Privacy XFN

Welcome to this week's Privacy XFN, curating the best reads at the intersection of data privacy and tech. And it’s been a busy week! We’re covering a new data privacy bill introduced in the Senate, Apple beta launches its App Privacy Report, the FTC's reality in its bid to strengthen privacy rights, China’s privacy law going into effect, and much more.

—The Transcend team

Sen. Catherine Cortez Masto introduced the Digital Accountability and Transparency to Advance (DATA) Privacy Act. Companies would only be allowed to collect and process data that's relevant to the business-to-consumer relationship, and they must get consent for any data unrelated to this relationship. Companies wouldn't be allowed to punish individuals that transfer or delete their data. The bill would apply to firms that handle data on over 50,000 users yearly.


  • Any company impacted by the law that generates a minimum of $50M in annual revenue must have a privacy protection officer.
  • Individuals would be allowed to opt out of having most of their data collected, and firms must obtain consent before aggregating health or geolocation information.
  • The Senate isn't done: Sens. Richard Blumenthal and Ed Markey want to update the 1998 Children's Online Privacy Protection Act.
  • Currently, companies can't collect data of minors 12 and under, but both senators want to raise the age to 15.

The Hill

A beta version of Apple's "App Privacy Report" was launched as part of iOS 15.2. The report informs users of which apps accessed sensitive data within the past seven days.


  • Users can see which other domains the app has contacted.
  • Apple's privacy push has hurt its rivals: Snap, Facebook, Twitter, and YouTube have lost a combined $9.85B in revenue in the second half of 2021 due to Apple's Tracking Transparency feature.
  • Only 4% of U.S. iPhone users have given apps permission to track them, which hurts companies like Facebook, which generates 98% of its revenue from targeted ads.


The FTC's plan to overhaul privacy rights has encountered multiple obstacles, including a lack of resources and staffing turnover. The FTC is facing calls from Democrats to invoke the Magnuson-Moss authority to establish new rules regulating the use of data. The agency could limit or block certain practices such as digital advertising and penalize first-time offenders. To restrict or block a practice via Magnuson-Moss, the FTC would have to prove it's an unfair or deceptive tactic that hurts consumers. It's unclear how this argument would fare in court as there's no precedent related to privacy rights.


  • In September, Congressional Democrats proposed giving the FTC $1B to create a new privacy bureau, but that number has been reduced to $500M as part of a scaled-down version of President Biden's reconciliation bill.
  • The FTC says it would require additional resources to increase the size of the Division of Privacy and Identity Protection from 40 to 120 employees so it can effectively enforce new rules.
  • Last month, two FTC officials that oversaw its privacy initiatives left the agency, and President Biden's nomination of Alvaro Bedoya to join the agency has yet to be confirmed by the Senate.
  • Help is on the way: Former Google employee Meredith Walker will become an FTC advisor and help the agency craft new AI regulations.

Wall Street Journal

Take a call, get an Amazon gift card: Interested in seeing how Transcend can help transform your data privacy operations? Take a quick call with one of our team, and we'll send you a $100 Amazon gift card.

Book now
China's Personal Information Protection Law (PIPL) went into effect on Nov. 1. The bill mandates that state regulators must approve cross-border data transfers. Multinational corporations must ensure their foreign partners are complying with the PIPL's standards when processing data.


  • Foreign firms that process data of Chinese citizens must have a representative or division based in the country responsible for ensuring the company is adhering to PIPL.
  • Companies can be fined $7.5M or 5% of their annual revenue for "serious violations" in addition to being banned or suspended from operating in China.
  • China's regulatory push continues: Companies with at least one million Chinese users must participate in a security review before sending data outside the country, according to new draft guidelines from the Cyberspace Administration of China.


Law enforcement officials in Santa Clara, California, gave Signal a search warrant demanding it provide sensitive information, including a specific user's name, number, and email. They also wanted access to the user's call records, emails, and text messages. Signal was given a non-disclosure order that prevented it from revealing that it received the search warrant for nearly a year.


  • The company said it gave the police timestamps that revealed when the account was connected to Signal.
  • Signal says it doesn't collect the information police sought.
  • Last month, ProtonMail revealed it was ordered to hand over the IP address to French officials as part of a Swiss court order.


More privacy-focused search engines are emerging at a time when 79% of Americans are concerned about how companies like Google are using their data. One notable alternative to Google is Brave, which says it doesn't track users' searches or clicks. Compared to DuckDuckGo, Brave users can pay for an ad-free option and filter results based on locations.


  • Google still accounts for 87% of search engine utilization, followed by Bing at 7%. DuckDuckGo is at 1%, and Brave didn't make the list.
  • Heather Murphy of Search Engine Journal says marketers should try out alternatives despite Google's dominance and notes that DuckDuckGo doesn't have reverse image search capabilities.
  • Murphy says alternative search engines can be beneficial for marketers running ad campaigns targeted at niche audiences.
  • She adds that smaller engines can lead to higher conversion rates due to fewer search results.

Search Engine Journal

An increasing number of college students are concerned about data privacy, according to a new report from the Future of Privacy Forum (FPF). The FPF analyzed multiple surveys from the past decade and found that 64% of Facebook users between 18-29 adjusted their privacy settings. Only 47% of users between 50-64 and 33% above 65 adjusted their privacy settings.


  • The FPF says post-secondary institutions should add data privacy into their curriculums to educate students about how their information is collected and used.
  • Institutions should be transparent about their data collection policies.
  • The FPF says researchers should perform more extensive studies to analyze college students’ attitudes toward privacy and consider factors such as race, ethnicity, and socioeconomic status.


In other privacy news:
  • Facebook will no longer use its facial recognition system and delete over one billion data scans due to increasing societal concerns about the technology.
  • Mobility firms such as Uber and Lyft partnered with over 20 cities to develop seven guidelines to protect rider data. They agreed to be transparent about their data collection policies and only collect what's necessary.
  • Dark patterns are an ethical and legal no-no, but is your legal team prepared to combat them, asks Transcend's Ben Brook in Legal Tech News.
  • Phone calls made on Google Fi MVNO will have end-to-end encryption.
  • Google introduced a new privacy feature that lets minors and parents request their images be removed from its search results.
  • Facebook CEO Mark Zuckerberg said its metaverse platform will be transparent about its data policies, privacy standards, and parental controls.
  • Kenyan digital lenders that share user data could have their licenses revoked as part of a new law approved by its National Assembly.

A conversation on privacy that delights: Transcend's Ben Brook sat down with the Experience by Design podcast to discuss all things privacy, security, how Transcend helps companies, and approaching user data control as a moment for brand building and trust.

Listen now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.