Public Comments

WPF provides comments on U.S. AI Action Plan; urges support for NIST AISIC and advancing trustworthy metrology of AI governance tools

WPF provided comments to the U.S. National Science Foundation and the Office of Science and Technology Policy regarding its priorities for the U.S. AI Action Plan. WPF's comments focused on 4 key points, including the importance of supporting the NIST AI Safety Institute Consortium, and support for building a verifiable, repeatable evaluative environment for testing and measuring AI governance tools so as to foster trustworthy AI systems and ecosystems, inclusive of privacy.

WPF Comments to OMB regarding public participation draft memorandum

The World Privacy Forum has filed comments to the U.S. Office of Management and Budget in response to its Request for Feedback on Draft Guidance: Broadening Public Participation and Community Engagement with the Federal Government. WPF made three specific suggestions to OMB regarding how Privacy Act notices might be managed in a way that facilitates better feedback from those interested specifically in Privacy Act of 1974 notices, which have meaningful bearing on matters relating to data governance, privacy, and data protection.

WPF Comments to OMB regarding AI and Privacy Impact Assessments

The World Privacy Forum has filed detailed comments to the U.S. Office of Management and Budget (OMB) in response to its Request for Information on Privacy Impact Assessments. Specifically, OMB requested information about how the U.S. Federal government should update or adjust its requirements for Privacy Impact Assessments (PIAs) in regards to changes to data ecosystems brought about by Artificial Intelligence (AI). WPF provided substantive recommendations regarding administrative provisions of the Privacy Act, scalable automated AI governance tools for privacy and trustworthy AI, ensuring nimble processes for privacy and AI assessments, and ensuring balanced, skillful socio-legal-technical decisionmaking.

WPF comments to OMB regarding its Draft Memorandum on establishing new Federal Agency requirements for uses of AI

In December 2023, WPF submitted detailed comments to the U.S. Office of Management and Budget regarding its Request for Comments on Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence Memorandum.  OMB published the request in the Federal Register on November 3, 2023. This particular Memorandum is of historic importance, as it articulates the establishment of new agency requirements in the areas of AI governance, innovation, and risk management, and would direct agencies to adopt specific minimum risk management practices for uses of AI that impact the rights and safety of the public.

WPF urges FTC Chair and Commissioners to update FTC Health Breach Notification Rule

The FTC held an historic open FTC Commission meeting, during which the Chair and Commissioners conducted their business openly and also provided an opportunity for public comments. The World Privacy Forum was selected to provide a public comment, which focused on the need to update the Health Breach Notification Rule. 

WPF urges US Federal Trade Commission to re-examine data breach notification requirements for health data in Flo Health proposal

The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women's pregnancy, menstruation, mental ...

WPF comments on European Commission proposal for new Health Authority

The European Commission has proposed the creation of a new European Health Emergency Preparedness and Response Authority, HERA. WPF provided comments regarding the proposal, urging the Commission to ensure from the outset that HERA will fulfill its mission with a focus on data interoperability and will include specific data governance ...

FTC proposes precedent-setting face recognition settlement: photo app company must delete consumers’ photos and the algorithmic models it developed using the photos

The FTC has proposed a crucially important settlement with a photo app developer, Everalbum Inc., which the FTC says “deceived consumers about its use of facial recognition technology and its retention of the photos and videos of users who deactivated their accounts.” The proposed FTC settlement will require the company ...

WPF responds to HHS and urges it to keep privacy protections in HIPAA strong

WPF has written to the US Department of Health and Human Services advising them on their Request for Information (RFI) about possible changes to HIPAA privacy and security protections. The RFI has a number of suggestions that, should they become part of a formal proposal, would significantly weaken HIPAA privacy protections.

WPF advises FTC regarding privacy frameworks and knowledge governance; files key comments

The World Privacy Forum has submitted a set of key comments to the US Federal Trade Commission regarding privacy frameworks and governance. The comments introduce the idea of knowledge governance and propose frameworks that will work to solve the serious privacy challenges we face in complex data ecosystems.

WPF Comments: Access to the CFPB consumer complaint database is vital to understanding and analyzing identity theft in the US

WPF has urged the CFPB to continue to maintain its consumer complaint database and make complaints available to the public. The CFPB is considering multiple potential changes to its consumer complaint database, including reducing access, among other potential changes. In its comments, WPF explained how CFPB consumer complaint data has ...

Public Comments: WPF comments on proposed revised consent decree re: Uber; requests FTC to hold workshop to determine standards for privacy assessments

In comments to the FTC regarding a proposed revised consent decree with Uber Technologies, Inc., WPF urged the FTC to clarify what the term "assessment" means in the context of a consent decree with a company. The comments note that the requirement for an assessment is not the same as ...

New proposed Privacy Act guidance: Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act

The World Privacy Forum submitted comments today on an important proposal from the US Executive Office of the President, Office of Management and Budget regarding a circular directing agencies how to write, post, review, and generally handle Privacy Act notices. The proposal, called Circular A-108 Federal Agency Responsibilities for Review, ...

United States' Postal Service "Informed Delivery" plan puts consumers at risk

The US Postal Service's new Informed Delivery system has the potential to impact every household in the United States that receives mail. It's important, and there are plenty of privacy issues. The World Privacy Forum wrote extensive comments to the United States Postal Service warning it about certain consumer privacy and security risks of its Informed Delivery service. Here's more information about Informed Delivery, and why it may create new phishing risks.

WPF asks Office of Management and Budget to re-evaluate plan to request social media account information on entry/exit forms; requests pilot study

The World Privacy Forum filed comments today with the US Office of Management and Budget regarding a US Customs and Border Protection agency proposal to request social media account information from arriving and departing travelers on entry/exit forms. Earlier this year, WPF wrote comments to CBP directly and urged the agency to drop its proposal to request social media profile information from travelers on these key entry/exit forms due to procedural and policy concerns.

WPF urges US Customs and Border Protection to change course on asking for social media accounts

The World Privacy Forum filed comments today with the US Customs and Border Protection agency regarding a proposal to request social media account information from arriving and departing travelers on entry/exit forms. WPF urged CBP to drop its proposal to request social media profile information from travelers on these key ...

WPF's comments to the FDA on cybersecurity, urges increased attention to privacy

The World Privacy Forum submitted comments to the Food and Drug Administration in response to its request for public input on its draft guidance on the cybersecurity of medical devices. The privacy considerations for medical devices is significant. Because there are a large number of stakeholders in the life cycle ...

WPF files comments on US government proposal on confidentiality of drug/alcohol patient records, urges revisions

The World Privacy Forum commented on an important proposal to make changes to the existing rules regarding the confidentiality of alcohol and drug abuse patient records. The proposal is from the Substance Abuse and Mental Health Services Administration (SAMHSA), part of the US Department of Health and Human Services. These ...

Genetic Information Nondiscrimination Act (GINA): WPF files comments on wellness program privacy, purchase of employee genetic data, more

The World Privacy Forum has filed extensive comments on the proposed changes to how the Genetic Information Nondiscrimination Act will be interpreted. Our comments focus on how the proposal will impact wellness program privacy, as well as family and spousal privacy. In our comments, we discuss our concerns with a variety of aspects of wellness program privacy, including the fact that much data from wellness programs falls outside of HIPAA protections. We also have strongly urged the EEOC to not allow employers to purchase genetic information about employees from third parties without consent, among other items related to this issue.