Search results

[…] governing data to account for cross-border requirements. 1. Regulatory trends: Which jurisdictions’ data localization or sovereignty requirements are resulting in significant cybersecurity challenges for companies today (China, India, US Data Security Program?) Can evolving certification schemes (Global CBPR, EU Cloud) realistically improve how companies are managing data governance programs? 2. Operational and contractual implications: […]

[…] laws with duties of care to avoid heightened risk of harm. That’ s a model adopted in Connecticut, Colorado, and now Montana. There’ s the Age-Appropriate Design Code model under consideration in several states and enacted in California and Maryland. There is also significant ongoing litigation over age verification requirements, resulting in injunctions across […]

[…] to them upon request. The CFPB undertook a lengthy and extended process to issue these rules, and engaged with numerous stakeholders and closely monitored market developments to promote consumer interests, innovation, and competition. Ms. Strickland’s testimony lists a number of valuable aspects to the rule, including its treatment of consumer controls, screen scraping, security […]

[…] for the Required Rulemaking on Personal Financial Data Rights . As part of this process, the CFPB engaged with numerous stakeholders and closely monitored market developments to promote consumer interests, innovation, and competition. Engagement included meetings with stakeholders, such as FPF. Meetings that occurred during the rulemaking process were captured as ex parte conversations […]

Today, the Future of Privacy Forum (FPF) published a new paper—Data Minimization’s Substantive Turn: Key Questions & Operational Challenges Posed by New State Privacy Legislation. Data minimization is a bedrock principle of privacy and data protection law, with origins in the Fair Information Practice Principles (FIPPs) and the Privacy Act of 1974. At […]

Today, the Future of Privacy Forum (FPF) published a new paper—Data Minimization’s Substantive Turn: Key Questions & Operational Challenges Posed by New State Privacy Legislation. Data minimization is a bedrock principle of privacy and data protection law, with origins in the Fair Information Practice Principles (FIPPs) and the Privacy Act of 1974. At […]

In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common goal: crafting a design […]

In May 2025, Nebraska and Vermont passed Age-Appropriate Design Code Acts (AADCs), continuing the bipartisan trend of states advancing protections for youth online. While these new bills arrived within the same week and share both a common name and general purpose, their scope, applicability, and substance take two very different approaches to a common […]

WORKING GROUPS FPF Working Groups bring industry leaders together with FPF staff and experts to develop best practices, share insights, and promote pragmatic public policy solutions. Working Group members receive regular written updates on privacy developments in their field. FPF members can access these working groups via the FPF Portal communities. For those without […]

[…] the IAPP Global Privacy Summit 2023 in Washington, D.C. The IAPP Leadership Award is given annually to individuals who “demonstrate an ongoing commitment to furthering privacy policy, promoting recognition of privacy issues, and advancing the growth and visibility of the profession.” 21 ANNUAL REPORT 2023 Members of the FPF Advisory Board receive increased engagement […]