As Figure 1 shows, median rents in Manhattan have risen between 21% and 25% across neighborhoods since 2015.

Figure 1. Median monthly rent in Manhattan by area, 2015-2024

While the degree of regulation varied by year and policy, a review of the decade reveals that new rules were introduced almost continuously. This accumulation of regulation, without corresponding expansion of supply, created mounting pressure on the city’s housing stock.

The following overview of the city’s regulatory efforts demonstrates the sheer breadth and frequency of intervention, which, rather than counteracting, fostered record rent increases.

The rent freezes of 2015, 2016, and 2020

Under Mayor Bill de Blasio, the Rent Guidelines Board froze one-year stabilized rents in 2015 and 2016, and repeated the move in 2020 during the pandemic. For tenants in rent-stabilized units, which make up roughly half of the city’s rental housing stock, the freezes produced an immediate and tangible benefit: monthly costs stopped rising even as the Consumer Price Index (CPI), the standard measure of consumer inflation, increased by more than 25% between 2013 and 2023. For landlords, particularly small property owners operating older buildings, the freeze widened the gap between operating expenses (such as taxes, insurance, and fuel) and allowable rents. Over time, the inability to adjust rents for inflation erodes net operating income, often leading landlords to defer maintenance. From an economic theory perspective, these freezes functioned as binding price ceilings, protecting existing tenants in the short run but discouraging investment in rental properties and reducing landlords’ incentives to keep stabilized units in active use. That left fewer homes available, so more people had to compete for the unregulated, “market-rate” apartments, the ones not covered by rent limits, driving those rents even higher.

Universal right to counsel (2017, expanded 2021)

The 2017 Universal Access to Legal Services Law, commonly known as the Right-to-Counsel (RTC) program, made New York the first city in the nation to guarantee free legal representation for low-income tenants facing eviction. The Office of Civil Justice was tasked with implementation, and by 2021, the City Council accelerated full citywide coverage. From a tenant-protection standpoint, RTC represented an important procedural safeguard: tenants who might previously have defaulted gained access to counsel capable of delaying or dismissing cases. But there is an asymmetry built into the program, because landlords receive no equivalent guarantee of counsel. Most must pay for private attorneys or attempt to navigate a more complex housing-court system alone.

This imbalance has distributional and behavioral consequences. Extended case duration and higher transaction costs reduce the expected value of owning or managing rental property, particularly for small landlords whose margins are already thin. In practice, delays and uncertainty in enforcement alter the risk calculus for landlords, further discouraging them from doing business. To offset potential nonpayment or extended proceedings, many respond by tightening screening, increasing deposits, or setting higher initial rents—choices that ultimately make housing less accessible to lower-income tenants. As tenants continued to be priced out of the market, the City instituted even more regulatory constraints in 2019.

The 2019 Housing Stability and Tenant Protection Act (HSTPA)

The 2019 HSTPA represented the most comprehensive overhaul of New York’s rent laws in decades. It ended vacancy decontrol, repealed vacancy and longevity bonuses, and sharply limited the rent increases allowed for individual apartment improvements (IAIs) and major capital improvements (MCIs). For tenants, the reform meant near-total security from deregulation and reduced exposure to sudden rent hikes. For landlords, it eliminated the few mechanisms that had previously enabled them to recover upgrade costs or increase rents after turnover.

Columbia Business School found that HSTPA led to a dramatic increase in deferred maintenance and a surge in “warehoused” apartments, units kept offline because the cost of code-compliant renovation exceeded the potential rental revenue. By 2023, as many as 60,000 rent-stabilized units—roughly 5% of the city’s stabilized stock—were estimated to be empty because landlords couldn’t afford to put them on the market. Making matters worse for maintenance of heavily stabilized buildings, refinancing also became more difficult, as lenders re-priced risk to account for capped future income. While HSTPA locked in tenant stability, it reduced long-term housing quality and made it harder for small landlords to sell, refinance, or reinvest in their properties. For renters, that meant fewer livable, affordable units coming back on the market and longer waits for repairs or vacancies to open up.

The pandemic moratoria and emergency aid (2020–2022)

The COVID-19 pandemic emergency forged a new layer of intervention: eviction moratoria and large-scale rent-relief transfers. The Tenant Safe Harbor Act and subsequent state measures froze most evictions through January 15, 2022. The goal was public-health protection, not market management, but the consequences spilled over. For tenants, the moratorium ensured stability during crisis conditions. For landlords, especially those ineligible for relief or delayed in reimbursement from state rent-assistance programs, it meant months or even years of arrears without recourse. Once again, the policy transferred risk to property owners, and that risk was later reflected in prices. With lenders viewing rent collection as uncertain, financing for new or rehabilitated projects tightened. The moratorium period also created a backlog of housing court cases and set a precedent for political intervention in private contracts. The temporary protection raised the perceived long-term regulatory risk of being a housing provider in NYC.

The NYCHA case dismissals (2022)

In 2022, the New York City Housing Authority (NYCHA), the city’s public housing authority and its largest landlord, voluntarily dismissed over 31,000 non-payment cases from housing court. While framed as an administrative efficiency measure, the decision carried symbolic weight. When the largest public landlord deprioritizes enforcement, it reinforces the expectation that rent obligations are negotiable. For private landlords, this shift in norms translated into further uncertainty about judicial consistency and the hierarchy of property rights. The broader message that non-payment would not necessarily trigger removal contributed to the “moral hazard” environment. In economic terms, weakening the enforcement mechanism of contracts undermines the credibility of future rent agreements and raises risk premiums citywide.

The 2024 Good Cause Eviction Law

The state of New York passed the Good Cause Eviction law in 2024. The law applied to NYC automatically and allowed municipalities to opt in, extending rent-increase limits and eviction protections to properties that did not have a rental cap or eviction protection. The statute presumes any increase above the lesser of 10% or 5% plus CPI to be “unreasonable,” barring eviction unless justified by tenant behavior, while prohibiting non-renewals absent specific “good cause.”

The law carves out exemptions, which include owner-occupied buildings, new construction, high-rent units, and very small portfolios; however, it still covers a vast share of the city’s private rental stock. For tenants, the measure offers stronger renewal rights and predictability. For landlords, it effectively extends rent caps to previously unregulated units and adds litigation risk over what constitutes a reasonable increase. From an economic standpoint, Good Cause embeds rent control logic into the broader market: because landlords cannot fully adjust rents to inflation or risk, in the long term, they could compensate by screening more aggressively, favoring high-income tenants, or converting units out of the long-term rental market altogether.

The broader market outcome

According to the New York City Comptroller’s Spotlight on New York City’s Rental Housing Market (2024), rent burdens now exceed historic levels even as turnover and vacancy rates remain near record lows. The effects of price ceilings, procedural asymmetries, and compliance risk are choking the housing supply. When investment slows and existing housing stock deteriorates, scarcity drives prices upward in the unregulated segment. Understanding how persistent regulatory layering has driven rental inflation in NYC is critical to forging solutions that restore the rental market, benefiting both renters and landlords.

To address New York City’s housing crisis, policymakers must acknowledge that making renting property a poor investment leads to fewer rental units available. To restore the rental market, they must shift from reactive restrictions to structural solutions that expand choice and restore investment incentives.

As previously highlighted, HSTPA should be recalibrated to allow owners to recover renovation and operating costs. Additionally, restoring vacancy and improvement allowances would help return thousands of warehoused units to the market and slow the deterioration of the city’s rent-stabilized stock.

NYC must also modernize its zoning and permitting system. Decades of exclusionary zoning, height caps, and lengthy approvals have made it extraordinarily difficult to add new housing, even in high-demand areas. Streamlining approvals, easing density restrictions, and legalizing a broader mix of multifamily and accessory units would allow supply to respond to demand—reducing the pressure that drives rents upward citywide.

Finally, NYC should strengthen and better target its housing voucher programs like Section 8. Vouchers can deliver direct, flexible assistance to renters without distorting price signals or discouraging investment. A robust, adequately funded voucher system would protect vulnerable tenants while preserving a functioning private rental market. Sustainable affordability cannot be legislated through freezes or caps; it must be built. A reformed HSTPA, a more flexible zoning framework, and a well-functioning voucher program would do more to stabilize rents and expand opportunity than another decade of politically popular but economically counterproductive regulations.

The post The decade of regulation: How New York City’s housing policies fueled rental inflation appeared first on Reason Foundation.

Although legally, a mayor cannot unilaterally halt rent increases, New York City’s Rent Guidelines Board (RGB)—the body that sets annual increases for stabilized units—is entirely appointed by the mayor. A determined mayor can effectively engineer a freeze, as Bill de Blasio did in 2015, 2016, and again in 2020 during the pandemic. These freezes slowed rent growth for stabilized units: while the Consumer Price Index rose by more than 27% between 2013 and 2023, stabilized rents increased by less than 12%. For landlords, especially in older buildings, it translated into widening gaps between income and expenses.

Even before Mamdani’s proposal, landlords were grappling with the aftershocks of the 2019 Housing Stability and Tenant Protection Act (HSTPA), which eliminated nearly all the mechanisms that once allowed modest rent increases in stabilized apartments. For decades, landlords could apply vacancy bonuses, raising rent by up to 20% when a tenant moved out to cover turnover costs and reduced the incentive to hold apartments off the market. They could recover expenses for improvements, either through individual apartment improvements (IAIs) like kitchen or bathroom upgrades, or major capital improvements (MCIs) such as boilers or roofs. These provisions had encouraged reinvestment in the city’s aging housing stock.

HSTPA effectively abolished vacancy bonuses and drastically limited the ability to recoup IAI or MCI costs. According to Columbia Business School, the result was a “dramatic increase in deferred maintenance” and a surge in warehousing (simply not renting units because the cost of doing so is more than the potential income). Ann Korchak, board president of the Small Property Owners of New York (SPONY), underscores the point, explaining via email that “over 50,000 apartments are empty because they don’t have the financial resources for required upgrades after a tenant vacates.” Those 50,000 units represent roughly 5% of the city’s rent-stabilized stock, a striking share of housing kept offline due to financial constraints.

The financial strain is compounded by debt. Columbia estimates that $105 billion in loans are secured by 26,000 rent-stabilized buildings. This isn’t caused by HSTPA per se, but the law has made refinancing or restructuring debt far harder because the expected income from stabilized units is now capped. With lenders pulling back and property values falling, owners in places like the Bronx now find that average sales prices per square foot have dropped to the same level—or below—their outstanding debt, leaving many properties with zero or negative equity.

For buildings that are 100% rent-stabilized—meaning all units fall under stabilization rules with no market-rate tenants to offset costs—the risks are even sharper. Columbia models show that a four-year freeze would create a structural decline in net operating income (NOI). Even if rents were allowed to rise modestly afterward, NOI would never fully recover, permanently reducing property values. In harsher scenarios—such as expenses rising 5% annually while rents remain frozen—NOI turns negative within 16–17 years, effectively making the property worthless. In reality, many owners would face insolvency and distress sales long before that point, as operating losses mount.

Critics of the real estate industry often portray landlords as deep-pocketed corporations or hedge funds, but the reality of New York’s housing market is more complex. According to The Wall Street Journal (WSJ), “mom-and-pop” landlords may own a single six-unit building in Brooklyn, or a small multifamily in the Bronx, and they manage them not as faceless investment vehicles but as their primary source of income or retirement savings.

