Privacy XFN

Welcome to this week's Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re checking in on the progress made in talks between the U.S. and EU over a new privacy agreement, the Irish DPC's responsiveness to complaints against American tech giants, the push to give the FTC $1B to combat privacy violations, and much more.
—The Transcend team

The U.S. and EU have made progress in talks over a new agreement that would permit international data transfers, according to the WSJ. One area both sides are heavily focusing on is the creation of mechanisms that would let European citizens file legal challenges to protect their data from being used for surveillance by the U.S. government.


  • Legal experts have said the U.S. could be forced to change its surveillance laws in order to reach a deal.
  • One reason why Privacy Shield was struck down last year is because an EU court said European citizens couldn’t initiate legal challenges against U.S. entities.
  • Facebook has warned it will lose “material portions” of its European business if a new deal isn’t struck.

The WSJ (paywall)

House Democrats want to give the Federal Trade Commission (FTC) $1B to establish an office that would focus on protecting data privacy. The funds would be added to a $3.5T budget reconciliation proposal that's being debated in Congress. If approved, the money would be spent over ten years.


  • Democrats aren't done: President Biden nominated Alvaro Bedoya to serve as one of the FTC's five commissioners.
  • Bedoya was the co-author of a 2016 report that said the government needs to introduce regulations to curb the misuse of facial recognition technology.
  • Bedoya has criticized tech giants for giving lobbyists millions to erode consumer privacy.
  • He argued that Silicon Valley firms would try to weaken any federal privacy law that Congress tried to pass.


Ireland’s Data Protection Commissioner (DPC) has failed to resolve 98% of the 164 outstanding allegations of privacy violations against American tech giants, according to a report issued by the Irish Council for Civil Liberties. Spain’s data regulator issues decisions ten times as fast as the DPC despite having a smaller budget.


  • The DPC is the lead regulator for several firms, including Facebook, Google, and Apple, as their European headquarters are located in Ireland.
  • Earlier this month, the DPC fined WhatsApp a record $267M for failing to adequately disclose how it handles data and what information is shared with its parent company Facebook.
  • While other countries in the EU have been critical of Ireland, officials cannot force the DPC to act quicker.
  • While the EU could open infringement proceedings against Ireland, it hasn’t indicated it will.

Irish Times

6 unique features of our Consent Manager: You may already know that Transcend’s Consent Manger is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post

A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

The U.K. is looking to reform the Information Commissioner's Office (ICO) to prioritize cases that would have the most significant impact on citizens. The government also wants the ICO to take steps to support the U.K.'s data economy, now that it longer has to adhere to the EU's privacy rules.


  • The government wants to eliminate unnecessary regulations to make its data privacy law friendlier for small businesses.
  • It also wants to create an independent board and chief executive, with the positions being filled by the Department for Digital, Culture, Media & Sport.
  • Still in the U.K: a data-sharing agreement between the National Health Service and Palantir has been terminated after a three-month privacy campaign.


WhatsApp announced its encryption will now apply to conversations kept in Apple and Google's cloud services. The move is designed to let users store their conversations in external cloud services while ensuring chats remain private even if the accounts are compromised.


  • The feature will be rolled out in a software update later this month.
  • Users will have to turn on the feature and create a password to prevent unauthorized access to the encrypted backup.
  • The encryption keys will be stored in Facebook’s U.S. and European data centers.
  • WhatsApp has been criticized for letting users include private conversations in reports against others.
  • CEO Will Cathcart defended the company in an interview with the Verge, saying that users should be allowed to complain when someone else has said something "offensive or dangerous."


Companies must adopt a KonMari method to reduce data hoarding, says DoorDash privacy leader Nandita Rao. At our August privacy_infra() meetup, Rao said the KonMari method can help firms eliminate data that doesn't "spark joy."


  • Rao said data hoarding could result in non-compliance fines and breaches.
  • 85% of data that companies have stored is irrelevant, according to Gartner.
  • Rao notes the amount of data kept by companies will grow by 5x by 2025, increasing the risk of "dark data."
  • "Dark data" is unnecessary data that is collected as part of regular business activities.

The Transcend Blog

Apple issued multiple emergency security updates to prevent Israeli firm NSO Group from infecting its devices with spyware. Cybersecurity watchdog said NSG Group's Pegasus spyware was used to hack a Saudi political activist's iPhone.


  • Hackers used the "zero-click" method, which is when a user's device is compromised without their knowledge.
  • Later this year, Apple will roll out additional measures to protect its devices from spyware as part of a software update.
  • The German government bought Pegasus spyware in 2019.


In other privacy news:
  • Alabama ended its legal challenge against the U.S. Census Bureau's usage of differential privacy.
  • Google responded to three of 43 data requests from the Hong Kong government in 2020.
  • The Italian privacy watchdog has asked Facebook for additional information about its new smart glasses.
  • The U.K. has canceled plans for a vaccine passport.
  • Millions of people in Walgreens’ Covid-19 testing services could have had their information exposed, according to Recode.
  • China is working on a machine that would let the government track user data sent to other countries.
  • U.K.-based privacy firm Kape Technologies will acquire ExpressVPN for $936M.

Improved privacy, improved ROI—a case study: When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.

Learn more

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.