Regulatory Strategies and Priorities of Data Protection Authorities in Latin America: 2024 and Beyond

Authors: Maria Badillo and Momina Imran

Today, the Future of Privacy Forum (FPF) published an Issue Brief analyzing the regulatory strategies and priorities of data protection authorities (DPAs) in Latin America. Titled Regulatory Strategies and Priorities of Data Protection Authorities in Latin America: 2024 and Beyond, the Issue Brief outlines an overview of the various strategies, activity reports, and other announcements made by the DPAs of various Latin American countries in order to understand their strategic priorities for 2024 and coming years. 

Most governments in Latin America recognize privacy and personal data protection as two separate fundamental rights in their constitutional and legal frameworks. Some of these countries have also issued specific data protection laws and created regulatory authorities to ensure compliance with such laws. For example, Argentina, Uruguay, Mexico, Peru, and Colombia have all created authorities that are actively monitoring and regulating the data protection space. 

Advancing technology and increased digitalization have made the need for updated data protection frameworks to govern organizations’ processing of personal data more essential than ever. 

The objective of this Issue Brief is to provide an overview of the current work and future objectives of data protection authorities in Latin America. This brief highlights areas of convergence among the different DPAs and showcases the diverse set of strategies LatAm DPAs have indicated they plan to deploy in coming years. As a result, this Issue Brief is limited to jurisdictions where there is (i) a designated data protection authority and (ii) such authority has issued a strategic or planning document outlining its current and future work. 

The Issue Brief expands upon the following categories:

• Regulatory Priorities
• Enforcement Priorities
• Advocacy and Public Participation
• Strengthening Institutional Capabilities 

Review of DPAs regulatory strategies shows that most authorities seek to increase their investigatory and sanctioning powers as part of their enforcement priorities. Authorities also recognize a need for greater awareness of data protection across the board, which they can facilitate via enhanced advocacy and public participation through education and supplemental guidance. Another common priority is to build institutional capabilities by training government and DPA personnel and continue increasing collaboration with other sectoral agencies and DPAs in the region. 

For a more detailed discussion of the regulatory strategies of Latin American DPAs and an in-depth analysis of the strategic and planning documents, download the Issue Brief here.

For inquiries about this Issue Brief, please contact Maria Badillo, Policy Counsel of Global Privacy, at [email protected].

Little Users, Big Protections: Colorado and Virginia pass laws focused on kids privacy

‘Don’t call me kid, don’t call me baby’ – unless you are a child residing in either Colorado or Virginia, where children will soon have increased privacy protections due to recent advances in youth privacy legislation. Virginia and Colorado both have broad-based privacy laws already in effect. During the 2024 state legislative sessions, both states amended those laws to add specific online privacy protections for kids’ data. In Virginia, HB 707/SB 361 passed the state legislature. It moved on to Governor Youngkin’s desk on March 8th, and after some procedural hurdles, it finally passed into law on May 17 as a modest approach for additional youth-tailored protections. In Colorado, SB 41 passed the legislature on May 14th with near-unanimous votes in both chambers, introducing a more expansive youth privacy framework than Virginia. SB 41 is expected to be signed into law by Governor Polis as passed by the Colorado legislature. Following Connecticut’s lead last year, these developments signal a growing trend toward states building off of existing privacy frameworks to strengthen protections for children’s data online. 

Colorado

Although Colorado SB 41 is more expansive than what Virginia passed, the requirements in this law are familiar. SB 41 is almost an exact copy of the youth privacy amendment to Connecticut’s comprehensive privacy bill SB 3, which we covered in a blog post in 2023 As a result, there is a general compliance model for the requirements of this bill. However, it is still worth noting that there are some differences between Colorado SB 41 and Connecticut SB 3 which should be given special attention, especially where the impact of these differences remains to be seen.

What’s familiar about SB 41? 

1. The scope of SB 41 is nearly identical to SB 3. 

As an amendment to a comprehensive state privacy law, SB 41 will work within the existing Colorado Privacy Act (“CPA”) to provide additional heightened protections for kids and teens up to 18. The compliance requirements of SB 41 rely on the existing definition of controller in the CPA. The obligations under both Colorado and Connecticut apply to controllers who offer any online service, product, or feature to consumers whom the controller has actual knowledge, or willfully disregards, are minors. Most importantly, the text of the bill makes clear that, while some child-focused provisions of Colorado and Connecticut’s laws only apply to controllers that meet specified revenue or user thresholds, the duty of care provisions apply to all controllers.

2. Both states create a duty of care owed to minors. 

SB 41 creates a duty to use reasonable care to avoid any heightened risk of harm to minors and creates additional risk assessment requirements for minors’ data. This duty to use reasonable care applies where the controller has actual knowledge or willfully disregards that a user is under 18 years of age. If controllers comply with the bill’s risk assessment requirements, there is a rebuttable presumption in any enforcement action brought by the State Attorney General that a controller used the reasonable care required to avoid heightened risk of harm to minors. Therefore, a strong incentive exists for controllers to conduct risk assessments, since doing so could potentially save controllers from enforcement in cases of unforeseeable harm to minors as a result of their online service, product, or feature. 

3. Both states have requirements that draw on the California AADC, with differences.

The substantive requirements under Colorado are nearly identical to those in Connecticut. Both SB 41 and SB 3 have restrictions on processing minors’ data similar to those originally seen in the enjoined California Age-Appropriate Design Code. For example, SB 41 limits controllers’ ability to profile, process geolocation data, or display targeted ads to a minor’s account without prior consent. However, unlike the California AADC, neither Colorado nor Connecticut requires a controller to estimate the age of users or assess harms related to content. 

What’s different about SB 41? 

1. An additional harm must be considered in Colorado. 

SB 41 goes a step further than Connecticut SB 3 in the categories that must be included in data protection impact assessments (“DPIAs”) and introduces a fourth type of harm that must be considered – which is the ‘heightened risk of harm’ for any “unauthorized disclosure of the personal data of minors as a result of a security breach.” It is unclear at this time what the magnitude of this impact will be on controllers’ compliance efforts, but it does indicate a strong interest in the security of minor’s data collected through online services, products, and features. Along with the addition of this fourth kind of harm, SB 41 includes three of the same harms that are also seen in SB 3’s “heightened risk of harm to minors” definition: (1) unfair, deceptive treatment or unlawful disparate impact on minors, (2) any financial, physical, or reputational injury to minors, and (3) any physical or other intrusion on the seclusion, solitude, or privacy of minors that would be offensive to the reasonable person. Aside from the general duty of care to avoid these types of harm to minors, under both Connecticut and Colorado, controllers must assess for these harms in DPIAs. 

2. No ‘unpublishing’ requirement. 

SB 3 had a standalone section focused specifically on obligations for social media platforms. SB 41 lacks SB 3’s requirement that a controller ‘unpublish’ a minor’s social media account. All requirements in SB 41 apply generally to covered services. 

