U.S. Legislation

On June 3rd, Connecticut Senate Bill 3 (SB 3), an “Act Concerning Online Privacy, Data and Safety Protections,” cleared the state legislature following unanimous votes in the House and Senate. If enacted by Governor Lamont, SB 3 will amend the Connecticut Data Privacy Act (CTDPA) to create new rights and protections for consumer health data […]

Over Memorial Day weekend Texas lawmakers passed the Texas Data Privacy and Security Act (TDPSA) with unanimous votes in both the State House and Senate. If enacted by Governor Abbott, Texas will become the tenth U.S. state (and fifth in 2023) to enact broad-based data privacy legislation governing the collection, use, and transfer of consumer […]

On May 4, 2023, the Florida ‘Digital Bill of Rights’ (SB 262) cleared the state legislature and now heads to the desk of the Governor for signature. SB 262 bears many similarities to the Washington Privacy Act and its progeny (specifically the Texas Data Privacy and Security Act). However, SB 262 is unique given its […]

The Washington ‘My Health, My Data’ Act (MHMD or the Act) establishes a fundamentally new legal framework within U.S. law to regulate the collection, use, and transfer of consumer health data. Signed into law by Governor Inslee on April 27, MHMD was introduced by request of the Washington Attorney General in response to the Supreme […]

On Friday April 21, Nashville lawmakers approved the Tennessee Information Protection Act (TIPA) following unanimous votes. Tennessee now joins Iowa, Indiana, and Montana as the four states in 2023 that have advanced baseline privacy legislation governing the collection, use, and transfer of consumer data. TIPA is closely modeled on the Virginia Consumer Data Protection Act […]

On Monday March 27, the Future of Privacy Forum (FPF) filed comments with the California Privacy Protection Agency to inform the Agency’s forthcoming rulemaking to implement the California Privacy Rights Act amendments to the California Consumer Privacy Act’s provisions on cybersecurity audits, risk assessments, and automated decisionmaking. FPF’s comments are directed towards ensuring that individuals […]

By Keir Lamont & Mercedes Subhani Update: On March 28, Governor Kim Reynolds signed SF 262 into law, making Iowa the 6th state to enact a baseline consumer privacy framework.  Lawmakers in Iowa are considering the adoption of a new consumer privacy framework that would fall far short of comparable state privacy laws in terms of […]

Update: On March 23, Governor Spencer Cox signed SB 152 and HB 311. While amendments were made to both bills, the concerns raised in FPF’s analysis remain. SB 152 leaves critical provisions, such as methods to verify age or obtain parental consent, to be established in further rulemaking, but questions remain regarding whether these can […]

Regulators in the United States and around the globe are bringing enforcement actions and crafting rules intended to combat manipulative design practices online. These efforts are complex and address a range of consumer protection issues, including privacy and data protection risks. They raise thorny questions about how to distinguish between lawful designs that encourage individuals […]

The 2021 Infrastructure Act mandates that the US Department of Transportation issue a rule requiring the creation and implementation of monitoring systems to deter drivers impaired by alcohol, inattention, or drowsiness. The Department of Transportation (DOT) must establish a Federal mandatory motor vehicle safety standard to “passively monitor a motor vehicle driver’s performance to accurately […]