Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Director.
Top Six Major Privacy Enforcement Trends: A U.S. Legislation Retrospective
Enforcement activity intensifies as U.S. consumer privacy laws continue to evolve and come into effect. In 2023 and 2024 alone, there have been dozens of enforcement actions at the U.S. federal and state levels, some of which reveal or touch on significant throughlines for privacy policy issues, such as what constitutes a privacy violation or […]
Reproductive Rights Have Been Privacy Rights For 50 Years
About fifty years ago, the U.S. Supreme Court decided a case that would provide the basis for federal privacy protections for reproductive health decisions. The importance of protecting reproductive information and choice, particularly where abortion was concerned, was the basis for Roe v. Wade (1973) and Planned Parenthood v. Casey (1992), which provided women and […]
FPF Statement on the House Energy and Commerce Subcommittee on Innovation, Data and Commerce’s May 23 unanimous House subcommittee vote on the American Privacy Rights Act
Today, the House Energy and Commerce Subcommittee on Innovation, Data and Commerce unanimously passed the revised draft of the American Privacy Rights Act.
Peak Privacy: Vermont’s Summit on Data Privacy
On June 13, 2024, Governor Phil Scott vetoed H. 121. This marked the first governor veto of a comprehensive privacy bill passed by the state legislature. Immediately prior to the close of the state legislative session on May 10, 2024, the Vermont legislature passed H. 121, “An act relating to enhancing consumer privacy and the […]
The North Star State Joins the State Privacy Law Constellation
On May 19, 2024, the Minnesota Legislature passed HF 4757, an omnibus budget bill that includes the Minnesota Consumer Data Privacy Act (MNCDPA). The bill now heads to Governor Walz for signature. Developed by State Representative Steve Elkins over nearly five years and multiple legislative sessions, the MNCDPA is among the strongest iterations of the […]
Little Users, Big Protections: Colorado and Virginia pass laws focused on kids privacy
‘Don’t call me kid, don’t call me baby’ – unless you are a child residing in either Colorado or Virginia, where children will soon have increased privacy protections due to recent advances in youth privacy legislation. Virginia and Colorado both have broad-based privacy laws already in effect. During the 2024 state legislative sessions, both states […]
Colorado Enacts First Comprehensive U.S. Law Governing Artificial Intelligence Systems
On May 17, Governor Polis signed the Colorado AI Act (CAIA) (SB-205) into law, establishing new individual rights and protections with respect to high-risk artificial intelligence systems. Building off the work of existing best practices and prior legislative efforts, the CAIA is the first comprehensive United States law to explicitly establish guardrails against discriminatory outcomes […]
Now, On the Internet, Will Everyone Know if You’re a Child?
With help from Laquan Bates, Policy Intern for Youth and Education How Knowledge Standards Have Changed the Status Quo As minors increasingly spend time online, lawmakers continue to introduce legislation to enhance the privacy and safety of kids’ and teens’ online experiences beyond the existing Children’s Online Privacy Protection Act (COPPA) framework. Proposals have proliferated […]
FPF Responds to the OMB’s Request for Information on Responsible Artificial Intelligence Procurement in Government
On April 29, the Future of Privacy Forum submitted comments to the Office of Management and Budget (OMB) in response to the agency’s Request for Information (RFI) regarding responsible procurement of artificial intelligence (AI) in government, particularly regarding the intersection of AI tools and systems procurement with other risks posed by the development and use […]
New Age-Appropriate Design Code Framework Takes Hold in Maryland
On April 6, the Maryland legislature passed HB 603/SB 571, the “Maryland Age-Appropriate Design Code Act” (Maryland AADC), which is currently awaiting action from Governor Moore. While FPF has already written about Maryland’s potentially “paradigm-shifting” state comprehensive privacy law, the Maryland AADC may similarly pioneer a new model for other states. The Maryland AADC seeks […]