Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Tatiana Rice, Senior Director.
Future of Privacy Forum Adds Amie Stepanovich, Additional Experts to U.S. & Global Policy Teams
New staff members add expertise and expand US policy engagement for independent data protection non-profit The Future of Privacy Forum (FPF) has added three new members to its U.S. policy team and a senior fellow to its global team. Amie Stepanovich will join FPF as VP of U.S. Policy, Keir Lamont joins as Senior Counsel, […]
FPF’s Stacey Gray Testifies Before Senate Finance Committee Regarding Data Brokers, Urges Congress Pass a Comprehensive Federal Privacy Law
Today, Future of Privacy Forum Senior Counsel Stacey Gray testified before the U.S. Senate Finance Subcommittee on Fiscal Responsibility and Economic Growth regarding consumer privacy in the technology sector. Stacey’s testimony explains that the term “data brokers” typically encompasses a wide variety of companies and business practices that use personal information for different purposes, some […]
FPF Files Comments on CPRA Initial Rulemaking
Yesterday, the Future of Privacy Forum filed comments with the California Privacy Protection Agency on the initial rulemaking under the California Privacy Rights Act (CPRA). The CPRA, which comes into effect in 2023, provides protections for sensitive personal information, expands the California Consumer Privacy Act’s opt-out rights, and requires businesses to provide mechanisms for individuals […]
Call for Nominations: 12th Annual Privacy Papers for Policymakers
The Future of Privacy Forum invites privacy scholars and authors with an interest in privacy issues to submit finished papers to be considered for FPF’s 12th annual Privacy Papers for Policymakers Award. This award provides researchers with the opportunity to inject ideas into the current policy discussion, bringing relevant privacy research to the attention of the U.S. […]
Uniform Law Commission Finalizes Model State Privacy Law
This month, the Uniform Law Commission (ULC) voted to approve the Uniform Personal Data Protection Act (UPDPA), a model bill designed to provide a template for uniform state privacy legislation. After some final amendments, it will be ready to be introduced in state legislatures in January 2022. The ULC has been engaged in an effort […]
What the Biden Executive Order Means for Data Protection
Last week, President Biden signed an Executive Order on “Promoting Competition in the American Economy” (“the Order” or “the EO”), published together with an explanatory Fact Sheet. The Order outlines a sweeping agenda for a “whole of government” approach to enforcement of antitrust laws in nearly every sector of the economy. Although there is a […]
Lessons for a Federal Private Right of Action in US Privacy Law after TransUnion LLC v. Ramirez
In June 2021, the Supreme Court handed down TransUnion v. Ramirez, 594 U.S. ___ (2021), its latest decision concerning Article III standing, which determines a plaintiff’s eligibility to sue in federal court. Even when a federal law expressly creates a private right of action to enforce a federal right or other violation of the law, […]
Navigating Preemption through the Lens of Existing State Privacy Laws
This post is the second of two posts on federal preemption and enforcement in United States federal privacy legislation. See Preemption in US Privacy Laws (June 14, 2021). In drafting a federal baseline privacy law in the United States, lawmakers must decide to what extent the law will override state and local privacy laws. In […]
Preemption in US Federal Privacy Laws
As federal lawmakers consider proposals for a federal baseline privacy law in the United States, one of the most complex challenges is federal preemption, or the extent to which a federal law should nullify the state laws on the books and the emerging laws addressing the collection and use of personal information. Many recognize the […]
Colorado Privacy Act Passes Legislature: Growing Inconsistencies Ramp Up Pressure for Federal Privacy Law
Today, the Colorado Senate approved the House version of the Colorado Privacy Act (SB21-190) that passed yesterday, on June 7. If approved by Governor Jared Polis, Colorado will follow Virginia and California as the third U.S. state to establish baseline legal protections for consumer privacy. “Although the Colorado Privacy Act contains notable advances that build […]