Search results

[…] always personal; their classification depends on the perspective of the actor processing them (paras. 76–77, 86).  The controller’s duty to provide notice applies ex ante at the time of collection, before the data have undergone pseudonymization, and must be assessed from the controller’s standpoint, regardless of whether the recipient can re-identify it (paras. 102, […]

[…] original passage of the GDPR resulted in thousands of amendments in the European Parliament and took several years, so that any radical reform would take so much time that it would fail to attain the goal of rapidly improving EU competitiveness. Thoughtful suggestions for targeted reform of the GDPR have already been made by […]

[…] years after the activity’s conclusion. Retain DPAs in an electronic, transferable form. Rule 8.05(E). There is no explicit requirement to retain DPIAs for a certain amount of time after a processing activity concludes, but a controller is still subject to general record-keeping obligations to demonstrate GDPR compliance. See Art. 24. California is slightly stricter […]

[…] on the third Thursday of the month at 3pm ET ● Privacy and government affairs leaders interested in U.S. federal and state comprehensive privacy legislation. ● Provides timely updates and a monthly newsletter on new developments, research, and publications related to U.S. federal and state legislation. ● Informs policymakers on complex technical and legal […]

[…] to welcome Anne, Peter, Nuala, and Harriett to our board,” said Jules Polonetsky, FPF CEO. “Their collective experience will be invaluable in guiding FPF’s work at a time when data, privacy, and emerging technologies are reshaping every sector of society.” Alan Raul, FPF’s Board President, added, “Our stellar new members will complement the Board’s […]

[…] late as January 1, 2026, to sign, veto, or issue chapter amendments, a process that allows the governor to negotiate substantial changes with the legislature at the time of signature. Given Newsom’s signature of SB 53, a central question is whether RAISE will be amended to more closely align with the California law. To […]

[…] this report, ?enacted? refers to bills that have passed both chambers of the legislature and been enrolled, though they may still be awaiting gubernatorial signature at the time of publication. Upon pub lication of this report, bills in California and New York are still awaiting gubernatorial action. This total is limited to bills with […]

[…] of AI systems that generate text, images, or other media for public use, rather than establishing broad governance frameworks. Most bills addressed specific concerns such as real- time Future of Privacy Forum | The State of State AI | October 2025 12 warnings to users or traceability of outputs, with additional proposals exploring themes […]

[…] critical infrastructure. Generative AI proposals centered on labeling: A majority of generative AI bills in 2025 focused on content labeling—either required disclosures visible to users at the time of interaction, or a more technical effort of tagging of provenance or training data to enhance content traceability—to address risks of deception and misinformation. Bills include: […]