""

 

US Federal Privacy

US Federal Privacy

Congress, industry, civil society and the White House have all taken steps toward the creation of a U.S. federal privacy law. What this law will look like — and when and if it will happen — are still very much in question, but day-by-day it’s looking more likely that a federal law is in the United States’ future.

The IAPP has been keeping track of the goings-on regarding a federal privacy law, and we’ve collected our news and resources here for our members. The IAPP Resource Center also includes a “US State Privacy” topic page.

Subscribe to the IAPP United States Privacy Digest e-newsletter!
Be in-the-know on US privacy news (federal privacy watch, state privacy news, government actions regarding privacy, enforcement, etc.) by subscribing to the US Privacy Digest e-newsletter.

Featured Resources

US Federal Privacy Legislation Tracker

The IAPP Westin Research Center compiled a list of privacy-related bills proposed in Congress to keep our members informed about developments within the federal privacy landscape. The Westin Research Center will periodically update this table.
Read More

Leaked Roe v. Wade opinion sparks right-to-privacy concerns

The US Supreme Court is front and center this week after Politico reported on a leaked initial draft majority opinion by Justice Samuel Alito on the 1973 Roe v. Wade decision. The draft opinion would repudiate the guarantee of federal constitutional protections of abortion rights. Many lawmakers and scholars warn the ruling could undermine Constitutional rights to privacy.
Read More

2021 Proposed Comprehensive US Privacy Legislation

This chart compares recent proposals for comprehensive federal privacy legislation.
Read More


""

Latest News and Resources

The Constitutional Right To Privacy

In this LinkedIn Live event, IAPP President and CEO J. Trevor Hughes sits down with UNH Assistant Law Professor Tiffany Li to discuss the potential implications and impact of overturning more than 50 years of jurisprudence on the right to privacy.  Read More

What Judge Ketanji Brown Jackson’s US Supreme Court appointment could mean for privacy

As Judge Ketanji Brown Jackson is making headlines and history as the first Black woman confirmed to serve on the United States Supreme Court, the privacy community is exploring the related privacy law experience she brings to the Court and what her appointment could mean for future decisions. During nomination hearings in March, Jackson faced two days of questioning from members of the Senate Judiciary Committee on her qualifications, sentencing record as a U.S. District Court judge for the Di... Read More