One Brooklyn landlord, Ebony Hannibal, exemplifies the bind. She owns a four-unit building and struggles to make her $3,800 monthly mortgage while pursuing tenants who collectively owe nearly $100,000 in back rent. Hannibal told the WSJ that if Mamdani’s freeze becomes reality, she plans to sell her building. But you must wonder who would buy it if the rents do not cover the costs. Her story is not unusual—“every single landlord in my neighborhood has similar experiences,” she said.

Unlike large institutional investors who can spread losses across portfolios, mom-and-pops often have all their wealth tied up in one or two buildings. When costs rise but revenues are capped, they have no cushion. As WSJ reports, many of these owners are already walking a financial tightrope. Rents often barely cover the basics: mortgage payments, property taxes, utilities, and rising insurance premiums.

The broader market reflects these struggles. Sales of rent-stabilized properties have slowed since the 2019 rent law changes, and many listings linger on the market far longer than typical. To attract buyers, sellers are cutting prices by around 10% on average. For small owners hoping to sell or refinance, that erosion in value directly threatens their financial survival.

It’s no wonder that one lender described Mamdani’s plan as “the kiss of death” for small landlords. Unlike large investors, who may warehouse units or sit on losses, small owners often face a binary choice: raise rents modestly to keep pace with expenses or lose their buildings. A multi-year freeze removes that choice altogether, leaving foreclosure, distress sales, or abandonment as the only options.

For tenants, the picture is equally bleak. When landlords cannot afford upkeep, it is renters who remain in deteriorating apartments with broken boilers, leaky roofs, or unsafe wiring. Rent freezes also pit tenants and owners against each other over shrinking resources, and by locking some households into large apartments they no longer need, they squeeze families with children into smaller, less suitable units. Far from helping renters, the freeze risks degrading their living conditions. And more warehousing of units just means fewer affordable rental units and more renters left out of the market entirely.

An emailed comment from Korchak cuts to the heart of the issue: “Let’s accurately identify Mamdani’s housing agenda—it’s not policy, it’s housing politics.” She warns that a four-year freeze would trigger “affordable housing Armageddon,” pushing thousands of small buildings into foreclosure. Widespread foreclosures would hit the city’s finances twice over: first, through tax delinquencies as struggling landlords fall behind, and second, through falling assessments as distressed sales depress property values. And while buildings would eventually be resold, the transition often means prolonged vacancies and the loss of small, active landlords who keep units on the market, replaced by speculative owners more willing to hold apartments empty.

Instead of political promises, Korchak argues for pragmatic reform. Specifically, she calls for amending the 2019 HSTPA provisions that restricted the amount of money owners can recoup from their improvements and capital investments to the units (IAIs and MCIs) to allow owners to bring over 50,000 warehoused apartments back to market quickly. “That would make an impact on affordable housing,” she emphasizes, far more than new construction schemes that take years, if they happen at all.

Mamdani’s rent freeze pledge has undeniable populist appeal in a city battered by high rents. But the evidence from Columbia, testimony from small owners, and the warnings of advocates like Ann Korchak suggest that such a freeze would backfire—deepening disrepair, bankrupting mom-and-pop landlords, and ultimately shrinking the affordable housing stock. If the goal is truly to help tenants, reforming HSTPA to unlock existing units may be a more immediate, effective, and sustainable path.

The post Mamdani’s rent freeze: Politics, policy, and the fate of small property owners appeared first on Reason Foundation.

Europe has long enforced privacy through its notorious General Data Protection Regulation (GDPR), which centralizes data protection standards, mandates explicit user consent, and empowers regulators to levy fines of up to 4% of global revenue for noncompliance.

Meanwhile, 19 states in the U.S. have enacted comprehensive privacy laws, and many others are actively considering them. While Congress has not yet passed federal legislation, recent proposed bills, such as the American Data Privacy Protection Act (ADPPA) of 2022 and the American Privacy Rights Act (APRA) of 2024, have their foundations in comprehensive laws that are heavy on compliance and have been found to impact user experience and hinder innovation.

Practically, these types of proposed laws are often premised on an outdated understanding of how much and what kind of privacy individuals value — and how much they are willing and able to control. Many current privacy proposals, whether it’s Europe’s GDPR or congressional bills like APRA, rest on the assumption that people want maximal protection from all forms of data collection. These frameworks are primarily built around principles like state preemption, opt-in requirements for sensitive data, private rights of action, and data minimization. But examining the online behavior of younger generations offers valuable lessons about where these assumptions diverge from reality.

Privacy, but on their terms

Gen Z and millennials are more likely to be comfortable with personalized advertising, with just over one-in-five Gen Z and millennial (22%) respondents saying they’re comfortable with it, compared to Gen X and Baby Boomers (15%), according to online research firm YouGov.

Online ads following them around or apps logging their clicks are practically baked into the experience of being online today. According to Pew Research, while 56% of people over the age of 50 take issue with their data being used for personalization, for those under 50, the number drops to 41% percent being uncomfortable with it. In the same Pew series, 72% of adults under 30 say they immediately click “agree” on privacy policies without reading them, compared with 39% of those 65 and older — a good behavioral indicator of prioritizing convenience or being less alarmed by background data flows.

While this is hardly a majority, it points to a generational pattern: many young people see practices such as targeted ads and location tracking as more acceptable trade-offs for modern convenience (or simply unavoidable). Gen Z is also more comfortable with certain forms of surveillance in personal relationships. For example, they are more open to sharing location data with friends or significant others, whereas older generations might deem that less appropriate.

But crucially, ‘not minding’ institutional tracking does not mean Gen Z has no privacy boundaries. On the contrary, this generation places enormous value on consent and control in their social sphere. Gen Z is more likely to seek permission before posting about others, across all relationship types — from close friends to acquaintances. Broadly, this is a generation that views privacy not as secrecy, but as narrative control — deciding what to share, with whom, and when.

The personalization paradox

Most modern privacy frameworks treat personalization and tracking as risks to be minimized through consent mandates and strict opt-in requirements for sensitive data. But this framing may increasingly be out of step with how younger users, particularly Gen Z, approach their digital lives.

Perhaps the clearest illustration of Gen Z’s pragmatic approach to privacy is their love-hate relationship with social media. They are digital natives and are constantly plugged into platforms where they share enormous amounts of personal data. This is what is often referred to as the “data privacy paradox”: Gen Z willingly surrenders its data to social apps in exchange for the customized experiences they prefer. An Oliver Wyman Forum survey found that about 88% of Gen Z respondents said they were willing to share some personal data with a social media company if it improved their experience, a far higher share than the 67% of older adults who agreed. This suggests that Gen Z may largely accept personalization as the price of admission.

They’ve grown up with algorithmic feeds tuned to their tastes, and they know those algorithms run on data. When asked hypothetically, young people are much more likely than the prior generations to say they’d trade personal data for a better website or free content, according to a study commissioned by the hosting company WB Engine. In fact, by one measure, Gen Z rated their willingness to share data for a better online experience about 15% higher than non-Gen Z did. As the researchers summarized, Gen Z finds personalization to be “more of a non-negotiable need — even if it puts their privacy and data at risk.” This helps explain why many Gen Z-ers have rallied against the TikTok ban in the US — essentially choosing a tailored social media experience over abstract data protection concerns. The value they get from curated content, viral trends, and algorithmic discovery is seen as outweighing the privacy they give up in return.

Empowerment over restriction

The same research by the Oliver Wyman Forum found that Gen Z-ers clear their cookies, browse anonymously, and use encrypted communications “twice as often as other generations.” In practice, that means habits like opening incognito windows, using virtual private networks (VPNs) and encrypted messaging apps, and regularly purging trackers are second nature to many young people. These young people grew up with a smartphone in hand and understand the levers of digital privacy intuitively — adjusting app permissions, disabling location tags, and finding workaround tools to stay private. This everyday privacy hygiene shows a generational belief that protecting personal data is each user’s responsibility.

So, what does all this mean for protecting user privacy? The next generation doesn’t need a flood of consent pop-ups, like European users saw once GDPR took effect — they need privacy defaults that respect their intelligence. Gen Z’s behavior sends a clear message: empower us by providing us with technical solutions, not restrictive regulations.

Today, tools like browser-based universal opt-out mechanisms, tiered consent systems, and self-sovereign identity (SSI) frameworks offer a smarter, more user-centric approach to privacy.

Ironically, one of the cleanest fixes, Global Privacy Control (GPC), a browser‑based universal opt‑out, caught on because California required sites to honor it, even though the same standard could have emerged from industry coordination. GPC lets users set a single signal in their browser that websites must respect, reducing the need for pop‑ups or per‑site toggles.

Tiered consent matches the sensitivity of data to the level of required user involvement: low-risk data might require only a one-time agreement, while highly sensitive information — like health or biometric data — would trigger more detailed, explicit consent. Self‑sovereign identity systems, such as wallets built on W3C Decentralized Identifiers (DIDs) and Verifiable Credentials like Microsoft Entra Verified ID, take this further by giving individuals portable digital identities that include their privacy preferences. Once set, these preferences would automatically apply across platforms and services, saving users time while reinforcing their autonomy.

Together, these tools reduce friction, improve compliance, and better reflect how younger users want to manage their digital lives, all without overburdening small firms or chilling innovation.

But to build these tools at scale, the market needs room to experiment. Blanket regulatory mandates — especially rigid opt-in systems or inflexible consent formats — risk preventing the growth of innovation. Compliance with fragmented and overly prescriptive frameworks disproportionately burdens startups and small firms, who must divert resources from product design to legal conformity.

As Congress again debates how to legislate the future of online data, it would be wise to examine what younger users are already doing: customizing their own privacy boundaries and demanding tools — not rules — to support them. In other words, the lesson from Gen Z is not to tailor laws just for them, but to recognize how their habits illuminate a broader truth about modern privacy: people want agency, adaptability, and meaningful control over their data.

A version of this commentary first appeared in Tech Policy Press.

The post Gen Z’s privacy preferences and the future of data privacy appeared first on Reason Foundation.

In effect, “Good Cause” transforms lease renewals from a private contractual matter into a judicial process, one that assumes bad faith on the part of landlords and imposes procedural hurdles that are difficult to meet, especially for small property owners. As of June 2025, five states—California, New Hampshire, New Jersey, Oregon, and Washington—and a number of cities nationwide, along with at least 15 New York municipalities, have adopted versions of the law, most often using “just cause” rather than “good cause” as in New York—a number that may grow unless policymakers understand the unintended impact of this legislation.

New York’s law is the latest and most stringent example. In Oregon and Washington, landlords cannot increase rent by more than 7% plus the Consumer Price Index (CPI), with a maximum cap of 10%. In practical terms, this means that if inflation runs at 3%, landlords can raise rent by up to 10%—but if inflation is just 1%, the maximum allowable increase would still be 8%.