Virginia

Compared to Colorado and Connecticut’s youth privacy amendments, Virginia passed a more modest set of requirements for controllers in the state. Despite this moderate approach, Virginia’s method of heightening child privacy protections online is still worth watching. The Governor’s proposed amendments, which the legislature ultimately rejected, would have been much more expansive, such as raising the age for needing parental consent up to 17. As indicated by the bill sponsors during floor hearings, the smaller step in what was passed is only a starting point for the state. Virginia lawmakers indicated an intent to continue building upon this foundation of privacy protections and raising the age threshold in the law, but first want to get something attainable “on the books… versus [being] stuck in court” with constitutional challenges. 

Scope

Like Colorado SB 41, Virginia HB 707 would work within the state’s existing comprehensive privacy law, taking on the established controller definition. Unlike Colorado, small businesses are exempt from the Virginia Consumer Data Protection Act. HB 707 does not amend the scope or application threshold of the VCDPA to the child privacy provisions of the bill – the application of the child privacy provisions is the same as the application of the other privacy requirements in the VCDPA. The protections afforded under HB 707 apply to known children under 13. 

Controller obligations

Unlike Colorado SB 41 and Connecticut SB 3, Virginia HB 707 does not create a duty of reasonable care. Instead, HB 707 simply limits the processing of minor data, establishes requirements for obtaining consent to process minor data, and expands DPIA requirements. The limits on processing and obtaining consent generally align with what is required by COPPA, though COPPA technically only applies to collecting rather than processing. While HB 707 creates marginally more specific DPIA requirements, existing requirements under the VCDPA already required conducting DPIAs for sensitive data, including children under 13. Additionally, like Colorado and Connecticut, Virginia HB 707 places default limits on collecting a child’s precise geolocation and requires a signal to the child while this geolocation information is collected. 

Conclusion

Despite seeing some variation in the approach to enacting youth-focused amendments to comprehensive privacy laws, starting with Connecticut’s SB 3 in 2023, a trend is developing among state legislators to continue building upon pre-established privacy frameworks. It is worth acknowledging that under state privacy laws, children and teens are part of the definition of “consumers” these laws are scoped to protect. Any broad-based state privacy law will naturally apply to residents of that state, both young and old. However, conceptually, it may be easier for lawmakers to envision what additional protections children and teens need once a baseline privacy framework is in place.

Although this is a new and noteworthy privacy development to watch moving forward, it is not the only approach lawmakers are taking to regulate youth online experiences. Another avenue during the 2024 session was the new Age-Appropriate Design Code framework (“AADC 2.0”). While the AADC 2.0 passed in Maryland and Vermont this year, there are several differences between these two states, as well as some uncertainties about how the AADC 2.0 will hold up to Constitutional scrutiny. Compare this with Connecticut and Colorado, which have nearly identical frameworks for youth protections. Over the last few years, several laws intended to address child privacy and safety online have passed in different states. Still, many, such as the California Age-Appropriate Design Code, have had their implementation delayed by courts over Constitutional challenges.  Given that SB 3 will not come into force until October 2024, it may be too soon to call Connecticut and Colorado’s amendments a pattern. Still, there is potential for lawmakers to converge around this approach to protecting children online where it faces a lower risk of legal hurdles than alternative approaches.  

Colorado Enacts First Comprehensive U.S. Law Governing Artificial Intelligence Systems

On May 17, Governor Polis signed the Colorado AI Act (CAIA) (SB-205) into law, establishing new individual rights and protections with respect to high-risk artificial intelligence systems. Building off the work of existing best practices and prior legislative efforts, the CAIA is the first comprehensive United States law to explicitly establish guardrails against discriminatory outcomes from the use of AI. The Act will take effect on February 1, 2026.

The CAIA is informed by extensive stakeholder engagement efforts led by Colorado Senate Majority Leader Rodriguez and Connecticut Senator Maroney, including a bipartisan multistate policymaker working group convened by FPF last year. The regulation of emerging technologies such as artificial intelligence is a complex issue where effective governance is best achieved by incorporating multiple perspectives and diverse stakeholder input. Throughout the legislative process, the CAIA also incorporated amendments from stakeholders in crafting a framework that can support both functionality and consumer protection.

FPF has released a Two–Page Fact Sheet summarizing the key definitions, consumer rights, and business obligations established by SB-205. 

Now, On the Internet, Will Everyone Know if You’re a Child? 

With help from Laquan Bates, Policy Intern for Youth and Education

How Knowledge Standards Have Changed the Status Quo

As minors increasingly spend time online, lawmakers continue to introduce legislation to enhance the privacy and safety of kids’ and teens’ online experiences beyond the existing Children’s Online Privacy Protection Act (COPPA) framework. Proposals have proliferated in both the federal and state legislatures across the U.S. with varying approaches to minors’ privacy protections. Key pieces of this discussion are the age of individuals online, whether online sites and services know that an individual is a child, and how to balance kids’ and teens’ protections with anonymity online.

Recent state legislative proposals have used varied language to communicate knowledge standards and the obligations online sites and services have to know their audience or  individuals’ ages, such as “likely to be accessed by a child,” “targets or is reasonably anticipated to be accessed by children,” and “has actual knowledge, or willfully disregards a minor’s age.”  These standards can determine the scope of a law’s obligations and be accompanied by varying age thresholds defining a child, parental consent requirements, and age assurance mechanisms. With the variety and ambiguity of language used, it has become difficult for online service providers to determine whether they are required to ascertain the age of individuals using their service. 

We have prepared a resource summarizing the knowledge standards currently used in enacted U.S. privacy and online safety laws. 

Key Observations 

• All eleven enacted state youth privacy and safety laws provide protections for individuals beyond 13 years of age. 
• Laws with “likely to be accessed” or similar standards are less likely to require parental consent. 
• State privacy laws have varying degrees of requirements for the age assurance of individuals.
• Three out of four state youth privacy laws use a constructive knowledge standard. 
• State social media laws are more likely to have no knowledge standard for user age than other enacted privacy laws with youth privacy provisions. Social media laws with no knowledge standard typically require age verification, which, in practice, equates to actual knowledge of individuals’ ages. Three out of seven social media laws have no knowledge standard.
• Comprehensive state privacy laws with youth privacy provisions most often use an actual knowledge standard for knowing the age of minors. Six out of eight of these comprehensive laws use an actual knowledge standard. 
  

The Status Quo of Knowledge Standards Under COPPA

Knowledge standards can impact the scope of entities required to comply with a law as well as the law’s obligations, like the specificity of age assurance required. For example, under COPPA, businesses are required to obtain verifiable parental consent before collecting personal information from children under the age of 13. COPPA’s requirements apply to operators of websites or online services that are directed to children under 13 years of age or that have actual knowledge that they are collecting personal information from children under 13.  

U.S. legislation uses two types of knowledge standards regarding an individual’s age: actual knowledge and constructive knowledge. 

