Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. And Happy Data Privacy Day🎈Coming in at around 1,300 words, we’re reporting on Congress's focus on big tech abuses, Google testing an alternative to cookies, tips to convince your leaders to boost privacy, and more. 

—The Transcend team

There appears to be bipartisan support in Congress to take on big tech companies over data privacy, market power, and disinformation. Sen. Amy Klobuchar (D-Minn.) plans to introduce a bill to address antitrust issues regarding big tech and limit mergers that concentrate market power. Rep. Ken Buck (R-Colo.) said that he is "deeply concerned about privacy issues" as well as "censorship" by big tech firms.


  • Democratic lawmakers are focused on big tech's role in enabling the spread of disinformation that led to the Jan. 6 attack on the Capitol building.
  • Republican lawmakers are more focused on the censorship of conservative voices, such as former President Trump, by big tech platforms like Twitter.
  • President Biden and some of his Cabinet nominees have pledged to hold big tech companies accountable for the content they host and to crack down on antitrust behavior.


Google has tested a new API designed to replace cookie-based ad targeting. The API, called Federated Learning of Cohorts (FLoC), is a Chrome browser extension and can be used as a replacement for third-party cookies.

More from Google:

  • Google tests of FLoC showed that advertisers can expect to see at least 95% of the conversions per dollar spent on ads when compared to cookie-based ads.
  • FLoC employs algorithms to analyze user data and create large groups of people with similar interests called cohorts. 
  • The data from the cohorts is shared for targeted ads, not data on an individual user. 
  • The FLoC is part of Google's Privacy Sandbox initiative to improve privacy protections for Chrome users.


A message from TRANSCEND

How much do you value your time?

Transcend delivers a full-stack solution to receive, manage and automatically fulfill data requests from your customers, freeing you to do high value work.

Leading companies trust Transcend to automatically and securely fulfill privacy requests without the need of a human.

Transcend automates your drudge work giving back the most important ROI – your time.

Get a demo on how we can fulfill your privacy requests in less than a minute.

Get a Demo

Dating app Grindr faces an $11.7M fine by the Norwegian Data Protection Authority for violating the EU's General Data Protection Regulation. Grindr is accused of disclosing private user details to advertising companies without user consent.


  • The agency determined that Grindr shared user location, tracking code, and other data with at least five advertising companies.
  • The ruling was in response to a complaint filed last year by the Norwegian Consumer Council and other consumer advocacy groups.
  • Grindr has 13.7 million active users, including thousands living in Norway.
  • In a statement, Grindr said that it obtained "valid legal consent from all” of its users in Europe to share data.
  • The agency stressed that its ruling is not final, and Grindr has until Feb. 15 to respond.


New year, new integrations: True privacy request automation is only possible with API-based integrations to the vendors where personal data is stored. Read more on the latest participating partner integrations that Transcend has added.

Read more

Mozilla has included supercookie protection in the latest version of Firefox. The new feature blocks hidden trackers from tracking users' internet browsing. Mozilla also fixed more than a dozen security bugs in Firefox 85.

More from Mozilla:

  • Supercookies can track user activity even after users clear cookies.
  • The Firefox 85 password management enables users to remove all saved logins with one click instead of having to delete each login individually.
  • Firefox 85 remembers the preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives users access to all bookmarks using a toolbar folder.


The Washington state legislature is considering a bill, Senate Bill 5062, that would impose strict data privacy requirements on companies similar to the EU's General Data Protection Regulation. Under the bill, state residents would be able to review their personal data, correct or delete that data, and opt out of data collection.


  • The proposal would apply to companies that control or process the data of at least 100,000 people.
  • During a hearing on the bill, Jennifer Lee of the ACLU of Washington criticized the bill as corporate centric.
  • The bill is sponsored by Sen. Reuven Carlyle (D-Seattle), who introduced a similar bill in the two previous years.
  • Last year, Carlyle's bill passed the Senate, but stalled in the House. 


EU regulators imposed $332.4M in fines for violations of the General Data Protection Regulation (GDPR) in 2020, according to stats from law firm DLA Piper. That marked a 39% jump over the fines imposed the previous year and a half since GDPR took effect in May 2018.

More from DLA Piper:

  • Two countries—Italy and Germany—were responsible for more than half of the total fines.
  • France, the United Kingdom, and Spain came in third, fourth, and fifth, respectively, in total fines issued.
  • There have been more than 281,000 data breach notifications since GDPR took effect.


Companies need to be persuaded to strengthen privacy protections using carrots as well as sticks, argues Lourdes Turrecha. Turrecha lays out five carrots to convince companies to beef up privacy protections:
  1. Privacy is a competitive differentiator: Customers are more likely to flock to a company that protects their data.
  2. Privacy impacts the bottom line: A recent Cisco study found that companies receive a $2.70 return on investment for every dollar spent on privacy.
  3. Privacy unlocks data's value: With strong privacy protection, companies can unleash the value of data without facing a privacy backlash.
  4. Privacy offers an opportunity to innovate: Companies can maximize the value of the data they collect by developing innovative privacy solutions.
  5. Privacy is the right thing to do: Customers, partners, and employees want to know that a company can be trusted to protect their data.



  • Cook County in Illinois left a database unsecured, resulting in the exposure of sensitive criminal and family court records.
  • An automated Telegram bot is enabling cybercriminals to sell access to a database with more than 500 million Facebook user phone numbers.
  • Google announced that its $2.1B purchase of Fitbit is complete, despite the Department of Justice's assertion that it is still reviewing the deal.

An easier way to understand California’s Privacy Rights Act (CPRA): We’ve launched an online site, where you can search, share, and see amendments to the CPRA, California’s new law amending the California Consumer Privacy Act.

Check it out

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.