In New York, for tenants covered by the law, annual rent increases are capped at the lesser of 10% or 5% plus the regional CPI—a threshold that functions similarly to traditional rent control measures. Landlords may provide reasons for a higher rent increase for the court to consider, such as significant repairs or increased property taxes. To legally deny a lease renewal, landlords must now demonstrate a “good cause,” broadly defined to include nonpayment of rent, substantial lease violations—such as unauthorized alterations or illegal activity—substantial damage to the property, or refusal to allow access for repairs. Although these exceptions may seem reasonable, the reality is more complicated. The combination of vague and rigid definitions makes it significantly harder to remove problematic tenants, even in cases where their behavior undermines the quality of life for neighbors or presents persistent management difficulties. While these provisions make it harder for landlords to arbitrarily evict a tenant—and given that evictions are not easy in any case, it seems unlikely there are a lot of baseless evictions—they swing the pendulum very hard in the other direction.

One of the primary issues with Good Cause Eviction is that the burden of proof falls entirely on the landlord, especially after the initial lease term has expired. Once a tenant has completed the first 12 months, the lease effectively becomes permanent, unless the landlord can demonstrate one of the legally defined “good causes” for non-renewal. For example, if a tenant begins engaging in disruptive or illegal activity, such as the ongoing sale or distribution of controlled substances, the landlord must prove that the unit is “customarily or habitually” used for that purpose. This bar is exceedingly difficult to meet. Most small landlords lack the capacity to conduct surveillance or gather the necessary documentation, and local law enforcement may be unresponsive unless an active criminal case is already underway. As a result, problematic tenants can remain in place indefinitely, even if their behavior significantly affects the safety, comfort, or property values of surrounding tenants. While some degree of evidence is certainly necessary to break a contract, the law offers little flexibility when a tenant’s conduct becomes intolerable only after the original lease period has passed.

Although specifics vary by municipality, NYC, for example, offers more legal support to tenants than landlords throughout such litigations. In NYC, tenants facing eviction proceedings—whether in Housing Court or through New York City Housing Authority (NYCHA) administrative processes—are entitled to free legal representation under the city’s Right-to-Counsel program (also known as Universal Access). At the time of the program’s creation, the idea was to balance the access to such help from both parties since landlords were seen as more affluent than tenants. However, since no such program was ever put in place for landlords, they have no such guaranteed right to free legal representation. Most landlords must hire private counsel at their own expense or attempt to navigate Housing Court on their own. While some nonprofit or bar association resources exist for landlords, access is not universal, not guaranteed, and rarely sufficient to meet the demands of complex eviction proceedings. The result is a highly asymmetrical legal process: tenants benefit from publicly funded legal teams, while landlords are left to bear the financial and procedural burden of defending their property rights unaided.

Good Cause Eviction laws often have exemption thresholds that can unintentionally discourage small-scale rental growth. California’s law only applies to corporate-owned units, Oregon exempts owners of one or two units, and Washington exempts single-family homes. Under New York City’s version, landlords who own 10 or fewer units are exempt, while those with larger portfolios must comply with the new requirements. Some municipalities have gone even further. Albany, the state’s capital, narrowed the exemption to apply only to landlords with more than one unit. Rochester, the state’s fourth-largest city, with a population exceeding 200,000, adopted the same stricter standard.

While these exemptions are designed to protect small housing providers, they can create strong disincentives to increase the number of available units. Once landlords exceed the exemption threshold, they become subject to additional regulations, which may deter them from expanding. This is a problem because small and midsize landlords (defined as those with 3-20 units) often fill an important niche in the housing ecosystem. Unlike corporate landlords, they are more likely to live in the communities where they rent, maintain direct relationships with tenants, and offer a degree of flexibility that larger property management companies simply can’t match. When policy discourages this class of landlord from growing—or drives them out entirely—it shifts the rental landscape toward larger operators who might not have the personal touch and incentive to build and improve the community. In the long run, this creates a rental market that is less responsive, less personal, and ultimately less stable for the very tenants the law was designed to protect.

In its effort to strengthen tenant protections, New York’s Good Cause Eviction is undermining the very stability it is looking to promote. By shifting the legal balance disproportionately toward tenants and creating disincentives for small-scale housing providers, the law is likely to reduce the availability of quality rental housing over time. If small and midsize landlords—who often offer more community-rooted, flexible housing options—are pushed out or discouraged from expanding, the rental market will increasingly be shaped by large institutional actors with less personal investment in tenant well-being. As more municipalities consider adopting similar legislation, it is critical that policymakers take a closer look at how these rules operate in practice. Without a more balanced, evidence-based approach, the long-term effects may include reduced housing supply, higher costs, and a rental landscape less equitable for both tenants and landlords.

The post Why “good cause” or “just cause” eviction risks undermine housing markets appeared first on Reason Foundation.

In an era where personal data is both a critical economic asset and a sensitive aspect of individual autonomy, privacy laws worldwide increasingly rely on user consent as the primary mechanism for governing data collection, processing, and sharing. However, despite its central role, the effectiveness of current digital consent frameworks remains highly contested.

This paper critically reviews how consent currently operates within major regulatory frameworks, particularly contrasting the European Union’s stringent, opt-in-based General Data Protection Regulation (GDPR) against the predominantly opt-out approach of the United States, exemplified by California’s Consumer Privacy Act (CCPA).

Part 2 outlines key legal frameworks and definitions.

Part 3 examines how consent mechanisms shape user behavior, finding that repeated prompts often lead to disengagement rather than meaningful choice.

Part 4 analyzes the broader economic effects, showing that consent requirements tend to favor large firms, raise compliance costs for smaller players, and constrain innovation.

In the final section, we synthesize leading policy and academic proposals to outline a set of potential reforms. These reforms include risk-based consent frameworks, universal privacy management tools, and co-regulatory accountability models.

The GDPR, adopted in 2016 and enacted in 2018, is built around the more stringent opt-in approach and aspires to consent that is “freely given, specific, informed, and unambiguous.”

The CCPA, adopted in 2018 and enacted in 2020, in effect for U.S. firms doing business in California, follows an opt-out approach, where consent is presumed unless actively withdrawn. As the U.S. and other countries debate national approaches to data privacy, the debates remain unresolved.

Drawing on empirical studies, this review highlights persistent shortcomings in current consent models—from interface design flaws to the disproportionate compliance burden on smaller entities. It concludes by identifying potential reforms aimed at balancing user autonomy, regulatory flexibility, and market competitiveness.

Full Policy Brief: Consent requirements in comprehensive data privacy laws

The post Consent requirements in comprehensive data privacy laws: Current practices and the path forward appeared first on Reason Foundation.

To evaluate state-level cybersecurity reform, Reason Foundation compiled a dataset drawing from the National Conference of State Legislatures (NCSL). The analysis identified 557 cybersecurity-related bills enacted between 2014 and 2024. This timeframe was chosen because the establishment of the NCSL Task Force on Cybersecurity in 2016 marked a critical juncture, signaling the onset of modern cybersecurity legislation in the United States. It followed another significant cybersecurity governance event at the federal level, when President Barack Obama signed into law the Cybersecurity Information Sharing Act (CISA), aimed at enhancing information sharing between the private and public sectors.

Dynamic growth of state-level cybersecurity bills

Figure 1. Number of cybersecurity bills adopted each year from 2014 to 2024.

Source: Author’s calculation using NCSL data.

Figure 1 shows the dynamic growth of cybersecurity legislation activity from 2014 to 2024. Year after year, the map becomes increasingly green, indicating a steady increase in state-level activity. While only four states had adopted any cyber legislation in 2014, most states had adopted some form of regulation by 2024.

Figure 2. Trends in cybersecurity bill activity, 2014–2024.

However, the number of bills adopted is just one measure of legislative activity. The total volume of bills introduced—encompassing adopted, failed, and pending legislation—provides additional insight into the broader momentum and focus of cybersecurity policy. Pending legislation includes all legislation that hasn’t reached a definitive status (either passed or failed) by the end of the session, meaning that the majority of bills are considered dead, and some could have reappeared in another form in future sessions. Figure 2 illustrates the yearly trends of cybersecurity legislation activity, reflecting adopted, failed, and pending bills across all U.S. states and territories.

The data exhibits a clear upward trajectory in cybersecurity legislation, peaking notably in 2023 with an impressive 529 bills introduced in a single year. The slight decline observed in 2024 aligns with a cyclical legislative pattern, where periods of intensive legislative activity are often succeeded by years of reduced legislative proposals, typically due to policy saturation and the need to assess the effectiveness of enacted measures.

Categories of state cybersecurity legislation, 2014-2024

Over the past decade, cybersecurity legislation at the state level has evolved from foundational governance and breach response to proactive frameworks addressing infrastructure, workforce, and AI. This timeline reflects both the maturation of state policy and the changing nature of cyber threats.

Institutional cyber governance (2014-2016)

Between 2014 and 2016, legislative activity addressed institutional preparedness and agency-level accountability. For example, California’s Assembly Bill 2200 in 2014 proposed formalizing the California Cybersecurity Task Force under the Governor’s Office of Emergency Services, reflecting early awareness of the need for statewide coordination. In 2015, Maryland created a State Cybersecurity Council (Senate Bill 542) to coordinate and advise on cybersecurity issues across the state, highlighting proactive government measures toward preparedness and interagency collaboration. The trend toward enhancing institutional preparedness continued into 2016, notably with Colorado’s House Bill 1453, which established the Colorado Cybersecurity Council as a policy-guiding body to oversee comprehensive cybersecurity goals and coordinate across government branches.

Incident response and election integrity (2017–2018)

During 2017 and 2018, state cybersecurity legislation increasingly prioritized incident response strategies and election integrity. In 2017, Nevada’s Assembly Bill 471 established the Nevada Office of Cyber Defense Coordination with a mandate to coordinate incident response, particularly safeguarding state systems from cyberattacks targeting critical infrastructure. Similarly, Illinois enacted House Bill 2371, requiring state employees to undergo annual cybersecurity training, including responding effectively to phishing and spyware incidents, illustrating proactive measures aimed at mitigating threats through workforce readiness.

Election security themes became prominent in 2018 when California’s Assembly Bill 3075 created the Office of Elections Cybersecurity within the Secretary of State’s office. Its role was to coordinate cybersecurity efforts with local election officials to prevent cyber incidents that could disrupt elections or disseminate misleading information online. Additionally, Illinois’ Senate Bill 2651 required local election authorities to implement specific cybersecurity measures, emphasizing the protection of voter registration systems and election databases from cyberattacks.

Blockchain, insurance, and cybercrime (2019-2020)

Between 2019 and 2020, state legislation expanded to include blockchain technology, cyber insurance, and enhanced measures to combat cybercrime. For example, Florida enacted House Bill 1393 in 2019, establishing the Florida Blockchain Task Force to explore blockchain applications for secure recordkeeping and service delivery. Likewise, North Dakota passed House Concurrent Resolution 3004, calling for an assessment of blockchain’s potential benefits for secure electronic voting and administrative efficiency.

A few states adopted comprehensive regulations aligned with the National Association of Insurance Commissioners (NAIC) cybersecurity standards. Alabama’s Senate Bill 54 (2019) mandated that insurers develop information security programs and report cybersecurity events, establishing clear confidentiality protections and penalties for non-compliance. Similarly, Delaware’s House Bill 174(2019) implemented cybersecurity standards for insurers, emphasizing timely investigations and incident notifications.

