Search results

[…] the means to reasonably identify the individuals: if they do not process personal data, the GDPR does not apply.  On the other hand, pseudonymization is not a free pass. A dataset may still qualify as personal data: (1) if the recipient has reasonable means to re-identify the individual; (2) for the controller who holds […]

[…] heightened risk of harm to a consumer. C.R.S. § 6-1-1309(1). Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons. Art. 35(1). DPAs are required where processing activities pose some heightened risk of harm. A key difference between these regulations is whether that […]

[…] of the most significant yet. Starting January 1, 2026, businesses will be subject to extensive new obligations concerning automated decisionmaking technology (ADMT), risk assessments, and cybersecurity audits. Today, the Future of Privacy Forum released an issue brief covering these extensive new regulations, providing stakeholders a comprehensive overview of these new legal requirements and context […]

[…] of the most significant yet. Starting January 1, 2026, businesses will be subject to extensive new obligations concerning automated decisionmaking technology (ADMT), risk assessments, and cybersecurity audits. Today, the Future of Privacy Forum released an issue brief covering these extensive new regulations, providing stakeholders a comprehensive overview of these new legal requirements and context […]

[…] to opt-out, and appeal adverse decisions. It would also prohibit use of a high-risk AI system that produces algorithmic discrimination or has not passed an independent audit. Virginia HB 2094 (Veto’ed by Governor) Del. Maldonado (D) High-Risk AI / Automated Decisionmaking Would regulate AI systems used in consequential decisions, requiring entities to use reasonable […]

[…] strong concern that replicating the EU AI Act could create regulatory overreach. However, civil society groups argue that even comprehensive frameworks like the Colorado AI Act or Virginia’s HB 2094 (vetoed) are significantly narrower in scope and that highlighting that superficial similarities with the EU AI Act, such as shared definitions or structural references, […]

Washington, D.C. – September 12, 2025  — The Future of Privacy Forum, a global non-profit focused on data protection, AI and emerging technologies today announced that it has honored Julie Brill with its Lifetime Achievement Award. The award recognizes Brill’s decades of leadership and profound impact on the fields of consumer protection, data protection […]

[…] including subscription-based and enterprise pricing models. As personalized AI systems increasingly replace, or are integrated into, online search, they will impact online content that has largely been free and ad-supported since the early Internet. However, it is not clear that personalized AI systems can, or should, adopt compensation strategies that follow the same historical […]

[…] personality-like features, whether it is a specific voice mode, or a consistent persona, or even a range of “AI companions.” Even if companion-like personalities are not directly promoted as features, users can build them using system prompts and customized design; an early 2023 feature of OpenAI enabled users to create custom GPTs.  Figure 3 […]

[…] of their risk classification. For AI systems in general, Brazil’s proposal includes:  The right to prior information about an interaction with an AI system, in an accessible, free of charge, and understandable format.  The right to privacy and the protection of personal data, following the Lei Geral de Proteção de Dados Pessoais (LGPD) and […]