Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
Featured
Call for Nominations: 12th Annual Privacy Papers for Policymakers
The Future of Privacy Forum invites privacy scholars and authors with an interest in privacy issues to submit finished papers to be considered for FPF’s 12th annual Privacy Papers for Policymakers Award. This award provides researchers with the opportunity to inject ideas into the current policy discussion, bringing relevant privacy research to the attention of the U.S. […]
Uniform Law Commission Finalizes Model State Privacy Law
This month, the Uniform Law Commission (ULC) voted to approve the Uniform Personal Data Protection Act (UPDPA), a model bill designed to provide a template for uniform state privacy legislation. After some final amendments, it will be ready to be introduced in state legislatures in January 2022. The ULC has been engaged in an effort […]
What the Biden Executive Order Means for Data Protection
Last week, President Biden signed an Executive Order on “Promoting Competition in the American Economy” (“the Order” or “the EO”), published together with an explanatory Fact Sheet. The Order outlines a sweeping agenda for a “whole of government” approach to enforcement of antitrust laws in nearly every sector of the economy. Although there is a […]
Lessons for a Federal Private Right of Action in US Privacy Law after TransUnion LLC v. Ramirez
In June 2021, the Supreme Court handed down TransUnion v. Ramirez, 594 U.S. ___ (2021), its latest decision concerning Article III standing, which determines a plaintiff’s eligibility to sue in federal court. Even when a federal law expressly creates a private right of action to enforce a federal right or other violation of the law, […]
Navigating Preemption through the Lens of Existing State Privacy Laws
This post is part of an ongoing series on federal preemption and enforcement in United States federal privacy legislation. See Preemption in US Privacy Laws (June 14, 2021). In drafting a federal baseline privacy law in the United States, lawmakers must decide to what extent the law will override state and local privacy laws. In […]
Preemption in US Federal Privacy Laws
This post is the first in an ongoing series on federal preemption and enforcement in United States federal privacy legislation. As federal lawmakers consider proposals for a federal baseline privacy law in the United States, one of the most complex challenges is federal preemption, or the extent to which a federal law should nullify the […]
India’s new Intermediary & Digital Media Rules: Expanding the Boundaries of Executive Power in Digital Regulation
The majority of these provisions were unanticipated, resulting in a raft of petitions filed in High Courts across the country challenging the validity of the various aspects of the Rules, including with regard to their constitutionality.
Colorado Privacy Act Passes Legislature: Growing Inconsistencies Ramp Up Pressure for Federal Privacy Law
Today, the Colorado Senate approved the House version of the Colorado Privacy Act (SB21-190) that passed yesterday, on June 7. If approved by Governor Jared Polis, Colorado will follow Virginia and California as the third U.S. state to establish baseline legal protections for consumer privacy. “Although the Colorado Privacy Act contains notable advances that build […]
Automated Decision-Making Systems: Considerations for State Policymakers
In legislatures across the United States, state lawmakers are introducing proposals to govern the uses of automated decision-making systems (ADS) in record numbers. In contrast to comprehensive privacy bills that would regulate collection and use of personal information, automated decision-making system (ADS) bills in 2021 specifically seek to address increasing concerns about racial bias or […]
FPF Testifies on Automated Decision System Legislation in California
Last week, on April 8, 2021, FPF’s Dr. Sara Jordan testified before the California House Committee on Privacy and Consumer Protection on AB-13 (Public contracts: automated decision systems). The legislation passed out of committee (9 Ayes, 0 Noes) and was re-referred to the Committee on Appropriations. The bill would regulate state procurement, use, and development […]