Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
Featured
Out, Not Outed: Privacy for Sexual Health, Orientations, and Gender Identities
Co-authored by: Judy Wang (FPF Intern), Jeter Sison (FPF Intern), Jordan Wrigley (FPF Data and Policy Analyst, Health & Wellness) On National Coming Out Day, it’s important to recognize that Coming Out is a right of passage for many LGBTQ+ individuals and a decision that they should be empowered to make for themselves. Protections for […]
AI Forward: FPF’s Annual DC Privacy Forum Explores Intersection of Privacy and AI
The Future of Privacy Forum (FPF) hosted its inaugural DC Privacy Forum: AI Forward on Wednesday, June 5th. Industry experts, policymakers, civil society, and academics explored the intersection of data, privacy, and AI. In Washington, DC’s southwest Waterfront at the InterContinental, participants joined in person for a full-day program consisting of keynote panels, AI talks, […]
Top Six Major Privacy Enforcement Trends: A U.S. Legislation Retrospective
Enforcement activity intensifies as U.S. consumer privacy laws continue to evolve and come into effect. In 2023 and 2024 alone, there have been dozens of enforcement actions at the U.S. federal and state levels, some of which reveal or touch on significant throughlines for privacy policy issues, such as what constitutes a privacy violation or […]
Reproductive Rights Have Been Privacy Rights For 50 Years
About fifty years ago, the U.S. Supreme Court decided a case that would provide the basis for federal privacy protections for reproductive health decisions. The importance of protecting reproductive information and choice, particularly where abortion was concerned, was the basis for Roe v. Wade (1973) and Planned Parenthood v. Casey (1992), which provided women and […]
The DNA of Genetic Privacy Legislation: Montana, Tennessee, Texas, and Virginia Enter 2024 with New Genetic Privacy Laws Incorporating FPF’s Best Practices
In 2023, four states enacted new genetic privacy laws regulating direct-to-consumer genetic testing companies. This blog post provides details on what these new laws cover and how they compare to FPF’s widely-adopted Best Practices for Consumer Genetic Testing Services. Genetic privacy has been under increasing scrutiny at the state and federal levels, and regulators are […]
FPF Files Comments for the FTC Health Breach Notification Rule Addressing Specific Definitions and Clarity of Scope
On August 8th, the Future of Privacy Forum (FPF) filed comments with the U.S. Federal Trade Commission (the Commission) regarding the Notice of Proposed Rulemaking (NPRM) to clarify the scope and application of the Health Breach Notification Rule (HBNR). The HBNR was promulgated in 2009 as part of the American Recovery and Reinvestment Act as […]
FPF Files Comments with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights
On June 15, the Future of Privacy Forum (FPF) filed comments with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) regarding the Notice of Proposed Rulemaking (NPRM) on extending additional protections to reproductive health care data under the Health Insurance Portability and Accountability Act (HIPAA). One year ago last […]
(Health) Data is What (Health) Data Does in Nevada
Note: This title is inspired by Professor Daniel J. Solove’s recent essay, ‘Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data.’ On June 16, 2023, Nevada Senate Bill 370 (SB 370) was signed into law by Governor Lombardo, making Nevada the second state, after Washington, to pass broad-based consumer […]
Connecticut Shows You Can Have It All
On June 3rd, Connecticut Senate Bill 3 (SB 3), an “Act Concerning Online Privacy, Data and Safety Protections,” cleared the state legislature following unanimous votes in the House and Senate. If enacted by Governor Lamont, SB 3 will amend the Connecticut Data Privacy Act (CTDPA) to create new rights and protections for consumer health data […]
A New Paradigm for Consumer Health Data Privacy in Washington State
The Washington ‘My Health, My Data’ Act (MHMD or the Act) establishes a fundamentally new legal framework within U.S. law to regulate the collection, use, and transfer of consumer health data. Signed into law by Governor Inslee on April 27, MHMD was introduced by request of the Washington Attorney General in response to the Supreme […]