Search results

[…] find that terrifically exciting. You have an extensive background in the data privacy landscape across a range of issues that continue to evolve. What particular sector is one to watch in the U.S.? As a community, we have been wrestling with how to approach privacy in the context of AI systems: the challenge is […]

[…] development and deployment of AI systems. Between 2023 and 2025, the Future of Privacy Forum tracked 27 pieces of enacted AI-related legislation across 14 states, along with one federal law (the TAKE IT DOWN Act) that carry direct or indirect implications for private-sector AI developers and deployers. Notably, most enacted AI laws are already […]

[…] “la rg e fr o ntie r deve lo pers ” ( e ntit ie s th at have tr a in e d at le ast one fo und atio n mod el usin g ove r 10 ^2 6 in te g er o pera tio ns) re g ard in g […]

[…] such that technology or AI systems themselves are not prohibited, but “practices” involving specific AI systems that pose unacceptable risks are. This framing is different from the one in Chapter III of the AI Act, which classifies and regulates systems themselves as “high-risk AI systems.”    The prohibited practices are, by their inherent nature, deemed […]

[…] frameworks—from state privacy laws and sector-specific regulations to emerging AI-specific requirements and longstanding consumer protection and civil rights protections. The challenge for practitioners is not just tracking new proposals, but understanding how existing laws apply to AI systems today and how to operationalize compliance across multiple, often overlapping, regulatory regimes. In FPF’s training on […]

[…] as litigation progresses. However, with an unclear litigation timeline, several newly effective legal obligations, and significant enforcement provisions carrying personal liability for employees, compliance teams may be stuck between two high-stakes options: (1) a risk of insufficient action and consequential liability if entities are slower to come into compliance while monitoring litigation outcomes; or, (2) […]

[…] include narrower applicability thresholds. With respect to applicability threshold criteria, South Carolina aligns with the model set out in Maryland’s AADC, applying to entities that meet any one of the following: (1) $25 million or more in gross annual revenue; (2) the buying, selling, receiving, or sharing of personal data of more than 50,000 […]

[…] polic y la n d sc a p e is , th is ch art does no t co m pare th e Act to an y one sta te la w or mod el. R ath e r, th e ch art id entifi e s th e most re le va n […]

The U.S. privacy law landscape continues to mature as new laws go into effect, cure periods expire, and regulators interpret the law through enforcement actions and guidance. State attorneys general and the Federal Trade Commission act as the country’s de facto privacy regulators, regularly bringing enforcement actions under legal authorities both old and new. […]