Recent work
- California’s Prop 24, the “California Privacy Rights Act,” Passed. What’s Next?
- Comparing Privacy Laws: GDPR v. CCPA
- Off to the Races for Enforcement of California’s Privacy Law
- California Privacy Legislation: A Timeline of Key Events
- Comparing the Washington Privacy Act to GDPR, CCPA, and More
- Tech Talk with the Regulators – Understanding Anonymization Under the GDPR
- Comparing Senate Commerce Committee Bills
- Endgame Issues: New Brookings Report on Paths to Federal Privacy Legislation
- Bipartisan Privacy Bill Would Govern Exposure Notification Services
- Newly Released COVID-19 Privacy Bills Would Regulate Pandemic-Related Data
- Other Privacy Legislation Posts by FPF
Privacy Legislation Series
In our Privacy Legislation Series, FPF presents an array of educational webinars exploring topics in U.S. privacy legislation. In each webinar, experts dive deep into one aspect of a comprehensive privacy law, discuss what makes it important for addressing privacy harms, its historical context, and how it has been addressed in other existing federal, state, or international privacy laws. Each session is made available publicly and a list of additional recommended reading and resources is provided. Our goal is to provide policy experts with more tools to be better informed on data privacy legislation in 2020.
Upcoming Topics
*More topics to be added in the near future.
Jump to Previous Webinars
Topic #5 – Enforcement Mechanisms
How to enforce comprehensive consumer privacy law is a a key remaining issue of the federal privacy debate. At the state-level, there is also a lack of consensus on enforcement mechanisms. This webinar discusses the role of the FTC, state Attorneys General, and private rights of action.
FPF Resources
Recommended Reading
- Daniel J. Solove & Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia Law Review 583 (2014)
- Cass R. Sunstein & Richard B. Stewart, Public Programs and Private Rights, 95 Harvard Law Review 1193 (1981)
- Lauren H. Scholz, Privacy Remedies, 94 Indiana Law Journal 653 (2019)
- David Freeman Engstrom, Private Enforcement Pathways: Lessons From Qui Tam Litigation, Columbia Law Review, Vol. 114, No. 8 (2014)
Topic #4 – Child Privacy
Policymakers in the United States and abroad are reexamining how to effectively protect children’s privacy online without age-gating the internet.
FPF Resources
- Slide Deck
- Archived Webinar Recording
- FPF Youth Privacy Webpage & Recommended Resources
- MythBusters: COPPA Edition (2019)
Recommended Reading
- Dos and Don’ts for Compliance with COPPA, The Toy Industry Association (2013)
- Revisiting COPPA, Family Online Safety Institute (2019)
- Can organizations sell children’s data under the CCPA?, IAPP (2019)
- New technologies and 21st century children: Recent trends and outcomes, OECD (2018)
- Guide to the GDPR: Children (PDF p22-23), Bird & Bird (May 2019)
- Age Appropriate Design Code, UK ICO (January 2020)
- Children’s data and privacy online: An evidence review, London School of Economics and Political Science (2019)
Topic #3 – Preemption
As consensus is reached on many aspects of federal privacy legislation, preemption is taking center stage in both the Senate and the House. Although frequently presented as a binary choice between preemption and no preemption, in truth there is great flexibility in the extent to which Congress may choose to preempt State laws.
FPF Resources
Recommended Reading
- Federal Preemption: A Legal Primer (July 2019) Congressional Research Service
- Peter Swire, US federal privacy preemption, part 1 & 2 (IAPP)
- Paul M Schwartz, Preemption and Privacy, 118 Yale L.J. 902, 912 (2009)
- Compilation of State and Federal Privacy Laws by Robert Ellis Smith
- U.S. Private-Sector Privacy, Second Edition, Peter Swire, DeBrae Kennedy-Mayo
- Joseph L. Seidel, The Consumer Credit Reporting Reform Act: Information Sharing and Preemption, 2 N.C. Banking Inst. 79 (1998)
- Patricia L. Bellia, Federalization in Information Privacy Law, 118 Yale L.J. 868 (2009)
- Margot E. Kaminsky, Drone Federalism: Civilian Drones and Things They Carry, 4 Cal. L. Rev. Circuit 57 (2013)
- Bilyana Petkova, The Safeguarding of Privacy Federalism, 20 Lewis & Clark L. Rev. 595 (2016)
- Ira S. Rubinstein, Privacy Localism, 93 Wash. L. Rev. 1961 (2018)
- For an industry perspective, see Brad Smith, Senior Vice President, Gen. Counsel, Microsoft Corp., Protecting Consumers and the Marketplace: The Need for Federal Privacy Legislation (Nov. 2005)
Topic #2 – Commercial Research
FPF Resources
- Slide Deck
- Archived Webinar Recording
- Big Data for All: Privacy and User Control in the Age of Analytics by Omer Tene and Jules Polenetsky
- Benefit-Risk Analysis for Big Data Projects by Jules Polenetsky, Omer Tene, and Joseph Jerome
- FPF Examining Ethics, Privacy, and Research Reviews
- 2016 Roundtable on Ethics, Privacy, and Research Reviews
- Big Data Ethics
- Big Data: Catalyst for a Privacy Change
- Collection of Essays on Big Data
Recommended Reading
- Common Rule departments and agencies
- Common Rule (pre-2019 requirements)
- Revised Common Rule (2017)
- Belmont Report
- Institutional Review Boards
- Office of Human Research Protections
- HIPAA Privacy Rule standards for research
- Science and Privacy: Data Protection Laws and Their Impact on Research
- How the General Data Protection Regulation changes the rules for scientific research
Topic #1 – Defining Covered Data
How to define covered data is one of the first fundamental questions that lawmakers face as they consider how to draft any privacy or data security law, as it determines legislative scope and interoperability with existing laws (both in the US and internationally) that govern personal information.
FPF Resources
- Slide Deck
- Archived Webinar Recording
- A Visual Guide to Practical Data De-Identification
- City of Seattle Open Data Risk Assessment
- Comparing Privacy Laws: GDPR v. CCPA
- Digital Data Flows Masterclass
- Shades of Gray: Seeing the Full Spectrum of Practical Data De-identification
Recommended Reading
- Paul M. Schwartz & Daniel J. Solove, The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 86 N.Y.U. L.REV. 1814 (2011)
- Ira Rubinstein & Woody Hartzog, Anonymization and Risk, 91 Wash. L. Rev. 703 (2016)
- NIST, NISTIR 8053: De-Identification of Personal Information (Oct 2015)
- Alexandra Wood et al., A Primer on Differential Privacy for Non-Technical Audiences, 21 Vand. J. Ent. & Tech. 209 (2018)
- Article 29 Working Party (EU guidance body), Opinion on Anonymisation Techniques (2014)