US cybersecurity director on how government can form new social contract with tech industry
(IAPP, April 2022)
Microsoft’s Smith implores US to keep pace in global privacy conversation
(IAPP, April 2022)
FTC Chair Lina Khan anticipated to share privacy vision
(IAPP, March 2022)
Biden’s State of the Union remarks put children’s privacy front and center
(IAPP, March 2022)
Key data security insights from FTC CafePress settlement
(IAPP, March 2022)
US House subcommittee talks proposed surveillance ad ban, Big Tech accountability
(IAPP, March 2022)
US House committee re-opens dialogue on federal privacy legislation
(IAPP, February 2022)
US senators propose Kids Online Safety Act
(IAPP, February 2022)
White House releases public responses on AI uses
(IAPP, February 2022)
Biden re-nominates Bedoya for FTC commissioner
(IAPP, January 2022)
FTC takes steps toward privacy, AI rulemaking
(IAPP, December 2021)
Australia, US reach crime data sharing agreement
(IAPP, December 2021)
Latest Senate hearing casts wide net on US data brokerage
(IAPP, December 2021)
Senators introduce Protecting Sensitive Personal Data Act
(IAPP, November 2021)
PSR21 keynote stage: Federal privacy law holds the keys
(IAPP, October 2021)
Facebook whistleblower’s revelations boost federal privacy law chatter
(IAPP, October 2021)
Senate committee talks need for FTC resources, federal privacy law
(IAPP, September 2021)
Study: Americans want government to prioritize data security, privacy
(IAPP, September 2021)
Privacy bills in the 117th Congress
(IAPP, August 2021)
Standing issues in U.S. privacy class actions
(IAPP, August 2021)
Federal privacy law important to long-term future of data flows
(IAPP, July 2021)
GOP lawmakers unveil more details on draft privacy law
(IAPP, July 2021)
Sen. Wicker introduces federal US privacy bill
(IAPP, July 2021)
FPF analyzes data protection implications of Biden executive order
(IAPP, July 2021)
Why a US privacy law is needed for vaccine passports
(IAPP, June 2021)
Rep. DelBene on what it will take to pass US privacy legislation
(IAPP, June 2021)
Sen. Scott introduces the DATA Act
(IAPP, May 2021)
Web Conference: Finding Sweet Spots for Successful Compromise on a Federal Privacy Law
(IAPP, May 2021)
From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974
(World Privacy Forum, May 2021)
The Great Privacy Patchwork: Is a US Privacy Law Essential for 2021?
(IAPP, April 2021)
6 things to watch for in the US privacy law debate
(IAPP, April 2021)
April Doss on US surveillance, global data flows and Big Tech after the Russia investigation
(IAPP, April 2021)
DelBene talks need for US privacy legislation, lawmakers’ tech knowledge
(IAPP, April 2021)
Wyden unveils privacy bill banning data sales to ‘unfriendly’ foreign entities
(IAPP, April 2021)
How state laws, FTC can help define ‘data brokers’ in a US privacy law
(IAPP, April 2021)
Will expectations for US privacy legislation overwhelm the process?
(IAPP, March 2021)
The first but not last comprehensive US privacy bill of 2021
(IAPP, March 2021)
How the lack of a federal privacy law is resulting in a problematic application of the CFAA
(IAPP, February 2021)
US lawmakers introduce contact tracing privacy bill
(Name, Date)
Federal data privacy regulation is on the way — That’s a good thing
(IAPP, January 2021)
Big Tech privacy pros express optimism for federal US privacy law
(IAPP, January 2021)
2021 ‘best chance’ for US privacy legislation
(IAPP, December 2020)
Rep. DelBene: Congress needs ‘urgency’ with US privacy law
(IAPP, November 2020)
CIPL Concept Proposal: Why We Need Interstate Privacy Rules for the US
(CIPL, September 2020)
US Senate hearing covers COVID-19, the need for a federal privacy law and familiar roadblocks
(IAPP, September 2020)
CIPL: Data Protection in the New Decade – Lessons from COVID-19 for a US Privacy Framework
(CIPL, August 2020)
Protect consumer privacy: Repeal GLBA’s privacy provisions
(IAPP, July 2020)
Keeping the fires burning for federal privacy legislation
(IAPP, June 2020)
US lawmakers propose bipartisan contact tracing bill
(IAPP, June 2020)
The Privacy Advisor Podcast: How can we overcome gridlock on a U.S. privacy bill?
(IAPP, June 2020)
Stakeholders: Despite setbacks, federal privacy legislation still essential
(IAPP, June 2020)
Republican senators to introduce the COVID-19 Consumer Data Protection Act
(IAPP, May 2020)
Democrats propose Public Health Emergency Privacy Act
(IAPP, May 2020)
FTC’s Wilson: US privacy law needed as contact tracing moves forward
(IAPP, May 2020)
Op-ed: Whistleblower protection needed in federal data privacy law
(IAPP, April 2020)
Survey: Americans want laws protecting online data
(IAPP, April 2020)
Web Conference: Privacy Regulation Update: New and Evolving State and Federal Laws
(IAPP, March 2020)
How Americans see digital privacy issues amid the COVID-19 outbreak
(Pew Research Center, March 2020)
White Paper – COPRA and CDPA: Similarities, Gray Areas and Differences
(IAPP, February 2020)
Tracking the politics of US privacy legislation
(IAPP, December 2019)
Former US privacy officials say ‘not so fast’ on federal law
(IAPP, October 2019)
What is a robocall, anyway?
(IAPP, September 2019)
More Companies Must Comply with the Gramm-Leach-Bliley Act, But Don’t Know It. Are You One of Them?
(IAPP, July 2019)
What is GLBA Compliance? Understanding the Data Protection Requirements of the Gramm-Leach-Bliley Act in 2019
(IAPP, July 2019)
10 Principles for a Revised US Privacy Framework
(Centre for Information Policy Leadership, July 2019)
U.S. Consumer Privacy Bill Blueprint
(Mozilla, July 2019)
US Senate grapples with how to regulate AI
(IAPP, June 2019)
The importance of a mandatory arbitration carve-out in a US privacy law
(IAPP, May 2019)
The Privacy Advisor Podcast: Did this US Senate hearing on federal privacy push the ball forward?
(IAPP, May 2019)
White Paper – Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
(IAPP, January 2019)
Guide to the Gramm–Leach–Bliley Act
(IAPP, February 2018)
View More Resources

Federal Trade Commission Developments

The United States’ primary consumer protection agency, the FTC collects complaints about companies, business practices and identity theft under the FTC Act and other laws that they enforce or administer.