Actual knowledge refers to operators of online services, websites, or products being aware of, or knowing, a user’s age. Under COPPA, operators are not required to ask the age of users or visitors to obtain actual knowledge that a user or visitor is a child. An operator may still choose to ask about the age of users or visitors. Without asking the age of users or visitors, an operator may have actual knowledge of a user’s age if they receive information that allows them to determine the person’s age, like their grade in school. 

Constructive knowledge refers to operators of online services, websites, or products being legally presumed to know that a user is a child because they should have known the age of the user. Constructive knowledge can refer to instances in which an operator suspected the age of a user but decided against further inquiry. When a constructive knowledge standard is used, it may trigger an obligation for operators to ascertain the age of a user. 

The audience of a site or service determines the legal obligations of a company under COPPA. The COPPA Rule dictates that a website or online service may have one of three types of audiences: a general audience, a child-directed audience, or a mixed audience.

• A general audience site or service is one that is intended for individuals above the age of thirteen.
• A child-directed site or service is one where children under thirteen are the primary target audience. To determine what is “directed to children,” operators may consider whether the website or service is “targeted to children.” The FTC considers a list of characteristics when determining if a site or service is directed to children such as the subject matter; visual content; use of animated characters or child-oriented activities and incentives; music or other audio content; age of models, presence of child celebrities, or celebrities who appeal to children; advertising promoting the site or service, advertising appearing on the site or service, reliable empirical evidence of the site or service’s audience composition; reliable evidence of the audience the company intended to target in offering the site or service.
• A mixed audience site or service is one “directed to children” under the COPPA Rule, but whose primary target audience is not children under thirteen. 
  

A child-directed site under COPPA must treat all individuals as if they are children. Thus, child-directed sites are effectively considered to know or reasonably should know that individuals are children. Sites and services that are child-directed or have a mixed audience must comply with the law’s privacy protections, while general audience sites with no actual knowledge of collecting personal information from children do not. Operators of mixed audience sites or services may implement an age screen to ensure they do not collect personal information from children or they can obtain verifiable parental consent for that collection. However, operators of mixed-audience sites that implement an age screen may not block children from participating altogether, and discovering that an individual is a child will trigger COPPA’s consent and notice requirements. General audience sites may also choose to use an age screen, but COPPA does not prohibit them from blocking children from participating. The FTC has made it clear that mixed audience sites and services are considered “a subset” of the child-directed category. 

Constructive knowledge standards cast a wider net than actual knowledge standards, meaning that more online services should be concerned about compliance with kids’ and teens’ privacy protections. Constructive knowledge standards may cause general audience service providers to be included in new legal obligations and, therefore, increase the likelihood of a company implementing age gates and age assurance methods for the use of its online services. Constructive knowledge standards are also more difficult to interpret and implement, especially in attempting to distinguish between services that are used by 17-year-olds versus those used by 18-year-olds. 

Confusion Created by New Standards 

U.S. lawmakers have trended toward requiring service providers to have a greater awareness of the age of individuals using their online services. Additionally, recent legislation has increasingly included privacy protections for minors older than 13. While some new laws have included actual knowledge standards, there has been an uptick in using more ambiguous language and constructive knowledge standards. For example, Lousiana SB 162 uses “reasonably believes or has actual knowledge” that an individual is a minor under the age of 16. The language “actual knowledge” clearly indicates an actual knowledge standard while including “reasonably believes” is confusing and may lead to ambiguity without defining how a service provider may be considered to “reasonably believe” that an individual is a minor. If “reasonably believes” means that the service provider does believe that an individual is a minor and is reasonable in doing so, then it is effectively actual knowledge and it is unclear why this additional language is necessary. 

In contrast, the Maryland Age-Appropriate Design Code applies to entities that develop and provide online services, products, or features that are “reasonably likely to be accessed by children.” The Maryland law defines “reasonably likely to be accessed by children” as meaning that it is reasonable to expect that the online product would be accessed by children based on,  (1) the online product being directed to children as defined in COPPA; (2) the online product being determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children; (3) the online product being substantially similar or the same as an online product that satisfies item (2) of this subsection; (4) the online product featuring advertisements marketed to children; (5) the covered entity’s internal research findings determining that a significant amount of the online product’s audience is composed of children; or (6) the covered entity knows or should have known that a user is a child. 

By providing these factors, the Maryland law elucidates that the use of the “reasonably likely to be accessed by children” standard encompasses platforms that have actual knowledge or are directed to children. This standard seems very similar to COPPA’s standard for audience and knowledge of age. However, the Maryland law defines “child” as a consumer under 18, causing more online services to be within the scope of the Maryland law than are currently within COPPA’s. While online services may be familiar with assessing if they are within COPPA’s scope, it may be more complicated to assess whether their online service is reasonably likely to be accessed by anyone under 18 years old because the internet use of a 17-year-old is likely more similar to that of an adult’s than of a 12-year-old’s. 

Similarly, Florida SB 262 uses “likely to be predominantly accessed by children” to describe a gaming or social media platform’s obligation to assess its service’s audience and defines “child” as any consumer under the age of 18. However, Florida SB 262 does not define this standard, leaving more ambiguity. The law states that civil penalties for non-compliance may be increased for violations that involve the data of a “known child,” and a platform that “willfully disregards” a child’s age is considered to have actual knowledge. This increase in civil penalties for having actual knowledge of a child’s age suggests that the “likely to be predominantly accessed by children” standard uses a constructive knowledge or directed-to-children standard. 

“Willfully disregards” is often a constructive knowledge standard that refers to an operator deciding to not inquire about the age of an individual despite circumstances that suggest the operator reasonably knows or should have known an individual was a child. Some recent legislation uses an actual knowledge standard and subsequently states that willful disregard of a child’s age will be deemed as having actual knowledge, such as Florida SB 262 and the California Consumer Privacy Act while other privacy laws combine an actual knowledge standard and a constructive knowledge standard such as the Connecticut Data Privacy Act’s “actual knowledge or willfully disregards” that consumers are minors. 

Conclusion

Recent U.S. legislation has changed the youth privacy status quo from COPPA compliance to additional compliance with new state laws in efforts to improve the privacy and safety of minors online. Impactful changes were made by state legislatures using novel language to communicate the requisite knowledge that an online service provider must have of a minor’s age for compliance with state laws. These laws have expanded privacy protections for teens and require more online services to comply with privacy protections for minors than ever before. Some state laws combined traditional actual knowledge standards with constructive knowledge standards while others used new language altogether. State legislatures continue to prioritize work on new youth privacy legislation and without consistent language and definitions for knowledge standards in privacy laws, compliance across jurisdictions will become exponentially more difficult.

Access our resource for a summary of the knowledge standards currently used in enacted U.S. privacy and online safety laws.

