Latest Jobs Posts

Technology Policy Brief #165 | Inijah Quadri | March 14, 2026

Policy Issue Summary

A single, binding global data privacy standard does not yet exist. Instead, governments and companies operate under regional systems with different priorities. The European Union’s General Data Protection Regulation (GDPR) focuses on privacy as a legal right and limits how organizations collect, use, and keep personal data. The Global Cross-Border Privacy Rules (CBPR) system takes a different approach: it uses a certification model to help companies transfer data across borders more easily. In practice, a company is reviewed against shared privacy requirements, and if it qualifies, it can display a certification mark showing that it met the program’s baseline standards. That approach can support trade, but it does not create one uniform level of privacy protection. As a result, people receive different protections depending on where they live, and companies face a patchwork of obligations.

The most important policy gaps are practical. Many companies still collect more data than they need, combine it across services, and share it with outside firms. Some use personal data to create detailed profiles for targeted advertising or to sort people into categories based on income, health interests, religion, or location. Others collect biometric information, such as facial images, fingerprints, or voiceprints, without strong safeguards. Data brokers deepen the problem by buying, combining, and reselling information such as location history, consumer purchases, and demographic traits, often without a direct relationship with the people affected.

A stronger international approach would not require every country to adopt identical rules, but it should establish a shared floor. At minimum, that floor should limit unnecessary data collection, require extra protections for high-risk data such as biometric and precise location information, restrict opaque profiling and micro-targeted advertising, and give people meaningful ways to challenge misuse. It should also strengthen enforcement by allowing collective complaints, raising penalties for repeat violations, and giving workers more say over workplace monitoring tools such as productivity tracking software, keystroke logging, and AI-based performance scoring.

Analysis

The best-known privacy model today is the GDPR. It matters globally because it applies not only to organizations based in the European Union, but also to many organizations outside the EU that offer goods or services to people in the EU or monitor their behavior there. The GDPR also sets out clear principles that are easier to explain in everyday language. Data minimization means collecting only the personal data that is actually needed for a stated purpose. Purpose limitation means using data only for the specific reason it was collected unless there is a lawful basis to do more. These ideas have influenced privacy laws in other countries, but enforcement remains uneven, especially against very large firms operating across borders.

The Global CBPR system reflects a different policy goal. It is run through the Global CBPR Forum and is designed to build trust in cross-border data flows through a common certification process. Under that process, a company applies for review through an approved third-party assessor, is checked against the program’s requirements, and, if approved, may display a certification mark. In practical terms, that can reduce friction by lowering the need for companies to navigate a separate certification or review process in each participating market. The trade-off is that interoperability and data movement are central aims of the system, so it is not the same thing as a single, rights-centered global privacy law.

It is therefore misleading to describe privacy governance as a simple dual system. GDPR and Global CBPR are important frameworks, but they do not divide the whole world neatly into two camps. Many countries have their own national laws, some countries participate in CBPR-related arrangements, and multinational companies often have to satisfy several overlapping systems at once. The real problem is not that two systems exist; it is that there is no single binding baseline that combines strong privacy rights with workable rules for cross-border data transfers. Until that gap is addressed, the world will continue to rely on a patchwork rather than a true global standard.

Engagement Resources

• Privacy International (https://privacyinternational.org/): A global organization campaigning against the exploitation of data by corporations and states, fighting for the right to privacy as a foundation for human dignity and systemic justice.
• Noyb – European Center for Digital Rights (https://noyb.eu/): A non-profit organization utilizing strategic litigation to enforce privacy laws across Europe, specifically targeting tech monopolies and holding them accountable for regulatory violations.
• Electronic Frontier Foundation (https://www.eff.org/): A leading nonprofit defending civil liberties in the digital world, providing extensive research and legal advocacy against invasive surveillance and corporate data overreach.
• Access Now (https://www.accessnow.org/): An international human rights organization dedicated to defending and extending the digital rights of users at risk, with a strong focus on algorithmic accountability and data protection.
• Algorithmic Justice League (https://www.ajl.org/): An organization that combines art and research to illuminate the social implications and harms of artificial intelligence, advocating for equitable and accountable data practices.
• Internet Governance Forum (https://intgovforum.org/en/about): A United Nations-convened multistakeholder forum on digital public policy that brings together companies, technical experts, and civil society to discuss issues such as data privacy, AI, and internet governance.

Technology Brief #164 | Jason Collins | February 18, 2026  

Summary

On November 25, 2025, the National Association of Attorneys General, led by Connecticut Attorney General William Tong, sent a letter on behalf of a bipartisan coalition of 36 state attorneys general to Congress. The letter urged Congress leaders to reject the proposed ban on state-level artificial intelligence (AI) laws.  The attorneys general argue that a broad federal law would prevent individual states from addressing and responding to AI risks quickly.

ANALYSIS

The letter was sent ahead of the executive order, “Ensuring a National Policy for Artificial Intelligence,” signed by President Donald Trump on 11 December 2025. The order will see a national AI framework developed as a national standard with the help of a newly formed AI Litigation Task Force. According to the order, the task force will “check the most onerous and excessive laws emerging from the States that threaten to stymie innovation.”

The federal preemption seeks to do away with state AI laws altogether. In 2025, state lawmakers enacted dozens of AI-related bills into law, and those bills are now at risk.

Attorneys general from 36 jurisdictions signed the letter including: American Samoa, Arizona, California, Connecticut, Delaware, District of Columbia, Hawaii, Idaho, Illinois, Indiana, Kansas, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Northern Mariana Islands, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Utah, Vermont, U.S. Virgin Islands, Washington, and Wisconsin.

