Privacy XFN

Welcome to Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering news of the U.K.'s desire to replace cookie pop-ups, Twitter's announcement of new social privacy features, European regulators tightening requirements for international data transfers, and much more.

—The Transcend team

The U.K.'s Information Commissioner Elizabeth Denham wants to eliminate cookie consent pop-ups. Denham has urged the G7 to force tech companies to introduce an alternative that lets users permanently establish their privacy preferences.


  • Only 11.8% of cookie consent forms comply with GDPR, according to a 2020 study.
  • Last month, British Digital Secretary Oliver Dowden said the U.K. could get rid of cookie popups and consent requests as part of an overhaul of its privacy rules.
  • Still in the U.K.: The Age Appropriate Design Code went into effect, which requires companies limit the amount of data they collect on minors.
  • Companies that violate the law can be fined up to 4% of their annual revenue.


Twitter will test new "social privacy" features that lets users restrict who can see their activity. The list of potential features includes archiving tweets, hiding likes, editing follower lists, and enabling users to leave conversations.


  • Twitter said it will begin testing some features soon, while others remain in the concept phase.
  • Twitter said users who aren't fully informed of the company's privacy policies are less likely to use the app.
  • In July, the company shut down its disappearing stories feature, Fleets.


A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

The EU’s executive arm has announced a new version of standard contractual clauses that will apply to all business contracts that include international data transfers. Companies will be required to provide information about their privacy policy and the laws in the country where the data is sent to ensure it’s not used for government surveillance.


  • The clauses must be added to all new contracts starting Sept. 27 and existing agreements by December.
  • Companies that don’t comply will be penalized.
  • European regulators have been warning companies and government agencies to stop using technology made by American companies after Privacy Shield was struck down in July 2020.
  • In May, public schools in the German state of Baden-Württemberg were told to stop using Microsoft’s software due to privacy concerns.


6 unique features of our Consent Manager:

You may already know that Transcend’s Consent Manger is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post

Apple has revealed Arizona and Georgia will become the first states where customers can add their driver’s licenses and state IDs to the Wallet app. Apple noted that iPhone and Apple Watch users in six additional states, including Iowa and Maryland, will also be able to access the feature. The tech giant hasn't said when it will be rolled out.


  • Neither Apple nor the states will know when and where the IDs are being shown.
  • The IDs are "presented digitally through encrypted communication," which means users don't have to unlock or share their devices.
  • Pushback on another front: Apple has postponed plans to roll out a tool that detects images of child abuse after privacy advocates expressed concerns it could be used for government censorship.

The Verge

Germans are the most privacy-savvy of all 197 nationalities, according to NordVPN survey of over 24,000 consumers. The survey assessed ten categories, including "how to create a strong password" and "what tools to use to become more private online."


  • Germans were given a score of 70%.
  • Americans came in second with a score of 68%, a one percent improvement from last year.
  • The results noted that Americans improved their understanding of privacy and risk but retained their bad habits.
  • The highest score Americans received was 97.3% on the issue of "when an email from a bank informs that someone withdrew money from their account."
  • Their lowest score was 39.9% on the issue of "the importance of reading terms of service of apps and online services."


ProtonMail was criticized by some users after it shared the IP address of a French activist. CEO Andy Yen said the company refused to help French authorities but was legally required to cooperate with Swiss officials as it's based in Geneva.


  • While ProtonMail has marketed itself as a "privacy-centric" company, it notes that it could be forced to track certain IP addresses in extreme criminal cases.
  • In 2020, ProtonMail received 3,572 data requests from Swiss authorities, up from 3 in 2017.
  • Last year, it received 195 requests from foreign officials, up from 13 in 2017.
  • The number of contested orders rose from 13 in 2017 to 195 last year.


The FBI has told companies in the food and agriculture industry to remain vigilant as ransomware groups are looking to target their supply chains. The FBI said large companies are possible targets as they can afford to pay ransoms. The agency added that small companies are also vulnerable as they can't afford strong cybersecurity measures.


  • The size of the average ransom payment increased by 65% YoY in 2020, and the largest payout was $23M.
  • Studies have shown that between 50%-80% of companies that pay out a ransom are the targets of other attacks.
  • Meat processor JBS paid out an $11M ransom to Russia-based REvil for a May attack that led to $9M in losses.


In other privacy news:

  • A lawsuit against Apple that accuses Siri of violating user privacy was permitted to proceed by a federal judge.
  • The U.S. doesn't have a federal law that requires companies to inform users that their data is being sold or has been exposed during a breach, according to the NYT.
  • GoDaddy removed a website that let Texas residents report anyone that violated its new law that restricts access to abortion.
  • BGI Group's prenatal test is being investigated in five countries over its links to the Chinese military.
  • The German government could relax its data privacy rules to let employers inquire about an employee's vaccination status.
  • North Carolina Gov. Roy Cooper vetoed a donor privacy bill, arguing it would have reduced the transparency of political donations.

Improved privacy, improved ROI—a case study:

When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.

Learn more

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.