US Senate confirms Alvaro Bedoya to FTC as fifth and final commissioner

After of a series of delays during the confirmation process, the U.S. Senate approved the nomination of Georgetown University law professor Alvaro Bedoya to fill the remaining commissioner vacancy on the Federal Trade Commission. Bedoya’s confirmation now gives Democratic appointees a 3-2 majority on the FTC’s Board of Commissioners.  In a statement released by Georgetown University Law Center on Privacy and Technology, Bedoya said he is excited to work with his fellow commissioners and "truly ... Read More

FTC chair touts ‘interdisciplinary approach’ to data privacy, security

On the keynote stage at the IAPP Global Privacy Summit 2022, U.S. Federal Trade Commission Chair Lina Khan highlighted an “interdisciplinary approach” to data privacy and security taken “through both a consumer protection and competition lens.” “Given the intersecting ways in which the wide scale data collection and commercial surveillance practices can facilitate violations of both consumer protection and antitrust laws, we are keen to marshal our expertise in both areas to ensure we are grasp... Read More

FTC Chair Lina Khan opens up on tech enforcement

U.S. Federal Trade Commission Chair Lina Khan has shown big aspirations while making some forward-thinking moves for the regulation of Big Tech firms during her first year at the helm. What remains to be seen is whether Khan's plans to hold technology companies accountable in the areas of privacy and antitrust will be executed as boldly as they were drawn up. Khan sought to explain the commission's actions to date and her overall vision in an appearance on CNBC's "Capital Exchange" Wednesday, h... Read More

Key data security insights from FTC CafePress settlement
(IAPP, March 2022)
Hidden privacy lessons in the FTC’s CafePress security enforcement
(IAPP, March 2022)
FTC Consumer Sentinel Network Databook 2021
(FTC, February 2022)
Web Conference: Grappling with the FTC’s Safeguards Rule: New Requirements and How to Comply
(IAPP, December 2021)
FTC takes steps toward privacy, AI rulemaking
(IAPP, December 2021)
Why FTC’s GLB Safeguards Rule update is noteworthy
(IAPP, February 2021)
On the horizon: FTC’s Slaughter maps data regulation’s potential future
(IAPP, November 2021)
Connecting the dots: Making sense of recent FTC developments
(IAPP, October 2021)
FTC Staff Report: Examining the Privacy Practices of Six Major Internet Service Providers
(FTC, October 2021)
Important FTC Rules for Health Apps Outside of HIPAA
(Holland & Knight, September 2021)
Democrats urge FTC to begin privacy rulemaking
(IAPP, September 2021)
FTC Report on Privacy and Security
(FTC, September 2021)
FTC Commissioner explores potential AI harms, how FTC can help
(IAPP, August 2021)
FTC’s Khan talks digital platforms’ role in fraud, consumer privacy
(IAPP, July 2021)
Web Conference: FTC Rulemaking: A Solution for Federal Privacy Regulation?
(IAPP, June 2021)
What the FTC could be doing (but isn’t) to protect privacy: The FTC’s Unused Authorites
(Electronic Privacy Information Center, June 2021)
Federal Trade Commission 2020 Privacy and Data Security Update
(FTC, May 2021)
FTC reaches $20M settlement with Vivint Smart Homes over FCRA allegations
(IAPP, April 2021)
Tainted fruit: Disgorgement of data from the FTC and beyond
(IAPP, April 2021)
Lawmakers urge FTC to investigate Google’s marketing of children’s apps
(IAPP, April 2021)
FTC publishes recommendations on AI
(IAPP, April 2021)
FTC Zoom agreement highlights security, dissents foreshadow the importance of privacy in the future
(IAPP, November 2020)
FTC orders Zoom to tighten data security practices
(IAPP, November 2020)
Lawmakers ask FTC to investigate mobile industry’s digital ad-tracking practices
(IAPP, August 2020)
Keeping your shield up: Unpacking the FTC’s Privacy Shield enforcement action
(IAPP, July 2020)
FTC: COPPA Guidance for Ed Tech Companies and Schools during the Coronavirus
(FTC, February 2020)
LinkedIn Live: Discussing the 3 things to know about the FTC-Facebook settlement
(IAPP, July 2019)
LinkedIn Live: Reacting to the FTC-Facebook settlement
(IAPP, July 2019)
The Privacy Advisor Podcast: Is the FTC’s COPPA settlement with Google and YouTube a ‘game-changer’?
(IAPP, September 2019)
What about the kids? FTC begins process of potential COPPA amendments
(IAPP, August 2019)
FTC chair suggests record fines are coming
(IAPP, May 2019)
FTC Model Financial Privacy Forms
(FTC, April 2018)
White Paper – Study: What FTC Enforcement Actions Teach Us About the Features of Reasonable Privacy and Data Security Practices
(IAPP, October 2014)
View More Resources

