services, products, or features likely to be accessed by children and broadly requires businesses to implement their strongest privacy settings by default for young users up to the age of […]