States also significantly strengthened laws to tackle evolving cybercrime threats. In West Virginia, Senate Bill 261 (2019), lawmakers created explicit criminal penalties targeting ransomware attacks, reflecting a proactive legislative response to rising digital threats. Louisiana enacted House Bill 74 (2019), establishing criminal penalties for unauthorized access to state computer systems, underscoring a growing focus on protecting governmental infrastructure from malicious cyber actors. These efforts continued in 2020, with states like Virginia (Senate Bill 1003) criminalizing cyber crimes that lead to financial harm.

Workforce education and government standards (2021-2022)

During 2021 and 2022, states increasingly recognized the need to strengthen cybersecurity by investing in workforce training and education while also enhancing cybersecurity standards across public agencies. This legislative push emerged in response to heightened vulnerabilities exposed by the remote workforce shift and rising cyber threats.

For example, in West Virginia, Senate Bill 529 (2022) significantly expanded computer science education curricula, explicitly incorporating cybersecurity and digital literacy into school programs. Similarly, Mississippi enacted House Bill 633 in 2021, the Computer Science and Cyber Education Equality Act, mandating comprehensive K–12 instruction in cybersecurity, programming, robotics, and related disciplines, aimed at preparing students for cybersecurity careers. These educational initiatives underscored a legislative acknowledgment of the need to nurture a cyber-literate workforce from an early age.

States also emphasized setting clear cybersecurity benchmarks for government entities to protect critical public infrastructure. For instance, Florida’s House Bill 1297 (2021) required the establishment of stringent cybersecurity oversight standards for state agencies, formalizing cybersecurity responsibilities and creating a dedicated State Cybersecurity Advisory Council. Meanwhile, Wisconsin (Assembly Bill 818 and Senate Bill 786, 2022) considered establishing formal cybersecurity standards and rules for state government entities. Although the bills ultimately failed, Wisconsin’s initiative highlighted a growing recognition of the need for standardized cybersecurity practices across public administration.

Critical infrastructure and social media (2023-2024)

Cybersecurity threats continued to evolve in complexity and severity across states during 2023 and 2024, prompting state legislatures to sharpen their focus on protecting critical infrastructure and mitigating risks posed by social media platforms.

States emphasized legislative efforts to enhance the security of critical infrastructure, recognizing its vulnerability to cyberattacks and the potential for significant disruptions to public services. Arizona introduced Senate Bill 1658 (2023), proposing to restrict agreements involving critical infrastructure with adversarial nations, though the bill was ultimately vetoed. Similarly, Idaho (House Bill 148, 2023) sought to criminalize impeding critical infrastructure (an effort that ultimately failed), while Florida successfully enacted legislation (House Bill 275, 2024) criminalizing intentional damage to critical infrastructure, reflecting heightened state attention to safeguarding essential services from physical and cyber threats.

Social media platforms, particularly those perceived as posing national security threats due to foreign ownership or data management practices, became a significant focus for legislatures. Concerns around TikTok dominated legislative agendas in 2023 and 2024.

Florida enacted legislation explicitly banning prohibited applications, including TikTok, on government-issued devices (Senate Bill 258, 2023). Likewise, Idaho (House Bill 274, 2023) prohibited state employees from downloading or using TikTok on official devices, implementing punitive measures for violations. Beyond TikTok, some states considered broader cybersecurity implications tied to social media. Colorado’s House Bill 1136 (2024) specifically targeted promoting healthier social media use among youth, addressing both cybersecurity and broader public health implications.

Conclusion

This review of state-level cybersecurity legislation provides insights into evolving policy priorities and challenges. Understanding these trends at the state level is crucial for national policymakers, as it highlights key areas of concern, including infrastructure protection, proactive incident response protocols, and election security among other areas. Such areas receiving significant state attention can inform national legislative strategies, helping federal policymakers prioritize effective and relevant cybersecurity measures aligned with localized needs and priorities.

The post Overview of state-level cybersecurity legislation appeared first on Reason Foundation.

First, the regulatory environment for cybersecurity in the U.S. is currently a patchwork of overlapping state and federal guidelines. According to calculations using cybersecurity regulation data from the National Conference of State Legislatures database covering the period from 2014 to 2023, approximately 557 state-level cybersecurity bills were passed, covering several distinct categories ranging from critical infrastructure protection to cyber insurance and social media regulation.

These bills are on top of existing breach notification laws, comprehensive privacy legislation, and evolving AI regulations, each containing data integrity elements. This creates overlaps and potential contradictions with each other and with new cybersecurity bills.

At the national level, multiple agencies—including the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Communications Commission (FCC), and the Securities and Exchange Commission (SEC)—have been involved in cyberspace governance over the past decade, promulgating regulations and generating additional compliance requirements.

This fragmented regulatory landscape inadvertently pushes cybersecurity teams toward a compliance-first approach rather than promoting genuine security innovation and proactive threat mitigation. Imagine a scenario where a single company subject to multiple jurisdictions must navigate conflicting regulatory demands, almost inevitably weakening its overall cybersecurity posture.

To resolve these contradictions, the administration should prioritize establishing clear, unified cybersecurity standards, allowing for tailored approaches within specific sectors when necessary.

While agencies like the Office of the National Cyber Director (ONCD) currently lack sufficient authority to mandate harmonization, the administration can lead by explicitly establishing harmonization as a key expectation, motivating voluntary but meaningful coordination among federal agencies. Practical steps could include convening industry-driven forums that regularly review and propose streamlined, effective cybersecurity practices, thus ensuring industry insights directly inform policy without excessive government mandates.

Achieving coherence also depends heavily on deepening public-private partnerships (P3s). Effective cybersecurity is inherently collaborative; neither industry nor government alone possesses comprehensive visibility into emerging threats and solutions. P3s offer platforms for meaningful information exchange, identification of technological gaps, and co-development of scalable solutions. The CISA already plays a pivotal role here, with strong bipartisan support reinforcing its interactions with industry leaders. Jointly steering research investments into coherent and targeted cybersecurity innovations can ensure alignment in capabilities and priorities. Specific practical measures include incentivizing private sector participation through tax breaks or grants for cybersecurity innovation, establishing joint cybersecurity task forces that are equally represented by government and industry, and promoting transparent and voluntary frameworks for threat information sharing.

Finally, coherence in cybersecurity strategy must extend to integrating advanced technologies, particularly artificial intelligence. 

Cybersecurity professionals today are inundated with threat alerts requiring manual evaluation—a model both unsustainable and inadequate against increasingly sophisticated adversaries. The administration’s recent endorsement of artificial intelligence (AI) through initiatives like the Executive Order on Removing Barriers to American Leadership in Artificial Intelligence signals the recognition of AI’s transformative potential. Now, the focus should shift to the pragmatic integration of AI into security operations centers (SOCs). AI-driven tools can automate routine threat detection tasks, allowing human expertise to concentrate on complex threats that demand nuanced judgment. Practical steps could include creating incentives for industry-led development of AI cybersecurity solutions, supporting pilot projects demonstrating AI efficacy in cybersecurity, and establishing standards for voluntary adoption of AI-driven security solutions. Speeding AI’s deployment will empower American cybersecurity professionals with critical advantages, ensuring they stay ahead in a rapidly evolving threat landscape. However, the administration should remain vigilant regarding the rapidly expanding patchwork of AI regulation at state, federal, and international levels. Navigating and mitigating regulatory complexities will be crucial to ensure that beneficial AI innovation in cybersecurity is not unnecessarily impeded or fragmented.

By strategically focusing on regulatory coherence through voluntary industry alignment, enhanced collaboration through P3s with clear market-based incentives, and proactive adoption of advanced technologies such as AI, the administration can significantly strengthen the nation’s cybersecurity posture while it is undergoing changes in its labor force and leadership.

The post Top 3 cybersecurity policy priorities for the Trump administration  appeared first on Reason Foundation.

The bill caps annual rent increases at 7% plus the consumer price index (CPI). For instance, if the CPI—a measure reflecting average price changes in a basket of goods and services—is 3% for a given year, landlords would be able to increase rent by a total of 10% that year (7% base cap plus 3% CPI adjustment). This looks like a significant buffer, because most landlords generally increase the rent price by 5 to 15%. However, passing any sort of state cap on rent increases opens the door for a future legislature to lower this cap.

This bill exempts owner-occupied units in smaller buildings—duplexes, triplexes, and fourplexes—if the owner resides onsite at tenancy inception and continues living there. While this may protect small-scale landlords from the rent cap in the short-term, this provision discourages these landlords from investing and expanding into other properties and reduces incentives for any new, small-scale housing of the kind.  Over time, this policy will significantly diminish the number of mom-and-pop rental operations, effectively leaving only large corporations or government entities willing to navigate stringent rent control regulations.

The legislation’s restrictions on rent increases would also destabilize the short-term rental market. Landlords won’t be able to charge a premium for short stays, so they will have to adjust their business models to long-term stays or exit the market. Short-term leases—particularly essential for traveling professionals—may become scarce. Nationally, one-quarter (25.2%) of renters stayed in their homes for 12 months or less before moving in 2022. This change could undermine Washington state’s appeal to transient skilled labor–think traveling nurses and infrastructure development contractors–that are made up of professions likely to be in demand in the state in the foreseeable future.

Extensive research underscores the unintended consequences associated with rent control policies. A seminal study by Massachusetts Institute of Technology researchers David Autor, Christopher Palmer, and Parag Pathak demonstrated that the elimination of strict rent controls in Cambridge, Massachusetts, substantially increased housing stock values and improved housing quality, benefiting even previously uncontrolled properties through positive market spillovers. Similarly, research published in the American Economic Review by Rebecca Diamond, Tim McQuade, and Franklin Qian on San Francisco’s rent control expansion in the 1990s highlighted significant long-term reductions in rental housing supply. They found corporate landlords, with superior access to capital, evaded rent control through redevelopment. Ultimately, rent control disproportionately harmed smaller landlords who lacked similar financial flexibility.

Historically, rent control has shown severe negative impacts in places like New York City. Decades of stringent regulations have culminated in substantial housing shortages, deferred maintenance, and an increasingly stagnant market. By 2024, estimates suggested that 20,000 to 60,000 New York City apartments sat vacant as landlords found renovations and market re-entry economically unviable due to stringent rent caps. These unintended consequences significantly reduce rental availability, deteriorate property conditions, and increase housing scarcity, precisely counteracting the policy’s initial affordability goals.

The recent rent control bill contradicts other housing efforts within Washington. For instance, during the 2023 legislative session, lawmakers passed House Bill 1110, a measure that overrides restrictive local zoning laws by allowing duplexes, triplexes, and fourplexes in most neighborhoods. This zoning reform was intended to increase housing density, encourage the construction of new rental properties, and expand affordable housing options. However, by enacting rent control, the state undermines these objectives. Rent control policies typically discourage investment in rental housing by reducing profitability and incentivizing property owners to convert rental units into owner-occupied homes or for-sale properties. When rent control is paired with zoning reforms, the unintended outcome can be a significant shift toward homeownership rather than rental housing. As a result, this reduces available rental stock but benefits potential homebuyers by increasing the supply and affordability of homes on the market.

Instead, lawmakers should focus on alternative policies to help keep housing affordable.

