Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at just under 1,100 words, we’re tracking problems posed by CFAA in data scraping lawsuits, using data trusts for AI, the EU’s plans for a secure data marketplace, and more.

—The Transcend team

Courts are finding it hard to decide data scraping lawsuits by applying the 1984 Computer Fraud and Abuse Act (CFAA). The CFAA prohibits individuals or companies from accessing a protected computer without authorization and obtaining information from that computer. A federal court ruled last year that hiQ’s scraping of publicly available information from LinkedIn was not a violation of CFAA because the computers are publicly available so hiQ did not access the computers without authorization.


  • LinkedIn appealed the court’s decision to the Supreme Court, where its petition for certiorari is pending.
  • In another case involving Southwest Airlines and Farechase, the courts interpreted the CFAA to cover violations of corporate computer use restrictions and policies governing authorized uses of databases in a data scraping incident.
  • In another case, the Supreme Court is hearing oral arguments about the scope of the CFAA in a case that could have implications for cybersecurity researchers.


A data trust could be used as a repository for shared data to overcome the reluctance of firms to share data due to data privacy regulations and ethical issues, explained George Zarkadakis with Willis Towers Watson. Artificial intelligence (AI) applications could then utilize this data trust to carry out their functions. A data trust would be an independent organization functioning as a fiduciary for data providers.


  • Companies are increasingly looking to share data for AI use but are concerned about the security and legal risks.
  • Use cases for data trusts include fraud detection in financial services, greater speed and agility across supply chains, improved product development and customer experience, and development of new digital health solutions.
  • Data trusts could also encourage data interoperability and ethical and compliance governance of data. 


A message from TRANSCEND

How much do you value your time?

Transcend delivers a full-stack solution to receive, manage and automatically fulfill data requests from your customers, freeing you to do high value work.

Leading companies trust Transcend to automatically and securely fulfill privacy requests without the need of a human.

Transcend automates your drudge work giving back the most important ROI – your time.

Get a demo on how we can fulfill your privacy requests in less than a minute.

The European Union’s executive arm has proposed new legislation to create a secure EU-wide data marketplace to encourage the sharing of industrial and government data as long as the data is protected based on European standards. The proposal is designed to protect sensitive data from U.S. and Chinese companies as well as hackers.


  • The proposal would provide protections for industrial and government data similar to what the General Data Protection Regulation provides for personal data.
  • The EU proposal grew out of an effort to maintain data sovereignty over European industrial and government data.
  • The European Commission is also considering regulations to require social media companies to remove disinformation and fake accounts.


An easier way to understand California’s new Privacy Rights Act (CPRA): We’ve launched an online site, where you can search, share, and see amendments to the CPRA, California’s new law amending the California Consumer Privacy Act. 

Check it out

Microsoft has decided to remove individual names from its Productivity Score feature of Microsoft 365 to address concerns of data privacy advocates that companies could use it to spy on workers. The feature will only provide aggregated data on communications, meetings, content collaboration, teamwork and mobility metrics. Companies will not be able to use the feature to monitor how users are employing apps and services.


  • The Productivity Score, rolled out in late October, enables companies to evaluate how their employees are using Microsoft 365.
  • Wolfie Christl, a researcher at Cracked Labs, warned that the feature turns Microsoft 365 into a “full-fledged workplace surveillance tool.”
  • Microsoft responded by removing user names and modifying the interface to make it clear that the tool is intended to measure organizational adoption of technology, not user behavior.


Apple is accusing Facebook of violating user privacy in its effort to collect as much user data as possible for advertisers. Jane Horvath, Apple’s director of global privacy, made the accusation in a letter to privacy groups in which she explained the rationale for her company’s app tracking transparency feature. The feature will enable users to know when companies want to track them across apps and websites.


  • In response to criticism from Facebook and advertisers, Apple decided to delay the launch of the anti-tracking tool for iOS 14 until early 2021.
  • A group of privacy and human rights advocates sent a letter to Apple CEO Tim Cook urging him to implement the tool as “expeditiously as possible.”
  • In response, Horvath said Apple remained committed to deploying the app tracking transparency feature early next year.


New Zealand’s new Privacy Act, which includes significant changes to the 1993 privacy law, took effect Dec. 1. The new law includes a mandatory data breach notification requirement if the breach could cause serious harm. If the breach is not reported, a company could face fines of up to NZ$10K per breach.


  • The Privacy Act lays out several privacy principles, including limiting companies to collecting personal information only if it is for a lawful purpose and the information is necessary for that purpose.
  • The law also imposes restrictions on cross-border transfers of personal data.
  • The Privacy Commissioner’s information gathering and penalty assessing powers are also expanded.


The European Commission is scheduled to introduce legislation this month designed to overhaul the EU’s 20-year-old e-Commerce Directive. The Digital Services Act (DSA) is intended to regulate digital service providers’ responsibilities regarding illegal or harmful content and large online platforms known as “gatekeepers.” It also is expected to include algorithmic transparency provisions.


  • The e-Commerce Directive was adopted in 2000 to provide a legal framework for online services.
  • The European Parliament issued reports on the proposed DSA, calling for the inclusion of stricter conditions for targeted ads and more controls for users over what they see online.
  • In a recent speech, EU Executive Vice President Margrethe Vestager identified gatekeepers as “a few huge digital platforms” that online consumers rely on.


  • The Biden administration will face an array of cybersecurity challenges, concludes the Aspen Cybersecurity Group.
  • Forbes has announced its annual list of 30 Under 30 Enterprise Technology founders, including Transcend's Benjamin Brook and Michael Farrell
  • Data privacy and data governance are expected to be top business priorities in 2021, predicts AT&T’s Zachary Curley.

Newsletter Launch Survey: As an early subscriber to Privacy XFN, we'd love to get some quick feedback from you, to help us make next week's newsletter even better.

Provide feedback

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.