Page 12 – Future of Privacy Forum

Chile’s New Data Protection Law: Context, Overview, and Key Takeaways

On August 26, 2024, the Chilean Congress approved Law 21.719, on the Protection of Personal Data (“LPPD”) after eight years of legislative debate. The legislation was published on December 13, 2024, and will become fully effective twenty-four months after that date (in December 2026).

The LPPD was introduced in the Senate in 2017 to replace Law 19.628, Ley sobre Protección de la Vida Privada (hereinafter referred to as “LPVP”), which was adopted in 1999 as Chile’s first national data protection framework, as well as the first such law in Latin America.

The LPVP provided a foundational framework for personal data protection for nearly 24 years. However, the evolving demands of technological development and globalization gradually highlighted the LPVP’s lack of compatibility with newer and more comprehensive global standards for data protection adopted by partner countries.

In particular, stronger data protection standards reflected in the European Union’s Directive 95/46/EC significantly influenced post-LPVP legislation in Latin America, with Argentina passing comprehensive data protection legislation in 2000 and Mexico in 2010, for example. A similar structural effect followed the enactment of the EU’s General Data Protection Regulation (GDPR), which has influenced recent proposals including Brazil’s Lei Geral de Proteção de Dados (LGPD) and Chile’s LPPD, although each nation has approached this era of policymaking in a unique way.

Prior congressional attempts to update the LPVP reflect the country’s efforts to align to best global standards and meet international commitments¹. According to the Chilean government, the approved LPPD pursues the dual objective of (i) providing stronger protection for data subjects and (ii) regulating and promoting the country’s digital economy.²

This blog covers some of the new features in the LPPD, including:

Extraterritoriality: the new law applies to private and public organizations processing personal data of individuals residing in Chile, regardless of where the processing takes place;
Stronger and new data subject rights: the LPPD expands regulation on previously recognized rights of access, rectification, suppression, and opposition, and adds new rights to portability and to block the processing of one’s data;
Additional lawful grounds for processing: the law introduces new legitimate bases for processing data as exceptions or alternatives to consent;
New obligations to controllers and processors: the LPPD imposes security incident reporting and confidentiality obligations, and the implementation of technical and organizational measures, compatible with explicitly recognized principles of legality, accountability, and privacy by design and by default, among others;
Cross-border data transfer regulation: the law recognizes several mechanisms for international transfers, including its own exception regime when transferring to non-adequate countries or in the absence of appropriate safeguards;
Data Protection Authority (DPA): the LPPD creates, for the first time, a DPA vested with supervisory, regulatory, and sanctioning powers to enforce the data protection framework;³
Stronger sanctioning regime: the new law incorporates sanctions for data protection violations, which can range between 2% and 4% of an entity’s total revenue, and creates a national registry for infractors.

Read further for a deeper insight into the key features of the new Chilean data protection law and how they differ from its predecessor and other data protection laws in the region.

1. Scope, covered actors, and exterritoriality

The LPPD regulates the form and conditions under which the processing of personal data of natural persons may be carried out, under Article 19 of the Chilean Constitution, which recognizes the right to personal data protection.⁴

Similar to other laws in the region (and to the model articulated in the GDPR), the LPPD applies extraterritorially to natural and legal persons, including public and private bodies, when the processing is carried out:

By a controller or processor established in Chilean territory;
When the processor or third party, regardless of its place of establishment or incorporation, processes personal data on behalf of a controller established or incorporated in the national territory; or
When the controller or processor is not established in Chilean territory, but the processing operations are intended to offer goods or services to data subjects in Chile – regardless of whether they are required to pay – or to monitor the behavior of data subjects in Chile, such as analysis, tracking, profiling, and behavior prediction (Art. 1 bis).

2. Covered data

Under Article 2(f) of the LPPD, “personal data” is broadly defined as “any information linked to or referring to an identified or identifiable natural person.” The LPPD establishes that an “identifiable” individual is one “whose identity can be determined, directly or indirectly, in particular by means of one or more identifiers, such as name, identity card number, analysis of elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of such person.” In addition, to determine whether an individual is identifiable, the law requires “all objective means and factors that could reasonably be used to identify the individual at the time of the processing” be considered.

The LPPD’s approach to anonymized data is initially consistent with the GDPR’s approach to the subject: anonymized data is information that does not relate to an identified or identifiable person, and thus is not personal data⁵. A similar initial definition is found in Brazil’s LGPD, though the Brazilian legislation explicitly recognizes that anonymization might be a reversible process⁶. The key differentiating feature of LPPD’s approach to “anonymization” is the term’s definition as an “irreversible process” that does not allow for the identification of a natural person.⁷ In that sense, the LPPD’s definition of anonymization seems stricter than the language found in both the GDPR and the LGPD concerning anonymized data. It is likely that future guidance may shed light on the requirements for “irreversibility” under Chilean law.

Concerning “pseudonymization,” the LPPD follows a similar approach to that found in the GDPR and LGPD. Chilean law defines it as a process carried out in a way that “[data] can no longer be attributed to a data subject without additional information, provided that such information is separate and subject to technical and organizational measures to ensure the data is not attributable to a natural person.” This approach points to the possibility of considering pseudonymized data as personal data as long as it can be linked to an identifiable individual through additional information.

Standards and guidance on anonymization and pseudonymization continue to be explored globally by authorities in the context of data protection frameworks. However, some laws explicitly recognize these techniques as a way to comply with data protection principles. The LPPD explicitly refers to pseudonymization as a technique relevant to comply with the security principle. Article 14 quinquies of the LPPD indicates that controllers shall implement “technical and organizational measures to ensure a level of security appropriate to the risk” such as pseudonymization and encryption of personal data, among other security measures.

3. Data Subject Rights: “ARCO” rights, data portability, and the right to block the processing of data

The LPPD includes two new data subject rights – the right to data portability and the right to block the processing of one’s data – in addition to the previous rights granted in the former LPVP: access, rectification, suppression, and opposition, also regionally known as the “ARCO” rights.

Similar to GDPR-inspired laws that have recently incorporated the right to portability, the LPPD indicates the data subject has the right to request and receive a copy of their data in an “electronic, structured, generic and commonly used format,” which allows the data to be read by different systems and the data subject to communicate or transfer the data to another data controller, when (i) the processing is carried out in the automated form; and (ii) the processing is based on the consent of the the data subject. When technically feasible, the LPPD mandates the portability to be performed directly from controller to controller.

In addition, the LPPD indicates the controller must use the “most expeditious and least onerous means” and communicate to the data subject in a “clear and precise manner” the necessary measures to carry out the portability. Notably, under Chilean law, the right to portability does not necessarily entail the deletion of the data by the transferring controller, which means the data subject must jointly request the deletion of their data once the portability is carried out (Art. 9).

The “right to block the processing of personal data” is the other new right added by the LPPD, which resembles the GDPR’s Article 19 “right to restriction of processing” and Brazil’s LGPD Article 18 “right to blocking unnecessary or excessive data.” Under Article 8 ter of the LPPD, this right is understood as a “temporary suspension of any processing operation” that pertains to a data subject when they make a rectification, erasure, or opposition request. The temporary suspension applies as long as the subject’s request remains open. This suggests that under the “right to block processing,” a data subject can immediately and effectively suspend the processing of their data before the rectification, erasure, or opposition request is processed by the controller. The controller is thus restricted from further processing, although it may continue storing the affected personal data.

Closely linked to the right of opposition, the LPPD introduces the “right to object and not be subject to decisions based on automated processing,” including profiling, when such processing produces legal effects on the data subject or significantly affects them (Art. 8 bis). Under the LPPD, “profiling” refers to “any form of automated processing of personal data that consists of using such data to evaluate, analyze or predict aspects relating to the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of a natural person” (Art. 2, (w)).