Other U.S. Government Agency Developments

US Department of Defense – Responsible AI Guidelines

The U.S. Department of Defense’s Defense Innovation Unit released “responsible artificial intelligence” guidelines, required to be used by third-party developers building AI systems for the military. The guidelines cover planning, development and deployment, and include procedures for identifying users of the technology and those who could be harmed by it, as well as potential harms and how to avoid them. Read More

Report shows ICE uses data brokers to access Americans’ personal data

A report from researchers at the Georgetown Law Center on Privacy and Technology claims U.S. Immigration and Customs Enforcement has used private data brokers to access hundreds of millions of Americans’ personal information, The Verge reports. Through public records and collected data, the report says ICE has built a surveillance system with limited oversight. Georgetown Law Policy Associate Nina Wang said ICE has “built up a sweeping surveillance infrastructure that’s capable of tracking almos... Read More

DOJ rolls out cyberfraud enforcement program

U.S. Deputy Attorney General Lisa Monaco announced the Department of Justice is launching the Civil Cyber-Fraud Initiative. The new line of enforcement will blend civil fraud enforcement, government procurement and cybersecurity with the aim of addressing ongoing cyberthreats against government contractors in charge of sensitive data and critical systems. “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to ... Read More

Survey: 36% in government sector plan to increase AI investments
(IAPP, October 2021)
Op-ed: IRS surveillance of bank accounts would threaten taxpayer privacy
(IAPP, October 2021)
Senate confirms Rohit Chopra as director of Consumer Financial Protection Bureau
(IAPP, October 2021)
US Census Bureau, USAID urged to improve privacy practices
(IAPP, August 2021)
GAO issues report on government facial recognition use
(IAPP, August 2021)
DOD Inspector General publishes advisory on removing data from Afghanistan
(IAPP, August 2021)
DOJ to study use of AI in analyzing prison phone calls
(IAPP, August 2021)
DHS releases strategic plan on AI, machine learning
(IAPP, August 2021)
U.S. Census Bureau releases differential privacy guidelines
(IAPP, June 2021)
CBP’s asylum seekers app brings privacy concerns
(IAPP, June 2021)
Biden issues EO to boost US cybersecurity
(IAPP, May 2021)
Sens. propose bipartisan bill to update COPPA
(IAPP, May 2021)
DOJ launches task force to address ransomware threats
(IAPP, April 2021)
NIST issues report on IoT home device workshop
(IAPP, April 2021)
Education department probing Florida school’s data sharing
(IAPP, April 2021)
Public should know FISC opinions
(IAPP, April 2021)
FBI accessed computers to delete Microsoft Exchange hacks
(IAPP, April 2021)
For DHS’ Lynn Parker Dupree, CPO role is a homecoming
(IAPP, March 2021)
Credit washing is dirty business
(IAPP, March 2021)
Why the Biden administration should ‘go big’ on global data transfers solution
(IAPP, February 2021)
Kamala Harris to prioritize cybersecurity in US foreign policy
(IAPP, February 2021)
Homeland Security Privacy Office Annual Reports
(US Department of Homeland Security, February 2021)
Biden appoints Christopher Hoff to oversee Privacy Shield talks
(IAPP, January 2021)
Protecting privacy during turbulent times
(IAPP, January 2021)
White House enacts IoT cybersecurity law for federal agencies
(IAPP, December 2020)
How might the 117th Congress approach privacy and cybersecurity?
(IAPP, December 2020)
United States Government Accountability Office — Artificial Intelligence in Health Care
(U.S. GAO, December 2020)
How US, EU approach regulating ‘dark patterns’
(IAPP, December 2020)
What could a Biden administration mean for privacy, cybersecurity?
(IAPP, November 2020)
Senate passes Internet of Things Cybersecurity Improvement Act
(IAPP, November 2020)
Closing in on the US election with voter privacy and election security
(IAPP, October 2020)
U.S. Government white paper: Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II
(U.S. Government, September 2020)
The Privacy Advisor Podcast: The US SAFE DATA Act and this week’s Senate hearing
(IAPP, September 2020)
What a time to be the CPO of the CDC
(IAPP, August 2020)
The evolution of the ‘reasonable security’ standard in the US context
(IAPP, June 2020)
Judge finds FBI, NSA violated surveillance laws