The coalition agrees that stricter AI laws are needed, but maintains that they should be left to the states. The letter contained examples of growing AI threats from “delusional generative AI outputs” impacting users’ mental health to young children being exposed to inappropriate content. The group believes these challenges can be addressed at the state level because many states are at the forefront of tech policy, while federal policy is playing catch-up.

“States must be empowered to apply existing laws and formulate new approaches to meet the range of challenges associated with AI,” the letter states.

States like California have been leading the way on state-level AI regulation for some time. In 2024, California Governor Gavin Newsom signed Senate Bill 896 (SB 896), known as the Generative Artificial Intelligence Accountability Act. The act focuses on accountability and transparency within government use. Since 2024, California’s AI framework has evolved from broad legislation towards a framework of sector-specific regulations, highlighting the need for laws that adapt.

Other states have also enacted AI laws like Texas’s Texas Responsible AI Governance Act (TRAIGA) and Utah’s Artificial Intelligence Policy Act. Under the executive order, these laws could be replaced with a national framework. In the letter, attorneys general wrote:

“Broad preemption of state protections is particularly ill-advised because constantly evolving emerging technologies, like AI, require agile regulatory responses that can protect our citizens.”

“Federal inaction paired with a rushed, broad federal preemption of state regulations risks disastrous consequences for our communities.”

Opposing attorneys general suggest federal-state collaboration over a blanket ban on state laws. The coalition has also made it clear that it is ready to work alongside Congress to develop regulations that safeguard the public but support technological progress.

Engagement Resources

• 2026 AI Policy
• National Association of Attorneys General press release
• The Preemption Fight
• Ensuring a National Policy Framework for Artificial Intelligence
• AI state law tracker
• Different State AI laws

Tech billionaires are spending at historic levels to influence politics in California.  Google and Facebook, and their  CEO’s, are donating heavily to key races in November 2026, as are venture capitalists, cryptocurrency entrepreneurs, and Palantir’s co-founders. Whether or not the candidates they are backing win, they will have an impact.

Analysis

California Governor Gavin Newsom, who is well-known as friendly with tech billionaires both personally and politically, has been a reliable veto for any legislation that Silicon Valley doesn’t like.  With Newsom termed out and eyeing the White House, his billionaire friends will need a new ally in Sacramento. Looking amongst their own, the industry has settled on a popular mayor from San Jose, Matt Mahan.

While an undergraduate at Harvard, Mark Zuckerberg was Mayor Mahan’s classmate.  Before running for office in San Jose, Mahan worked in the tech sector.  In 2014, he co-founded a startup with billionaire financier Ron Conway and Salesforce CEO Mark Benioff.

In the crowded California Governor’s primary race, Mahan’s entry further divides a ballot that was already crammed with democratic candidates.  It includes Representative Eric Swalwell, former Representative Katie Porter, self-funded billionaire Tom Steyer, former Los Angeles mayor Antonio Villariagosa, Superintendent of Education Tony Thurmond, and former State Controller Betty Yee.   .

The fractured democratic field creates a threat that democrats could lose the state altogether.  The top two candidates in the June primary will be the only ones to appear on the ballot in November, regardless of party.  The two Republicans in the race normally wouldn’t stand a chance in reliably blue California; a two-democrat race is more likely.  But with 8 Democrats vying for democratic voters, the two Republicans could each end up with more votes than any single Democratic candidate, meaning no democrat would appear on the ballot in the general election in November.

PLEASE EXPLAIN HOW THE PRIMARY SYSTEM WORKS.

Mahan is more moderate than Swalwell, Porter, or Steyer, all of whom are now polling ahead of him.  But he’s quickly pulling ahead in fundraising, already amassing a war chest of over $7 million.  A tech-backed Political Action Committee (PAC), the Govern for California Network, donated $300,000 to Mahan.  Other supporters include LinkedIn co-founder Reid Hoffman, Google co-founder Sergey Brin, venture capitalist Michael Moritz, and Palantir co-founder Joe Lonsdale. An independent expenditure committee backed by Silicon Valley executives called “California Back to Basics Supporting Matt Mahan for Governor 2026”. is spending $4.8 million on a statewide television ad blitz supporting Mahan.

Tech money has pushed San Francisco’s leftist local government toward more centrist democrats in recent years, with donors backing moderate candidates and financing recall campaigns that ousted progressive district attorney Chesa Boudin and several school board members.  With that victory under their belts, they have Sacramento in their sights.

Their influence will be felt in other races as well, and could make or break several ballot initiatives.  Meta and Google have contributed $10 million to a Super Pac called California Leads, which, according to Politico, will not limit itself to races and issues affecting the tech industry.  Tech money is funding a last-minute challenge to Congressman Ro Kahna, a popular Silicon Valley politician whose tech support has soured due to his progressive politics, willingness to challenge Trump, and support of the billionaire tax ballot initiative (see Health & Gender Policy Brief #185) and similar federal legislation.

The message is clear to politicians at all levels in California.  Try to rein us in, tax us, or hold us accountable, and we will use our unlimited wealth to take you down.

Engagement Resources

• “The California Initiative for Technology and Democracy seeks state-level solutions to the threats that disinformation, AI, deepfakes, and other emerging technologies pose to our democracy and our elections.”
  https://cited.tech/agenda
• The Bulletin of Technology in Public Life
  https://citap.unc.edu/publication-search/bulletin-of-tech-public-life/
• The Shadowy Millions Behind San Francisco’s “Moderate” Politics. Laura Jedeed, January 6, 2025, The New Republic
  https://newrepublic.com/article/189303/san-francisco-moderate-politics-millionaire-tech-donors