For example, during the recent legislative session in Washington, lawmakers considered House Bill 1099, a tenant assistance program designed to provide targeted support to low-income renters. Although this bill ultimately failed to pass out of committee, it deserves reconsideration in future sessions. Unlike blanket regulatory measures such as rent control, HB 1099 proposed utilizing existing tax revenues to fund direct financial assistance similar to housing vouchers. According to research by the Urban Institute, voucher programs offer significant flexibility, empowering tenants to select housing that best suits their individual needs without distorting market incentives. Reviving HB 1099 or similar legislation could effectively address housing affordability issues by directing support specifically to renters most in need, rather than imposing broad regulatory constraints that risk discouraging landlords from maintaining and upgrading their properties. Targeted assistance programs like this—especially when leveraging existing funds rather than increasing taxes—represent a more efficient alternative to extensive housing regulation.

Washington state’s experiment with rent control is a fundamentally flawed solution to housing affordability. If signed into law, HB 1217 will inevitably shrink housing supply, discourage investment, and undermine ongoing efforts to increase housing density. Rather than preserving affordability, rent control creates artificial scarcity, benefiting only a fortunate few at the expense of broader economic health and housing availability. Lawmakers should instead embrace targeted solutions like tenant assistance programs. These measures directly address affordability without sacrificing incentives for landlords and developers. Ultimately, Washington’s path to sustainable housing stability lies in policies that encourage investment, construction, and flexibility, empowering both renters and homeowners to thrive in the state.

The post Washington state rent control bill will shrink housing supply and worsen affordability appeared first on Reason Foundation.

On behalf of Reason Foundation, we respectfully submit these responses to the prompts contained in the February 21 request for information on the parameters of a federal comprehensive data privacy and security framework. Reason Foundation is a national 501(c)(3) public policy and education organization with expertise across a range of policy areas, including technology policy. Our responses below are numbered to correspond to the individual prompts.

III. Existing privacy frameworks and protections

A. Please provide any insights learned from existing comprehensive data privacy and security laws that may be relevant to the working group’s efforts, including these frameworks’ efficacy at protecting consumers and impacts on both data-driven innovation and small businesses.

Efficacy at protecting consumers

Comprehensive privacy laws such as the European Union’s General Data Protection Regulation of 2016 (GDPR) and the California Consumer Privacy Act of 2018 (CCPA) were enacted with the intent to give consumers more control over their data and set clearer expectations about how that data would be used. However, economic and social science research has not yet determined whether these laws provide meaningful additional protection for consumers. Moreover, these regulations appear to have had unintended negative effects on consumer behavior and business activity.

With respect to Europe’s GDPR, our own analysis of the Survey on Internet Trust (Ipsos) found that consumer trust did not change before (2017) or after the introduction of GDPR (2019). Another group of researchers, using the same data, looked at the interval between 2019 and 2022 and found that Internet users’ trust in the Internet has actually dropped. We have also previously warned that overbroad privacy regulations could make the Internet less user-friendly.

These concerns have been validated by the findings of a recent study funded by the European Research Council. The authors examined how GDPR affected online user behavior and found it had a negative impact on website traffic. After GDPR took effect, weekly website visits dropped by approximately 5% within three months and by about 10% after 18 months.

These traffic declines caused significant revenue losses—averaging $7 million for e-commerce websites and nearly $2.5 million for ad-supported websites after 18 months. However, the impact varied depending on website size, industry, and user location. Larger websites suffered less, suggesting that GDPR may have unintentionally favored large websites and increased market concentration by harming smaller competitors.

In an analysis of the California Consumer Privacy Act (CCPA), scholars from the University of California, Irvine, and New York University found significant correlations between the regulation and shifts in consumer behavior on commercial websites. Specifically, Californians decreased their purchases by approximately 4.3% and increased their product returns by 3.0%, resulting in an average reduction of $96 in discretionary spending per consumer within one year of the CCPA’s introduction. Browsing behavior data from commercial websites indicates that Californians spent more time online and visited more pages per website, suggesting that increased privacy restrictions may have compelled consumers to expend greater effort to locate suitable products or services.

Full Comments: Comments in Response to Data Privacy and Security Request for Information

The post Best practices in building a federal comprehensive data privacy and security framework appeared first on Reason Foundation.

The Texas Responsible Artificial Intelligence Governance Act (TRAIGA) was introduced late last year by state Rep. Giovanni Capriglione (R-98) as House Bill 1709. Despite being a Republican-led initiative, the bill may also be gaining traction among Texas Democrats due to its similarities to California’s Senate Bill 1047 and alignment with the European Union AI Act—both regulatory frameworks broadly supported by Democratic lawmakers.

Additionally, TRAIGA has secured backing from the Future of Privacy Forum’s Multistakeholder AI Policymaker Working Group, which has both Democratic and Republican lawmakers and advocates for stronger AI regulations. The bill is currently under House committee review and, if passed, would take effect in September 2025.

TRAIGA’s broad scope is one of its most concerning aspects. In today’s work environment, AI systems often play a supporting role in consequential decisions related to employment, finance, healthcare, housing, and insurance. However, under the bill, any AI tool used in these sectors—regardless of its actual influence on decision-making—could be subjected to costly compliance requirements.

For example, an AI-powered resume screening tool that assists human resources departments by ranking job applicants based on relevant skills and experience would fall under TRAIGA’s high-risk category. Employers using such a tool would be required to conduct impact assessments, ensure compliance with algorithmic fairness standards, and provide detailed reports on how AI is used in the hiring process. These obligations impose significant financial and administrative burdens on businesses that rely on AI for these tasks. Many companies, particularly startups and mid-sized firms, may determine that the compliance costs outweigh the benefits of AI adoption. Consequently, TRAIGA risks discouraging AI implementation altogether, reducing efficiency and innovation in hiring or pushing businesses to relocate to states with more favorable regulatory environments.

It would also tip the AI market in favor of large incumbents, a problem Vice President J.D. Vance recently warned against at the Artificial Intelligence Action Summit, held in early February in France.

“To restrict its development now will not only unfairly benefit incumbents in the space, but it would also mean paralyzing one of the most promising technologies we have seen in generations,” Vance said.  

His speech was in line with the idea that instead of imposing rigid rules, policymakers should focus on fostering an environment where innovators can responsibly develop AI applications that benefit society.

As examples of the types of regulations Texas should be avoiding, TRAIGA also introduces several vague and overbroad prohibitions on specific uses of AI that are deemed “unacceptable risks.” TRAIGA would require systems that perform emotion recognition, capture biometric data, or categorize consumers based on sensitive attributes to obtain explicit consent. This restriction could severely limit AI’s potential in areas like fraud prevention, personalized health care, and adaptive learning technologies. In practice, these restrictions may eliminate valuable applications that enhance security, efficiency, and user experience. For example, biometric authentication technologies—widely used to prevent fraud and enhance security—could fall under TRAIGA’s prohibitions. Many financial institutions and tech companies rely on these systems to safeguard user accounts and transactions. A blanket requirement would not only undermine security but also create an uneven playing field where Texas-based businesses are restricted in ways that their competitors in other states or countries are not.

A key question is whether such restrictions should apply universally or be tailored to different use cases. In some contexts, requiring explicit consent makes sense, such as in healthcare data collection, where personal privacy concerns are paramount. However, a blanket restriction on biometric authentication without considering its role in security applications could have unintended consequences. Mandating explicit consent in every instance could introduce unnecessary friction, making these systems less effective and inadvertently increasing security risks. Additionally, AI-driven authentication tools are increasingly used in public safety applications, such as airport security and border control, where obtaining prior consent from every individual is impractical. There are complex tradeoffs around biometrics and consent that this Texas bill just brushes aside.

Another problematic provision of HB 1709 is the introduction of a limited private right of action. While the Texas attorney general would be the primary enforcer of the law, private litigants can sue over alleged violations involving banned AI systems. This opens the door for opportunistic lawsuits, further increasing compliance costs and legal risks for AI developers and deployers.  Given the complexity of AI decision-making, many companies may face litigation even when they have taken reasonable steps to mitigate bias and ensure compliance.

The experience of Illinois’ Biometric Information Privacy Act (BIPA) serves as a cautionary tale. Under BIPA, businesses have faced a wave of lawsuits, often over technical or procedural violations rather than actual harm to consumers. TRAIGA’s private right of action could create a similar legal minefield in Texas, where companies are targeted for minor or unintended infractions. The fear of litigation will further deter AI innovation, making Texas a less attractive destination for tech companies.

Furthermore, TRAIGA’s approach to algorithmic discrimination is redundant given existing federal and state anti-discrimination laws. Algorithmic discrimination is defined in the law as any condition in which an AI system, when deployed, creates unlawful discrimination of a protected classification in violation of the laws of this state or federal law. Artificial intelligence systems used in hiring, lending, and other key decisions are already subject to anti-bias regulations under existing laws such as the Equal Credit Opportunity Act and Title VII of the Civil Rights Act. Instead of adding another layer of regulation, policymakers should focus on enforcing these laws and encouraging industry best practices for fairness and transparency.

Texas House Bill 1709’s exemptions for small businesses and experimental AI sandboxes are well-intentioned but ultimately insufficient. While companies that meet the Small Business Administration’s definition of a small business would be exempt from TRAIGA’s obligations, this carveout does little to protect mid-sized firms and startups that aspire to scale. Similarly, the experimental sandbox program offers only temporary relief, meaning that companies developing cutting-edge AI would eventually face the same regulatory constraints.

TRAIGA’s regulatory framework also poses a threat to Texas’ long-term economic prospects. The state has positioned itself as a leader in AI and emerging technologies, attracting major investments from tech companies and infrastructure projects like the $500 billion Stargate Project, an AI infrastructure project that is meant to build large-scale infrastructure of advanced data centers across the United States that would power and develop cutting-edge AI. Regulations could drive these investments elsewhere.

TRAIGA represents a significant departure from the state’s claimed pro-innovation stance. If enacted, House Bill 1709 would create barriers that deter AI development, increase compliance costs, and open the floodgates for litigation. TRAIGA, as currently written, leans too heavily toward regulation at the expense of technological advancement. If Texas wants to remain a leader in AI, policymakers must reconsider the bill’s provisions and ensure that regulation does not become a roadblock to progress.

The post Proposed artificial intelligence legislation would drive innovation out of Texas appeared first on Reason Foundation.

I moderated a panel of experts discussing the future of AI data centers during the 46th annual meeting of the Association for Public Policy Analysis and Management (APPAM). The panelists, which included experts from academia and the industry, addressed the need for streamlining regulatory barriers, the role of private industry in driving innovative solutions, federal preemption of state laws, and the importance of building a strong workforce. In this commentary, we draw on their insights by using their quotes to illustrate the key themes discussed during the panel. 

AI data centers serve as computational hubs for machine learning models, and their importance is only set to grow as AI adoption accelerates across industries. Current projections show that global AI capabilities are doubling every six months, demanding a substantial increase in processing power, storage, and networking capabilities. This exponential growth drives the need for massive energy resources, as training advanced AI models and maintaining data center operations require significant electricity to power servers and cooling systems.  

For example, training a single large AI model can consume as much energy as roughly a hundred households use in a year. AI data centers are not just high-energy consumers; they also create a ripple effect on the broader energy grid. As operations scale, these centers exert pressure on local and regional grids, necessitating infrastructure upgrades and reliable energy sources. Without careful planning, this demand risks creating bottlenecks in energy supply, particularly in regions already grappling with grid vulnerabilities.  