The LPPD hews closer to the GDPR in the sense that it expressly recognizes the “right to object and not be subject” to automated processing, unlike Brazil’s LGPD, which only recognizes a data subject’s “right to review” automated processing. Similar to the GDPR, Article 8 bis of the LPPD restricts the exercise of this right under certain circumstances, such as when: (i) the decision is necessary for the conclusion or execution of a contract between the subject and the agent; (ii) there is prior and express consent; or (iii) as indicated by law, to the extent that it provides safeguards for the rights and freedoms of the data subject. The operationalization of this right must safeguard the data subject’s rights to information and transparency, obtain an explanation and human intervention, express their point of view, and request a review of the decision. This set of rights and freedoms is encapsulated within the right to object and not be subject to automated processing.

4. Lawful grounds for processing and consent requirements

The LPPD maintains consent as the general basis for the processing of personal data – similar to how it was regulated by the former LPVP. Consent must be “free, informed and specific as to its purpose” and given “in advance and unequivocally” by means of a verbal or written statement, or expressed through electronic means or an affirmative act that “clearly shows” the owner’s intent. The data subject can revoke consent without retroactive effects, and its grant or revocation should be expeditious, reliable, free, and permanently available (Art. 12).

In line with the principle of purpose limitation, the LPPD presumes consent is not “freely given” when collected for the performance of a contract or the provision of a service, where the collection is not necessary to serve those purposes. However, this presumption is not applicable when a person or entity offering goods, services, or benefits solely requires the data subject’s consent to process their data (Art. 12). Notably, this scenario applies to many “free” online services, such as social media or messaging platforms, where consent to process an individual’s data for advertising or profiling purposes is often required for the provision of service.

Without consent of the data subject, the LPPD recognizes the following lawful grounds for processing:

When the processing refers to data relating to obligations of an economic, financial, banking, or commercial nature;
When the processing is necessary for the performance or fulfillment of a legal obligation or is required by law;
When the processing is necessary for the conclusion or performance of a contract, or the execution of pre-contractual measures at the request of the data subject;
When the processing is necessary for the satisfaction of the legitimate interests of the controller or a third party, provided that the rights and freedoms of the data subject are not affected – the subject may request to be informed about the processing and the legitimate interest under which the processing is carried out; or
When the processing is necessary for the formulation, exercise, or defense of a right before the courts or public bodies.

Processing sensitive data and children’s and adolescent’s data

Similar to other comprehensive frameworks, the LPPD distinguishes sensitive data from personal data of a general nature. Under Article 2 (g) of the LPPD, “sensitive data” encompasses data that refers to “physical or moral characteristics of persons or to facts or circumstances of their private life or intimacy, that reveal ethnic or racial origin, political, union or trade union affiliation, socioeconomic situation, ideological or philosophical convictions, religious beliefs, data related to health, human biological profile, biometric data, and information related to sexual life, sexual orientation and gender identity of a natural person.”

Chile’s sensitive data definition is comparable to definitions found in other laws in the region such as Brazil’s LGPD and Ecuador’s Ley Orgánica de Protección de Datos (LOPD), which base the nature of sensitivity on the potential of discrimination or impact on an individual’s rights and freedoms if such information is mishandled or unlawfully accessed.

As a general rule, sensitive data may only be processed with the consent of the data subject. Exceptionally, controllers may process sensitive data without consent in the following circumstances (Art. 16):

When the processing refers to sensitive data that has been made public by the data subject and its processing is related to the purposes for which it was published;
When the processing is based on a legitimate interest carried out by a non-profit entity under public or private law and when certain conditions are met;⁸
When the processing is indispensable to safeguard the life, health, or integrity of the data subject or another person, or when the subject is physically or legally prevented from giving their consent;
When the processing is necessary for the exercise or defense of a right before courts or an administrative body;
When the processing is necessary for the exercise of rights or fulfillment of an obligation related to labor or social security; and
When the processing is expressly authorized or mandated by law.

Under Article 16 bis of the LPPD, health data and biometric data may only be processed for the purposes provided by the applicable laws or with the data subject’s consent, unless one of the following scenarios applies:

There is an official sanitary alert;
When the processing is for historical, statistical, or scientific purposes, based on public interest;
When the processing is necessary for preventive or occupational medicine, evaluation of an employee’s capacity to work, medical diagnosis, or provision and management of health or social care services (Art. 16 bis).

Article 16 ter defines biometric data as “obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a person that allow or confirm the unique identification of the person, such as fingerprint, iris, hand or facial features and voice.” When processing biometric data, the controller is required to disclose the biometric system used, the purpose of the collection, the period during which the data will be processed, and the manner in which the subject can exercise their rights.

Similar to other frameworks in the region like Brazil’s LGPD, Article 16 quater of the LPPD incorporates the standard of “best interest” of the children when processing their data. As a general rule, the processing of such data may only be conducted in the child’s best interest and with respect to their “progressive autonomy” – a concept introduced, yet not defined, by the LPPD. The lawful processing of children’s data must be based on consent granted by the parents or legal guardian unless expressly authorized by law.

The LPPD introduces a notable distinction between the processing rules applicable to data from children (under 14 years old) and adolescents (between 14-18 years old). Under Chilean law, the processing of adolescents’ data may be processed following the general rules applicable to adults’ data, except when the information is sensitive and the child is below 16 years of age. This means that for processing sensitive data from 16 and below adolescents, controllers must still obtain consent from the parents or legal guardian. For other non-sensitive data, controllers may process adolescents’ data following the general rules of the LPPD, but would still be subject to the “best interest” standard. This distinction is a novel innovation of Chilean law and is not found in Brazil’s LGPD or Ecuador’s LOPD.

5. Duties and Obligations of Data Controllers

The LPPD’s provisions follow principles of lawfulness, fairness, purpose limitation, proportionality, quality, accountability, security, transparency, and confidentiality. These principles, along with other specific duties, guide the obligations of data controllers and are consistent with other modern data protection frameworks.

For instance, under Article 14 ter, controllers must inform and make available “background information” that proves the lawfulness of the data processing and promptly deliver such information when requested by data subjects or the authority. This suggests that regardless of whether the information is requested or not, controllers should keep this information readily available. This obligation relates to the “duty of information and transparency,” under which controllers must provide and keep “permanently available to the public” its processing policy, the categories of personal data subject to processing, a generic description of its databases, and the security measures to safeguard the data, among other information.

Notably, Article 14 quater also introduces the “duty of protection by design and by default,” resembling GDPR Article 25. Under the LPPD, this duty refers to the application of “appropriate technical and organizational measures” before and during the processing. Drawing inspiration from the GDPR, the LPPD indicates the measures should consider the state of the art, costs, nature, scope, context, purpose, and risks associated with the data processing.

Although the LPPD does not expressly recognize a “right to anonymization” like Brazil’s LGPD, it sets out the controller’s obligation to anonymize personal data when it was obtained for the execution of pre-contractual measures (Art. 14, (e)). This obligation is closely linked to the general data protection principles, and effective compliance with this duty would free controllers from the scope of the LPPD.

In relation to the security principle, Article 14 quinquies of the LPPD provides that controllers must adopt necessary security measures to ensure the confidentiality, integrity, availability, and resilience of the data processing systems, as well as to prevent alteration, destruction, loss, or unauthorized access to the data. Both controller and processor must take technical and organizational measures to ensure the security of the processing, in consideration of the risks associated with the processing, such as:

Applying pseudonymization and encryption of personal data where possible
Capability to restore access to the personal data in the event of a physical or technical incident
Conduct regular assessments of the effectiveness of technical and organizational measures

Security Incident Notification

Under Article 14 sexies of the LPPD, the responsible agent must report to the Agency by the “most expeditious means possible and without undue delay” any incident that can cause the accidental or unlawful destruction, breach, loss, or alteration of the personal data or the unauthorized communication or access to such data, when there is a “reasonable risk to the rights and freedoms of the data subjects.” Since the law is not clear on a specific timeframe for notification, it is expected the Agency will further regulate this area.

