Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
Featured
Bipartisan Privacy Bill Would Govern Exposure Notification Services
Authors: Stacey Gray, Senior Counsel; Katelyn Ringrose, Christopher Wolf Diversity Law Fellow; and Polly Sanderson, Policy Counsel Yesterday, Senators Cantwell (D-WA), Cassidy (R-LA), and Klobuchar (D-MN) introduced a new COVID-19 data protection bill, the Exposure Notification Privacy Act, which would create legal limits for “automated exposure notification services.” The bill comes on the heels of […]
Close to the Finish Line: Observations on the Washington Privacy Act
By: Stacey Gray and Gabriela Zanfir-Fortuna * We wrote last week that Washington State seems poised to become the second US state to pass a major comprehensive privacy bill. The proposed Washington Privacy Act (WPA) would be mostly aligned with the EU’s GDPR, the global gold standard for data protection (although there are still some […]
A New U.S. Model for Privacy? Comparing the Washington Privacy Act to GDPR, CCPA, and More
By Stacey Gray, Pollyanna Sanderson, and Katelyn Ringrose Download a printable version of this report (pdf). As Congress continues to work toward drafting and passing a comprehensive national privacy law, state legislators are not slowing down. In Washington State, a new comprehensive privacy law is moving quickly: last week, the Washington Privacy Act (SSB 6281) […]
CCPA Amendment Update June 2019 – Twelve Bills Survive Assembly and Move to the Senate
By Michelle Bae and Jeremy Greenberg Privacy professionals seeking clarity on compliance with the California Consumer Privacy Act (CCPA) are monitoring numerous amendment bills introduced in the California State Assembly and the California State Senate. Twelve bills garnered the votes needed to pass the Assembly and moved to the Senate for further revision and voting. […]
FPF Comments on the California Consumer Privacy Act (CCPA)
On Friday, the Future of Privacy Forum submitted comments to the Office of the California Attorney General (AG), Xavier Becerra. Read FPF’s Full Comments (11-page letter) See Attachment 1: Comparing Privacy Laws: GDPR vs. CCPA See Attachment 2: A Visual Guide to Practical De-identification In FPF’s outreach to the AG, we commended the office for its […]
FPF Comments on the Washington Privacy Act, SB 5376
Today, the Future of Privacy Forum submitted comments to the Washington State Senate Ways & Means Committee on the proposed Washington Privacy Act, Senate Bill 5376. FPF takes a “neutral” position regarding the Bill, and makes a few important points. FPF commends the Bill’s sponsors for addressing a broad set of individual data protection rights. […]
Calls for Regulation on Facial Recognition Technology
We look forward to working with Microsoft, others in industry, and policymakers to “create policies, processes, and tools” to make responsible use of Facial Recognition technology a reality.
Learning from Europe but looking beyond for privacy law
FPF’s CEO, Jules Polonetsky, recently published an opinion piece in The Hill that discussed the need for comprehensive federal privacy legislation.
House Passes Email Privacy Act (H.R. 387)
Yesterday, the U.S. House of Representatives passed the Email Privacy Act (H.R. 387). The bill updates the Electronic Communications Privacy Act (ECPA), the law that sets standards for government access to private internet communications. Although ECPA was forward-thinking for its time, the developments of technology and communications in the 30 years since its passage have greatly surpassed its scope and the effectiveness of its policy direction.
Department of Commerce Director of Privacy Initiatives Joins the Future of Privacy Forum
Washington, DC – Today, the Future of Privacy Forum (FPF) announced that John Verdi will join the organization as Vice President of Policy to lead the development of its rapidly growing privacy policy portfolio. Verdi will be responsible for furthering FPF’s efforts to advance responsible privacy practices.