FPF Responds to the OMB’s Request for Information on Responsible Artificial Intelligence Procurement in Government

On April 29, the Future of Privacy Forum submitted comments to the Office of Management and Budget (OMB) in response to the agency’s Request for Information (RFI) regarding responsible procurement of artificial intelligence (AI) in government, particularly regarding the intersection of AI tools and systems procurement with other risks posed by the development and use of AI tools and other emerging technologies. The OMB issued the RFI pursuant to the White House’s Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

“Federal agencies are responsible for ensuring that their use of AI and generative AI tools and systems aligns with legal and regulatory standards. By establishing clear guidelines for AI procurement, OMB has a material opportunity to address and mitigate potential risks to personal data that some AI tools and systems may pose, either through design or use. In addition, as one of the largest purchasers of AI tools and systems, the U.S. government procurement policies around AI can become potent drivers for privacy, transparency, and equitable outcomes.“

 – Anne J. Flanagan, FPF Vice President for Artificial Intelligence

FPF raised the importance of contractual responsibilities, existing data protection regulations, and equitable outcomes. Given these considerations, key recommendations included:

1. OMB should ensure that contractual responsibilities and requirements for transparency, testing, evaluation, and impact assessments in procured AI systems are based on clear definitions and roles, taking into account the risk profile of the AI system;

2. OMB should ensure that agencies procure AI systems or services that meet the existing data protection standards that apply to federal agencies when they handle personal data; and

3. OMB should ensure that agencies procure AI systems or services that support, rather than undermine equitable outcomes by requiring agencies to analyze the particular risks these systems may pose to people, especially marginalized individuals and communities.

The comments underscored FPF’s long-standing work around AI and generative AI tools and systems, including FPF’s Best Practices for AI and Workplace Assessment Technologies and Unfairness by Algorithm: Distilling the Harms of Automated Decision-Making.

Read our full comments to the OMB on responsible AI procurement in the government.

New Age-Appropriate Design Code Framework Takes Hold in Maryland

On April 6, the Maryland legislature passed HB 603/SB 571, the “Maryland Age-Appropriate Design Code Act” (Maryland AADC), which is currently awaiting action from Governor Moore. While FPF has already written about Maryland’s potentially “paradigm-shifting” state comprehensive privacy law, the Maryland AADC may similarly pioneer a new model for other states. The Maryland AADC seeks to create heightened protections for youth aged 17 and under and will apply to businesses that provide online services, products, or features reasonably likely to be accessed by children. Businesses that may not typically be in scope of other statutorily-created child privacy protections may find themselves with new obligations under this framework. 

See our comparison chart for a full side-by-side comparison between the Maryland Age-Appropriate Design Code and California Age-Appropriate Design Code. 

Who does the Maryland AADC apply to?

If enacted, the Maryland AADC will apply to businesses that provide online services, products, or features reasonably likely to be accessed by children. The applicability threshold is fairly similar to the California Consumer Privacy Act, as integrated into the California Age-Appropriate Design Code Act (California AADC). The Maryland AADC specifically captures businesses that conduct business in Maryland and meet one of three thresholds: 1) have annual gross revenue of at least $25,000,000, 2) buy, receive, sell, or share the personal data of 50,000 or more consumers, households, or devices, (down from 100,000 consumers or households in CA) or 3) derive at least 50% of annual revenue from the sale of personal data. 

What about that other age-appropriate design code? 

The Maryland AADC is the second “design code” bill to pass a U.S. state legislature, following the California AADC of 2022. However, FPF’s analysis finds that the Maryland AADC differs from its California predecessor in numerous critical ways. While the California AADC was slated to take effect on July 1, 2024, it was enjoined in September 2023 by the United States District Court for the Northern District of California (CA District Court) in Netchoice v. Bonta. The CA District Court held that plaintiffs were likely to succeed on their claim that several non-severable provisions of the California AADC violate the First Amendment. 

While litigation on the California AADC is ongoing, proponents of a design code-style framework have claimed they can fix it in light of the questions of Constitutionality raised in the District Court’s preliminary injunction. The “AADC 2.0” framework emerged during the 2024 state legislative session in several states, including Vermont, Minnesota, New Mexico, and Maryland. Maryland is the first state to pass an AADC 2.0 bill, and the Maryland AADC will, therefore, likely be the subject of considerable analysis and debate over whether the First Amendment vulnerabilities that plagued the California AADC have been removed.

Fundamental changes from California AADC

1. No express age estimation mandate

One of the most significant changes to the Maryland AADC is that there is no express obligation for businesses to determine the age of individuals using a service. Under the California AADC, businesses would have been required to estimate the age of young users with “a reasonable level of certainty appropriate to the risks” arising from data management practices or, alternatively, provide strict privacy protections by default to all individuals regardless of age. Under present methods, accurately estimating the age of users with a high level of accuracy typically necessitates collecting additional personal information, such as government identifiers or facial scans. In granting a preliminary injunction of the California AADC, the CA District Court appeared greatly troubled by this age estimation requirements, noting that it was “likely to exacerbate” rather than alleviate any harm of insufficient data protections for children by requiring both children and adults to share additional personal information. 

In 2023-2024, several other youth privacy laws with requirements to collect age information have similarly been enjoined by U.S. courts, often on First Amendment grounds. Given this consistent trend, it is unsurprising that the Maryland AADC would not include this requirement. Instead, the Maryland AADC solely relies on a “likely to be accessed by children” audience standard. Rather than collecting age information, a service will need to assess, using a variety of indicators, whether or not the service is likely to be used by children. Some factors appear to be modeled after the federal Children’s Online Privacy Protection Act’s (COPPA) similar “directed to children” standard, such as empirical evidence on audience composition or whether the online product features advertisements marketed to children. However, as a reminder, the Maryland AADC applies to children and teens up to 18. While businesses might have great familiarity with assessing whether advertisements appeal to children under 13 in complying with COPPA, doing this assessment for a 16 or 17-year-old might be less familiar and potentially more complicated. 

Notably, the CA District Court in Bonta also observed that the age estimation provision of the California AADC was the “linchpin” of the law because knowing the age of users is critical for applying “age-appropriate” protections. For example, the Maryland AADC requires that privacy information and community standards be provided in a language suited to the age of children likely to access the service. Therefore, it remains an open question whether Maryland’s removal of this express requirement also erases any implicit obligations for collecting age information to serve the “age-appropriate” protections mandated by the bill. 

2. Defining and upholding the “best interests of children”

While the Maryland AADC is an evolution of the California AADC, the California AADC is itself derived from the UK Age-Appropriate Design Code (UK AADC). A core component of the UK AADC is that businesses should consider the “best interests of the child” when designing and developing services online. The “best interests of the child” is a recognized concept adopted from the UN Convention on the Rights of the Child, of which the United States is the only country not to have ratified. In the United States, the “best interests of the child” typically is not an established legal standard outside of the family law context.

While the California AADC imported the “best interests of the child” language from the UK AADC, it did not include a definition. Under the California AADC, businesses would have been permitted to avoid certain obligations if they were able to demonstrate that their alternative course of action was consistent with the undefined “best interests of children.”