The need for streamlining regulatory barriers 

Environmental reviews, zoning restrictions, and permitting delays can stretch projects over years, which poses significant challenges to AI data center development. Patrick Hedger, the director of policy at NetChoice, a trade association representing many major internet companies, cited Meta’s attempt to build a data center powered by nuclear energy in California. The effort was blocked by environmental regulators who discovered a rare species of bees inhabiting the land. Similarly, he noted the delays faced by the Taiwan Semiconductor Manufacturing Company (TSMC) semiconductor plant in Arizona, where regulatory hurdles initially stalled construction, though it was eventually built. 

At the federal level, outdated environmental review processes, such as NEPA (National Environmental Policy Act), are a major concern. Since its passage in 1969, NEPA has remained unchanged through significant transitions in America’s economy, society, politics, and environment, alongside the introduction of many other federal, state, and local regulations. NEPA has become outdated, making compliance more complicated, fostering judicial intervention, politicizing rulemaking, and creating inconsistencies in how environmental impacts are assessed and addressed. 

“A NEPA review will hold up a wind farm, a solar facility, a nuclear plant,” Hedger said and emphasized the need to streamline federal permitting processes for all energy sources—renewable or otherwise. A more efficient process could reduce unnecessary delays by improving coordination between agencies, prioritizing balancing environmental protection with the need for timely infrastructure development, and ensuring that bureaucratic procedures do not hinder energy projects. A streamlined process can still incorporate safeguards to protect endangered species, such as the bee mentioned, addressing a valid concern for many stakeholders. 

The problem isn’t limited to federal oversight. Local and state regulations, including restrictive zoning laws, further complicate siting data centers. “Something as boring as setback regulations [zoning laws that establish minimum distances a building must be from a property line]… can force data centers into places where the grid is not as best situated or prepared,” Hedger noted. This pushes projects into suboptimal locations, creating inefficiencies and driving up costs. 

Private industry: Innovating for efficiency 

Private industry continues to innovate, developing solutions to reduce energy consumption and environmental impact. James Czerniawski, a senior policy analyst at Americans for Prosperity, explained that companies are not waiting for government solutions.  

“They’re looking to build microgrids [localized energy systems that can operate independently from the main grid] alongside their data centers,” he explained, citing examples of Microsoft’s plans to reopen Three Mile Island to power its services and Amazon collaborating with electricity providers for sustainable energy. These collaborations are providing companies with new opportunities to secure energy while relying on existing infrastructure. 

Technological advancements are also improving data center efficiency. Czerniawski described how innovations like liquid cooling systems have significantly reduced energy demands by more than 90%. Similarly, companies like Nvidia are redesigning chips to perform computations with less energy while AI systems increasingly optimize their own power usage. 

This relentless focus on efficiency isn’t just environmentally driven—it’s a business imperative. The panel emphasized that reducing energy use translates directly to lower costs and higher profitability, making it a win-win for companies and sustainability goals alike. 

The role of federal preemption 

The panel raised concerns about the possibility of states creating a patchwork of laws that hinder innovation and increase compliance costs. 

Some state laws, like California’s, have a significant influence on regulating emerging technology. One such example is the California Consumer Privacy Act (CCPA), which often ends up setting de facto national policy because companies default to the most restrictive rules.  

Divya Ramjee, an assistant professor in the Department of Public Policy and Department of Criminal Justice at the Rochester Institute of Technology, warned that a similar approach to AI could stifle innovation. “Having a federal bill that says, ‘This is what is allowed going in [to the AI model], this is what is allowed [to be used],’ … gives clarity to everybody across the board,” Ramjee said with regard to data privacy and use. 

In discussing the need for federal preemption as a baseline national standard for AI regulation, Patrick explained, “The main reason we’re having these conversations is because AI is driving the demand for data centers. If we don’t address that with smart, innovation-friendly regulation, we’re going to fall behind.” 

Conclusion: Powering the future 

AI data centers represent not only a challenge but also an opportunity to modernize energy infrastructure and streamline regulation. Addressing these challenges requires a comprehensive, coordinated approach.  

As we have previously discussed in a series of commentaries explaining data center electricity use, both federal and state-level regulations will play a role in the success of the growth of data centers. Federal leadership must provide clear direction on AI regulation while enabling innovation. States and local governments must remove barriers to development, from zoning laws to permitting delays.  

Meanwhile, private industry will continue to push the boundaries of efficiency, driving the technological advancements that make AI a tool for progress. By ensuring that the benefits of AI infrastructure are shared broadly, the United States can advance both its technological leadership and economic prosperity. 

The post AI data centers must balance innovation, regulation, and energy demands appeared first on Reason Foundation.

As a producer and director of Shabbification: The Story of Rent Control, I wanted to explore how these policies, intended to protect tenants, often lead to unforeseen and damaging outcomes for cities like New York. The idea for Shabbification came from witnessing the growing challenges faced by small property owners and tenants alike in New York City and New York State. Through this film, I wanted to capture the personal stories that statistics often fail to convey—stories of landlords trying to keep their buildings from falling apart and tenants navigating a system that no longer serves them. 

At its core, rent control—and its other forms, like rent stabilization—is a form of government-enforced price limits on rental properties. These policies set caps on how much landlords can charge their tenants, aiming to make housing more affordable. Yet, New York City, the epicenter of long-standing rent control policies, is a cautionary tale of what happens when such regulations are allowed to linger for decades.  

Since the late 1960s and early 1970s, New York has implemented and expanded rent stabilization programs. These programs have been recently bolstered with the Housing Stability and Tenant Protection Act of 2019 (HSTPA) and the Good Cause Eviction Law of 2024. Today, about one million apartments in the city fall under these laws. Initially conceived to address housing shortages after World War II, rent control has worsened the very crisis it was meant to alleviate. 

My documentary shows the harsh realities of rent control, offering viewers an intimate look into the lives of small property owners who bear the brunt of these regulations. Small landlords, many of whom own just one or two buildings, struggle to maintain their properties under the crushing weight of government-imposed rent caps. What was meant to increase housing access by keeping rents low has stifled development and reduced the availability of livable units when landlords no longer earn enough money from rent to maintain them.  

The documentary brings us into the deteriorating apartments of New York, revealing how these outdated policies have led to crumbling infrastructure, deferred maintenance, and vacant units. In the opening scene, Eric Dillenberger, a board member of the Small Property Owners of New York, walks through an Upper West Side building where a tenant lived from 1969 until 2021. The unit is currently vacant. He explained that, with current rent control regulations, it would take him 180 years to recoup the investment needed for renovations.  This is because the unit requires extensive renovations—estimated to cost $200,000—just to make it livable again. Under the HSTPA, rent increases for Individual Apartment Improvements (IAIs) are capped at a mere $89 monthly. The law further limits the amount of reimbursable IAI spending to $15,000 every 15 years for up to three improvements—the reason why it will take just under 200 years to make up for the renovation. The math is staggering and underscores just how unsustainable the system has become for small landlords. 

The story of Bryan Liff, a small property owner in Harlem, offers a striking example of how rent control policies can disrupt both tenants and landlords. Bryan bought his building—a set of studio apartments—just a few months before the HSTPA took effect, intending to renovate, modernize, and make the property environmentally sustainable. At the time of purchase, the building was largely vacant except for one rent-stabilized unit. 

After HSTPA, Bryan was no longer allowed to charge market rates for the other vacant units, making his renovation plans financially unfeasible. Additionally, under New York rent stabilization laws, Bryan cannot claim more than one unit for himself and his family, even though the building remains mostly empty. This leaves Bryan unable to move his family into the building or make the necessary structural improvements, as the capped rental income would not cover the costs. 

Bryan’s story reflects a larger crisis playing out across New York City, where small landlords face mounting financial hardship. Policies that were intended to protect tenants have inadvertently prevented landlords from maintaining or utilizing their own properties, contributing to the very housing shortage these laws were meant to solve. 

This leads to broader implications for the city itself. New York is facing a historic housing shortage, with vacancy rates plummeting to just 1.4%—the lowest in decades. Despite the desperate need for housing, tens of thousands of rent-stabilized apartments remain off the market, left vacant by landlords who cannot afford the upkeep or face regulatory barriers. Rent control, initially designed to protect tenants, has inadvertently locked thousands out of the housing market. Instead of incentivizing property owners to provide more housing, the policy disincentivizes repairs and upgrades, pushing landlords to leave units empty or underutilized. 

The situation has become so dire that an estimated 20,000-60,000 rent-stabilized apartments remain vacant during a time when demand for affordable housing is at an all-time high. This paradox of widespread housing shortages coupled with vast numbers of empty apartments is a direct consequence of rent control’s distortion of the housing market. 

So, what can policymakers do? There are smarter solutions that could alleviate the housing crisis without exacerbating the problem with rent control. Housing vouchers, for instance, could provide targeted subsidies to low-income tenants, allowing them to access housing in the private market without the need for price caps. This approach would offer tenants immediate relief while giving landlords the flexibility to maintain their properties and invest in their communities. Additionally, easing restrictive zoning and building regulations would encourage new development, expanding the housing supply and driving down rents. 

A small property owner from Chinatown (who chose to remain anonymous), whose family purchased a building in the 1980s, reflects on the absurdity of the current system: “Here you have existing housing stock that could be easily made available if the laws changed and allowed property owners to get the necessary income. This is a basic common-sense proposition to addressing the housing crisis in New York City.” 

The unit that he walked us through has not been renovated since the 1910s. For decades, a long-term tenant occupied the property, and now, with the unit vacant, the owner faces a familiar dilemma: Under current rent stabilization laws, the restrictions on rent increases make it economically impossible to justify the significant costs of renovation. The unit remains stuck in a state of disrepair, unable to be brought back into the housing market despite a desperate need for available units. 

This case highlights a broader issue across the city: rent control policies, while intended to protect tenants, have left thousands of units unlivable and empty. While these laws remain in place, small landlords remain unable to modernize aging buildings, worsening New York’s housing crisis. 

Through this documentary, I wanted to provide a window into the reality of rent control, showing not only its failings but also the people who are most affected by it. It reveals that, far from being a simple fix, rent control is a deeply flawed policy that needs serious reconsideration if we are to solve the housing crisis and create a more just and functional system for both tenants and landlords. 

It’s a common concern that removing rent control or stabilization policies would cause rents to skyrocket, but the opposite is more likely to occur in the long run. By releasing thousands of vacant, rent-stabilized units back into the market and incentivizing landlords to maintain and upgrade their properties, the overall housing supply would increase. This expanded supply would provide more options for tenants, easing competition and driving prices down. A healthier, less restrictive housing market would ultimately benefit tenants by improving availability, affordability, and quality—without the distortions and scarcity created by rent regulations. 

The post Unintended consequences of rent control appeared first on Reason Foundation.

Rent control, including variations such as rent stabilization, is a government-imposed price control (usually a limit) on what private properties may charge for rent. Seven states currently have rent control laws, and 20 states introduced bills related to rent control in 2024.

