Vermont and Nebraska: Diverging Experiments in State Age-Appropriate Design Codes
In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common goal: […]
Amendments to the Montana Consumer Data Privacy Act Bring Big Changes to Big Sky Country
On May 8, Montana Governor Gianforte signed SB 297, amending the Montana Consumer Data Privacy Act (MCDPA). This amendment was sponsored by Senator Zolnikov, who also championed the underlying law’s enactment in 2023. Much has changed in the state privacy law landscape since the MCDPA was first enacted, and SB 297 incorporates elements of further […]
The Curse of Dimensionality: De-identification Challenges in the Sharing of Highly Dimensional Datasets
The 2006 release by AOL of search queries linked to individual users and the re-identification of some of those users is one of the best known privacy disasters in internet history. Less well known is that AOL had released the data to meet intense demand from academic researchers who saw this valuable data set as essential […]
FPF Launches Major Initiative to Study Economic and Policy Implications of AgeTech
FPF and University of Arizona Eller College of Management Awarded Grant by Alfred P. Sloan Foundation to Address Privacy Implications, and Data Uses of Technologies Aimed at Aging At Home The Future of Privacy Forum (FPF) — a global non-profit focused on data protection, AI and emerging technologies–has been awarded a grant from the Alfred […]
Chile’s New Data Protection Law: Context, Overview, and Key Takeaways
On August 26, 2024, the Chilean Congress approved Law 21.719, on the Protection of Personal Data (“LPPD”) after eight years of legislative debate. The legislation was published on December 13, 2024, and will become fully effective twenty-four months after that date (in December 2026). The LPPD was introduced in the Senate in 2017 to replace […]
Minding Mindful Machines: AI Agents and Data Protection Considerations
Thank you for the contributions of Rob van Eijk, Marlene Smith, and Katy Wills We are now in 2025, the year of AI agents. In the last few weeks, leading large language model (LLM) developers (including OpenAI, Google, Anthropic) have released early versions of technologies described as “AI agents.” Unlike earlier automated systems and even […]
Twelve Privacy Investments for Your Company for a Stronger 2025
FPF has put together a list of Twelve Privacy Investments for Your Company for a Stronger 2025 that reflects on new perspectives on the work that privacy teams do at their organizations. We hope there is something here that’s useful where you work, and we’d love to hear other ideas and feedback. Privacy Investments for Your […]
History of the FPF Smart Places Initiative
As of December 31, 2024, the Future of Privacy Forum will retire and no longer support the Smart Places Self-Regulatory Program, including the MAC Address Opt-Out previously hosted at www.smart-places.org. Read on to learn more about the history and the future of this initiative. Brief History of Smart Places The Smart Places Opt-Out and Code […]
Five Big Questions (and Zero Predictions) for the U.S. State Privacy Landscape in 2025
In the enduring absence of a comprehensive national framework governing the collection, use, and transfer of personal data, state-level activity on privacy legislation has been on a consistent upward trend since the enactment of the California Consumer Privacy Act in 2018. With all 50 U.S. states scheduled to be in session in 2025, stakeholders are […]