The law also requires the controller to record these communications and describe the nature of the incident, its potential or demonstrated effects, the type of affected data, the approximate number of affected data subjects, and measures taken to manage and prevent future incidents.

When the security incident concerns sensitive or children’s data, or data relating to economic, financial, banking, or commercial obligations, the controller must also communicate the incident to the owners in “clear and simple” language. If the notification cannot be made personally, the controller must notify via a mass notice in at least one of the main national media outlets.

Notably, Article 14 septies includes different standards of compliance with the “duty of information and transparency” and the “duty to adopt security measures” for controllers, based on whether they are a natural or legal person, their size, the activity they carry out, and the volume, nature, and purposes of their processing. The Agency will issue further regulation on the operationalization of these different standards.

For organizations not incorporated in Chile, Articles 10 and 14 of the LPPD establish that the controller must indicate to the Agency in writing an email address of the legal or natural person authorized to act on their behalf, so that the Agency can establish communications with them and data subjects can exercise their rights.

Similar to other frameworks, Article 15 bis limits the processor to carry out the data processing in accordance with the instructions given by the controller. If the processor or a third party processes the data for a different purpose or transfers the data without authorization, the processor will be considered the data controller for all legal purposes. The processor will be personally liable for any infringements incurred, and jointly and severally liable with the controller for any damages caused. Importantly, the “duty of confidentiality” and the “duty to adopt security measures” extend to the processor in the same terms applicable to the controller.

Data Protection Impact Assessment

Similar to the GDPR, under Article 15 ter of the LPPD, controllers must carry out a personal data protection impact assessment (DPIA) where the data processing is “likely to result in a high risk to the rights of data subjects” and in the following cases:

When the operation involves a systematic and exhaustive evaluation of personal aspects of the data subjects based on automated processing, such as profiling;
Massive or large-scale data processing;
Processing that involves systematic observation or monitoring of a publicly accessible area; or
Processing of sensitive or specially protected information.

The Agency will publish a list indicating the processing operations that may require a DPIA under the LPPD. In addition, the law obligates the Agency to issue guidance on the specific requirements for conducting DPIAs, so forthcoming regulation on this matter is expected once the Agency begins to operate. Notably, Article 15 ter sets out similar DPIA requirements as the GDPR, indicating that data controllers must indicate the description of the processing operations and their purpose, an assessment of the necessity and proportionality of the processing concerning its purpose, an assessment of the risks it may pose, and the adoption of mitigation measures.

Voluntary Appointment of a Data Protection Officer

Unlike other modern comprehensive data protection laws, the LPPD does not require the appointment of a Data Protection Officer (DPO). However, Article 49 indicates that controllers may voluntarily appoint a DPO that meets the requirements of suitability, capacity, and independence. Furthermore, the law indicates that controllers may adopt a “compliance program” that indicates, among other things, the appointment of the DPO and its powers and duties under that program. However, if the organization adopts a compliance program, it must be expressly incorporated into all employment or service provision contracts of the entity acting as data controller or processor.

6. Cross-Border Data Transfers

Similar to other frameworks in the region and the GDPR, cross-border data transfers made to a person, entity, or organization are generally authorized by the LPPD under the following mechanisms: (i) adequacy; (ii) contractual clauses, binding corporate rules, or other legal instruments entered into between the transferor and transferee; or (iii) under a compliance model or certification mechanism, along with adequate guarantees. The Agency will be in charge of publishing a list of “adequate” countries – under the criteria set forth by the law, as well as model contractual clauses and other legal instruments for international data transfers. Although the LPPD does not provide a specific timeline for publication, it does indicate that the agency will publish on its official website a list of countries deemed “adequate” as well as release the model contractual clauses and other data transfer mechanisms.

In the absence of an adequacy decision or proper safeguards, a “specific and non-customary” transfer may still be made under the following circumstances:

With the express consent of the data subject;
When it refers to a bank, financial, or stock exchange transfer under the applicable laws;
When the transfer is necessary to comply with international obligations under treaties and conventions ratified by the Chilean State;
When the transfer is necessary for cooperation between public bodies for the fulfillment of their functions or for international judicial cooperation;
When the transfer is necessary for the conclusion or performance of a contract or pre-contractual measures between the data subject and the data controller; or
When the transfer is necessary for urgent medical or sanitary measures or management of health services (Art. 27).

Notwithstanding the previous exceptions, Article 28 of the LPPD also includes a broader authorization for transfers that do not fall under any of these scenarios. Under Chilean law, an international data transfer may still be authorized when the transferor and transferee demonstrate “appropriate guarantees” to protect the rights and interests of the data subjects and the security of the information. This provision leaves a broad possibility to transfer personal data without any of the traditional mechanisms or for any of the purposes listed above as long as the Agency determines there are appropriate measures in place for the transfer to take place.

7. Infractions and Civil Liability

Violations of the principles and obligations set out in the LPPD may be subject to administrative and civil liability. The LPPD classifies violations as “minor” (i.e. failing to respond to data subject’s requests or to communicate with the Agency), “serious” (i.e., processing data without a legal basis or for a purpose different for which the data was collected) and “very serious” (i.e. fraudulent or malicious processing of personal data, or knowingly transferring sensitive data in contravention with the law). Notably, “very serious” violations seem to require the demonstration of intent by the infractor.

Penalties under the LPPD can range from 5,000 national tax units (around USD 387.000) to 20,000 tax units (USD 1.550.000 USD). In the case of repeated “very serious” violations, the Agency may also order the total or partial suspension of processing activities for up to thirty (30) days, a period during which the infractor must demonstrate the adoption of necessary measures to comply with the law. For entities that are not considered “small businesses”⁹ with repeated serious or very serious violations, the Agency may impose a fine of 2% or 4% of its annual income in the last calendar year.

Furthermore, as a dissuasive mechanism, the LPPD also creates the National Registry of Sanctions and Compliance, which will record all data controllers sanctioned for data protection violations and indicate the seriousness of the infringement, as well as aggravating or mitigating circumstances, for five (5) years.

Towards Stronger Data Protection in Chile

With the passage of the LPPD, Chile enters an era of stronger data protection requirements and enforcement. The new law expands existing data subject rights and interests and incorporates new ones, sets out relevant obligations consistent with the evolving nature and demands of offering goods and services in the digital ecosystem, aligns with other global standards of personal data protection, and incorporates higher fines and dissuasive mechanisms.

Although the LPPD draws structural inspiration from the GDPR, it also maintains certain provisions unique to its predecessor law, the LVPD, such as specific regulations for the commercial and banking sectors, and broader exceptions to the lawful grounds for processing of personal data, including sensitive and children’s data.

The LPPD may again position Chile as a regional data protection trend-setter. Other countries with not-so-old data protection laws currently seeking to update their normative frameworks, such as Argentina and Colombia, could be influenced by the landmark passing of the LPPD, facilitating a new wave of “second generation” data protection laws in Latin America.

