Privacy XFN

Welcome to this week's Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering allegations that Google discussed blocking European privacy laws, Firefox's plans to introduce Global Privacy Control support, Mark Zuckerberg's inclusion in a Facebook privacy suit, and much more.

—The Transcend team

Texas and other US states allege Google tried to collaborate with Apple, Facebook, and Microsoft to delay a Congressional effort to enhance a children’s online privacy law. The tech giant also reportedly took credit (in internal documents) for slowing down European privacy rules that would have targeted WhatsApp and Skype. Google feared that Microsoft wouldn't participate since the company had taken “subtle privacy attacks” at its peers. Google has denied all allegations.


  • The revelation was made as part of an update to an antitrust lawsuit first filed against Google by multiple state attorney generals in Dec. 2020.
  • The amendment doesn't disclose what was discussed at the meeting and an Apple spokesperson said none of its employees attended it.
  • Google allegedly tried to help Facebook identify users on Apple devices that were "using browsers with blocked cookies."
  • In related news: A TikTok exec told lawmakers the company stores American user data in the U.S. and it doesn't share any information with the Chinese government, as part of a big tech Congressional hearing.


Mozilla Firefox will roll out Global Privacy Control (GPC) within the next 2-3 months. GPC lets internet users inform companies of their privacy preferences. In July, California Attorney General Rob Bonta said GPC should be treated like a Do Not Sell request.


  • Despite the move, Mozilla's CTO Eric Rescorla notes that GPC doesn't block firms from sharing data with their business partners.
  • Currently, GPC is treated as a do-not-sell request only in California.
  • Google Chrome which accounts for 66.7% of desktop traffic globally, hasn't introduced GPC.
  • Firefox rivals Brave and DuckDuckGo have already implemented the control.

The Washington Post

District of Columbia Attorney General Karl Racine listed Facebook CEO Mark Zuckerberg as a defendant in his 2018 lawsuit related to the Cambridge Analytica scandal. Racine said Zuckerberg knowingly made decisions that enabled Cambridge Analytica to access large amounts of user data. The AG says Zuckerberg violated D.C.'s Consumer Protection Procedures Act, which says individuals can be held accountable for violations if they were aware at the time.


  • In 2018, it was revealed that consulting firm Cambridge Analytica illegally harvested data of 87 million Facebook users to target political advertising at them.
  • Facebook has denied all allegations for years, but a judge rejected an attempt to dismiss the case in 2019.
  • If found guilty, Zuckerberg and Facebook could be fined up to $1.5B.
  • More troubles for Facebook: The tech giant's Q3 revenue grew by 35% YoY, down from 52% during the same quarter a year ago, which it said was due to Apple's new privacy rules.

CPO Magazine

A conversation on privacy that delights: Transcend's Ben Brook sat down with the Experience by Design podcast to discuss all things privacy, security, how Transcend helps companies, and approaching user data control as a moment for brand building and trust.

Listen now
Former whistleblower Edward Snowden says multiple countries, including the U.S., China, and Russia, are trying to weaken encryption. While tech giants argue that encryption is necessary to protect user privacy, governments say the technology prohibits authorities from investigating severe crimes such as terrorism.


  • In Oct. 2020, the U.S., the U.K., Canada, Australia, and New Zealand said tech firms should let law firms bypass encryption for major investigations.
  • Snowden says Facebook only applies end-to-end encryption in certain areas to protect itself from lawsuits.
  • From one whistleblower to another: former Facebook employee Frances Haugen expressed doubts about whether the tech giant is implementing end-to-end encryption since an external third party can't analyze its code.
  • Haugen says there should be public oversight to ensure Facebook isn't tricking users into believing they're safe.


Privacy laws with subject rights requests and consent will apply to 75% of the world by 2023, according to Gartner. And by 2025, at least 30% of countries will have implemented laws to combat ransomware attacks.


  • Companies that implement a cybersecurity mesh architecture will reduce the financial impact of attacks by 90% within three years.
  • By 2025, cybersecurity risk will be the "primary determinant for business transactions."
  • In four years, 40% of companies will have at least one board member who oversees cybersecurity.


70% of respondents said they were impacted by the Schrems II court decision, which limited data transfers outside the EU, according to the IAPP-EY Privacy Governance Report74% use standard contractual clauses to facilitate international data transfers, 8% have shifted operations to the EU, and 3% no longer operate in the region.


  • 51% were "very" compliant with GDPR, compared to 41% with the CCPA and 21 for Brazil's LGPD.
  • The average privacy budget is now $873,000 annually, and 60% expect this number to increase next year.
  • 48% said they wouldn't track an employee's vaccination status, while 27% have already started doing so.

CPO Magazine

Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio) have introduced the GOOD AI Act, which would mandate the Office of Management and Budget (OMB) take steps to ensure federal contractors have implemented security measures to protect data collected via AI. The OMB must ensure data is aligned with national security interests and doesn't violate privacy rights.


  • The OMB would be required to create and partner with an AI working group comprised of government experts.
  • The working group would add contract clauses that specify that the federal government owns the data.
  • Last year, Peters and Portman co-sponsored an initiative that gave federal agencies extra guidance and resources to ensure they're securing data collected via AI as part of the government's appropriations package.

The Hill

In other privacy news:
  • The FTC says the six largest U.S. internet service providers (ISPs) have failed to provide consumers with mechanisms that allow them to control how much personal data is collected. 
  • Australian lawmakers are looking to introduce new data privacy laws prohibiting social media firms from showing harmful content to minors.
  • The Brazilian Senate approved a constitutional amendment to ensure personal data protection is added to the list fundamental rights and guarantees provided to citizens.
  • The Consumer Financial Protection Bureau is investigating the consumer data practices of multiple tech giants, including Amazon, Facebook, and Google.
  • A Swiss court sided with Proton AG and said the country's data retention requirements don't apply to email services as they aren't classified as telecommunications providers.
  • The Canadian government didn't ask for Privacy Commissioner Daniel Therrien's opinions about its online harms bill, which mandates online platforms remove illegal content in five categories such as hate speech within 24 hours.
  • Tesla owners could be forced to relinquish privacy protections related to location sharing and in-car recordings as the automaker expands access to its "full-self driving option."

6 unique features of our Consent Manager:You may already know that Transcend Consent is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.