New Report on Limits of “Consent” in New Zealand’s Data Protection Law
Authors: Elizabeth Santhosh and Dominic Paulger Elizabeth Santhosh is a current law student at Singapore Management University and an FPF Global Privacy intern. Introduction Today, the Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and […]
New Report on Limits of “Consent” in China’s Data Protection Law – First in a Series for Joint Project with Asian Business Law Institute
The Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI) are publishing today the first in a series of 14 detailed jurisdiction reports that will explore the role and limits of consent in the data protection laws and regulations of 14 jurisdictions in Asia Pacific (Australia, China, Hong Kong SAR, India, Indonesia, Japan, […]
When is a Biometric No Longer a Biometric?
In October 2021, the White House Office of Science and Technology (OSTP) published a Request for Information (RFI) regarding uses, harms, and recommendations for biometric technologies. Over 130 entities responded to the RFI, including advocacy organizations, scientists, experts in healthcare, lawyers, and technology companies. While most commenters agreed on core concepts of biometric technologies used […]
FPF Report: Automated Decision-Making Under the GDPR – A Comprehensive Case-Law Analysis
On May 17, the Future of Privacy Forum launched a comprehensive Report analyzing case-law under the General Data Protection Regulation (GDPR) applied to real-life cases involving Automated Decision Making (ADM). The Report is informed by extensive research covering more than 70 Court judgments, decisions from Data Protection Authorities (DPAs), specific Guidance and other policy documents […]
Diverging fining policies of European DPAs: is there room for coherent enforcement of the GDPR?
The European Union’s (EU) General Data Protection Regulation (GDPR) puts forward a non-exhaustive list of criteria in Article 83 that Data Protection Authorities (DPAs) need to consider when deciding whether to impose administrative fines and in determining their amount in specific cases. Notoriously, the ceiling for administrative fines put forward by the GDPR is high […]
What the Biden Executive Order on Digital Assets Means for Privacy
Author: Dale Rappaneau Dale Rappaneau is a policy intern at the Future of Privacy Forum and a 3L at the University of Maine School of Law. On March 9, the Biden Administration issued an Executive Order on “Ensuring Responsible Developments of Digital Assets” (“the Order”), published together with an explanatory Fact Sheet. The Order states […]
FPF at the 2022 IAPP Global Privacy Summit
Last week, IAPP held its first in-person annual Global Privacy Summit in Washington, DC since 2019! Through expert panels and our expo booth, FPF remained active during this two-day conference, with our CEO Jules Polonetsky holding a conversation with FTC Commissioner Noah Phillips, our data privacy experts speaking and providing their expert analysis at the […]
Privacy Harms, Global Privacy Regulation, and Algorithmic Decision Making are Major Topics During Privacy Papers for Policymakers Event
For the 12th year, the Future of Privacy Forum (FPF) hosted its Privacy Papers for Policymakers event, honoring the 2021 Privacy Papers for Policymakers Award winners. This year’s event featured an opening keynote by Colorado Attorney General Phil Weiser and facilitated discussions between the winning authors – Daniel Solove, Ben Green, Woody Hartzog, Neil Richards, […]
BCI Commercial and Government Use: Gaming, Education, Employment, and More
This post is the third in a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs. Click here for FPF and IBM’s full report: Privacy and the Connected Mind. In case you missed them, read the […]
Understanding why the first pieces fell in the transatlantic transfers domino
Two decisions issued by Data Protection Authorities (DPAs) in Europe and published in the second week of January 2022 found that two websites, one run by a contractor of the European Parliament (EP), and the other one by an Austrian company, have unlawfully transferred personal data to the US merely by placing cookies (Google Analytics and Stripe) provided by two US-based companies on the devices of their visitors.