The Chilean Congress previously analyzed at least two similar proposals under different administrations in 2008 and 2012. Two of the recurring motivations for updating the data protection framework were to achieve adequacy under the EU’s regime and comply with Chile’s commitment to update its legislation after becoming an OECD member in 2010. ↩︎
See: press release from government after approval of LPPD. ↩︎
The Agency will be managed by a Directive Council composed of three Councilors designated by the Executive and ratified by the Senate. The first Councilors are expected to be appointed within sixty (60) days after the formal enactment of the law.
↩︎
Article 19, sec. 4, of the Chilean Constitution recognizes the right to private life, human dignity, and personal data protection. ↩︎
EU Regulation 2016/679 (GDPR), Recital 26. ↩︎
Lei Geral de Proteção de Dados (LGPD), Article 12 ↩︎
Law No. 21.719, (LPPD), Art. 2(k). ↩︎
For this exception to apply, the entity must have a political, philosophical, religious, or cultural purpose, or be a trade union; the processing refers exclusively to the entity’s members or affiliates and fulfills the purposes of the entity; the entity grants necessary guarantees to avoid unauthorized use or access to the data; and the personal data is not transferred to third parties. ↩︎
As defined under Article 2 of Law no. 20.416. ↩︎

Geopolitical fragmentation, the AI race, and global data flows: the new reality

Most countries in the world have data protection or privacy laws and there is growing cross-border enforcement cooperation between data protection authorities, which might lead one to believe that the protection of global data flows and transfers is steadily advancing. However, instability and risks arising from wars, trade disputes, and the weakening of the rule of law are increasing, and are causing legal systems that protect data transferred across borders to become more inward-looking and to grow farther apart.

The geopolitical race to take a leading role in the development of AI (the ‘AI race’), a technology which requires borderless access to data for the best performing systems and models, is also fundamentally reshaping the international data flows landscape and leading to increased regulatory fragmentation. These two areas (privacy and data protection on the one hand and AI on the other) are intimately connected, as privacy and data protection law form the basis for AI regulation in many regions of the world.

Fragmentation refers to the multiplicity of legal norms, courts and tribunals (including data protection authorities), and regulatory practices regarding privacy and data protection that exist around the world. This diversity is understandable in that it reflects different legal and cultural values regarding privacy and data protection, but it can also create conflicts between legal systems and increased burdens for data flows.

While this new reality affects all regions of the world, it can be illustrated by considering recent developments in three powerful geopolitical players, namely the European Union, the People’s Republic of China, and the United States. Dealing with these risks requires that greater attention be paid to geopolitical crises and legal fragmentation as a threat to protections for the free flow of data across borders.

The end of the ‘Brussels effect’?

There has been much talk of the ‘Brussels effect’ that has allowed the EU to export its regulatory approach, including its data protection law, to other regions. However, the rules on international data transfers contained in Chapter V of the EU General Data Protection Regulation (‘GDPR’) face challenges that may diminish their global influence.

These challenges are in part homemade. The standard of ‘essential equivalence’ with EU law that is required for a country to receive a formal adequacy decision from the European Commission allowing personal data to flow freely to it is difficult for many third countries to attain and sometimes leads to legal and political conflicts. The protection of data transfers under the GDPR has been criticised in the recent Draghi report as overly bureaucratic, and there have been calls to improve harmonisation of the GDPR’s application in order to increase economic growth. In particular, the approval of adequacy decisions is lengthy and untransparent, and other legal bases for data transfers are plagued by disagreements about key concepts between data protection authorities. The GDPR also applies to EU legislation dealing with AI (see the EU AI Act, Article 2(7)), so that problems with data transfers under the GDPR also affect AI-related transfers.

These factors indicate that the EU approach to data transfers may gradually lose traction with other countries. Although many of them still seek EU adequacy decisions and are happy to cooperate with the EU on data protection matters, they may also simultaneously explore other options. For example, some countries that are already subject to an EU adequacy decision or decisions (such as Canada, Japan, Korea, and the UK which has received adequacy decisions under both the GDPR and Law Enforcement Directive) have also joined a group that is establishing ‘Global Cross-Border Privacy Rules’ as a more flexible alternative system for data transfers.

Political challenges to the EU’s personal data transfer regime are now also present. Some companies are encouraging new US President Trump to challenge the enforcement of EU law against them, and some far-right parties in Europe have called for its repeal.

Meanwhile, partly in response to the increased need for access to data in the AI race and partly under a novel digital sovereignty paradigm in this new geopolitical reality, the EU has also begun introducing restrictions on transfers of non-personal data outside the EU, such as through the Data Act, the Data Governance Act, and data localization requirements under the European Health Data Space Regulation. In addition, under the Data Act ‘data holders,’ regardless of where they are based in the world, must make data related to the use of connected devices readily available to EU-based users and recipients. Initiatives to promote the EU’s digital sovereignty and minimise the need to transfer data to centralized foreign platforms can also be expected to gain momentum.

The rise of China

China has already enacted many data-related laws, including some dealing with data transfers, after first introducing sweeping data localization requirements in 2017. It was all the more surprising that in November 2024 the Chinese government announced that it will launch a ‘global cross-border data flow cooperation initiative,’ and that it is ‘willing to deepen cooperation with all parties to promote efficient, convenient, and secure cross-border data flows.’ In a speech he gave at the same time, Chinese leader Xi Jinping said that China ‘is willing to deepen cooperation with all parties to jointly promote efficient, convenient and secure cross-border data flows’.

Exactly what this means is presently unclear. However, China is a member of the BRICS group, which includes countries with nearly half of the world’s population, and has also enacted many regulations dealing with AI. If China is able to use its political and economic clout to influence the agenda for cross-border data flows, as some scholars hypothesize, this could bring the BRICS countries and others deeper into its regulatory orbit for both privacy and AI.

The arrival of data transfer rules in the US

The United States government has recently relaxed its traditional opposition to controls on data transfers and enacted regulations to regulate certain transfers based on US national security concerns.

In February 2024 former US President Biden issued an executive order limiting bulk sales of personal data to ‘countries of concern.’ The Department of Justice then issued a Final Rule in December 2024 setting out a regulatory program to address the ‘urgent and extraordinary national security threat posed by the continuing efforts of countries of concern (and covered persons that they can leverage) to access and exploit Americans’ bulk sensitive personal data and certain U.S. Government-related data.’

It is no secret that these initiatives are primarily focused on data transfers to China, which is one of the six ‘countries of concern’ determined by the Attorney General, with the concurrence of the Secretaries of State and Commerce (the other five are Venezuela, Cuba, North Korea, Iran and Russia, according to Section 202.211 of the Final Rule). While some scholars have expressed skepticism about whether these initiatives will really bring their intended benefits, it is significant that national security has been used as a basis both for regulating data flows and for a shift in US trade policy.

It is too soon to tell if President Trump will continue this focus. However, some of the actions that his administration has already taken have drawn the attention of digital rights groups in Europe who believe they may imperil the EU-US data privacy framework that serves as the basis for the EU adequacy decision allowing free data flows to the US. It is also questionable whether the EU will put resources into negotiating further agreements to facilitate data transfers to the US in light of the current breakdown in transatlantic relations.

Conclusions

We have entered a new era of instability where geopolitical tensions and the AI race have a significant impact on the protection of data flows. To be sure, political factors have long influenced the legal climate for data transfers, such as in the disputes between the EU and the US that led to the EU Court of Justice invalidating EU adequacy decisions in its two Schrems judgments (Case C-362/14 and Case C-311/18). The European Commission has also admitted that political and economic factors influence its approach to data flows. However, in the past political disputes about data transfers largely remained within the limits of disagreements between friends and allies, whereas the tensions that currently threaten them often arise from serious international conflicts that can quickly spiral out of control.

The fragmentation of data transfer rules along regional and sectoral lines will likely increase with the development of AI and similar technologies that require completely borderless data flows, and with increased cross-border enforcement of data protection law in cases involving AI. Initiatives to regulate data transfers used in AI have already been proposed at the regional level, such as in the Continental Artificial Intelligence Strategy published in August 2024 by the African Union, which refers to cooperation ‘to create capacity to enable African countries to self-manage their data and AI and take advantage of regional initiatives and regulated data flows to govern data appropriately’. This will likely also give additional impetus to digital sovereignty initiatives in different regions, which will lead to even greater fragmentation.

