Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. This week we’re looking at a busy start to the legislative session in New York state on privacy, WhatsApp clarifying its privacy policy in response to a public backlash, how Africa and the Near East are out in front when it comes to privacy laws, how proposed U.S. cryptocurrency rules are raising privacy concerns, and much more.

And a heads up—we're co-hosting a conversation next Thursday 1/21 with C-suite leaders and tech founders on bridging privacy and security divides to get ahead of incoming data laws. Read more below, or register here.

—The Transcend team

New York state lawmakers introduced more than a dozen consumer privacy bills last week. One of those bills, Senate Bill (SB) 567, is similar to the California Consumer Privacy Act, but also has a private right of action. Another bill, The New York Privacy Act (A689), includes a requirement that businesses must get consumer consent for all data processing activities and third-party disclosures, similar to the EU's General Data Protection Regulation. 


  • The New York Privacy Act, which has been referred to House Consumer Affairs and Protection Committee, would also require companies to disclose deidentification methods, place safeguards around data sharing, and fund an office dedicated to privacy and data protection.
  • SB 567, which has been referred to the Senate Committee on Consumer Protection, grants a consumer a right to request a business to disclose information concerning personal data it collects, including third parties with whom the personal data is shared. 
  • Other privacy bills introduced in this session include the Online Consumer Protection Act (AB 405) and the Right to Know Act (AB 400).

LEXOLOGY (paywall) 

In response to a shift of users to Signal and Telegram, WhatsApp published a FAQ page seeking to clarify its privacy policy regarding sharing data with Facebook. WhatsApp stressed that it will not share chats or profile data with Facebook when a new privacy policy takes effect on Feb. 8. 


  • The FAQs come in response to media reports prompted by the privacy policy change, suggesting that WhatsApp would be sharing all user data with Facebook.
  • WhatsApp competitor Telegram saw more than 25 million users sign up in 72 hours following the WhatsApp reports.
  • In its FAQ page, WhatsApp explained that the changes to its privacy policy will not affect the privacy of messages with friends and family but only messaging with businesses.


A message from TRANSCEND

How much do you value your time?

Transcend delivers a full-stack solution to receive, manage and automatically fulfill data requests from your customers, freeing you to do high value work.

Leading companies trust Transcend to automatically and securely fulfill privacy requests without the need of a human.

Transcend automates your drudge work giving back the most important ROI – your time.

Get a demo on how we can fulfill your privacy requests in less than a minute.

Get a Demo

Proposed U.S. cryptocurrency rules could raise privacy issues, critics argued. The Treasury Department's Financial Enforcement Crimes Network (FinCEN) proposed new rules last month that would increase reporting and customer verification requirements for banks regarding cryptocurrency transactions. More than 7,000 cryptocurrency groups and advocates have objected, citing data privacy rights concerns and other issues with the proposed rules.


  • The proposal would require banks and money services businesses to report cryptocurrency transactions over $10,000. 
  • FinCEN argued that the new rules are needed to prevent cryptocurrency from being used for money laundering and other illegal activities.
  • The agency estimated that $119 billion in suspicious activity was related to cryptocurrency in 2019.


CxO + Founder Privacy & Security Roundtable on Jan. 21: How can privacy and security teams work smarter together to get ahead of impending data laws? Join Airbnb’s CPO Brendon Lynch, Former Fidelity and Experian Security leader and CISO Melanie Sankaran, and others next Thursday January 21 at 9am Pacific.

Register now

Nations in Africa and the Near East have enacted data privacy laws at a higher rate than those in other regions of the world. In the past decade, 24 new laws have been enacted by countries in the region, compared to 13 new laws in Asia and 21 in the Americas over the same period. Many African and Near East countries have established or are establishing data protection agencies to enforce those laws.


  • The U.K. has pulled out of the EU but will be covered by GDPR for six months during which the European Commission intends to issue an adequacy ruling regarding data transfers to the U.K.
  • While Asia has lagged behind other regions in data privacy, the Indian government plans to table the final draft of its new Personal Data Protection Bill during Parliament's budget session that begins Jan. 29.


Privacy heads from Amazon, Google, and Twitter called for the enactment of a U.S. federal privacy law during remarks at this year's virtual CES 2021 conference. They said that new privacy laws have changed the way they do business, particularly giving users great control over their data. However, tech companies are wary of having to deal with several privacy laws throughout the U.S. and have been pushing for a federal privacy law that creates one standard for the country.


  • The three privacy leaders judged it "probable" that the incoming administration of President-elect Joe Biden would push for a federal privacy law.
  • The Obama administration introduced a Privacy Bill of Rights in 2012, but Congress failed to take action on it.
  • Failure to enact a national privacy law would result in the "balkanization of the internet," warned Twitter Chief Privacy Officer Damien Kieran. 


Tim Berners-Lee, credited with inventing the internet, is proposing that personal data be stored in a "pod" that the individual controls. The pods would be personal online data stores, such as a small amount of server space. Companies would be able to access a person’s data through a secure link for a specific task with the person's permission.


  • The idea is to take the personal data out of the hands of companies like Google and Facebook, which have made a business out of harvesting, hoarding, and selling data.
  • The ultimate goal is to move toward an internet "that I originally wanted," Berners-Lee said.
  • Berners-Lee has founded a startup called Inrupt, which would provide server software to set up such pods.


The U.S. financial services and other industries will likely face increased challenges in the area of data privacy this year as more states enact privacy laws. In addition, the incoming administration of President-elect Joe Biden could push for a federal data privacy law and task federal agencies to vigorously enforce existing privacy-related laws.


  • The financial services industry could see changes to the Gramm-Leach-Bliley Act's Safeguards Rule and new rules for financial institution incident reporting.
  • The incoming Biden administration might have more luck negotiating a follow-on to the EU-U.S. Privacy Shield than the outgoing Trump administration.
  • U.S. companies will have to contend with recently approved amendments to the California Consumer Privacy Act that boost the law and create a California Privacy Protection Agency.


Quick hits:
  • The Washington Senate Environment, Energy and Technology Committee is holding a hearing on a data privacy bill (SB 5062) on Thursday. 
  • Legal experts are raising concerns about whether target marketing can withstand emerging privacy regulations. 
  • More than three-quarters of remote workers used their work devices for personal matters, while 71% stored personal data on work devices, according to a survey of 1,000 U.S. remote workers by ZL Tech.

An easier way to understand California’s new Privacy Rights Act (CPRA): We’ve launched an online site, where you can search, share, and see amendments to the CPRA, California’s new law amending the California Consumer Privacy Act.

Check it out

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.