Resources

On September 10th, FPF provided comments regarding draft regulations for implementing the heightened minor protections within the Colorado Privacy Act (“CPA”). Passed in 2021, the CPA, a Washington Privacy Act style-framework, provides comprehensive privacy protections to consumers in Colorado that are enforced by the state Attorney General’s office, which also has rulemaking authority. In 2024, […]

Conversational AI technologies are hyper-personalizing. Across sectors, companies are focused on offering personalized experiences that are tailored to users’ preferences, behaviors, and virtual and physical environments. These range from general purpose LLMs, to the rapidly growing market for LLM-powered AI companions, educational aides, and corporate assistants. There are clear trends among this overall focus: towards […]

On August 28th, FPF provided comments regarding draft regulations for implementing the New Jersey Data Privacy Act (“NJDPA”). FPF seeks to support balanced, informed public policy and equip regulators with the resources and tools needed to craft effective regulation. In response to the Agency’s public comment on the proposed rules, FPF recommends that the Division […]

As of halfway through 2025, four U.S. states have enacted laws regarding “neural data” or “neurotechnology data.” These laws, all of which amend existing state privacy laws, signify growing lawmaker interest in regulating what’s being considered a distinct, particularly sensitive kind of data: information about people’s thoughts, feelings, and mental activity. Created in response to […]

Data-driven pricing: A set of practices that use personal and/or non-personal data to routinely inform decisions about the prices and products offered to consumers, often for the purpose of price personalization. State lawmakers in the U.S. are seeking to regulate various pricing strategies that fall under the umbrella of data-driven pricing, following the release in […]

A significant new chapter for data privacy protections in the United States has commenced as more than twenty recently enacted significant state privacy laws have taken effect by July 1, 2025. To assist stakeholders in tracking the emerging state privacy landscape, the Future of Privacy Forum has prepared a resource listing key dates for state […]

On March 4, 2025, Senator Markey reintroduced the Children and Teens’ Online Privacy Protection Act (COPPA 2.0), which was referred to the Committee on Commerce, Science, and Transportation for consideration. COPPA 2.0 would amend the Children’s Online Privacy Protection Act (COPPA), initially passed in 1998 to provide protections for teens. On June 25, 2025, the […]

Today, FPF Senior Fellow Zoe Strickland testified before the U.S. House of Representatives Financial Services Subcommittee on Financial Institutions, providing expert insight about data privacy in the financial system, focusing specifically on rulemaking under Section 1033 of the Dodd-Frank Act.  With over 25 years of experience as a global chief privacy officer at Fortune 20 […]

Today, the Future of Privacy Forum (FPF) published a new paper—Data Minimization’s Substantive Turn: Key Questions & Operational Challenges Posed by New State Privacy Legislation. Data minimization is a bedrock principle of privacy and data protection law, with origins in the Fair Information Practice Principles (FIPPs) and the Privacy Act of 1974. At a high […]

In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common goal: crafting a design code […]