Data protection authorities have also begun sanctioning companies for improper data transfers in connection with the use of AI systems, as happened recently in a case where the South Korea Personal Information Protection Commission ordered the Chinese fintech company Alipay to destroy AI models containing personal information transferred to China in violation of South Korean data protection law (see press release no. 135).

The growing influence of geopolitics demonstrates that the protection of data flows requires a strong rule of law, which is currently under threat around the world. The regulation of data transfers is too often regarded as a technocratic exercise that focuses on steps such as filling out forms and compiling impact assessments. However, such exercises can only provide protection within a legal system that is underpinned by the rule of law. The weakening of factors that comprise the rule of law, such as the separation of powers and a strong and independent judiciary, drives uncertainty and the fragmentation of data transfer regulation even more.

The approaches to data transfer regulation pursued by the leading geopolitical players each have their strengths and weaknesses. The EU approach has attained considerable influence around the world, but is coming under pressure largely because of homegrown problems. The US emphasis on national security is inward-looking, but could become popular in other countries as well. China’s new initiative to regulate data transfers seems poised to attain greater international influence, though this may be mainly limited to the Asia-Pacific region.

Although complying with data transfer regulation has always required attention to risk, geopolitical risk has been broadly overlooked so far, perhaps because it can seem overwhelming and impossible to predict. Indeed, events that have disrupted data flows such as Brexit and the Russian invasion of Ukraine were sometimes dismissed before they happened. However, this new reality requires incorporating the management of geopolitical risk into assessing the viability and legal certainty of international data transfers by organizations active across borders. There are steps that can be taken to manage geopolitical risk, such as those identified by the World Economic Forum, namely: assessing risks to understand them better; looking at ways to reduce the risks; ringfencing risks when possible; and developing plans to deal with events if they occur.

Parties involved in data transfers already need to perform risk assessments, but geopolitical events present a larger scale of risk than many will be used to. Risk reduction and ringfencing for unpredictable ‘black swan events’ such as wars or sudden international crises are difficult, and may require drastic measures such as halting data flows or changing supply chains that need to be prepared in advance.

Major geopolitical events and the AI race are having a significant effect on data protection and data flows, making it essential to anticipate them as much as possible and to develop plans to cope with them should they occur. The only thing that can be safely predicted is that further geopolitical developments are in store with the potential to bring massive changes to the data protection landscape and disrupt global data flows, making it essential to give them a prominent place in risk analysis when transferring data.

FPF Submits Comments to the California Privacy Protection Agency on Proposed Rulemaking

On February 19, the Future of Privacy Forum (FPF) submitted comments to the California Privacy Protection Agency (CPPA) concerning draft regulations governing cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) access and opt-out rights under the California Consumer Privacy Act.

Read the Comments

FPF’s comments identified opportunities to bring additional clarity to key elements of the proposed regulations as well as support interoperability with other US legal frameworks. In particular, FPF recommended that the CPPA—

Clarify the “substantially facilitate” standard for in-scope ADMT systems, to provide more certainty for businesses and focus requirements to the highest-risk uses of ADMT;
Ensure that carve-outs for narrowly used, low-risk AI systems are appropriately tailored to avoid unintended impacts to socially beneficial technologies and use cases;
Clarify the intended scope of definition “significant decision” to include decisions that result in “access to” the specified goods and services;
Consider whether application of requirements to training ADMT systems that are “capable” of being used for certain purposes, rather than intended or reasonably likely to be used for such purposes, is too broad;
Clarify what it means for an ADMT or AI system to be used for “establishing individual identity”;
Clarify that requests to opt-out of having one’s personal information processed to train ADMT or AI systems submitted after processing has begun do not require businesses to retrain models;
Consider whether requiring businesses to identify “technology to be used in the processing” in risk assessments is overly broad;
Clarify that, in conducting risk assessments, the benefits from processing activities should be weighed against the risks to individuals’ privacy as mitigated by safeguards;
Consider whether it is appropriate to require board members to certify a business’s cybersecurity audits; and
Provide flexibility to support the delivery of effective and context-appropriate privacy notices, particularly with respect to virtual and augmented reality environments.

FPF’s comments also included a comparison chart highlighting similarities and differences between the CPPA’s proposed risk assessment regulations, data protection assessment regulations pursuant to the Colorado Privacy Act, and data protection impact assessment requirements under the General Data Protection Regulation.

FPF Releases Infographic Highlighting the Spectrum of AI in Education

To highlight the wide range of current use cases for Artificial Intelligence (AI) in education and future possibilities and constraints, the Future of Privacy Forum (FPF) today released a new infographic, Artificial Intelligence in Education: Key Concepts and Uses. While generative AI tools that can write essays, generate and alter images, and engage with students have brought increased attention to the topic, schools have been using AI-enabled applications for years.

Download the Infographic

The AI in Education infographic builds on FPF’s 2023 The Spectrum of Artificial Intelligence report and infographic, and illustrates a sample of the use cases these technologies support, tailored to the school environment.

“AI encompasses a broad range of technologies, and understanding the main types of AI, how they interrelate, and how they use student data is critical for educators, school leaders, and policymakers evaluating their risks and benefits in the educational environment,” said Jim Siegl, FPF Senior Technologist for Youth & Education Privacy. “Understanding the use case and context is critically important, and we hope this infographic underscores the need for nuance when setting AI policies in schools.”

Although popular edtech tools powered by machine learning (ML), large language models (LLM), and generative AI (GEN) are transforming education by personalizing learning experiences and automating administrative tasks, AI is not limited to these models. It spans various other forms, including knowledge engineering, symbolic AI, natural language processing, and reinforcement learning, each contributing uniquely to enhancing human capabilities in the completion of specific tasks in the school context.

The infographic takes a closer look at several common AI use cases in schools, including:

Automated grading and feedback, allow teachers to spend more time focused on instruction and student support. While these tools may aid in consistency and objectivity in grading, they should be designed to comply with student privacy laws, and the output should be reviewed by the teacher for risk of bias.
Student monitoring, via integrated systems designed to assist schools in monitoring activity on school-issued divides, accounts, and district internet connections. Student monitoring is done to detect threats to student safety, comply with state and federal regulations, respond to community concerns, and identify at-risk students.
Curriculum development, through systems that can help educators design effective curricula to meet current education standards and student needs. Additionally, AI can help generate quizzes, worksheets, and reading materials tailored to the curriculum.
Intelligent tutoring systems can create customized learning plans and provide students with additional support outside of classroom hours, helping to reinforce concepts through an interactive and engaging learning experience.
School security includes using facial recognition and advanced video analytics to enable faster and more accurate responses to potential threats and ultimately help ensure a safe learning environment.

AI in Education: Key Concepts and Uses is the latest infographic resource in a series from FPF; previously released infographics related to youth and education privacy include Encryption Keeps Everyone Safe, Unpacking Age Assurance: Technologies and Tradeoffs, Understanding Student Monitoring, and Youth Data and Privacy Protection 101. To view all of FPF’s infographics, click here.

To support schools seeking to vet AI tools for legal compliance, FPF released a checklist and guide last year. To access all of FPF’s Youth & Education Privacy resources, visit StudentPrivacyCompass.org.

Why data protection legislation offers a powerful tool for regulating AI

For some, it may have come as a surprise that the first existential legal challenges large language models (LLMs) faced after their market launch were under data protection law, a legal field that looks arcane in the eyes of those enthralled by novel Artificial Intelligence (AI) law, or AI ethics and governance principles. But data protection law was created in the 1960s and 1970s specifically in response to automation, computers and the idea of future “thinking machines”.

The fact that it is now immediately relevant to AI systems, including the most complex ones, is not an unintended consequence. To some extent, the current wave of AI law and governance principles could be seen as the next generation of data protection law. Yet if it is not developed in parallel and if it fails to build coherently on the existing body of data protection laws, practice and thinking, it risks missing the mark.

