Across the United States, evolving data collection and processing practices are driving digital services and socially beneficial research, but also pose increasing risks to individuals and communities that America’s existing sectoral privacy frameworks are insufficient to govern. In response, leaders in law and policy are considering more comprehensive approaches to privacy regulation, which establish baseline rights and protections for personal data throughout the economy. Years of negotiations in Congress culminated in the introduction of the bipartisan American Data Privacy and Protection Act in 2022; however, its fate remains uncertain. In the absence of federal legislation, five U.S. states—California, Virginia, Colorado, Utah, and Connecticut— enacted comprehensive consumer privacy laws between 2018-2022.
The Future of Privacy Forum provides expert, independent analysis of legislative and regulatory approaches to protecting data privacy interests. FPF does not typically support or oppose particular bills, but instead focuses on analyzing proposals in relation to existing privacy frameworks, sharing information on current data practices and technologies, and ensuring that data governance strategies are future-looking and adaptable.
FPF also engages with the broader privacy community through reports, blog posts, webinars, and educational programs such as the CPRA Law + Tech Series. It is our view that robust and durable policy outcomes can be achieved when all stakeholders are equipped to understand the key technologies, business practices, and legal mechanisms available to regulate privacy and data protection. FPF’s legislation work is led by Keir Lamont, Senior Director.
Record Set: Assessing Points of Emphasis from Public Input on the FTC’s Privacy Rulemaking
More than 1,200 law firms, advocacy organizations, trade associations, companies, researchers, and others responded to the Federal Trade Commission’s Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security.” Significantly, the ANPR initiates a process that may result in comprehensive regulation of data privacy and security in the United States, and also marks […]
FPF Provides Input on Draft Colorado Privacy Act Regulations
On September 30th, The Colorado Department of Law released draft regulations to implement the Colorado Privacy Act. The Future of Privacy Forum (FPF) filed written comments in response to the proposed rules on November 7th. Furthermore, FPF’s Keir Lamont and Felicity Slater participated in public stakeholder sessions hosted by the Colorado Attorney General’s Office as […]
FPF at IAPP’s Europe Data Protection Congress 2022: Global State of Play, Automated Decision-Making, and US Privacy Developments
Authored by Christina Michelakaki, FPF Intern for Global Policy On November 16 and 17, 2022, the IAPP hosted the Europe Data Protection Congress 2022 – Europe’s largest annual gathering of data protection experts. During the Congress, members of the Future of Privacy Forum (FPF) team moderated and spoke at three different panels. Additionally, on November […]
Five Big Questions (and Zero Predictions) for the U.S. State Privacy Landscape in 2023
Entering 2023, the United States remains one of the only global economic powers that lacks a comprehensive, national framework governing the collection and use of consumer data throughout the economy. Congress made unprecedented progress toward enacting baseline privacy legislation in 2022. However, the apparent impasse in the efforts to move H.R. 8152, the American Data […]
FPF Urges Federal Trade Commission to Craft Practical Privacy Rules
FPF Comments Regarding FTC ANPR Urge the Commission to Provide Individuals with Strong, Enforceable Rights and Companies with Greater Clarity about their Obligations under Section 5 of the FTC Act. The Future of Privacy Forum filed comments regarding the Federal Trade Commission’s Advance Notice of Proposed Rulemaking, recommending that the Commission prioritize practical rules that […]
FPF Releases Analysis of California’s New Age-Appropriate Design Code
FPF’s Youth & Education team is pleased to publish a new policy brief that builds on this first brief by providing a comparative analysis of the United Kingdom’s Age Appropriate Design Code (UK AADC) to the California AADC, which was modeled after the UK AADC. Learn more and download the UK and CA AADC Comparative policy brief here. […]
Call for Nominations: 13th Annual Privacy Papers for Policymakers
The Future of Privacy Forum (FPF) invites privacy scholars and authors with an interest in privacy issues to submit finished papers to be considered for FPF’s 13th annual Privacy Papers for Policymakers (PPPM) Award. This award provides researchers with the opportunity to inject ideas into the current policy discussion, bringing relevant privacy research to the attention of […]
The “Colorado Effect?” Status Check on Colorado’s Privacy Rulemaking
Colorado is set to formally enter a rulemaking process which may establish de facto interpretations for privacy protections across the United States. With the passage of the Colorado Privacy Act (CPA) in 2021, Colorado, along with Virginia, Utah, and Connecticut, became part of an emerging group of states adopting privacy laws that share a similar […]
FPF Participates in FTC Event on “Commercial Surveillance and Data Security” Proposed Rulemaking
Yesterday, FPF Senior Director for U.S. Policy Stacey Gray participated in a panel discussion hosted by the Federal Trade Commission (“FTC”) regarding its Advance Notice of Proposed Rulemaking (“ANPR”) on “Commercial Surveillance and Data Security” (comments start at 1:39:00). Feedback from the public forum is intended to help inform the Commission’s decision whether to proceed […]
Age-Appropriate Design Code Passes California Legislature
Update: On Sep 15, 2022, California Governor Gavin Newsom signed AB 2273, the California Age-Appropriate Design Code Act. The law will apply to businesses that provide online services, products, or features likely to be accessed by children and broadly requires businesses to implement their strongest privacy settings by default for young users up to the age of […]