Privacy XFN

Welcome to Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering an antitrust complaint filed against Privacy Sandbox, progress on the rulemaking process for CPRA, new research on what most companies understand of the data regulations applicable to them, and more.

—The Transcend team

A group of digital marketing firms called "Movement for Open Web" (MOW) filed an antitrust complaint with the EU against Google over Privacy Sandbox. The group says Google's plan to replace third-party cookies with Privacy Sandbox to limit tracking will hinder the ability of its members to launch targeted ad campaigns.


  • MOW says Google should inform the EU of any changes to its browser well in advance so the bloc can evaluate them.
  • In June, Google said it wouldn't phase out third-party cookies until the U.K.'s Competition and Markets Authority approved of Privacy Sandbox.
  • Google's timeline: in July, the tech giant set a target of phasing out third-party cookies by late 2023.
  • MOW hasn't revealed its members but says they make over $40B in combined annual revenue.


The California Privacy Protection Agency (CPPA) began seeking public input as it looks to establish rules for the California Privacy Rights Act (CPRA). The CPPA was created as part of the CPRA, which passed in Nov. 2020. It operates independently from the state attorney general office and is also tasked with updating the CCPA.


  • The CPPA is seeking input on topics such as opt-out rights, intentional interaction standard, and automated decision-making.
  • Other critical issues include the right to correct and audit authority.
  • The CPPA's five-member board consists of lawyers and academics and was appointed in March.

JD Supra

62.4% of firms admitted they aren't "completely compliant" with all privacy regulations they're required to adhere to, such as GDPR and CCPA. A recent survey of 1,000 firms found 24.4% of them didn't know which regulations apply to them.


  • 44.7% had to adjust their marketing technology.
  • 5.9% said they have to spend at least $10,000 annually to maintain compliance.
  • Mary Dolan of Pathwire says companies must protect their reputation and prioritize privacy to gain customer trust.
  • She adds that firms must invest in technology to ensure customer data isn't vulnerable to hacks.

CPO Magazine

6 unique features of our Consent Manager:​​​​​You may already know that Transcend’s Consent Manger is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post
The EU's status as the world's top regulator of tech giants could be under threat from China and the U.S. In July, President Biden signed an executive order that enables the FTC to re-investigate "bad mergers" and block non-compete agreements.


  • In recent months, the Chinese government has passed multiple bills to protect user data.
  • Chinese tech giants such as Alibaba and Tencent have lost billions of dollars from their market cap due to the ongoing crackdown.
  • In July, ride-hailing giant Didi was removed from app stores after the government said it illegally collected user data.
  • The EU has been criticized for not implementing new laws quickly, such as the Digital Services Act and the Digital Markets Act, which won't go into effect until mid-2022 at the earliest.
  • Beyond regulation, European lawmakers are pushing for additional measures such as digital sovereignty to reduce its dependence on foreign firms.
  • Same vision, different process: While the EU, U.S., and China want to limit the power of tech giants and give users more control over their data, they are all ultimately likely to adopt different measures resulting in regulatory divergence.


A retailer's data privacy policies can help it gain a competitive advantage, a new Cisco report has found. that 90% of consumers care about data privacy, and 29% have switched brands due to their policies, the report found.


  • 91% of consumers are okay with companies collecting their data in exchange for a personalized online shopping experience.
  • Retailers should be transparent about their privacy policies and only collect necessary data.
  • They must also ensure customers are receiving products and services of value in exchange for their data.
  • As tech giants such as Google and Apple introduce new privacy measures, marketers are focused on collecting zero-party and first-party data.

Retail Touch Points

Microsoft and the International Organization of Migration established a new synthetic database that stores relevant characteristics of actual human trafficking victims. Microsoft extracts important attributes from original data sources to create synthetic data. 


  • The data is used to create groups of at least ten people that have similar characteristics.
  • The information can't be used to identify individual victims.
  • The data isn't used to prevent future smuggling operations but can help identify where they have occurred and which governments have failed to act.


A resource for your teams: The Washington Post's Help Desk published a privacy reset guide that educates users on how they can limit the amount of data collected by tech giants. Currently, the guide covers four companies: Google, Amazon, Facebook, and Venmo.


  • For Venmo, the Post says users should change the "Default Privacy Settings" to "Private."
  • For Facebook, users are advised to select "Data about your activity from partners.”
  • The Post says Google users should change the "Web & App Activity" from blue to gray.
  • Amazon users are advised to change the privacy setting to "private."

Washington Post

In other privacy news:
  • Facebook has suspended plans to roll out a separate Instagram service for kids.
  • Seperately, the social media giant admitted to underreporting the performance of its ads on iPhones by 15% following Apple's recent privacy changes.
  • The Census Bureau could use less granular data during its next release of the 2020 results.
  • U.S. courts have failed to reach a consensus on how the Fourth Amendment mandates warrants for government searches of images that private companies have deemed child pornography.
  • Multiple federal agencies, including the Secret Service, bought surveillance drones from Chinese firm DJI, which could be a threat to national security.

Improved privacy, improved ROI—a case study: When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.

Learn more

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.