Read the full blog by Dr. Gabriela Zanfir-Fortuna published February 10, 2025 on LSE European Politics and Policy.

FPF Celebrates Safer Internet Day with Newly Released Encryption Infographic

Future of Privacy Forum (FPF) is thrilled to celebrate Safer Internet Day 2025 with the release of a new infographic, “Encryption Keeps Young People Safe.” Safer Internet Day is an annual event and part of a larger global mission to create a safer online environment, especially for young people. FPF’s new infographic explains how encryption technology plays a crucial role in ensuring data privacy and online safety for a new generation of teens and kids. FPF will host leading experts at a virtual event on Feb. 11 at 10 am ET to discuss the state of encryption technology and policy.

Download the new Infographic

Data encryption is central to online security, privacy, and safety, and of particular importance for particularly vulnerable groups, such as young people. Gen Z and Gen Alpha have lived their entire lives in the age of the commercial internet, social media, electronic records, and internet-connected devices. They have grown up in a world where everything from insulin pumps to cars are internet-connected. Encryption is the best protection to ensure that personal communications, transactions and devices are safe and secure. The 2025 infographic illustrates encryption’s role in protecting data in places young people frequent, such as sports parks, shopping centers, and health clinics.

Encryption is often used to secure or authenticate sensitive documents. Encryption applies a mathematical formula, which obfuscates plaintext information and transforms the plaintext into unreadable ciphertext. Each use of encryption generates a long number that is the mathematical solution to the formula and can unscramble the protected sensitive information. If a private key is not kept secret, anyone with the key can access the private data or impersonate the authenticated person or organization.

This infographic is the latest in FPF’s longstanding work on encryption, which includes a 2020 infographic explaining how encryption more broadly protects enterprises, individuals, and governments—and what may happen when data and devices fail to use strong encryption and are compromised by bad actors. The infographic series advances FPF’s mission of promoting data privacy for every user by showcasing the vital role encryption plays in ensuring online safety, and the detrimental effects of an online world without its protections.

FPF will host a virtual event at 10 am ET today, featuring a Keynote address from Patricia Kosseim, Ontario Information and Privacy Commissioner. There will also be a panel of experts to dive into how encryption protects young people not just online, but in the physical world as well, by preventing malicious actors from gaining access to the devices and spaces they rely on for health, education, convenience, and more. Register now to join the event!

If you’re interested in learning more about encryption or other issues driving the future of privacy, sign up for our monthly briefing, check out one of our upcoming events, or follow us on X, LinkedIn, or Instagram.

Minding Mindful Machines: AI Agents and Data Protection Considerations

Thank you for the contributions of Rob van Eijk, Marlene Smith, and Katy Wills

We are now in 2025, the year of AI agents. In the last few weeks, leading large language model (LLM) developers (including OpenAI, Google, Anthropic) have released early versions of technologies described as “AI agents.” Unlike earlier automated systems and even LLMs, these systems go beyond previous technology by having autonomy over how to achieve complex, multi-step tasks, such as navigating on a user’s web browser to take actions on their behalf. This could enable a wide range of useful or time-saving tasks, from making restaurant reservations and resolving customer service issues to coding complex systems. However, AI agents also raise greater and novel data protection risks related to the collection and processing of personal data. Their technical characteristics could also present challenges, such as those around safety testing and human oversight, for organizations seeking to develop or deploy AI agents.

This analysis unpacks the defining characteristics of the newest AI agents and identifies some of the data protection considerations that practitioners should be mindful of when designing and deploying these systems. Specifically:

While agents are not new, emerging definitions across industries describe them as AI systems that are capable of completing more complex, multi-step tasks, and exhibit greater autonomy over how to achieve these goals, such as shopping online and making hotel reservations.
Advanced AI agents raise many of the same data protection questions raised by LLMs, such as challenges related to the collection and processing of personal data for model training, operationalizing data subject rights, and ensuring adequate explainability.
In addition, the unique design elements and characteristics of the latest agents may exacerbate or raise novel data protection compliance challenges around the collection and disclosure of personal data, security vulnerabilities, the accuracy of outputs, barriers to alignment, and explainability and human oversight.

What are AI Agents?

The concept of “AI Agents” or “Agentic AI” arose as early as the 1950s and has many meanings in technical and policy literature. In the broadest sense, for example, it can include systems that rely on fixed rules and logic to produce consistent and predictable outcomes on a person’s behalf, such as email auto-replies or privacy preferences.

More recently, however, the technologies that several companies have unveiled are AI systems, typically enabled by advances in LLMs and machine and deep learning techniques, that are capable of completing complex, multi-step tasks, and exhibit greater autonomy over how to achieve these goals.

Advances in AI research, particularly around machine and deep learning techniques and the advent of LLMs, have enabled organizations to develop agents that can tackle novel use cases, such as purchasing retail goods and recommending and executing transactions. From finance to hospitality, these technologies could help individuals, businesses, and governments save time they would otherwise dedicate to completing tedious or monotonous tasks.

Companies, civil society, and academia have defined the latest iteration of AI agents, examples of which are provided in the table below:

Source	Definition
“Building effective agents,” Dec. 19, 2024, Erik Schluntz and Barry Zhang, Anthropic	“[S]ystems where LLMs dynamically direct their own processes and tool usage, maintaining control over how they accomplish tasks.”
“Navigating the AI Frontier: A Primer on the Evolution and Impact of AI Agents,” Dec. 2024, Larsen et al., World Economic Forum and Capgemini	“[A]n entity that senses percepts (sound, text, image, pressure etc.) using sensors and responds (using effectors) to its environment. AI agents generally have the autonomy (defined as the ability to operate independently and make decisions without constant human intervention) and authority (defined as the granted permissions and access rights to perform specific actions within defined boundaries) to take actions to achieve a set of specified goals, thereby modifying their environment.”
“Visibility into AI Agents,” Chan et al., ACM FAccT ’24, June 3–6, 2024, Rio de Janeiro, Brazil	“AI agents [are] systems capable of pursuing complex goals with limited supervision,” having “greater autonomy, access to external tools or services, and an increased ability to reliably adapt, plan, and act open-endedly over long time-horizons to achieve goals.”
“Agents,” Sept. 2024, Julia Wiesinger, Patrick Marlow, and Vladimir Vuskovic, Google	“[A] Generative AI agent can be defined as an application that attempts to achieve a goal by observing the world and acting upon it using the tools that it has at its disposal. Agents are autonomous and can act independently of human intervention, especially when provided with proper goals or objectives they are meant to achieve. Agentscan also be proactive in their approach to reaching their goals. Even in the absence ofexplicit instruction sets from a human, an agent can reason about what it should do next to achieve its ultimate goal.”
“Regulating advanced artificial agents,” Apr. 5, 2024, Cohen et al., Science	Defining long-term planning agents as “an algorithm designed to produce plans, and to prefer plan A to plan B, when it expects that plan A is more conducive to a given goal over a long time horizon.”
“What are AI agents?,” July 3, 2024, Anna Gutowska, IBM	“An artificial intelligence (AI) agent refers to a system or program that is capable of autonomously performing tasks on behalf of a user or another system by designing its workflow and utilizing available tools.

Table 1. Definitions of “AI agents”

These definitions highlight common characteristics of new AI agents, including:

Autonomy and adaptability: Users generally provide an agent with the task they want it to achieve, but neither they nor the agent’s designers specify how to accomplish the task, leaving those decisions to the agent. For example, upon being instructed by a business to project the sales revenue of its flagship product for the next six months, the agent may decide that it needs sales figures from the last two years and use certain tools (e.g., a text retriever) to obtain these details. If it cannot find these figures or if they contain errors, it may determine that the next step is to seek information from other documentation. Agentic systems may incorporate human review and approval over some or all decisions.

