The Nexus of PrivacyJun 30, 2025

Civil Society and the Crisis of Privacy Law: a very interesting paper by Ari Ezra Waldman about ADPPA -- a proposed US privacy law that didn't go forward back in 2022. As somebody who was part of the discussions, it seems extremely accurate to me -- and makes some great points about the inherent limitations of today's approach, as well as directions going forward.

Here's the abstract:

" Based on interviews with key players, public reports, and previously undisclosed primary sources, this Article tells the inside story of the American Data Privacy and Protection Act (ADPPA) and the role of privacy nonprofit organizations in crafting it. It uses ADPPA’s drafting as a case study about larger questions of expertise, the lawmaking process, and the role of law in setting the context of advocacy. The Article’s descriptive argument is that background law and the dynamics of privacy policymaking in the United States Congress channeled and constrained the choices made by privacy civil society organizations while negotiating and drafting key parts of ADPPA. Those choices focused on the nature of civil society’s expertise within the legislative process and the kinds of policy proposals nonprofit advocates brought to the table. The Article’s normative argument is that those choices created a privacy law that is ill-suited to addressing the privacy challenges of artificial intelligence (AI). Following Thomas Kuhn’s model of normalization, anomaly, and paradigm shift, the ADPPA case study surfaces how the law places limits on civil society and the need for new approaches to privacy law and civil society expertise in the age of AI."

And here's a key point about who does -- and doesn't -- get to write the legislation.

#privacy #ADPPA #uspol

HabrJan 23, 2024

Между буквой и духом законов: как международной компании защитить ПДн клиентов и избежать санкций

Большинство международных компаний ходит по тонкому льду — когда твои сотрудники и пользователи разбросаны по всему миру, хранение и обработка их персональных данных становится сложной юридической проблемой. Если пытаться досконально вникнуть в законы сразу всех стран, можно превратиться в юридическую контору. С другой стороны, повсюду есть надзорные органы, которые грозят санкциями за любые нарушения. Чтобы избежать претензий, не навредить пользователям и обеспечить стабильное развитие бизнеса, недостаточно изучать нормативную базу. Желательно также знакомиться с реальным опытом разных компаний, особенно из числа тех, для кого работа с ПДн имеет первостепенное значение. Мы побеседовали с экспертами из соцсети ReLife, пользователи которой проживают в более 70 странах мира. Они рассказали, на что в первую очередь обращают внимание, на какие законы ориентируются, с какими рисками и «подводными камнями» сталкиваются и как их обходят. Вместе мы сравнили американское, европейское и российское законодательство по охране ПДн и делимся практическими рекомендациями по его соблюдению.

https://habr.com/ru/companies/bastion/articles/788114/

#пдн #законодательство #законодательство_в_it #gdpr #ADPPA #152фз #правовое_регулирование #персональные_данные

Между буквой и духом законов: как международной компании защитить ПДн клиентов и избежать санкций

Большинство международных компаний ходит по тонкому льду — когда твои сотрудники и пользователи разбросаны по всему миру, хранение и обработка их персональных данных становится сложной юридической...

Хабр
zcelineJul 15, 2023

Whew! Another overflowing California Privacy Protection Agency (open) board meeting today. Discussion and updates on everything from assessments and definitions to legislation, rules, enforcement, and more – so good to see #CPPA continue its progress toward protecting consumer privacy in California!

Exhibit A: check out the newly launched online 'File a Complaint' form and FAQ 🔏 🙌

https://cppa.ca.gov/webapplications/complaint

#Privacy #Cybersecurity #California #CCPA #GDPR #ADPPA #PersonalData #DoNotSell

Complaint Form - California Privacy Protection Agency (CPPA)

California Privacy Protection Agency (CPPA)

Show threadJon (now at neuromatch.social)Jun 26, 2023

@J12t Big tech companies have been lobbying heavily to shape service provider language -- here's a good example from the #ADPPA consumer privacy legislation, where they successfully inserted some major loopholes. I doubt they were thinking specifically of ActivityPub federation when they were doing that but it certainly applies! At least potentially, we'd need to know more about their plans to know for sure 2/2

EDIT: oops, forgot the link https://www.protocol.com/newsletters/policy/cloud-enterprise-privacy

@tchambers

What Microsoft, IBM and others won as the privacy bill evolved

Lawmakers were initially preparing to treat cloud and enterprise firms like any other consumer-facing company.

Protocol
Show threadDavid CarrollJun 9, 2023

@onepict @histoftech

A regular reminder that Democrats, specifically West Coast Dems, not Republicans, blocked the best chance for a federal privacy law yet, the #ADPPA, which would have started to put the kibosh on this crap.

Geekmaster 👽May 19, 2023

If you use #biometric means for #commercial purposes, not just a way for your employees to #authenticate to company devices/facilities, the #FTC is putting you on notice. Only 3 states (as of today) have #Biometric #Privacy #Laws in place - more than a dozen are working on #legislation now. The #ADPPA will have provisions for Biometric Privacy with regards to commercial use, but that's probably 12-18 months out (at least) from becoming a law. Check this article out. #Illinois isn't playing around: https://www.scmagazine.com/news/identity-and-access/ftc-to-crack-down-on-biometric-tec[…]GxNNIwwXOzak6aUeaAfVN26zQDToKa3VkfI6YAs3wvdfv-Woge99JpOxqlA

#PrivacyLaws #CyberSecurity #ThreatIntelligence #WatchYourAsses #BreachNotificationRule

David CarrollApr 19, 2023
Watching this hearing on #DataBrokers in US House Commerce Committee and already several mentions of needing to pass the #ADPPA already by members. #uspol #privacy #DataPrivacy
https://www.youtube.com/live/dVx-hObuS0Y
Who is Selling Your Data: A Critical Examination of the Role of Data Brokers in the Digital Economy

YouTube
David CarrollApr 14, 2023
States banning software is dumb. States passing their own unique data privacy laws is also dumb. But Democrats controlled the last Congress, had a bipartisan national privacy bill (the #ADPPA) and the Democrats killed it. #uspol #DataPrivacy
david morarApr 7, 2023
This past week, I was quoted in the Daily Dot, in a great piece by Ben Brody about civil rights protections in last year’s comprehensive federal #privacy bill (aka #ADPPA).
https://www.dailydot.com/debug/civil-rights-data-privacy-congress/
Inside the behind-the-scenes push civil rights groups are making on Capitol Hill to pass data privacy laws

Leading civil rights groups are working to ensure Congress' big data privacy bill makes its way to President Joe Biden's desk.

The Daily Dot
Eric NullMar 30, 2023

I really wish reporters would call people out for quotes like this. It's just not true. #ADPPA is stronger than #CCPA in most respects, and where CCPA is stronger, it's marginal. CA gets way more authority under ADPPA.

Anyway, the article is here https://news.bloomberglaw.com/in-house-counsel/us-online-privacy-law-remains-elusive-as-tiktok-outrage-mounts

And the ADPPA / CCPA comparison chart is here https://techpolicy.press/evaluating-the-american-data-privacy-and-protection-act/

#Privacy

TikTok Outrage Mounts With US Privacy Law Elusive (1)

The US is no closer to a federal privacy standard than it ever was, despite more than two decades of bipartisan policymaking efforts and a rare consensus among tech companies, advertisers, and consumer advocates that one is needed.