In contrast, the Maryland AADC establishes a quasi-‘duty of care’ that affirmatively obligates online services to act in the best interests of children. It goes on to scope “best interests of the child” by uses of a child’s data or design of an online product that will not result in 1) reasonably foreseeable and material physical or financial harm to children, 2) reasonably foreseeable and severe psychological or emotional harm to children, 3) a highly offensive intrusion on the reasonable privacy expectations of children, or 4) discrimination against children based upon race, color, religion, national origin, disability, gender identity, sex, or sexual orientation. As further explained below, this switch from using “best interests of the child” as a means to avoid obligations to instead creating affirmative obligations arguably makes the Maryland AADC less flexible in ways that could, for instance, disrupt or prevent children’s access to beneficial services.

3. Changes to data protection impact assessment (DPIA) obligations

The Maryland AADC, like the California AADC before it, requires businesses to conduct DPIAs to consider how online products will impact children. However, the Maryland AADC incorporates small but potentially impactful changes from its Californian predecessor. The District Court in Bonta took issue with the California AADC’s DPIA requirement for two reasons: 1) it did not address the harms it aimed to cure because the DPIAs addressed the risks arising from data management practices rather than the design of a service and 2) businesses were required to develop a plan to mitigate risks, there was no requirement actually to mitigate the risks. In light of this, the Maryland AADC requires that DPIAs include a description of steps the company has taken and will take to comply with the duty to act in the best interests of children. 

The Maryland AADC also makes small changes to what harms or risks must be assessed. The California AADC required assessing whether the service could expose children to “harmful” or “potentially harmful” content, which in particular raised the ire of the news industry. Though the District Court did not reach this issue, the Maryland AADC removed any mentions of content, presumably to proactively address any concerns about First Amendment free speech issues. The Maryland AADC is also absent a requirement to assess harms related to targeted advertising. During the legislative session, drafters removed any mentions of targeted advertising from the bill. The exclusion of “targeted advertising” may be less a response to Bonta and more likely because the Maryland Online Data Privacy Act, which also creates heightened protections for children and teens, explicitly addresses targeted advertising. 

4. Stricter processing restrictions

One area where the Maryland AADC arguably goes further than the California AADC is in placing more expansive default limitations on how businesses may process children’s data, which is defined to include everything from collecting, using, storing, and deleting personal information. The Maryland AADC would ban businesses from processing personal data that is not reasonably necessary to provide an online product with which the child is “actively and knowingly engaged.” While “actively and knowingly” is not defined, a strict reading would suggest that the bill forbids businesses from retaining any information about a child user beyond a single-use session, including basic details like account information and log-in credentials. This restriction would functionally deprive children of the ability to use many online products, services, and features. Even if future regulations or judicial holdings advance a more flexible interpretation of this restriction, it could significantly impact the ability of services to perform analytics, collect attribution data, or even receive health records from a parent or doctor. 

Under California AADC, there was an exemption from this prohibition if the business could demonstrate a compelling reason that the processing was in children’s best interests. However, the Maryland AADC has no similar exemption. Instead, Maryland will prohibit any processing inconsistent with children’s best interests under a separate provision, so reconciling the processing restrictions under this law may prove challenging. 

5. No mention of enforcing published terms

Unlike the California AADC and other state laws, the Maryland AADC does not require businesses to enforce their terms of service or other policies implemented under the law. By comparison, the California AADC would have required that businesses both publish and enforce “terms, policies, and community standards established by the business,” essentially giving the California Attorney General power to second guess core First Amendment-protected functions such as content moderation. While different in scope, Florida’s social media law recently heard in the Supreme Court similarly contained a requirement to enforce community standards that a District Court determined conflicted with a service’s First Amendment right to exercise editorial discretion. The absence of such a provision in the Maryland AADC may be explained by criticism of these other laws that pointed out that creating liability for services that fail to enforce published community guidelines may unintentionally incentivize platforms to lower community standards, leading to more harmful online spaces overall. 

Conclusion

After the California AADC passed, some thought a flurry of similar legislation could be passed in other states. While a handful of states considered copycat legislation over the last two legislative sessions, none have ultimately been enacted, potentially due to the ongoing legal questions about that model’s constitutionality. Now that Maryland is pioneering this new “AADC 2.0” framework, stakeholders should be on high alert for new legal challenges and the potential for other states to consider and iterate upon this approach.
If enacted, the Maryland AADC will go into effect on October 1, 2024 – coincidentally the same day the Connecticut Data Privacy Act’s recently passed heightened youth protections go into effect.

Future of Privacy Forum Partners on New National Science Foundation Large-Scale Research Infrastructure for Education

SafeInsights brings together digital learning platforms, institutions, and a world-class team to enable research studies to inform teaching and learning.

May 1, 2024 ― The Future of Privacy Forum (FPF) has received a subaward on the newly announced National Science Foundation (NSF) SafeInsights project, a five-year, $90 million research and development (R&D) infrastructure grant for inclusive education research. Led by OpenStax-Rice University, SafeInsights is a large-scale education research hub that will securely connect digital learning platforms and educational institutions to study learning across different contexts efficiently. This initiative represents the NSF’s largest single investment in R&D infrastructure for education at a national scale. SafeInsights will be the first national infrastructure of its kind and will deploy new techniques to ensure that research benefits are maximized while risk is minimized.

“Through this project, we’re excited to lend the Future of Privacy Forum’s expertise to help inform how researchers access rich learning data without compromising student privacy,” said John Verdi, FPF’s Senior Vice President for Policy. “Since its founding, FPF’s work has been driven by a belief that fair and ethical use of technology can improve people’s lives while safeguarding our privacy. SafeInsights’ model and directive will be critical to advancing the next generation of education research.”

SafeInsights includes a multidisciplinary network of 80 collaborating institutions and partners, including more than a dozen pioneering digital learning platforms that together reach tens of millions of students. The Future of Privacy Forum will collaborate with researchers and large-scale, digital learning platforms to enable privacy-preserving research studies to better understand student learning. 

According to national polls conducted by the Data Quality Campaign, 86% of teachers see using educational data as an integral part of effective teaching. However, the majority of teachers must individually piece together strategies to interpret and use that data, often with limited resources. 

FPF has a long history of advancing responsible research and data stewardship to accelerate safe data sharing between companies and academic researchers, including through its Privacy Research and Data Responsibility Research Coordination Network and Ethics and Data in Research Working Group. 

“Better research leads to better learning. SafeInsights will enable a community of researchers to safely study large, diverse groups of students over time as they use different learning platforms,” said Richard Baraniuk, Rice professor, OpenStax founder, and project lead. “Researchers will be able to explore new ways to understand learning for students at all levels of education, which can lead to unprecedented discoveries and next-level innovations.”

“SafeInsights’ values of privacy and equity are perfectly aligned with those of the Future of Privacy Forum, an organization that has spent 15 years working to advance both in the digital realm,” said Shea Swauger, FPF’s Senior Policy Analyst for Data Sharing and Ethics. “We look forward to partnering on this important work, leveraging new technologies to ensure all students succeed.”  

To learn more about SafeInsights and stay informed of future progress, please visit safeinsights.org.

