Privacy XFN

Welcome to Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering a request from Senate Democrats for new privacy rules from the FTC, American attitudes towards national data privacy standards, an update to how Google will handle permissions on older devices, and much more.

—The Transcend team

Nine Democratic senators have asked FTC Chair Lina Khan to develop new rules around privacy and protecting consumer data. In a letter, the senators said tech giants have repeatedly failed to protect user privacy and only received "wrist-slap punishments."


  • The senators aren't alone: In July, President Biden signed an executive order, urging the FTC to introduce new rules that limit the amount of data tech giants can collect.
  • The FTC voted 3-2 to update its 2009 Health Breach Notification Rule to apply to health apps.
  • Health apps must inform users when their data has been compromised or given to third parties without their consent.
  • The FTC said companies that don't comply will be fined $43,792 per violation per day.

The Verge

Almost 75% of Americans want the federal government to establish national data privacy standards, according to a survey from AP-NORC. Only 23% are satisfied with Congress' existing attempts to protect the privacy rights of Americans.


  • 64% percent of Americans don't think their social media activity is safe, while 50% feel that way about text conversations.
  • 71% percent felt data privacy is a national security issue.
  • 56% percent feel the private sector can do a better job than the government at protecting user data.
  • 85% of adults above 40 and 70% aged below 40 say the government should impose harsher punishments on cybercriminals.

The Associated Press

A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

Google will expand its "permissions auto-reset" feature to all devices with Android 6 to 10. If an app hasn't been used for a few months, the privacy feature automatically resets its permission to access a device's camera, location and microphone.


  • The feature was initially released last year as part of Android 11.
  • It will be rolled out to devices with older versions of Android in December but won't be complete until Q1 2022.
  • The feature will be applied to all consumer devices but not enterprise-managed apps.


6 unique features of our Consent Manager:

You may already know that Transcend’s Consent Manger is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post
Companies must be vigilant to ensure they're not employing dark patterns, and the legal office has a key role, writes our co-founder Ben Brook in CPO Magazine. The FTC examines if consumers will receive the goods and services that are a part of the contracts they involuntarily signed when determining if companies are deploying deceptive practices.


  • Brook says that companies that prioritize customer experience and are transparent about their data practice will have the most loyal consumer bases.
  • Outside Data Protection Impact Assessments, companies can also perform product reviews to ensure users aren't being tricked into making decisions.

CPO Magazine

The $350B ad industry has been disrupted by recent moves Google and Apple have made to protect user privacy. In April, Apple announced apps must obtain consent from users before tracking their behavior. Google will phase out Cookies from Chrome by 2023.


  • Facebook has been critical of Apple's move, saying it would hurt small businesses by blocking them from launching targeting ad campaigns.
  • The company is working on privacy-enhancing technologies that reduce its reliance on personal data but still let advertisers launch targeted campaigns.
  • Google's ad business is worth $135B, and the company is piloting Federated Learning of Cohorts to target ads at groups of people with similar interests rather than individuals.

The New York Times

DoorDash filed a lawsuit against New York City over a law that mandates food delivery companies share customer information with restaurants. Firms would be required to share information such as names and phone numbers unless a customer opts out.


  • Restaurants have long argued that access to customer data would reduce their dependence on food delivery firms.
  • DoorDash cries foul: the company says there are no restrictions limiting how restaurants can use the data, and they aren't required to implement safety measures to prevent it from being compromised.
  • Restaurants have long argued that access to customer data would reduce their dependence on food delivery firms.
  • DoorDash says the bill would restrict earning opportunities for its couriers and reduce choices for its customers.
  • The bill was approved by New York City Council in July and goes into effect in December.


Two recent events have hurt Apple's reputation as a privacy-centric company, argues Bree Fowler in CNET. Earlier this month, Apple delayed plans to scan iCloud images for child abuse and released emergency security updates to prevent its devices from being hacked by Pegasus spyware.


  • In 2015, Apple refused to unlock the iPhone of a terrorist for the FBI, which earned the company widespread praise.
  • Fowler notes that cybercriminals have historically avoided targeting Macs and focused on Windows.
  • However, the popularity of the iPhone has made other Apple devices an intriguing target for hackers.
  • In Oct. 2020, five hackers said they discovered 55 vulnerabilities, of which 11 were critical.


In other privacy news:
  • Ireland's Data Protection Commission is set to probe how TikTok processes children's data and how it's transferred to China to determine if the company violates GDPR.
  • There have been nearly 750 lawsuits filed against private companies over the use of facial recognition technology in Illinois since 2015, according to Reuters.
  • Privacy advocates have expressed concerns over plans to let Australian police test facial recognition software in Victoria and New South Wales.
  • Tesla CEO Elon Musk said the company will co-operate with regulators globally to protect user data.
  • Thousands of Americans lost a combined $133M in online romance scans during the first seven months of the year, according to the FBI.

Improved privacy, improved ROI—a case study: When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.

Learn more

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.