How rent control harms housing

• Reduced housing supply and upkeep: In San Francisco, rent control led to a 15% reduction in the number of available rental units between 1979 and 1994 as landlords converted properties to condos or sold them​. Nationwide, 61% of housing providers have deferred or expect to defer maintenance and improvements due to rent control limiting revenue to cover rising repair and upkeep costs.
• Suppressed property value and investment: In Cambridge, Massachusetts, deregulated property values increased by 45% after rent control was lifted. After deregulation, properties in Cambridge that neighbored rent-controlled homes saw a 25% rise in value. In New York City, rent-controlled buildings dropped in value by 34% between 2019 and 2023, while non-controlled units increased in value by 23% during the same period.
• Reduced mobility and diversity: In San Francisco, tenant mobility fell by 19%, with empty-nesters staying in larger units, pushing young families out of the city. In New York City, long-term tenants benefit from low rents, but newcomers face skyrocketing prices in uncontrolled units.

Policy alternatives

• Housing vouchers: Housing vouchers could provide rent subsidies for low-income individuals in the private market. Removing price limits and simplifying the inspection and eviction processes would enhance accessibility, enabling tenants to secure stable housing while allowing landlords flexibility.
• Less restrictive zoning and building regulations: Zoning and building regulations raise development costs, limiting the construction of affordable rental units. Reducing these regulatory barriers and simplifying approval processes will encourage new construction and increase housing supply.

Full backgrounder: Rent control implications and policy alternatives

The post Rent control implications and policy alternatives appeared first on Reason Foundation.

Despite these recent investment successes in building the system’s assets, Georgia’s teacher pension is not out of the woods and still poses a major risk of unexpected runaway costs. The fund previously experienced investment returns substantially below its expectations in 2016 (1.4%) and 2022 (-12.8%), and not only is there no guarantee major investment losses won’t happen again, but failure to prepare for that possibility places significant risks on tomorrow’s taxpayers.

The Teachers Retirement System has gone through decades of growing pension debt. TRS now has $27.7 billion in debt and is far from reaching full funding. In addition, recent stock market volatility shows how things can quickly change for public pension systems.

Policymakers must grapple with these volatile market swings while seeking to secure pension promises made to teachers without passing major unnecessary costs on to future taxpayers. Ongoing challenges with pulling TRS back to full funding suggest that lawmakers still need to consider major reforms, particularly a more robust debt payment plan and a modernization of benefits, to improve the financial state of TRS.

The funded ratio of the plan was 78.2% as of June 30, 2023, according to the latest available valuation​. A funded ratio of 100% means the pension plan has sufficient assets to cover all its liabilities. Being below this mark indicates that the pension system does not have enough assets to meet all its future obligations, posing a risk to the financial security of retirees. Ever since the Great Recession, TRS has maintained funding below 80% (save a few brief periods barely above that level). According to the latest reporting, the system is on track to pay off existing pension debt within 22 years, but success will depend heavily on achieving lofty investment goals.

The assumed rate of return on investments used by Georgia TRS (currently 6.9%) is overly optimistic and leaves the system vulnerable to market volatility. Lowering this rate to a more conservative figure will reduce the risk of future deficits and ensure that the fund remains solvent even in less favorable economic conditions. The assumed rate of return has already been reduced from 7.50% to 7.25% effective with the June 30, 2018 valuation, and then from 7.25% to 6.90% effective with the June 30, 2021 valuation. It is critical to consider lowering it further to match the 6% investment return rate that most market experts are forecasting for the next 10-to-15 years. While lowering the assumed rate of return necessitates higher annual contributions from taxpayers and its members to maintain the current funding trajectory, it also ensures a more stable financial future for the pension fund.

The plan uses a schedule to pay off any new debt within 25 years. This amortization approach is too lengthy and exposes the system to prolonged financial risk. The Society of Actuaries recommends a shorter amortization period of 15-20 years to more effectively manage pension debt. A shorter amortization schedule would help mitigate interest costs over time and reduce the likelihood of accumulating further unfunded liabilities, crucial for the fiscal health of the fund.

Shortening the amortization schedule for the pension fund’s liabilities will also help pay off the debt more quickly. The total long-term cost of amortizing both legacy and any future unfunded liabilities would be lower, mainly because pension debt would not accumulate as much interest if it were paid off sooner.

TRS also faces a major crisis in providing adequate retirement benefits to its members. With a lengthy vesting requirement of 10 years, only a small segment of teachers are earning a pension benefit, and the majority are falling short of building adequate retirement savings during their time in the system. According to retention rates expected by the system’s actuaries, fewer than 35% of new hires will reach the 10-year requirement, which means two-thirds of teachers will walk away with only their contributions and no help on their retirement from their employers.

Even those teachers who reach the lofty vesting requirement but leave for other opportunities shortly thereafter will see their pension benefits greatly reduced by inflation.

With the modern workforce’s increasingly mobile tendencies, policymakers need to reevaluate how well a traditional pension benefit fits the needs of teachers. The Employees’ Retirement System of Georgia (ERSGA)—the state’s plan for other government workers—underwent reform in 2009 that established a new modernized tier of benefits for new hires that mixed individualized 401(k)-like benefits with pension benefits. This could be a valuable template to follow for making a TRS that works for most educators, not just the few who stay for their entire careers.

The impacts of stock market volatility experienced by Georgia’s teacher pension should concern policymakers. The ongoing struggle to reduce public pension debt suggests that major reforms are needed.

Further lowering TRS’ assumed rate of return and reducing the amortization schedule are critical steps in securing the financial future of Georgia’s teachers and the state’s fiscal health.

Seeing that the current pension offered to teachers is a poor match for the vast majority of newly hired educators, Georgia lawmakers should explore options to modernize the Teachers Retirement System, similar to that which was done for the state’s other major retirement system for public workers.

A version of this column first appeared at GeorgiaPolicy.org.

The post Teachers Retirement System of Georgia posts strong investment returns, still needs major reforms appeared first on Reason Foundation.

Over the past few years, AI has revolutionized diagnostics with algorithms that are increasingly capable of detecting diseases like cancer and heart conditions with unprecedented accuracy. AI-driven tools have streamlined the drug discovery processes, reducing the time and cost of bringing new treatments to market. In education, AI-powered platforms have further personalized learning experiences, adapting to individual students’ needs and improving engagement and outcomes.

Freedom to develop has allowed for rapid experimentation and implementation of AI technologies, leading to remarkable advancements benefiting society. However, many people are concerned about the long-term impacts AI could have.

California Senate Bill 1047, introduced by Sen. Scott Wiener (D-San Francisco), aims to prohibit worse-case harmful uses of AI, like creating or deploying weapons of mass destruction or using AI to launch cyberattacks on critical infrastructure, costing hundreds of millions in damage.

To prevent these doomsday scenarios, the bill would require developers to provide a newly created government agency with an annual certification, affirming that their AI models do not pose a danger. This certification would be provided even before the training of the AI model begins. However, it is difficult to accurately predict all potential risks of a model at such an early stage. Moreover, the responsibility for causing harm should be on the actor who committed the wrongdoing, not the developer of the model. Holding developers responsible for all possible outcomes discourages innovation and unfairly burdens those who may have no control over how their models are used. This extensive compliance is costly, especially for small startups that don’t have legal teams. Developers of AI models are instead likely to leave California for friendlier jurisdictions to conduct their training activities and other operations.

Violations of the law could lead to penalties that could reach up to 30% of the cost of creating an AI model. For small businesses, this could mean devastating financial losses. The bill also introduces criminal liability dangers under perjury laws if a developer falsely, in bad faith, certifies their AI model as safe. That may sound straightforward, but the law’s ambiguous framework and unclear definitions put developers at the whims of how state regulators may perceive any glitches in their AI models. In an industry where experimentation and iteration are crucial to progress, such severe penalties could impact creativity and slow down advancements.

While the bill intends to target only large and powerful AI models, it uses vague language that could also apply to smaller AI developers. The bill focuses on models that meet a high threshold of computing power typically accessible only to major corporations with significant resources. However, it also applies to models with “similar capabilities,” broad phrasing could extend the bill’s reach to almost all future AI models.

The bill would also require all covered AI models to have a “kill switch” to shut them down to prevent imminent threats and authorize the state to force developers to delete their models if they fail to meet state safety standards, potentially erasing years of research and investment. While the shutdown requirement might make sense in dangerous situations, it is not foolproof. For instance, forcing a shutdown switch on an AI system managing the electricity grid could create a vulnerability that hackers might exploit to cause widespread power outages. Thus, while mitigating certain risks, this solution simultaneously exposes critical infrastructure to new potential cyberattacks.

While the goal of safe AI is crucial, onerous demands and the creation of government bureaucracies are not the solution. Instead, policymakers should work with AI experts to create environments conducive to its safe growth.

A version of this column first appeared in the Los Angeles Daily News.

The post Why California’s AI bill could hurt more than it helps appeared first on Reason Foundation.

Senate Bill 1047, also known as the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, seeks to regulate the development and deployment of advanced AI models in California. The bill mandates that developers of significant AI models adhere to strict safety protocols, including the capability to shut down the model if necessary and certify compliance annually. Noncompliance can result in severe penalties, such as the deletion of the AI model and substantial fines.  

The bill, introduced by State Sen. Scott Wiener (D-San Francisco), establishes penalties that escalate from 10 percent of the cost of training an AI model for the first violation to 30 percent for every subsequent breach of the bill’s provisions. These fines can devastate startups and small companies, which often operate with limited budgets and resources.  

The bill also grants state regulators the authority to mandate the deletion of AI models, erasing years of research and development, substantial financial investments, and potentially valuable technological advancements. For small businesses, the threat of model deletion could mean the end of their business and discourage developers from exploring innovative AI applications, potentially stifling creativity and leading to a more cautious development environment. 

The bill’s safety certification and compliance mechanism could also lead to criminal perjury charges if officials believe developers misled them about the AI’s safety. This may lead to authorities arbitrarily deciding whether an organization’s mistakes are honest and charging people with crimes that could lead to up to four years of jail time. The threat of criminal liability may deter developers from being bold and taking risks when building models, fearing that honest mistakes or unforeseen outcomes could result in severe personal consequences. 

The bill aims to prevent the harmful use of AI, such as creating autonomous weapons or launching cyberattacks on critical infrastructure that could result in significant damage. However, the problem with introducing such high penalties is that it is nearly impossible to predict and mitigate every potential misuse of an AI model. Typically, developers create general-purpose tools without foresight into all possible future applications. The responsibility for harmful actions should lie with the individuals who intentionally misuse the AI, not the developers who created the tool. 

Moreover, assigning such responsibility to AI developers for harmful uses of their technology overlooks factors beyond their control. For example, an AI designed for autonomous drone navigation could be maliciously repurposed by a terrorist group to deploy weaponized drones, leading to severe casualties and destruction. Similarly, a hacker might exploit an AI system developed for network optimization to find and attack vulnerabilities in critical infrastructure, causing widespread disruptions and data breaches. These scenarios show the potential for technology built by developers in good faith to be exploited by bad actors. This complexity underscores the need for a nuanced approach to liability, where the intent and actions of the user are considered, rather than placing the entire burden on the developers. 

Senate Bill 1047 is meant to apply to only extremely powerful AI models, but our analysis concludes that startups and large corporations are both subject to regulation under the bill. While the bill’s text covers models at or above the threshold of computing power that is accessible only to major corporations with significant resources, it also rather vaguely applies itself to models with similar “capabilities.” This language opens the door to covering almost all future AI models because the speed of technological advances guarantees that tomorrow’s computers will routinely deliver today’s state-of-the-art computing power more efficiently and cheaply. The uncertainty about whether a model falls under the benchmark and threshold criteria creates a legal grey area, potentially holding back innovation by making R&D investment riskier and the path for startups less lucrative. 