About Future of Privacy Forum (FPF)

FPF is a global non-profit organization that brings together academics, civil society, government officials, and industry to evaluate the societal, policy, and legal implications of data use, identify the risks and develop appropriate protections. FPF believes technology and data can benefit society and improve lives if the right laws, policies, and rules are in place. FPF has offices in Washington D.C., Brussels, Singapore, and Tel Aviv. Follow FPF on X and LinkedIn.

Manipulative and Deceptive Design: New Challenges in Immersive Environments

With help from Selin Fidan, Beth Do, Daniel Berrick, and Angela Guo

Immersive technologies like spatial computing, gaming, and extended reality (XR) offer exciting ways to experience and engage with the world. However, interfaces for immersive technologies that further blur the lines between the physical and the virtual may also open the door to new, potentially more effective types of manipulative and deceptive design. Although scholars, regulators, and lawmakers have begun addressing so-called “dark patterns” in traditional online spaces, it is critical to understand the ways these design practices may manifest differently across different mediums, particularly in novel interfaces. Being able to identify how different choices may constitute manipulative and deceptive design in immersive environments is a key first step toward ensuring that new products and services are designed and built in a way that protects against harmful effects on privacy, security, safety, and competition.

“Dark Patterns”: A Primer

Design choices can significantly impact how information is presented. Organizations often utilize lawful, persuasive design choices in order to make their products or services look appealing or inform individuals about their features. Manipulative and deceptive design, by contrast, refers to the practice of designing a service or application in a way that leads users toward decisions or behavior they may not have otherwise chosen, often in a way that does not serve their best interests. For example, using intentionally confusing wording or emotionally charged language to trick users into sharing more information would likely be considered manipulative or deceptive.

The line distinguishing merely persuasive design practices from “manipulative” or “deceptive” ones can be ambiguous. To some extent, all interfaces, whether online or in the physical world, will steer user behavior or constrain their choices, and determining when it becomes unacceptable is a matter of open debate. Although scholars, practitioners, and regulators have developed taxonomies for defining and classifying so-called “dark patterns,” crafting appropriately scoped legislation and regulations that prevent harmful practices without restricting reasonable design practices is challenging.

In the context of data protection, regulations related to manipulative and deceptive design often focus on consent flows for data collection and use. Because manipulative and deceptive design practices may facilitate consent that is not truly “informed” or “freely-given,” regulators have indicated that these practices threaten the notice and consent regime underpinning most U.S. privacy law. Not only do such practices undermine individual autonomy and potentially cause direct harm, they may also create market distortions that hurt competition and limit user options. Beyond practices that obscure or subvert privacy choices, the Federal Trade Commission (FTC)—which has led enforcement against “dark patterns” as part of its FTC Act Section 5 authority—has also specifically drawn attention to design elements that induce false beliefs, hide or delay important information, lead to unauthorized charges, and make it difficult to cancel subscriptions.

New Manifestations of Manipulative and Deceptive Design in Immersive Environments

Many of the manipulative and deceptive design practices that exist in traditional web and mobile environments can also be found in immersive environments, and organizations operating in this space should be careful to avoid them. XR and virtual world applications, for example, are just as prone to practices such as visual interference and nagging as traditional online spaces. However, immersive technologies’ unique qualities and characteristics may also open the door to new, potentially more effective forms of manipulation and deception.

Some aspects of immersive technologies that may lend themselves to new or stronger manipulative design include heightened realism and blending of virtual and physical elements. These characteristics could make it easier to subtly alter a person’s perception of reality or convince them to engage in certain behavior, particularly when combined with advanced forms of AI that closely mirror human behavior or genuine experiences. Additionally, immersive technologies’ collection and aggregation of large amounts of personal data, including novel data types like eye gaze, creates further privacy risks. Often, this will involve data types and uses with which users are unfamiliar, putting them at an information disadvantage when making decisions about how to engage with applications. Finally, immersive technologies often provide individuals with novel interfaces and modes of interaction, as well as increasingly realistic AI-generated content, making immersive environments particularly conducive to manipulative or deceptive design patterns. While immersive interfaces may, if done correctly, help improve user education and facilitate more informed consent, they could also be exploited to trick users. 

Examples of potential manipulative design in immersive environments: blocking important disclosure information with design elements. Source: Wang, Lee, Hernandez, & Hui

What makes immersive technologies so powerful in healthcare, education, and entertainment contexts may also make them more prone to manipulative use. The immersive elements of these technologies described above, in addition to the ability to create multi-modal experiences combining visuals, audio, text, and even haptics, present more opportunities for enhanced persuasion, as well as more mechanisms through which a motivated actor could obscure, hide, or misrepresent information to a user. Devices like neurotechnologies that can access an individual’s brain activity, for example, may allow bad actors to not only analyze their mental state, but potentially alter it as well.
To avoid unintentionally deploying a product or service with a deceptive design element, organizations should design disclosures in a way that harnesses immersive technologies’ strengths and provides effective user education about new data types and uses. Organizations should invest in ensuring that regulators and the general public are able to develop a practical understanding of how sophisticated manipulative and deceptive design techniques can emerge in immersive spaces, given novel technological capabilities and data sources. While some researchers have begun studying manipulation in immersive technologies, more research will also be needed to develop both theoretical and empirical accounts of the mechanisms by which users are manipulated or deceived. Table 1 below illustrates what such practices could include.

Table 1: Potential manipulative and deceptive design in immersive technologies

Manipulative or deceptive design practices	Examples
Driving users towards certain behavior, or blocking from behavior, using design patterns, lighting, sound, or haptics, in a way that is not in the user’s best interest.	Directing users’ attention away from an important notice by causing controllers to rumble in certain ways at certain times.
Using lighting, interface design, or data about where a user is looking to hide or obscure relevant information, or make certain desired behaviors more likely.	Using eye gaze data to determine where a user is looking, and placing a privacy disclosure out of their view. Or, using lighting in the physical world to block part of a virtual disclosure box, preventing a user from opting out of data collection or use.
Using immersive technology’s heightened realism and immersion to play on certain emotions or associations to persuade a user to do or not do something.	Having avatars of a user’s loved ones deliver messages or endorsements.
Digitally presenting a product or service in a misleading way, deceiving the user and causing them to make a purchase when they may not have, had they been presented a more accurate representation.	Virtual try-on application depicting a product in an inaccurate way (false advertising).
Using personal data to make inferences about a user’s mental state for the purpose of getting the user to engage in an action when they are most vulnerable.	Inferring when a user is upset, based on personal data, and targeting them with particular ads or asking to divulge more data.
Altering or editing elements of the physical world with digital content in order to change a user’s perception in a harmful way.	Superimposing a brand, logo, or message onto a person, physical object, or location without consent.
Pushing users towards certain physical locations that might be in the designer’s best interest but not necessarily the user’s.	Using eye gaze data or haptics to direct a user towards a location for advertising purposes.

