What Happened to the Risk-Based Approach to Data Transfers?
The following is a guest post to the FPF blog from Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security Council member. This blog is a summary of a longer academic paper which can be downloaded here. The guest blog reflects the opinion of the author only. Guest blog posts […]
The “Colorado Effect?” Status Check on Colorado’s Privacy Rulemaking
Colorado is set to formally enter a rulemaking process which may establish de facto interpretations for privacy protections across the United States. With the passage of the Colorado Privacy Act (CPA) in 2021, Colorado, along with Virginia, Utah, and Connecticut, became part of an emerging group of states adopting privacy laws that share a similar […]
FPF Participates in FTC Event on “Commercial Surveillance and Data Security” Proposed Rulemaking
Yesterday, FPF Senior Director for U.S. Policy Stacey Gray participated in a panel discussion hosted by the Federal Trade Commission (“FTC”) regarding its Advance Notice of Proposed Rulemaking (“ANPR”) on “Commercial Surveillance and Data Security” (comments start at 1:39:00). Feedback from the public forum is intended to help inform the Commission’s decision whether to proceed […]
Age-Appropriate Design Code Passes California Legislature
Update: On Sep 15, 2022, California Governor Gavin Newsom signed AB 2273, the California Age-Appropriate Design Code Act. The law will apply to businesses that provide online services, products, or features likely to be accessed by children and broadly requires businesses to implement their strongest privacy settings by default for young users up to the age of […]
ETSI’s consumer IoT cybersecurity ‘conformance assessments’: parallels with the AI Act
In early September 2021, the European Telecommunications Standards Institute (ETSI) published its European Standard to lay down baseline cybersecurity requirements for Internet of Things (IoT) consumer products (ETSI EN 303 645 V2.1.1). The Standard is a recommendation to manufacturers to develop IoT devices securely from the outset. It also provides an internationally recognized benchmark – […]
APAC Jurisdiction Report Series with the Asian Business Law Institute
The Future of Privacy Forum (FPF) and the Asian Business Law Institute (ABLI) published a series of 14 detailed jurisdiction reports that explored the role and limits of consent in the data protection laws and regulations of 14 jurisdictions in Asia-Pacific, as part of FPF and ABLI’s ongoing joint research project. Read the reports below. […]
Introduction to the Conformity Assessment under the draft EU AI Act, and how it compares to DPIAs
The proposed Regulation on Artificial Intelligence (‘proposed AIA’ or ‘the Proposal’) put forward by the European Commission is the first initiative towards a comprehensive legal framework on AI in the world. It aims to set rules on specific AI applications in certain contexts and does not intend to regulate AI technology in general. The proposed […]
FPF at CPDP LatAm 2022: Artificial Intelligence and Data Protection in Latin America
This summer the first-ever in-person Computers, Privacy and Data Protection Conference – Latin America (CPDP LatAm) took place in Rio de Janeiro on July 12 and 13. The Future of Privacy Forum (FPF) was present at the event, titled Artificial Intelligence and Data Protection in Latin America, participating in two panels and submitting a paper […]
New Report on Limits of “Consent” in Vietnam’s Data Protection Law
Today, the Future of Privacy Forum (FPF) and the Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific,” are publishing the ninth in a series of detailed jurisdiction reports on the status of “consent” and alternatives […]
New Report on Limits of “Consent” in Malaysia’s Data Protection Law
Introduction Today, the Future of Privacy Forum (FPF) and the Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific,” are publishing the eighth in a series of detailed jurisdiction reports on the status of “consent” and […]