Planning, task assignment, and orchestration to solve complex, multi-step problems: An AI agent may make use of additional components, such as sensing, decision-making, planning, learning, and memory. In time, these systems may become more complicated with the development of multi-agent systems that feature a group of agents collaborating with one another to solve challenging tasks, such as diagnosing and devising treatments for rare medical conditions.

These characteristics enable advanced agents to achieve goals that are beyond the capabilities of other AI models and systems. However, they also raise questions for practitioners about the data protection issues organizations may encounter when developing or deploying these technologies.

Emerging Privacy and Data Protection Issues with Agentic AI

While the latest AI agents may raise similar risks to consequential decision-making and LLMs, they can also exacerbate or pose novel privacy and data protection considerations. The economic and social impact of AI agents is a topic of heated debate and significant financial investment, but there has been less attention on the potential impact of agents on privacy and data protection. In order to effectuate tasks and decision making with autonomy, especially for consumer-facing tools and services, AI agents will need access to data and systems. In fact, much like human assistants, AI agents may be at their most valuable when they are able to assist with tasks that involve highly sensitive data (e.g., managing a person’s email, calendar, or financial portfolio, or assisting with healthcare decision-making).

As a result, many of the same risks relating to consequential decision-making and LLMs (or to machine learning generally) are likely to be present in the context of agents with greater autonomy and access to data. For example, like some LLMs, some AI agents transmit data to the cloud due to the computing requirements of the most powerful models, which may expose the data to unauthorized third parties (e.g., the recent Data protection impact assessment on the processing of personal data with Microsoft 365 Copilot for Education). As with chatbots that use LLMs, AI agents with anthropomorphic qualities may be able to steer individuals towards or away from conducting certain actions against the user’s best interest. Other examples of cross-cutting data protection issues include challenges related to having a lawful basis for model training, operationalizing data subject rights, and ensuring adequate explainability. These legal and policy issues for LLMs, which are the subject of ongoing debate and legal guidance, are only heightened in the context of agentic systems with enhanced capabilities.

In addition, more recent AI agents may present some novel privacy implications or exacerbate data protection issues that go beyond those associated with LLMs.

Data collection and disclosure considerations: The latest AI agents may need to capture data about a person and their environment, including sensitive information, in order to power different use cases. As with LLMs, the collection of personal data by agents will often trigger the need for having a lawful ground in place for such processing. When the personal data collected is sensitive, additional requirements for lawfully processing them often apply too. While current LLM-based systems may train and operate using personal data, they lack the tools (e.g., application programming interfaces, data stores, and extensions) to access external systems and data. The latest AI agents may be equipped with these tools, which could enable them to obtain real-time information about individuals. For example, some agents may take screenshots of a user’s browser window in order to populate a virtual shopping cart, from which intimate details about a person’s life could be inferred. As the number of individuals using AI agents and its use cases grow, so too could AI agents’ access to personal data. For example, AI agents may collect many types of granular telemetry data as part of their operations (e.g., user interaction data, action logs, and performance metrics). Increasingly complex agents may collect large quantities of telemetry information, which may qualify as personal data under data privacy legal regimes.

Security vulnerabilities: Advanced AI agents’ design features and characteristics may make them susceptible to new kinds of security threats. Adversarial attacks on LLMs, such as the use of prompt injection attacks to get these models to reveal sensitive information (e.g., credit card information), can impact AI agents too. Besides causing an agent to reveal sensitive information without permission, prompt injection attacks can also override the system developer’s safety instructions. While prompt injection is not a threat unique to the latest AI agents, new kinds of injection attacks could take advantage of the way agents work to perpetuate harm, such as installing malware or redirecting them to deceptive websites.

Accuracy of outputs: Hallucinations, compounding errors, and unpredictable behavior may impact the accuracy of an agents’ outputs. LLM hallucinations—the making up of factually untrue information that looks correct—may affect the accuracy of an agent’s outputs. These hallucinations are closely tied to the “temperature” parameter that controls randomness in the model’s attention mechanism: higher temperatures increase creativity and the risk of hallucinations, while lower temperatures reduce hallucinations but may limit the agent’s adaptability. However, errors that affect agent outputs may have different implications for individuals, such as misrepresenting a user’s characteristics and preferences when it fills out a consequential form. In addition to hallucinations, the latest AI agents may experience compounding errors, which could occur while the systems perform a sequence of actions to complete a task (e.g., managing a customer’s account). Compounding errors is the phenomenon where the agent’s accuracy decreases the more steps a task takes. For example, an AI agent creating a travel experience may experience an error while making a one-day hotel booking, which cascades into misaligned restaurant reservations and museum tickets. This holds true even when the model’s accuracy is high. Some AI agents may act in unpredictable ways due to dynamic operational environments and agents’ non-deterministic nature—producing probabilistic outcomes, adapting to new situations, learning from data, and exhibiting complex decision-making—leading to malfunctions that affect output accuracy. These accuracy issues may be challenging to redress through risk management testing and assessments and exacerbated when different AI agents interact with each other.

Barriers to “alignment”: Some AI agents may pursue tasks in ways that conflict with human interests and values, including data protection considerations. AI alignment refers to designing AI models and systems to pursue a designer’s goals, such as prioritizing human well-being and conforming to ethical values. Misalignment problems are not new to AI, but continued technological advances with agents may make it challenging for organizations to achieve alignment through safeguards and safety testing. LLMs can fake alignment by strategically mimicking training objectives to avoid undergoing behavioral modifications. These challenges have data protection implications for the latest AI agents. For example, an agent may decide that it needs to access or share sensitive personal data in order to complete a task. Such behavior could implicate an individual’s data protection interest in having control over their data when personal data is processed during deployment. Practitioners must be mindful of the need for safeguards to constrain this behavior, although research into model alignment has focused more on safety issues rather than privacy.

Explainability and human oversight challenges: Explainability barriers arise when users cannot understand an agent’s decisions, even if these decisions are correct. Users and developers may encounter difficulties in understanding how some AI agents reach decisions due to their complex processes. The black box problem, or the challenge of understanding how an AI model or system makes decisions, is not unique to agents. However, the speed and complexity of AI agents’ decision-making processes may create heightened roadblocks to realizing meaningful explainability and human oversight. AI agents utilizing language models can provide some of their reasoning in natural language, but these “chain-of-thought” insights are becoming more complicated and are not always indicative of the agent’s actual reasoning. These challenges may make it more difficult to reliably interrogate agents’ decision-making processes and manage risks.

Looking Ahead

Recent advances in AI agents could expand the utility of these technologies across the private and public sectors, but they also raise many data protection considerations. While practitioners may be aware of some of these considerations due to the relationship between LLMs and the latest AI agents, the unique design elements and characteristics of these agents may exacerbate or raise new compliance challenges. For example, an agent may manage privacy settings (e.g., accepting cookies so that it can continue working on a task) as part of its operations, although companies can establish safeguards to address this risk. In closing, practitioners should remain abreast of technological advances that expand AI agents’ capabilities, use cases, and contexts where they can operate, as these may raise novel data protection issues.

This year’s Winning Privacy Papers to be Honored at the Future of Privacy Forum’s 15th Annual Privacy Papers for Policymakers Event

The Future of Privacy Forum’s 15th Annual Privacy Papers for Policymakers Award Recognizes Influential Privacy Research

February 3, 2025 — Today, the Future of Privacy Forum (FPF) — a global non-profit focused on data protection headquartered in Washington, D.C. — announced the winners of its 15th annual Privacy Papers for Policymakers (PPPM) Awards.

