Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. This week, we’re looking at what Apple is doing to address privacy concerns of Mac users, how Sen. Blumenthal wants to crack down on high-tech firms, Canada’s answer to the EU’s GDPR, and more.

- The Transcend team

Apple has announced changes to its Mac security protocol in response to criticism from users that it slows down opening of apps and collects too much information about their activities. Apple added a privacy protection section to its support pages in which it explained that Gatekeeper checks apps for malware and whether the developer’s certificate is valid. The company plans to roll out new privacy safeguards over the next year.


  • Apple stressed that it would “never” combine data from Gatekeeper with information about users and their devices.
  • Security researcher Jeffrey Paul argued that Apple’s security protocol collects a hash of every program a Mac user runs, along with the IP address, over an unencrypted connection.
  • In Europe, Apple is facing a lawsuit by consumer rights activist Max Schrems who argues that an ID generated by iPhones enabling advertisers to track users violates the EU privacy rules.


U.S. Sen. Richard Blumenthal (D-Conn.) called for tougher data privacy laws, ending legal protections for social media platforms for content posted by users, and increased antitrust enforcement against high-tech companies. Blumenthal made his remarks during a Tuesday hearing in which Facebook’s Mark Zuckerberg and Twitter’s Jack Dorsey faced tough questioning before the Senate Judiciary Committee. “You have made a huge amount of money by strip mining data about our private lives and promoting hate speech and voter suppression,” Blumenthal said.


  • Both Republican and Democratic senators were critical of the handling of content by Facebook and Twitter during the election and called for an end to legal protections for content that appeared on the platforms.
  • Republican lawmakers criticized the CEOs for putting warnings on tweets by President Trump and other conservatives.
  • Zuckerberg and Dorsey said they would conduct “post-mortem” reviews on the efforts to stop the spread of disinformation and hate speech on their platforms.


A message from TRANSCEND

How much do you value your time?

Transcend delivers a full-stack solution to receive, manage and automatically fulfill data requests from your customers, freeing you to do high value work.

Leading companies trust Transcend to automatically and securely fulfill privacy requests without the need of a human.

Transcend automates your drudge work giving back the most important ROI – your time.

Get a demo on how we can fulfill your privacy requests in less than a minute.

Companies could face stiff fines for violation of a new Canadian privacy law being proposed by the federal government. Fines could run up to 5% of a company’s global revenue or C$25M ($19.1M), whichever is greater, for violating new data privacy rules. The government submitted the proposed law to parliament for consideration. The law would give Canadians the right to demand that companies destroy their personal data, similar to the EU's General Data Protection Regulation.


  • Navdeep Bains, Canadian minister of innovation, science and industry, said the proposed law would carry the highest fines for privacy violations of any G-7 country.
  • The proposed Digital Charter Implementation Act would give Canadians the ability to provide meaningful consent for collection of personal data, move their information from one organization to another in a secure manner, and have greater transparency regarding algorithms.
  • The proposal would also give the Privacy Commissioner the power to order a company to stop collecting and using personal data.
  • A new Personal Information and Data Protection Tribunal would be able to levy fines and hear appeals.


Download - Privacy Guide on Tech Disciplines

Download our latest guide to working with privacy engineering disciplines, including how each technical role contributes to the success of your legal program.

Download Now

The U.S. military is purchasing location data that is harvested from consumer apps, such as the Muslim Pro prayer app with 98 million downloads, according to Motherboard. Data from other apps for sale includes a Muslim dating app, a Craigslist app, an app following storms, and a “leveling” app. The U.S. military buys the location data from brokers called Babel Street (Locate X) and X-Mode.


  • In response to the Motherboard investigation, Muslim Pro said it would no longer share location data with X-Mode.
  • U.S. Customs and Border Protection has come under congressional scrutiny for buying location data to track U.S. citizens without a warrant.
  • In June, Babel Street purchased Dunami, which provides the company with artificial intelligence and machine learning capabilities.


The exit of the U.K. from the European Union could pose data privacy and governance challenges for organizations. For example, EU companies will need to have a plan in place about data transfers to and from the UK beginning next year, advised Paul Smith and Krittika Singh, risk advisories at EY UK&I. Companies will need to update their documentation and privacy notices to cover these data transfers and develop a plan to notify data subjects about the updates.


  • Smith and Singh warned that the interaction of Brexit with the EU’s General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulation, and the eCommerce Directive will greatly complicate data governance issues.
  • In addition, companies could face fines from the EU and the U.K. for violations of data privacy rules.
  • The deadline for the U.K. to complete its exit from the EU is Dec. 31 of this year, although the U.K. government said it plans to comply with GDPR after the deadline.


The use of COVID-19 tracing apps, which are being employed around the world to help reduce the spread of the virus, raises data privacy concerns. Some governments, such as South Korea and China, have taken an aggressive approach to tracking people suspected of being infected by COVID-19, approaches that have been criticized in Western countries. There needs to be a balance between public health and personal privacy, argues Florencio Travieso with the Conversation.


  • On Thursday, the UN issued a joint statement on "Data Protection and Privacy in the COVID-19 Response" reinforcing that “During public health emergencies, data collection, processing, and use must protect the rights of all people."
  • In May, Hungary suspended data privacy rights granted to individuals by the EU’s General Data Protection Regulation as part of its effort to combat COVID-19.
  • Further endangering privacy rights, a study estimated that 85% of COVID-19 tracking apps leak data.


During an address to the (ISC)2 Security Congress, Bruce Schneier examined the public-interest angle of technology. He stressed the need for an ethics of data privacy and security in today’s technology policy discussions. Schneier said that policymakers need to be better informed about the technology they are trying to regulate, and security professionals need to include the public interest in their thought processes.


  • Schneier said that the debate over law enforcement access to encrypted devices highlights the need for policymakers to better understand technology and security pros to consider the public interest involved.
  • Civil liberties groups issued a statement Nov. 16 warning about the moves by various governments to break end-to-end encryption (E2EE) for law enforcement access.
  • The groups stressed that E2EE is “vital to protect the privacy and security of citizens and governments around the world.


  • Nearly 70% of Indians are worried about data privacy in connected vehicles, according to a survey by Deloitte.
  • A growing number of cities are working on rules of engagement, particularly regarding data privacy, for deployment of connected technologies.
  • A full 57% of U.S. consumers would give up marketing personalization to protect their personal data, a survey by The Conference Board found.

Newsletter Launch Survey

As an early subscriber to Privacy XFN, we'd love to get some quick feedback from you, to help us make next week's newsletter even better.


Provide feedback

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.