A New Paradigm for Consumer Health Data Privacy in Washington State
The Washington ‘My Health, My Data’ Act (MHMD or the Act) establishes a fundamentally new legal framework within U.S. law to regulate the collection, use, and transfer of consumer health data. Signed into law by Governor Inslee on April 27, MHMD was introduced by request of the Washington Attorney General in response to the Supreme […]
FPF Announces Recipients of the Third Annual Award for Research Data Stewardship
Today, the Future of Privacy Forum (FPF) — a global non-profit focused on data protection headquartered in Washington, D.C. — announced the winners of the third annual Award for Research Data Stewardship. FPF is a long-standing advocate for privacy-protective data sharing by industry to the research community to advance scientific insights and drive progress in […]
Tenn. Makes Nine? ‘Tennessee Information Protection Act’ Set to Become Newest Comprehensive State Privacy Law
On Friday April 21, Nashville lawmakers approved the Tennessee Information Protection Act (TIPA) following unanimous votes. Tennessee now joins Iowa, Indiana, and Montana as the four states in 2023 that have advanced baseline privacy legislation governing the collection, use, and transfer of consumer data. TIPA is closely modeled on the Virginia Consumer Data Protection Act […]
The ‘Montana Consumer Data Privacy Act’ Reminds us that Privacy is Bipartisan
On Friday, April 21st, the Montana State Legislature approved the ‘Montana Consumer Data Privacy Act’ (MCDPA) to be sent to the Governor’s desk. If enacted by Governor Gianforte, Montana would join the 6 states that have adopted comprehensive privacy frameworks. Notably, at almost every stage of the legislative process, the MCDPA received unanimous bipartisan support […]
Tanzania’s Personal Information Protection Act: Overview, Key Takeaways, and Context
On November 27 2022, the President of Tanzania signed the Personal Information Protection Act, 2022 (PIPA) after it garnered unanimous Parliamentary support following its September 2022 introduction during the 8th Parliamentary sitting. The Act’s passage makes the United Republic of Tanzania (henceforth referred to as “Tanzania”) the 35th country in Africa to enact a standalone data […]
Whither Indiana? Somewhere in the Middle for Consumer Privacy Protection
On April 13, 2023, Indiana Senate Bill 5 unanimously cleared the state legislature. If enacted by Governor Holcomb, Indiana will become the seventh state to enact a baseline consumer privacy law. To help stakeholders assess where Indiana fits into the expanding U.S. state privacy landscape, the Future of Privacy Forum has released a chart comparing […]
Let’s Look at LLMs: Understanding Data Flows and Risks in the Workplace
Over the last few months, we have seen generative AI systems and Large Language Models (LLMs), like OpenAI’s ChatGPT, Google Bard, Stable Diffusion, and Dall-E, send shockwaves throughout society. Companies are racing to bake AI features into existing products and roll out new services. Many Americans are worrying whether generative AI and LLMs are going […]
FPF Report: Not-So-Standard Clauses – An Examination of Three Regional Contractual Frameworks for International Data Transfers
On March 30, the Future of Privacy Forum launched a new report comparing three regional model contractual frameworks for cross-border data transfers. The report compares the EU’s Standard Contractual Clauses (SCCs), the ASEAN Model Contractual Clauses (MCCs), and the Iberoamerican Network’s Model Transfer Agreement (MTA). The three frameworks cover a total of 62 jurisdictions on […]
Utah Considers Proposals to Require Web Services to Verify Users’ Ages, Obtain Parental Consent to Process Teens’ Data
Update: On March 23, Governor Spencer Cox signed SB 152 and HB 311. While amendments were made to both bills, the concerns raised in FPF’s analysis remain. SB 152 leaves critical provisions, such as methods to verify age or obtain parental consent, to be established in further rulemaking, but questions remain regarding whether these can […]
Workplace Discrimination and Equal Opportunity
Why monitoring cultural diversity in your European workforce is not at odds with GDPR Author: Prof. Lokke Moerel* The following is a guest post to the FPF blog from Lokke Moerel, Professor of Global ICT Law at Tilburg University and a lawyer with Morrison & Foerster (Brussels). The guest blog reflects the opinion of the […]