Search results

[…] Future of Privacy Forum Jordan Wrigley Data and Policy Analyst for Health & Wellness, Future of Privacy Forum AUTHORS All FPF materials that are released publicly are free to share and adapt with appropriate attribution. Learn more . The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for […]

[…] old, many advocates, stakeholders, and Congressional lawmakers are pushing to amend COPPA to ensure its data protections are reflective and befitting of the online environments youth experience today.  The new House version of COPPA 2.0, introduced by Reps. Tim Walberg (R-MI) and Laurel Lee (R-FL), would amend the law by adding new definitions, revising […]

[…] app roved by the Commission upon making a determination that the guidelines meet the requirements of the regulations issued under section 6502 of this title. (3) E XPEDITED RESPONSE TO REQUESTS The Commission shall act upon requests for safe harbor treatment within 180 days of the filing of the request, and shall set forth […]

[…] our congressional testimony, FPF considers that the typical regulatory course is to be silent about fees between business parties, which can be addressed via contract and the free market. However, FPF recognizes the unique challenges raised in the open banking context since the data provider holds the information needed by the consumer and third […]

[…] the means to reasonably identify the individuals: if they do not process personal data, the GDPR does not apply.  On the other hand, pseudonymization is not a free pass. A dataset may still qualify as personal data: (1) if the recipient has reasonable means to re-identify the individual; (2) for the controller who holds […]

[…] heightened risk of harm to a consumer. C.R.S. § 6-1-1309(1). Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons. Art. 35(1). DPAs are required where processing activities pose some heightened risk of harm. A key difference between these regulations is whether that […]

[…] of the most significant yet. Starting January 1, 2026, businesses will be subject to extensive new obligations concerning automated decisionmaking technology (ADMT), risk assessments, and cybersecurity audits. Today, the Future of Privacy Forum released an issue brief covering these extensive new regulations, providing stakeholders a comprehensive overview of these new legal requirements and context […]

[…] of the most significant yet. Starting January 1, 2026, businesses will be subject to extensive new obligations concerning automated decisionmaking technology (ADMT), risk assessments, and cybersecurity audits. Today, the Future of Privacy Forum released an issue brief covering these extensive new regulations, providing stakeholders a comprehensive overview of these new legal requirements and context […]

[…] to opt-out, and appeal adverse decisions. It would also prohibit use of a high-risk AI system that produces algorithmic discrimination or has not passed an independent audit. Virginia HB 2094 (Veto’ed by Governor) Del. Maldonado (D) High-Risk AI / Automated Decisionmaking Would regulate AI systems used in consequential decisions, requiring entities to use reasonable […]

[…] strong concern that replicating the EU AI Act could create regulatory overreach. However, civil society groups argue that even comprehensive frameworks like the Colorado AI Act or Virginia’s HB 2094 (vetoed) are significantly narrower in scope and that highlighting that superficial similarities with the EU AI Act, such as shared definitions or structural references, […]