Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at slightly under 1,200 words, we’re covering privacy concerns around vaccine passports, arguments that the new Virginia privacy law doesn't go far enough, Google testing its FLoC tech with developers, Colorado joining the state privacy law party, and more.

—The Transcend team

The EU's plans to issue vaccine passports, called "digital green certificates," has privacy advocates concerned. Nicole Hassoun, a professor at Binghamton University specializing in ethics in public health, told CNBC that a vaccine passport could lead to data privacy risks or even discrimination.


  • J.D. Tuccille of Reason magazine said that vaccine passports "need some degree of access to sensitive health information in order to function, and that creates an unavoidable vulnerability."
  • U.K..-based civil liberties group Liberty said in a statement: "Even the introduction of a voluntary passport to prove if you’ve had a vaccine could result in many being blocked from essential public services, work or housing."
  • Albert Fox Cahn, an attorney and founder of the privacy rights group Surveillance Technology Oversight Project, said that New York's proposed Excelsior vaccine passport is "incredibly revealing, disclosing not only people's health status and name but their date of birth.”
  • The Biden administration is working with companies to develop a set of standards for vaccine passports.


With the ink barely dry on Virginia's new data privacy law, critics are attacking the measure for lacking a private right of action for victims and other shortcomings. These critics argue that the law takes a business-friendly approach to protecting privacy.


  • Irene Leech, president of the Virginia Citizens Consumer Council, commented that Virginia "has taken a business-first perspective that codifies business-designed obstacles to consumers having meaningful control of their personal information.”
  • State Sen. Scott Surovell (D-Fairfax) said that the "only person who can fight for your rights under this [law] is the attorney general. And I just believe that’s fundamentally wrong."
  • Mark Dix, a lobbyist for the Virginia Trial Lawyers Association, commented: “The one person this bill is designed to protect is the one person who has no cause of action and has no damages."


A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

Google is moving ahead with "origin trials" for its Federated Learning of Cohorts (FLoC) technology, which is designed to replace third-party tracking cookies. Origin trials enable web developers to try out new features and provide feedback on usability, practicality, and effectiveness.


  • Google announced early last year that it would phase out the use of third-party cookies over two years.
  • To replace cookies, Google is proposing a Privacy Sandbox designed to protect user privacy while enabling online advertisers and other companies to use targeted ads. 
  • FLoC is one of the technologies being tested by Google as part of the Privacy Sandbox initiative; it will enable ad companies to target "cohorts" as opposed to individuals in their advertising.
  • Critics argue that Google's effort is an anti-competitive move designed to force advertisers to spend more on Google's ecosystem.


Transcend in 10 Mins:​​​​​​ In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure. 

Watch now

The Colorado legislature is considering the Colorado Privacy Act (SB21-190) that would strengthen consumer privacy rights and impose obligations on companies that handle personal data. The bill is similar to privacy laws enacted by California and Virginia.


  • Colorado State Senators Robert Rodriguez and Paul Lundeen introduced the bill on March 19.
  • The Colorado bill differs from the California and Virginia laws in some personal data categories and data deletion requirements.
  • Should the bill pass the legislature and be signed into law by the governor, it would go into effect on Jan. 1, 2023.


Apple and other big tech firms are lobbying to defeat an electronic devices right-to-repair bill in Nevada that they argue will put consumers' privacy at risk. The bill would require hardware manufacturers to provide parts and schematics to independent repair shops so they can fix devices.


  • The Nevada bill would apply to consumer electronics worth less than $5,000 wholesale and exempt gambling equipment.
  • TechNet, which represents Apple and other device makers, argues that the bill has the "potential for troubling unintended consequences, including serious adverse security, privacy and safety risks.”
  • Massachusetts voters approved a similar law that gives independent auto repair shops access to information from auto manufacturers.



Data privacy skills are in demand for technology jobs, according to an analysis of Burning Glass data. The jobs with the highest percentage of data privacy skills required are cyber/information security engineer/analyst and technology consultant.


  • Other jobs requiring data privacy skills include software developer/engineer, business/management analyst, network engineer/architect, computer systems engineer/architect, customer service representative, and IT project manager.
  • Kevin Dunne, president of unified access orchestration firm Pathlock, recommended that job applicants looking to boost their data privacy skillset should consult the International Association of Privacy Professionals.
  • David Gochenaur, senior director of cybersecurity at Ensono, said data privacy skills begin with an understanding of information security and risk management.


The number of Signal users has soared in recent months in response to WhatsApp's privacy policies changes set to take effect in May. Signal recently passed the 100 million installs milestone, with more than 61 million installs this year, according to Sensor Tower data.


  • In December, WhatsApp announced that it was expanding data sharing with its parent Facebook and users who refused to accept the change would not be able to access the popular app. 
  • It then postponed the privacy policy changes due to the negative reaction among users and a mass exodus to other platforms such as Signal and Telegram.
  • In a Jan. 7 tweet, Elon Musk urged WhatsApp users to move to Signal.


In other news:
  • The Michigan Court of Appeals has ruled that landowners have a strong expectation of privacy related to surveillance drones flying over their property.
  • Illinois lawmakers are proposing to limit class-action lawsuits filed against companies under the Biometric Information Privacy Act, one of the only state privacy laws granting a private right of action.
  • Researchers at the University of Illinois Urbana-Champaign and the Carl R. Woese Institute for Genomic Biology have been awarded a $35K grant to survey 1,600 people about their views on data privacy and genomic sequencing. 

Calculate the cost of privacy: Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it out

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.