Welcome to this week's Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we're covering the Commerce Department's listening sessions, which could revive Congressional efforts to pass a federal privacy law, the U.K. information commissioner's calls for new ad tech privacy standards, Google's new Privacy Sandbox commitments, and much more.
Mark your calendar: Don't miss our end of year (virtual) breakfast on Friday December 10, where Uber's Head of Privacy Engineering Nishant Bhajaria and Asana's DPO Whitney Merrill will reflect on key wins and better ways of working between privacy engineering and legal teams. Register now.
—The Transcend team
|
|
The Commerce Department's National Telecommunication and Information Administration (NTIA) will host listening sessions this month to examine the relationship between data privacy and civil rights. The NTIA will build a report outlining how commercial data disproportionately hurts marginalized communities.
More:
- The bigger picture: there are hopes the sessions and subsequent report could lead to renewed efforts in Congress to pass a federal privacy law.
- In July, President Biden signed an executive order calling on the FTC to establish new privacy rules, however, privacy hasn't been a significant priority during his administration so far.
- The FTC would receive $500M to open a new privacy bureau as part of Biden's Build Back Better act, which has passed the House but not the Senate.
Axios
|
|
U.K. information commissioner Elizabeth Denham has outlined new privacy standards for advertising technologies. Denham wants new ad tech that lets users opt-out of being tracked or profiled. She says new ad tech should be transparent about how and why data is being processed.
More:
- Denham says new ad tech should address current and new privacy risks.
- In September, the British government said it was looking to amend its data protection laws following Brexit.
- New leadership incoming: Denham is set to be replaced by New Zealand's current privacy commissioner John Edwards, who takes over on Jan. 3, 2022.
TechCrunch
|
|
Google announced additional commitments with the U.K.'s Competition and Markets Authority (CMA) as it looks to replace third-party cookies with Privacy Sandbox. It will limit access to Chrome's browsing history and Analytics data on Google and non-Google websites. Google's first-party personal data won't be used for targeted ads on non-Google websites.
More:
- Google will have an independent Monitoring Trustee, approved by the CMA, to ensure it's adhering to its commitments
- Google says the commitments will be applied globally if they're approved by the CMA.
- In July, Google published a timeline outlining how it plans on rolling out Privacy Sandbox by the end of 2023.
Reuters
Meet with Transcend, get an Amazon gift card:
Interested in seeing how Transcend can help transform your data privacy operations? Take a quick call with one of our team, and we'll send you a $100 Amazon gift card for your time.
|
|
|
|
97% of EU websites don't adhere to at least one of GDPR's requirements, according to a study by the University of Virginia. Researchers used machine learning to analyze over 1,000 of the top 10,000 websites in the region.
More:
- Only 15.3% of websites complied with user profiling, the least of all 18 requirements.
- User profiling is when a website collects information about an individual to build a profile that can be used for other purposes such as targeted advertising.
- Over 80% of websites complied with data categories and processing purposes, the most of all requirements.
Unite.AI
|
|
The clock is ticking on Apple’s upcoming In-App deletion deadline—mobile apps on Apple's App Store that let users create accounts must ensure there's a mechanism to delete these accounts by Jan. 31, 2022. While Apple hasn't specified how it defines account deletion, it's most likely similar to GDPR and CCPA, which call for a total wipeout of an account holder's personal data.
More:
- Apple has repeatedly emphasized the account deletion mechanism must start frombe within the app.
- A high potential cost: With Apple’s continued focus on privacy, the tech giantApple could block iOS updates for any app that doesn't comply.
- An easy fix for companies using Transcend: The compliance workload is lighter for companies already leveraging data privacy infrastructure, and who can simply serve up a new deletion workflow.
Transcend
|
|
Amazon has tried to weaken and kill more than 36 data privacy bills in 25 states in the past few years. Notably, it increased spending "tenfold" between 2017-2021 in Virginia to ensure the state passed its Consumer Data Protection Act, which it helped draft. In Washington, Amazon weakened the state's 2017 biometric privacy law to ensure it had "little if any" impact on its business.
More:
- Amazon's extensive collection of consumer data helps it increase sales as it can track a customer's purchasing history to provide them with personalized recommendations.
- President Obama's former White House press secretary Jay Carney oversees Amazon's lobbying efforts, and the team has grown from 62 employees in 2014 to over 250 while spending $18M in 2020.
- The report triggered bipartisan calls for Congress to pass a federal privacy law.
- Amazon's lax security: its employees were able to view the purchasing history of multiple celebrities, including Kanye West, according to a report from Wired.
CNBC
|
|
Italy's competition and markets authority (ACGM) fined Apple and Google $11.3M each for failing to be transparent about how they collect and use consumer data. The ACGM says Google withholds vital information from users when they're setting up an account. Google also fails to explain how users can revoke their consent at a later point. Apple's been accused of effectively forcing consumers to agree to its terms.
More:
- In Oct. 2020, the ACGM launched a separate investigation into Google's display advertising business that's yet to be resolved.
- Italy's big tech crackdown: The ACGM levied an $8.5M fine against Facebook in February for failing to be transparent about how it uses data, in accordance with a 2018 order.
- Both companies rejected the allegations and said they'll appeal the decision.
TechCrunch
|
|
In other privacy news:
- Privacy experts have expressed concerns about new Australian defamation laws that would mandate tech giants reveal the identities of specific users without their consent.
- The U.K.'s Information Commissioner's Office fined facial recognition firm Clearview AI $22.6M for failing to notify residents their photos were being taken from social media sites.
- 35% of consumers will only shop from companies that are transparent about their data collection policies, according to Thomas Damon Brausch, Wunderman Thompson's chief data officer for the Asia Pacific.
- China's State Administration for Market Regulation introduced new rules prohibiting advertisers from misleading users.
- The U.S. Supreme Court refused to take on a case against Massachusetts' Section 99, which bans surreptitious recordings.
Improved privacy, improved ROI—a case study:
When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.
|
|
|
|
Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.
|
|