Resources

Since the California Consumer Privacy Act (CCPA) was enacted in 2018, business obligations under the law have continued to evolve due to several rounds of rulemaking by both the Attorney General and the California Privacy Protection Agency (CPPA). The latest regulations from the CPPA are some of the most significant yet. Starting January 1, 2026, […]

State lawmakers accelerated their focus on AI regulation in 2025, proposing a vast array of new regulatory models. From chatbots and frontier models to healthcare, liability, and sandboxes, legislators examined nearly every aspect of AI as they sought to address its impact on their constituents. To help stakeholders understand this rapidly evolving environment, the Future […]

On September 10th, FPF provided comments regarding draft regulations for implementing the heightened minor protections within the Colorado Privacy Act (“CPA”). Passed in 2021, the CPA, a Washington Privacy Act style-framework, provides comprehensive privacy protections to consumers in Colorado that are enforced by the state Attorney General’s office, which also has rulemaking authority. In 2024, […]

Conversational AI technologies are hyper-personalizing. Across sectors, companies are focused on offering personalized experiences that are tailored to users’ preferences, behaviors, and virtual and physical environments. These range from general purpose LLMs, to the rapidly growing market for LLM-powered AI companions, educational aides, and corporate assistants. There are clear trends among this overall focus: towards […]

On August 28th, FPF provided comments regarding draft regulations for implementing the New Jersey Data Privacy Act (“NJDPA”). FPF seeks to support balanced, informed public policy and equip regulators with the resources and tools needed to craft effective regulation. In response to the Agency’s public comment on the proposed rules, FPF recommends that the Division […]

The widespread adoption of artificial intelligence (AI) continues to impact societies and economies around the world. Policymakers worldwide have begun pushing for normative frameworks to regulate the design, deployment, and use of AI according to their specific ethical and legal standards. In Latin America, some countries have joined these efforts by introducing legislative proposals and […]

On July 17, 2025, the Future of Privacy Forum (FPF) hosted the second in a series of Technologist Roundtables with the goal of convening an open dialogue on complex technical questions that impact law and policy, and assisting global data protection and privacy policymakers in understanding the relevant technical basics of large language models (LLMs). […]

As of halfway through 2025, four U.S. states have enacted laws regarding “neural data” or “neurotechnology data.” These laws, all of which amend existing state privacy laws, signify growing lawmaker interest in regulating what’s being considered a distinct, particularly sensitive kind of data: information about people’s thoughts, feelings, and mental activity. Created in response to […]

On April 25, 2025, the Future of Privacy Forum and the Mozilla Foundation co-hosted a Privacy Enhancing Technologies (PETs) Workshop in Washington, DC, convening industry, academia, and civil society experts to explore practical applications of PETs. The workshop featured two leading-edge use cases: Mastercard’s cross-border fraud detection system using Fully Homomorphic Encryption (FHE), and Oblivious’s […]

In this use case, Oblivious partnered with an insurance company to tackle a common tension between data privacy and utility: how to retain meaningful insights from personal data while complying with legal requirements to delete it. By applying Differential Privacy, the organization can preserve actuarial insights without violating global privacy laws, generating differentially private statistical […]