The PPPM Awards recognize leading U.S. and international privacy scholarship that is relevant to policymakers in the U.S. Congress, federal agencies, and international data protection authorities. Six winning papers, two honorable mentions, one student submission, and a student honorable mention were selected by a diverse group of leading academics, advocates, and industry privacy professionals from FPF’s Advisory Board.

Authors of the papers will have the opportunity to showcase their work at the Privacy Papers for Policymakers ceremony on March 12, in conversations with discussants, including James Cooper, Professor of Law, Director, Program on Economics & Privacy, Antonin Scalia Law School, George Mason University, Jennifer Huddleston, Senior Fellow in Technology Policy, Cato Institute, and Brenda Leong, Director, AI Division, ZwillGen.

“Data protection and artificial intelligence regulations are increasingly at the forefront of global policy conversations,” said FPF CEO Jules Polonetsky. “And it’s important to recognize the academic research that explores the nuances surrounding data privacy, data protection, and artificial intelligence issues. Our award winners have explored these complex areas ― to all of our benefits.”

FPF’s 2025 Privacy Papers for Policymakers Award winners are:

Authoritarian Privacy by Mark Jia, Georgetown University Law Center
- Privacy laws are traditionally associated with democracy. Yet autocracies increasingly have them. Why do governments that repress their citizens also protect their privacy? This Article answers this question through a study of China. China is a leading autocracy and the architect of a massive surveillance state. But China is also a major player in data protection, having enacted and enforced a number of laws on information privacy. To explain how this came to be, the Article first discusses several top-down objectives often said to motivate China’s privacy laws: advancing its digital economy, expanding its global influence, and protecting its national security. Although each has been a factor in China’s turn to privacy law, even together, they tell only a partial story. Through privacy law, China’s leaders have sought to interpose themselves as benevolent guardians of privacy rights against other intrusive actors—individuals, firms, and even state agencies and local governments. This Article adds to our understanding of privacy law, complicates the relationship between privacy and democracy, and points toward a general theory of authoritarian privacy.

The Great Scrape: The Clash between Scraping And Privacy by Daniel J. Solove, George Washington University Law School and Woodrow Hartzog, Boston University School of Law and Stanford Law School Center for Internet and Society
- Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society. Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, we contend that scraping must undergo a serious reckoning with privacy law. Scraping has evaded a reckoning with privacy law largely because scrapers act as if all publicly available data were free for the taking. But the public availability of scraped data shouldn’t give scrapers a free pass. Privacy law regularly protects publicly available data, and privacy principles are implicated even when personal data is accessible to others. This Article explores the fundamental tension between scraping and privacy law.
Mirror, Mirror, on the Wall, Who’s the Fairest of Them All? by Alice Xiang, Global Head of AI Ethics, Sony Group Corporation and Lead Research Scientist, Sony AI
- Debates in AI ethics often hinge on comparisons between AI and humans: which is more beneficial, which is more harmful, which is more biased, the human or the machine? These questions, however, are a red herring. They ignore what is most interesting and important about AI ethics: AI is a mirror. If a person standing in front of a mirror asked you, “Who is more beautiful, me or the person in the mirror?” the question would seem ridiculous. Sure, depending on the angle, lighting, and personal preferences of the beholder, the person or their reflection might appear more beautiful, but the question is moot. AI reflects patterns in our society, just and unjust, and the worldviews of its human creators, fair or biased. The question then is not which is fairer, the human or the machine, but what can we learn from this reflection of our society and how can we make AI fairer? This essay discusses the challenges to developing fairer AI, and how they stem from this reflective property.

The Overton Window and Privacy Enforcement by Alicia Solow-Niederman, George Washington University Law School
- On paper, the Federal Trade Commission’s consumer protection authority seems straightforward: the agency is empowered to investigate and prevent unfair or deceptive acts or practices. This flexible and capacious authority, coupled with the agency’s jurisdiction over the entire economy, has allowed the FTC to respond to privacy challenges both online and offline. The contemporary question is whether the FTC can draw on this same authority to curtail the data-driven harms of commercial surveillance or emerging technologies like artificial intelligence. This Essay contends that the legal answer is yes and argues that the key determinants of whether an agency like the Federal Trade Commission will be able to confront emerging digital technologies are social, institutional, and political. Specifically, it proposes that the FTC’s privacy enforcement occurs within an “Overton Window of Enforcement Possibility.”

Personhood Credentials: Artificial intelligence and the value of privacy-preserving tools to distinguish who is real online by Steven Adler, et al.
- Anonymity is an important principle online. However, malicious actors have long used misleading identities to conduct fraud, spread disinformation, and carry out other deceptive schemes. With the advent of increasingly capable AI, bad actors can amplify the potential scale and effectiveness of their operations, intensifying the challenge of balancing anonymity and trustworthiness online. In this paper, we analyze the value of a new tool to address this challenge: “personhood credentials” (PHCs), digital credentials that empower users to demonstrate that they are real people—not AIs—to online services, without disclosing any personal information. After surveying the benefits of personhood credentials, we also examine deployment risks and design challenges. We conclude with actionable next steps for policymakers, technologists, and standards bodies to consider in consultation with the public.

Navigating Demographic Measurement for Fairness and Equity by Miranda Bogen, Director, CDT AI Governance Lab
- Governments and policymakers increasingly expect practitioners developing and using AI systems in both consumer and public sector settings to proactively identify and address bias or discrimination that those AI systems may reflect or amplify. Central to this effort is the complex and sensitive task of obtaining demographic data to measure fairness and bias within and surrounding these systems. This report provides methodologies, guidance, and case studies for those undertaking fairness and equity assessments — from approaches that involve more direct access to data to ones that don’t expand data collection. Practitioners are guided through the first phases of demographic measurement efforts, including determining the relevant lens of analysis, selecting what demographic characteristics to consider, and navigating how to hone in on relevant sub-communities. The report then delves into several approaches to uncover demographic patterns.

In addition to the winning papers, FPF selected for Honorable Mentions: The Law of AI for Good by Orly Lobel, University of San Diego School of Law; and Aligning Algorithmic Risk Assessment Values with Criminal Justice Values by Dennis D. Hirsch, Angie Westover-Munoz, Christopher B. Yaluma, and Jared Ott from the The Ohio State University – Moritz College of Law.

FPF also selected a paper for the Student Paper Award: Data Subjects’ Reactions to Exercising Their Right of Access by Arthur Borem, Elleen Pan, Olufunmilola Obielodan, Aurelie Roubinowitz, Luca Dovichi, and Blase Ur at the University of Chicago; and Michelle L. Mazurek from the University of Maryland. A Student Paper Honorable Mention went to Artificial Intelligence is like a Perpetual Stew by Nathan Reitinger, University of Maryland – Department of Computer Science.

In reviewing the submissions, winning papers were awarded based on the strength of their research and proposed policy solutions for policymakers and regulators in the U.S. and abroad.

The Privacy Papers for Policymakers Award event will be held on March 12, 2025, at FPF’s offices in Washington, D.C. The event is free and registration is open to the public.

###

About Future of Privacy Forum (FPF)

The Future of Privacy Forum (FPF) is a global non-profit organization that brings together academics, civil society, government officials, and industry to evaluate the societal, policy, and legal implications of data use, identify the risks, and develop appropriate protections.

FPF believes technology and data can benefit society and improve lives if the right laws, policies, and rules are in place. FPF has offices in Washington D.C., Brussels, and Singapore. Learn more at fpf.org.

The Playbook: Data Sharing for Research	Data Sharing for Research: A Compendium of Case Studies, Analysis, and Recommendations
Best Practices for Sharing Data with Academic Researchers	Contract Guidelines for Data Sharing Agreements Between Companies and Academic Researchers

Singapore Management University and Future of Privacy Forum Form Partnership to Advance Expertise in Digital Law and Data Governance in Asia-Pacific

Data Sharing for Research Tracker