Search results

[…] in many jurisdictions. For example, to be considered a valid exercise of individuals’ opt-out rights under Colorado law, a valid GPC signal occurs when individuals provide “affirmative, freely given, and unambiguous choice.” This requirement creates an engineering ambiguity for publishers and websites over the validity of GPC signals they receive. For example, users installing […]

[…] fitness for purpose; Organizations should implement AI governance frameworks informed by the NIST AI Risk Management Framework; Organizations should not claim that AI hiring tools are “bias- free;” and AI hiring tools should be designed and operated with informed human oversight and engagement. “When properly designed and utilized, AI must process vast amounts of […]

[…] and winning papers on our website. FPF will invite winning authors to present their work at an annual event with top policymakers and privacy leaders in spring 2024 (date TBD). FPF will also publish a printed digest of the summaries of the winning papers for distribution to policymakers in the United States and abroad. […]

[…] key area of concern, as well as putting in place mitigation and monitoring measures to ensure personal data generated through such tools are accurate, complete and up-to-date, free from discriminatory, unlawful, or otherwise unjustifiable effects. Other areas of concern mentioned were transparency to promote openness and explainability; production of technical documentation across the AI […]

[…] The ten interplay areas we are highlighting are: Manipulative design in online interfaces; Targeted advertising based on sensitive data; Targeted advertising and protection of minors; Recommender systems free-of-profiling; Recommender systems and advertising transparency; Access to data for researchers and competent authorities; Takedown of illegal content; Risk Assessments; Compliance function and the DSA legal representative; […]

[…] Valid Consent Has Strict Requirements, Is Withdrawable, And Can be Exercised Through Consent Managers The DPDP Act requires that consent for processing of personal data be “ free, specific, informed, unconditional and unambiguous with a clear affirmative action.” These conditions are similarly strict to those required under the GDPR, highlighting that the people whose […]

[…] FPF CEO, and Takeshige Sugimoto, Managing Partner at S&K Brussels LPC and FPF Senior Fellow, hosted the Symposium.  The G7 DPA Agenda, built on three pillars: Data Free Flow with Trust, emerging technologies, and enforcement cooperation The DPAs of the G7 nations started to meet annually in 2020, following the initiative of the UK’s […]

[…] up to the age of 17 (although CT SB 3 creates similar protections for 13-17-year olds), child-directed privacy and online safety laws, including the California Age-Appropriate Design Code and Utah Senate Bill 152, have increasingly applied to the data and activity of teenagers up to age 17. 4. Expanded Rights to Access and Delete […]

[…] a data protection impact assessment (DPIA) prior to the processing of personal data, where such processing may likely result in a high risk to the rights and freedoms of a data subject. The Act does not specify the period within which a DPIA must be conducted prior to such processing. Laws such as Kenya’s […]

[…] 2023) to adopt broad-based data privacy legislation governing the collection, use, and transfer of consumer data. The bulk of OCPA’s requirements will take effect on July 1, 2024 (with a July 1, 2025 effective date for nonprofit organizations). OCPA is the product of a multi-year stakeholder task force held under the auspices of Attorney […]