Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at slightly more than 1,200 words, we’re covering another potential FTC appointment, a privacy complaint against Apple in France, Intel signing up for a DARPA encryption challenge, and more.

🆕And a late breaking story on the federal privacy front—U.S. Rep. Suzan DelBene (D) has introduced a federal privacy bill into the House; a bill which the U.S Chamber of Commerce has praised. More here from Recode. We'll keep close watch.

—The Transcend team

President Joe Biden plans to nominate Lina Khan, a Columbia University legal scholar supported by anti-big-tech activists, to the Federal Trade Commission (FTC). The nomination of Khan is yet another signal that the Biden administration will be aggressive in curbing the power of big tech companies like Amazon, Google, and Facebook.


  • If confirmed by the Senate, Khan would become one of three Democratic commissioners at the FTC.
  • Biden recently named Tim Wu, another big-tech critic and "father" of net neutrality, to the National Economic Council.
  • Fordham Law professor Zephyr Teachout commented that Khan and Wu are not "tech critics," but "visionary anti-monopolists across the board."


A group representing more than 2,000 French startups has filed a privacy complaint against Apple with the French data protection regulator CNIL. France Digitale alleges that iPhones running iOS 14 are collecting user data for ad tracking services without user permission, in violation of the EU's General Data Protection Regulation and E-Privacy Directive.


  • Apple responded in a statement: "The allegations in the complaint are patently false and will be seen for what they are, a poor attempt by those who track users to distract from their own actions and mislead regulators and policymakers."
  • In February, France Digitale issued a statement criticizing Apple for harming startups with its App Store practices.
  • Last year, the Austrian advocacy group nyob filed a complaint against Apple for tracking users without their consent.


Intel has agreed to join a project sponsored by the Defense Advanced Research Projects Agency (DARPA) to develop an accelerator for fully homomorphic encryption (FHE), which provides robust security for data in use. The goal of the project, called the Data Protection in Virtual Environments (DPRIVE) program, is to develop FHE that is practical and affordable for widespread use.


  • Intel is teaming with Microsoft on the DPRIVE program.
  • The chip maker will work on developing an application-specific integrated circuit accelerator to reduce FHE's performance overhead.
  • Duality Technologies, Galois, and SRI International were also selected to lead research teams for the DPRIVE program.


Privacy tech stack, decoded: Cross-funtional conversations on privacy engineering start with speaking the same language. Designed for non-engineering leaders, our Tech Stack Decoded guide covers 11 technical concepts we believe are crucial to any modern data privacy tech stack, including encryption, data erasure vs. pseudonymization, and more.

dowNload Now

Google's proposed privacy policy changes to Chrome will not end targeted advertising, observed Elizabeth Renieris, an affiliate of Harvard University’s Berkman Klein Center for Internet and Society. Google said it was removing support for third-party cookies from Chrome and that it would not build alternate identifiers to track Chrome users across the web.


  • Google is publicly testing an alternative ad-targeting tool, which will use application programming interfaces instead of cookies.
  • Google cited a Pew Research Center poll that found 81% of respondents believe that the potential risks from data collection outweigh the benefits.
  • Bennett Cyphers, staff technologist at the Electronic Frontier Foundation, said that Google is ending Chrome support for third-party cookies to comply with the EU's General Data Protection Regulation. 


The New York Times (NYT) editorial doard is backing federal data privacy legislation that would require apps and websites to get permission from users to collect data, so-called "opt-in". 


  • Virginia's new Consumer Data Protection Act, which significantly boosts data privacy protections, still requires consumers to opt-out of data collection, except for sensitive data.
  • The NYT observed that many companies bury their data collection controls deep within their websites, making it hard for consumers to find them.
  • The editorial board supports federal legislation along the lines of the EU's General Data Protection Regulation to override a patchwork of state privacy laws that are often business, not consumer, friendly
  • T-Mobile recently announced that it will begin sharing customer information with advertisers unless the customer opts out manually using the account's privacy tools.


Oliver Dowden, the secretary of state for the U.K. Department for Digital, Culture, Media and Sport (DCMS) plans to ask the next U.K. Information Commissioner to shift the agency's focus from privacy rights enforcement to innovation. The DCMS oversees the Information Commissioner's Office (ICO). Dowden wants to give businesses the ability to innovate with data without fear that they will violate strict privacy rules, Phil Earl, DCMS's deputy director for data strategy implementation and evidence, told a recent Westminster eForum virtual event.


  • The five-year term of the current commissioner, Elizabeth Denham, expires in October this year. 
  • The new Information Commissioner "will be asked by the secretary of state to not just focus on privacy but to be really thinking about how they are helping to unlock the value of data again," Earl said.
  • Yvonne Gallagher, digital director of the National Audit Office, told the virtual forum that barriers to business innovation lie more with infrastructure and hardware limitations than with regulation.


Immigrants' rights groups are suing Clearview AI for violating Californians' privacy rights by collecting and processing facial images without individuals' permission. The groups argue that Clearview AI's facial recognition software is being used by state and federal law enforcement even though several California cities have banned its use.


  • The plaintiffs are seeking an injunction to prevent Clearview AI from being used by law enforcement in the state and to delete facial scans of Californians collected so far.
  • Clearview AI told CNN that it "complies with all applicable law and its conduct is fully protected by the First Amendment."
  • Last month, Canada's privacy regulator ruled that Clearview AI violated its privacy laws by collecting facial scans of Canadians without their knowledge or permission.


In other privacy news:
  • State privacy watch: The Oklahoma House has passed a data privacy bill that requires companies to obtain opt-in consent from consumers to collect and sell their personal information.
  • The U.S. Customs and Border Protection (CBP) has begun implementing its Simplified Arrival, which uses facial recognition, at the Hidalgo Port of Entry. The Government Accountability Office has criticized the Simplified Arrival program for privacy lapses. 
  • The ACLU is warning that the use of robot dogs and other advanced technologies by law enforcement could threaten civil liberties if not controlled by clear policies.
  • Brave, a privacy-first web browser, is launching a search engine that won't track or profile individuals who use it.
  • How did Zoom build end-to-end encryption for their meeting platform? Security Engineer Merry Ember Mou explains how in their talk at Transcend’s privacy_infra() event.
  • The Arizona high court has ruled that a Phoenix man can sue Costco for a health privacy breach. The plaintiff alleges that a Cosco pharmacist joked with the man's ex-wife about an erectile dysfunction prescription.

Next Wednesday—a conversation on privacy and email deliverability: Email is a make-or-break part of any privacy program. We've partnered with Mailgun to go through a simple framework of how to think about data privacy and email deliverability, next Wednesday at 9am PT/11am CT.

reserve a spot

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.