Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Tatiana Rice, Senior Director.
Paradigm Shift in the Palmetto State: A New Approach to Online Protection-by-Design
South Carolina Governor McMaster signed HB 3431, an Age-Appropriate Design Code (AADC) -style law, on February 5, adding to the growing list of new, bipartisan state frameworks fortifying online protections for minors. Although HB 3431 is dubbed an AADC, its divergence from past models and unique blend of requirements that draw upon a variety of […]
FPF Year in Review 2025
Co-authored by FPF Communications Intern Celeste Valentino with contributions from FPF Global Communications Manager Joana Bala This year, FPF continued to broaden its footprint across priority areas of data governance, further expanding activities across a range of cross-sector topics, including AI, Youth, Conflict of Laws, AgeTech (seniors), and Cyber-Security. We have engaged extensively at the local […]
Five Big Questions (and Zero Predictions) for the U.S. Privacy and AI Landscape in 2026
Introduction For better or worse, the U.S. is heading into 2026 under a familiar backdrop: no comprehensive federal privacy law, plenty of federal rumblings, and state legislators showing no signs of slowing down. What has changed is just how intertwined privacy, youth, and AI policy debates have become, whether the issue is sensitive data, data-driven […]
What’s New in COPPA 2.0? A Summary of the Proposed Changes
On November 25th, U.S. House Energy and Commerce introduced a comprehensive bill package to advance child online privacy and safety, which included its own version of the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0”) to modernize COPPA. First enacted in 1998, the Children’s Online Privacy Protection Act (COPPA) is a federal law that […]
FPF Submits Comments to Inform Colorado Minor Privacy Protections Rulemaking Process
On September 10th, FPF provided comments regarding draft regulations for implementing the heightened minor protections within the Colorado Privacy Act (“CPA”). Passed in 2021, the CPA, a Washington Privacy Act style-framework, provides comprehensive privacy protections to consumers in Colorado that are enforced by the state Attorney General’s office, which also has rulemaking authority. In 2024, […]
Annual DC Privacy Forum: Convening Top Voices in Governance in the Digital Age
FPF hosted its second annual DC Privacy Forum: Governance for Digital Leadership and Innovation on Wednesday, June 11. Staying true to the theme, this year’s forum convened key government, civil society, academic, and corporate privacy leaders for a day of critical discussions on privacy and AI policy. Gathering an audience of over 250 leaders from […]
Vermont and Nebraska: Diverging Experiments in State Age-Appropriate Design Codes
In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common goal: […]
FPF Experts Take The Stage at the 2025 IAPP Global Privacy Summit
By FPF Communications Intern Celeste Valentino Earlier this month, FPF participated at the IAPP’s annual Global Privacy Summit (GPS) at the Convention Center in Washington, D.C. The Summit convened top privacy professionals for a week of expert workshops, engaging panel discussions, and exciting networking opportunities on issues ranging from understanding U.S. state and global privacy […]
Amendments to the Montana Consumer Data Privacy Act Bring Big Changes to Big Sky Country
On May 8, Montana Governor Gianforte signed SB 297, amending the Montana Consumer Data Privacy Act (MCDPA). This amendment was sponsored by Senator Zolnikov, who also championed the underlying law’s enactment in 2023. Much has changed in the state privacy law landscape since the MCDPA was first enacted, and SB 297 incorporates elements of further […]
Little Rock, Minor Rights: Arkansas Leads with COPPA 2.0-Inspired Law
With thanks to Daniel Hales and Keir Lamont for their contributions. Shortly before the close of its 2025 session, the Arkansas legislature passed HB 1717, the Arkansas Children and Teens’ Online Privacy Protection Act, with unanimous votes. As the name suggests, Arkansas modeled this legislation after Senator Markey’s federal “COPPA 2.0” proposal, which passed the […]