The bill could potentially criminalize the development and use of open-source AI models, which commonly involve adapting and enhancing existing models to create new applications. For example, developers use open-source models like GPT-3 to create advanced chatbots, virtual assistants, and translation tools. These applications can automate customer service, assist in language learning, and provide real-time translation services. While it is common for users and creators of flawed tools to bear legal responsibility for any resulting harm, the proposed law extends this liability to developers who modify open-source AI models. This could uniquely impact the open-source AI community, where the culture of shared innovation and collaboration drives progress. The potential for legal consequences might deter developers from participating in open-source projects, hindering the collaborative efforts crucial for advancing AI technology. Under the proposed law, developers who use and modify open-source models could be legally responsible for any harm caused by their AI systems, even if the modifications are built on someone else’s original model. This interpretation could greatly inhibit the open-source AI community, as the threat of legal repercussions may discourage developers from engaging in shared innovation and collaborative efforts. 

An alternative to internal certification is a nine-step process with the Frontier Model Division–a new regulatory body established under the bill. Among these steps is a requirement to establish a mechanism to quickly shut down the model, along with all its copies and derivatives. This is technically impossible except for local models or those with tightly controlled deployments, making it a significant hurdle for developers working with distributed and open-source models. 

Another demanding step involves adhering to all existing standards and regulations determined by the National Institute for Standards and Technology, the State of California, academia, nonprofit sector experts, and standard-setting organizations before training of the model begins. While this might be a reasonable measure for a product already on the market, it makes little sense for a model that has not yet been trained. The high cost and complexity of compliance could discourage smaller entities from AI innovation, further consolidating power among a few large corporations. 

While the intent behind Senate Bill 1047 to ensure the safe use of AI is commendable, its current form poses significant challenges to innovation and the open-source AI community. A more balanced approach that protects society from potential harm while fostering an environment conducive to technological advancement is essential. Policymakers must work closely with AI developers and experts to create regulations that are both effective and supportive of innovation. 

The post California’s Senate Bill 1047 is a troubling development for AI governance appeared first on Reason Foundation.

In a nutshell, APRA introduces extensive privacy controls and allows consumers to decline consent on certain data practices, mandates clear privacy policies and compliance mechanisms for businesses, and offers consumers the right to take legal action for violations. The bill emphasizes data minimization, ensuring companies collect only necessary information, and it seeks to supersede varied state laws. 

State and local governments often benefit from being more attuned to the specific needs and contexts of their communities, allowing for tailored regulations. However, the realities of 21st-century data communication add potentially challenging new dimensions to tradeoffs between state and federal regulation. State lines can be an arbitrary and costly way to regulate data. Europe, in contrast, has taken a much more centralized approach through the European Union’s General Data Protection Regulation law. 

While APRA aims to address the current patchwork of state privacy legislation, it is important to analyze the various state privacy laws to consider whether a top-down federal replacement of them is necessary. While existing state regulations frequently have similar elements to APRA, there are important distinctions to consider.  

Currently, 15 states have enacted comprehensive data privacy laws (Figure 1). The accompanying map illustrates the progress of state-level legislation. In 2023 alone, eight states added consumer privacy laws to their statutes.  

Figure 1. U.S. State Privacy Legislation 2024 

While there are similarities among the laws, such as a mandate to use only the necessary amount of data to achieve a specified purpose and an obligation for companies to inform consumers of privacy policies, each law also possesses distinct features that require significant resources and investment to maintain compliance.  

All 15 state privacy laws apply to companies that conduct business with state residents regardless of whether the businesses are headquartered within or outside the state. Exceptions to these laws typically include businesses that, for example, process data of fewer than 100,000 consumers per year and do not derive more than 50% of their revenue from selling personal data. 

There are three important aspects of state privacy laws. First, they all define sensitive data, which sets the scope of regulation. Next, they define consumer rights that explain what consumers can expect from the organization when handling their data. Finally, they define business responsibilities that narrow organizational responsibilities and set expectations for data management. 

Definitions of sensitive data 

Currently, the laws define sensitive personal data as including information such as: 

• racial or ethnic origin;  
• religious beliefs; 
• mental or physical health diagnosis; 
• sexual orientation;  
• genetic or biometric data; and 
• citizenship or immigration status.  

Protecting sensitive personal data is a standard practice in privacy protection and is aligned with industry best practices. Virginia and Connecticut privacy laws also define sensitive data to include data collected from a child and precise geolocation data.  

California, Colorado, Virginia, and Connecticut require consent and data protection impact assessments (DPIA) for processing sensitive data so that organizations may identify and minimize the data protection risks of a project. Other states, like Utah, merely require notice and the ability to opt out of processing.  

While the pursuit of consent has become a common practice, it is problematic because it often lacks genuinely informed choice, is easily manipulated, can overwhelm users, and fails to ensure that individuals fully understand or can practically manage their privacy rights.  

Rights of consumers 

In the context of state consumer privacy laws, individuals are granted several rights regarding the accessibility and availability of their data. These rights include the ability to: 

• access the personal data that an organization holds; 
• request deletion of personal data; and 
• ability to obtain and reuse personal data.  

Eleven states provide the right for individuals to request corrections to their data held by organizations. State consumer privacy laws primarily rely on opt-out rights—such as a right to opt out of the sale of personal data and targeted advertising, as an example. Four states (California, Virginia, Colorado, and Connecticut) provide a right to opt out of profiling, which allows consumers to prevent businesses from using their data to make certain algorithmic decisions, such as personalized marketing, credit scoring, or even behavioral predictions.  

Many states require opt-in to process sensitive data and data about children. However, some states, such as Utah, have an opt-out for sensitive data instead. Each law has a timeframe for responding to a consumer rights request. This timeframe ranges from 30 to 60 days.  

While these rights empower consumers to control their data, they can present problems for businesses due to the complexity and cost of implementing systems that comply with varying state laws and responding to requests for access or deletion appropriately within tight timeframes. 

Business responsibilities

State consumer privacy laws impose specific responsibilities on businesses to ensure the protection and proper handling of personal data. These responsibilities include the requirement to: 

• publish a privacy notice;  
• have reasonable data security practices; and  
• collect and use only data reasonably necessary for the identified purposes (data minimization).  

Data minimization mandates that personal data not be used for new purposes without explicit consent, while data transfers require stringent processing agreements. Regulations also protect consumers from penalties when exercising their privacy rights. Virginia, Colorado, Connecticut, and New Jersey require data protection assessment when processing activities involving targeted advertising, certain forms of profiling, sensitive personal data, and the sale of personal data. The California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act, all target deceptive practices known as “dark patterns,” which can trick consumers into making decisions that aren’t in their best interests, such as giving more personal data than they intend to.  

State attorneys general are usually responsible for enforcing these regulations. An exception is California, which established the California Privacy Protection Agency. Most laws have no private right of action, except in California, which has a limited private right of action for violations involving a data breach. A private right of action allows individuals or entities to file lawsuits seeking damages or other remedies directly, without relying solely on government enforcement agencies. Private rights of action are crucial in privacy regulation because they empower individuals to enforce privacy laws directly, enhancing accountability and effectiveness by allowing judicial processes to refine the application of these laws in line with evolving social and technological contexts. This approach not only upholds the common law traditions of privacy rights in the U.S. but also ensures that privacy laws remain dynamic and responsive to public needs and expectations. 

The variations between state privacy laws have led to federal legislative efforts representing a more uniform regulatory approach, such as the one proposed in the APRA. Before any federal legislation is finalized, the nuances of the state laws reviewed here should be considered and their impact on consumer experience and corporate outcomes should be carefully evaluated.  

The post Overview of state digital privacy regulations  appeared first on Reason Foundation.

Generational changes and the aftermath of the COVID-19 pandemic have reduced how long many workers stay with a single employer, a trend that applies to both the public and private sectors. Staffing turnover is a reality of the current workforce landscape.

But would clinging to or bolstering traditional defined-benefit pensions address this problem? The research says that it is unlikely. There is no robust scientific proof that pensions are superior to other forms of retirement benefits for retaining public workers. On the contrary, there is some evidence that proves otherwise.

For example, a late 2022 analysis of late-career teacher turnover in Tennessee published in The Journal of Human Resources by researchers from the University of Missouri revealed that traditional public pension plans accelerated teacher retirement and reduced average worker quality. However, 401(k)-style defined-contribution plans had the opposite effect.

Pension benefit enhancements, in general, aren’t necessarily a path to improved worker retention. A study analyzing Missouri public school teachers found that pension enhancements led to earlier retirement, reducing retention. Workers can do the math and see that adding more years to their late career, beyond retirement eligibility, has a diminishing impact on their ultimate benefit, which is a common feature of pensions. This incentivizes retirement, thus leading to a higher departure rate for the most experienced professionals.

A 2017 University of Washington study published in Industrial Labor Relations Review examined a sample of Washington state teachers and did not find a significant difference in the turnover between defined-benefit (DB) and hybrid DB/defined-contribution cohorts of educators. However, a subsample of teachers who actively enrolled in the hybrid plan exhibited lower turnover.

Other findings cast further doubt on the impact of offering traditional DB pensions to young workers. Examining Florida’s retirement system, a 2015 study published in Education Finance and Policy by researchers from the Brookings Institution and the Harvard Graduate School of Education found that certain employees — particularly younger and less experienced workers — were likelier to choose the defined-contribution plan over the traditional defined-benefit plan.

Public policymakers must recognize that a retirement plan is not a proven method for attracting and keeping valued workers. So which approaches can retain workers?

A 2019 Yale School of Management study using data from Wisconsin showed that salary changes had a more substantial impact on teachers’ employment decisions than changes in their pension plans. The study implied that immediate compensation, rather than future retirement benefits, is more relevant to teachers when making job-related decisions.

A recent survey by the MissionSquare Research Institute of young public-sector workers (those aged 35 and under) reveals that only 23 percent ranked retirement benefits among the top three factors attracting them to public-sector jobs, placing these benefits seventh overall. Job security and satisfaction, salary levels, work-life balance and meaningfulness, and health insurance all held greater appeal.

With public workers jumping from job to job more frequently, it’s clear that their decisions are motivated by their pay and other quality-of-life considerations. Increasing pay may be the only way to effectively address the growing challenges of attracting quality workers to government jobs, but this cost to government budgets cannot be ignored. Policymakers need to accept the new reality of the modern workforce, which may mean right-sizing government programs to afford the higher pay levels necessary to retain their skilled employees.

None of this is to say that retirement saving plans are unnecessary for public workers. It may not be an effective vehicle for recruitment and retention, but employees still need to work toward a secure retirement, and government employers should be assisting in this endeavor with plans calibrated to provide that security.

But instead of addressing modern workforce challenges with the old pensions model, administrators should focus on making retirement plans that match the needs of today’s young workers. Adding or improving defined-contribution plans can achieve retirement security goals at a much lower level of risk for taxpayers.

A version of this commentary first appeared in Governing.

The post Pension benefits are not the key to attracting or retaining public workers appeared first on Reason Foundation.