Generative AI Increases Risks for Manipulative and Deceptive Design in Immersive Tech

Immersive, data-rich environments may also be fertile ground for AI-driven agents that create highly targeted influence campaigns tailored for each person based on large amounts of their personal data, and responsive to their behavior in real time. A study by XR pioneer Jeremy Bailenson demonstrated that when political candidates’ faces were subtly edited to make them look more like the study participant, they were more likely to vote for that candidate. A motivated actor armed with intimate user data and powerful AI tools could exploit these human tendencies in order to sway elections, undermine consumer autonomy, or sow disinformation. The combination of these two powerful technologies—AI that can learn about people in real-time, and immersive technologies that convince the body that a virtual experience is actually physical—could supercharge the effectiveness of manipulative and deceptive design practices.

Regulating Manipulative and Deceptive Design in Immersive Environments

Although there is no federal law against manipulative or deceptive design, the FTC has authority under Section 5 of the FTC Act to protect people from “unfair” and “deceptive” acts and practices. It has used this authority to go after alleged “dark patterns” that cause or are likely to cause unavoidable harm that isn’t outweighed by other benefits (see Table 2 below for examples). The FTC looks for particular patterns when determining whether a given practice is manipulative or deceptive. It also enforces a number of general consumer protection laws and regulations that may regulate manipulative or deceptive design, such as the Restore Online Shoppers’ Confidence Act (ROSCA), Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), Telemarketing Sales Rule (TSR), Truth in Lending Act (TILA), Children’s Online Privacy Protection Act (COPPA), and Equal Credit Opportunity Act (ECOA).

Table 2: FTC manipulative or deceptive design cases and enforcement actions

Case	Description of FTC’s Allegations	Order
FTC v. Vonage (2022)	Allegedly created a “panoply of hurdles” for consumers to cancel recurring service plans, charged these consumers with a previously undisclosed “early termination fee,” and frequently continued charging subscription fees after cancellation.	Vonage must provide consumers with a cancellation option that is easy to find and use.
In re Tapjoy (2021)	According to the FTC, used both explicit false promises and hard-to-navigate interfaces to deceptively induce consumers to part with money or personal data, waste their time, and cause frustration.	Tapjoy must not make misrepresentations about consumer rewards.
FTC v. Age of Learning (2020)	Allegedly touted easy cancellation in promotional material, made it difficult to cancel subscriptions by providing circular forms, and auto-renewed subscriptions at the most expensive level without consumer notice or consent.	Age of Learning must not misrepresent the ease of cancellation or recurring charges, must obtain affirmative consent for renewals, and must provide a simple cancellation interface.
In the Matter of Epic Games (2023)	The FTC alleged Epic Games charged consumers for in-game purchases, including accidentally-made purchases, without consent, and banned consumers from accessing content they paid for when they disputed these charges to their credit card companies.	Epic must not charge consumers without receiving consent, provide a simple mechanism to revoke consent for charges, not deny consumers access to their account for disputing charges, and pay a civil penalty.
FTC v. Publishers Clearing House (2023)	According to the FTC, used manipulative phrasing and website design to mislead consumers about how to enter the company’s sweepstakes drawings, making them believe a purchase was necessary to win or would increase their chances of winning.	PCH may not make misleading claims, must make clear disclosures, end surprise fees, stop deceptive emails, and destroy some consumer data, among other things.
FTC and State of California v. CRI Genetics (2023)	Allegedly used a complicated series of pop-ups and add-ons to push consumers to purchase additional products and services.	Proposed order would require CRI to stop its misleading claims, obtain consent, delete some consumer data, and pay a civil penalty.
FTC v. Bridge It (2023)	According to the FTC, made it easy to sign up for membership but used a number of strategies—including confusing navigation, a variety of screens, additional offers, a multiple choice survey—to make it difficult to cancel.	Proposed order would require Bridge It to make disclosures about and obtain consent for negative option programs, provide a simple mechanism to cancel, and pay a civil penalty.
FTC v. Floatme (2024)	The FTC alleged Floatme intentionally used design patterns to make it difficult for consumers to cancel subscriptions, and continued to offer an error-filled cancellation process even after consumer complaints.	Floatme must get consent for charges and provide an easy cancellation method.

In addition to the FTC’s authority, manipulative and deceptive design is also regulated by provisions on “dark patterns” in certain state laws covering privacy, safety, and “unfair or deceptive acts or practices” (UDAP). Most state comprehensive privacy laws specifically prohibit using “dark patterns” to obtain user consent¹, generally defining these as “user interface[s] designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision making, or choice.” This language is drawn from the Deceptive Experiences To Online Users Reduction (DETOUR) Act, a federal bill introduced in 2021. Although it did not pass, the DETOUR Act laid the groundwork for “dark patterns” provisions not just in state privacy laws but also the California Age Appropriate Design Code, the American Data Privacy and Protection Act (ADPPA), and the American Privacy Rights Act (APRA).

FPF has provided more detailed analysis on the DETOUR Act and its progeny HERE.

In draft federal and state legislation, lawmakers are also increasingly seeking to restrict manipulative and deceptive design beyond the context of consent, such as design that encourages compulsive use of a product or service. For example, legislation has been introduced to target particular types of manipulative or deceptive design, or particular audiences like children, such as:

• Social Media Addiction Reduction Technology (SMART) Act, a federal bill that would target addiction and “psychological exploitation” on social media.
• Vermont’s Age Appropriate Design Code, which would prohibit “low-friction variable reward” designs like endless scroll and autoplay.
• New York’s Child Data Privacy and Protection Act, which would grant the Attorney General the authority to ban features deemed to “inappropriately amplify the level of engagement” of a child user.
  

While “dark patterns” regulations will likely apply to certain practices in immersive technologies, questions remain about whether they adequately address the risks, or what impact they could have on product design. Practices that might benefit users in certain situations—such as using eye tracking to hide scene changes in order to create smoother, more enjoyable experiences—may, in other situations, manipulate or deceive users by hiding important information about privacy. With the blunt instrument of law, it may be difficult to single out only the practices that could cause harm without preventing innocuous or beneficial practices. It’s also not clear that “dark patterns” regulation, confined to the context of consent, provides any additional protections that aren’t already covered by UDAP or privacy laws, which have high standards for what constitutes proper consent. At the same time, the focus on consent, to the exclusion of other instances of manipulative or deceptive design, may ignore harmful design practices that don’t involve consent. These policy scoping questions will only become more germane as AI, neurotechnology, smart devices, and other emerging technologies pose new opportunities for manipulative and deceptive design.

Conclusion and Recommendations

Organizations deploying immersive technologies must recognize that the heightened realism, immersivity, and reliance on personal data may lead to new, potentially more powerful forms of manipulative and deceptive design, and take steps to proactively address their risks. In addition to instituting best practices to avoid manipulative and deceptive design, organizations should also create internal processes for monitoring and responding to complaints of such practices. 