(IAPP, September 2020)
DHS seeks increased CBP biometric collection
(IAPP, September 2020)
Schiff, lawmakers accused of protecting unlawful surveillance practices
(IAPP, August 2020)
Contract indicates Secret Service purchased phone location data
(IAPP, August 2020)
Social Media Monitoring: How the Department of Homeland Security Uses Digital Data in the Name of National Security
(Brennan Center for Justice, March 2020)
Senate approves privacy-focused FISA amendment
(IAPP, May 2020)
Republican senators to introduce the COVID-19 Consumer Data Protection Act
(IAPP, May 2020)
The Guide to U.S. Government Practice on Global Sharing of Personal Information, Third Edition
(IAPP, March 2020)
Senate holds ‘paper hearing’ on tracking consumers to fight pandemic
(IAPP, April 2020)
US senators advised to stop using Zoom
(IAPP, April 2020)
Synthetic data offers advanced privacy for the Census Bureau, business
(IAPP, April 2020)
HHS notice on telehealth penalties raises privacy concerns
(IAPP, March 2020)
Takeaways from new White House annual report on AI
(IAPP, February 2020)
LinkedIn Live: Discussing the 3 things to know about the FTC-Facebook settlement
(IAPP, July 2019)
LinkedIn Live: Reacting to the FTC-Facebook settlement
(IAPP, July 2019)
US lawmakers consider whether your data should be a ‘property right’
(IAPP, October 2019)
At US House hearing, lawmakers examine data privacy’s role in competition
(IAPP, October 2019)
Online Trust Audit – 2020 U.S. Presidential Campaigns
(Online Trust Alliance, October 2019)
So the fine is $5B: Does that change anything?
(IAPP, July 2019)
US lawmakers respond to Facebook’s $5B FTC settlement
(IAPP, July 2019)
US Senate hearing puts AI regulation under the microscope
(IAPP, June 2019)
US Senate report criticizes federal agencies’ data protection track record
(IAPP, June 2019)
US Senate grapples with how to regulate AI
(IAPP, June 2019)
At hearing, US sens. incredulous data broker industry didn’t show up
(IAPP, June 2019)
Senate committee imagines future financial privacy rules
(IAPP, May 2019)
How to get ready for potential amendments to US children’s privacy law
(IAPP, March 2019)
How should we regulate facial-recognition technology?
(IAPP, January 2019)
US Supreme Court case may have far-reaching privacy implications
(IAPP, January 2019)
The shutdown’s impact on government privacy work
(IAPP, January 2019)
Toolkit for Recruiting, Hiring, and Retaining Privacy Professionals in the Federal Government
(U.S. Federal Privacy Council, January 2017)
A Sober Look at National Security Agency Access to Data in the Cloud
(Chris Wolf and Winston Maxwell, July 2014)
View More Resources

Laws and Definitions

Bank Secrecy Act, The

A U.S. federal law that requires U.S. financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasion, terrorist financing and various other domestic and international criminal activities. Link to text of law: The Bank Secrecy Act (B... Read More

Children’s Online Privacy Protection Act (COPPA) of 1998

A U.S. federal law that applies to the operators of commercial websites and online services that are directed to children under the age of 13. It also applies to general audience websites and online services that have actual knowledge that they are collecting personal information from children under the age of 13. COPPA requires these website operators: to post a privacy notice on the homepage of the website; provide notice about collection practices to parents; obtain verifiable parental consen... Read More

CIO Council

The CIO Council is the principal interagency forum on Federal agency practices for IT management. Originally established by Executive Order 13011 (Federal Information Technology) and later codified by the E-Government Act of 2002, the CIO Council’s mission is to improve practices related to the design, acquisition, development, modernization, use, sharing and performance of Federal Government information resources.... Read More

Controlled Unclassified Information

A system that standardizes and simplifies the way the executive branch handles unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations, and government-wide policies.  The program emphasizes the openness and uniformity of government-wide practices.  Its purpose is to address the current inefficient and confusing patchwork that leads to inconsistent marking and safeguarding as well as restrictive dissemination polic... Read More