Organizations deploying immersive tools aren’t the only ones who will need to take proactive steps here. Researchers in both academia and industry should familiarize themselves with technologies and, specifically, how immersive environments may be particularly conducive to manipulative and deceptive design practices, and begin developing best practices for preventing them. Policymakers as well as regulators, such as the FTC and those tasked with enforcing consumer protection law, should also stay up to date on the latest research about immersive technologies and ways that they are used by individuals as well as unintended adverse impacts of any legislative or regulatory measure. 

1. California, Colorado, Connecticut, Delaware, Montana, New Jersey, Texas, and New Hampshire all prohibit the use of “dark patterns” to obtain consent. Oregon has a similar prohibition but does not use the term “dark patterns.” Florida’s “Digital Bill of Rights,” while not technically a comprehensive privacy law, uses the same language to prohibit “dark patterns” in obtaining consent, as well as for other practices in regards to children. A number of laws also point to the FTC’s conception and taxonomy of “dark patterns.” ↩︎

Setting the Stage: Connecticut Senate Bill 2 Lays the Groundwork for Responsible AI in the States 

NEW: Read Tatiana Rice’s op-ed in the CT Mirror on SB2

Last night, on April 24, the Connecticut Senate passed SB 2, marking a significant step toward comprehensive AI regulation in the United States. This comprehensive, risk-based approach has emerged as a leading state legislative framework for AI regulation. If enacted, SB 2 would stand as the first piece of legislation in the United States governing the private-sector development and deployment of AI with comparable scale to the EU AI Act. The law would become effective February 1, 2026. 

FPF has released a new Two-Pager Fact Sheet that summarizes core components of CT SB 2 pertaining to private-sector regulation. 

“Connecticut Senate Bill 2 is a groundbreaking step towards comprehensive AI regulation that is already emerging as a foundational framework for AI governance across the United States. The legislation aims to strike an important balance of protecting individuals from harms arising from AI use, including creating necessary safeguards against algorithmic discrimination, while promoting a risk-based approach that encourages the valuable and ethical uses of AI. We look forward to continuing to work with Sen. Maroney and other policymakers in the future to build upon and refine this framework, ensuring it reflects best practices and is responsive to the dynamic AI landscape.”

–Tatiana Rice, Deputy Director for U.S. Legislation

At a high level, here’s our summary of the bill’s most significant private-sector provisions: 

1. Scope: The bill’s private-sector provisions primarily regulate developers and deployers of high-risk AI systems, i.e. those used to make, or are a substantial factor in making, consequential decisions regarding education, employment, financial or lending services, healthcare, or other important life opportunities. There are small business exceptions for deployers in certain circumstances. The bill also contains requirements for any person or entity deploying an artificial intelligence system that interacts with individuals to disclose to the person that they are engaging with an AI system and watermark AI-generated content. 
2. Developer and Deployer Obligations: Both developers and deployers of high-risk AI systems would be subject to a duty of reasonable care to avoid algorithmic discrimination and issue a public statement regarding the use or sale of high-risk AI systems. Developers would also need to provide certain disclosures and documentation to deployers, including information regarding intended use, data used to train the system and risk mitigation measures. Deployers would be required to maintain a risk management policy, conduct impact assessments on high-risk AI systems, and ensure consumers are provided their relevant rights. 
3. Individual Rights: Individuals must be provided notice before a high-risk AI system is used to make, or be a substantial factor in making, a consequential decision. If an adverse consequential decision is made, individuals have a right to an explanation of how the high-risk AI system came to its conclusion, including the personal data used to render the decision, the right to correct the personal data used to render the decision, and the right to appeal the decision for human review. If a deployer is also a controller under the Connecticut Data Privacy Act (CTDPA), they also must inform individuals of their rights under the CTDPA, including the right to opt-out of profiling in furtherance of solely automated decisions. 
4. Enforcement:  The Attorney General would have the sole authority to enforce provisions of the bill, though the bill explicitly does not supersede existing authority of other state agencies to enforce against discrimination, including the Connecticut Commission on Human Rights and Opportunities (CHRO). However, the Attorney General may not bring an action for claims otherwise being brought by the CHRO for the same conduct. Developers and deployers would have a 60-day right to cure any alleged violations until June 30, 2026. 
5. Compliance and Reciprocity: After the bill becomes enacted, entities would have almost two years to come into compliance with the Act. If an entity is otherwise in compliance with the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework or another nationally or internationally recognized risk management framework, they may assert so as an affirmative defense. 

Beyond the bill’s private-sector regulations, SB 2 also creates a new task force to create recommendations regarding the regulation of generative and general-purpose AI, and contains provisions regarding AI-generated non-consensual intimate images, deepfakes in political communications, workforce development, and public-private partnerships, amongst other topics. 

FPF will continue to track the bill’s developments in the coming weeks. Follow FPF on Twitter/X for the latest updates.

FPF Develops Checklist & Guide to Help Schools Vet AI Tools for Legal Compliance

FPF’s Youth and Education team has developed a checklist and accompanying policy brief to help schools vet generative AI tools for compliance with student privacy laws. Vetting Generative AI Tools for Use in Schools is a crucial resource as the use of generative AI tools continues to increase in educational settings. It’s critical for school leaders to understand how existing federal and state student privacy laws, such as the Family Educational Rights and Privacy Act (FERPA) apply to the complexities of machine learning systems to protect student privacy. With these resources, FPF aims to provide much-needed clarity and guidance to educational institutions grappling with these issues.

Click here to access the checklist and policy brief.

“AI technology holds immense promise in enhancing educational experiences for students, but it must be implemented responsibly and ethically,” said David Sallay, the Director for Youth & Education Privacy at the Future of Privacy Forum. “With our new checklist, we aim to empower educators and administrators with the knowledge and tools necessary to make informed decisions when selecting generative AI tools for classroom use while safeguarding student privacy.”

The checklist, designed specifically for K -12 schools, outlines key considerations when incorporating generative AI into a school or district’s edtech vetting checklist. 

These include: 

• assessing the requirements for vetting all edtech;
• describing the specific use cases;
• preparing to address transparency and explainability; and 
• determining if student PII will be used to train the large language model (LLM). 
  

By prioritizing these steps, educational institutions can promote transparency and protect student privacy while maximizing the benefits of technology-driven learning experiences for students. 

The in-depth policy brief outlines the relevant laws and policies a school should consider, the unique compliance considerations of generative AI tools (including data collection, transparency and explainability, product improvement, and high-risk decision-making), and their most likely use cases (student, teacher, and institution-focused).

The brief also encourages schools and districts to update their existing edtech vetting policies to address the unique considerations of AI technologies (or to create a comprehensive policy if one does not already exist) instead of creating a separate vetting process for AI. It also highlights the role that state legislatures can play in ensuring the efficiency of school edtech vetting and oversight and calls on vendors to be proactively transparent with schools about their use of AI.

Check out the LinkedIn Live with CEO Jules Polonetsky and Youth & Education Director David Sallay about the Checklist and Policy Brief.

To read more of the Future of Privacy Forum’s youth and student privacy resources, visit www.StudentPrivacyCompass.org.