Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at more than 1,200 words, we’re covering states challenging a census privacy tool, lawsuits muddling antitrust and privacy, nyob protesting an Android ad tracking tool, Disney and other firms ending tracking in kids' apps, and more.

📅And one for the diary: Next Thursday, The New York Times joins our privacy engineering virtual meetup privacy_infra() to outline how they built a technical system to support the privacy of their readers. Plus, privacy-preserving ways for events & business to confirm COVID-19 vaccinations. Save your spot here.

—The Transcend team

Sixteen U.S. states are joining Alabama's legal challenge to a new statistical method used to protect the privacy of people who participated in the 2020 census. The lawsuit wants to block the use of differential privacy, which adds mathematical "noise" to the data to obscure an individual's identity while still providing valid data. 


  • States supporting Alabama are Alaska, Arkansas, Florida, Kentucky, Louisiana, Maine, Mississippi, Montana, Nebraska, New Mexico, Ohio, Oklahoma, South Carolina, Texas, Utah, and West Virginia.
  • The states argue that differential privacy will result in inaccurate data, especially for small geographic levels, making accurate redistricting at the local level "impossible." 
  • "Because differential privacy creates false information — by design — it prevents the states from accessing municipal-level information crucial to performing this essential government functions," the 16 states argued in their legal brief.


Antitrust and privacy are on a "collision course" based on recent legal decisions related to Facebook and Google, argues Wired's Gilad Edelman. The Federal Trade Commission (FTC) and a coalition of states sued Facebook in December for antitrust behavior in reneging on its user privacy promises. A different group of states sued Google in March for antitrust action in blocking third-party trackers in Chrome to improve user privacy. 


  • The FTC argued that Facebook's failure to protect user privacy demonstrated its antitrust behavior.
  • In their lawsuit against Google, the states argued that Google's effort to improve Chrome user privacy was really an attempt to gain an unfair advantage in the online advertising market.
  • Edelman argues that these contradictory views of antitrust and privacy could lead to a confusing legal legacy in which neither privacy nor competition is protected.


A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

Privacy activist group nyob has filed a complaint with CNIL, the French data protection agency, against Google for using an Android tracking tool without user consent. Nyob alleges that Google is in violation of the EU's ePrivacy Directive, rather than the General Data Protection Regulation (GDPR), so that CNIL has the option to rule on the issue. Under GDPR, Ireland's data protection regulator has jurisdiction over Google.


  • Nyob argues that the Android Advertising Identifier (AAID), installed on Android phones, enables Google to track a user and combine information about online and mobile behavior without user consent.
  • The group charges that the use of AAID without "informed and unambiguous" consent violates the ePrivacy Directive and the French national data protection law.
  • Last year, nyob filed a complaint about the AAID with the Austrian data protection regulator under GDPR.


Calculate the cost of privacy: Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it out

Disney, Viacom, and 10 advertising tech companies have agreed to end tracking in children's apps over privacy concerns, according to a number of legal settlements. The class-action lawsuits accused the companies of placing tracking software in the apps without parents' knowledge or consent. The trackers are used to profile children across apps and devices and target them with ads and in-app purchase pitches.


  • A judge in the U.S. District Court for the Northern District of California approved the settlements on Monday.
  • App developers will still be allowed to display contextual ads based on the app's content.
  • “On thousands of apps, children will no longer be targeted with the most insidious and manipulative forms of marketing," commented Josh Golin, executive director of the Campaign for a Commercial-Free Childhood.


Taiwan's use of medical data and technology made fighting COVID-19 less restrictive, but privacy was a casualty, argues New Zealand researchers. Taiwan employed big data analytics with real-time medical data, location tracking, and contact tracing to curb COVID-19's spread.


  • Taiwan employed an "electronic digital fence" system that enforced home quarantines; if individuals left their homes or their phone no longer transmitted a signal, police and health agencies would be notified. 
  • Taiwan's approach limited the need for lockdowns, but required the tracking of individuals by the government, raising privacy concerns.
  • By contrast, New Zealand's government combined lockdowns with an opt-in model for its COVID-19 Tracer app to comply with the country's Privacy Act.


Multi-party computation (MPC) could be used to solve the privacy concerns associated with the use of blockchain technology, notes Kurt Nielsen, president of Partisia Blockchain. MPC uses a network of nodes that compute directly on encrypted data while not retaining knowledge of the data.


  • Blockchain technology can store personal data in a secure manner in its immutable ledger, but the data cannot be altered or removed, raising compliance issues with the EU's General Data Protection Regulation and other data privacy laws.
  • Using MPC, a company could access data on the average age of its employees without the employees publicly sharing their ages.
  • Joining MPC with blockchain can also improve consumer confidence in protecting personal information stored by cryptocurrency sites.


The EU's dominance as a model for data privacy regulation around the world, the so-called "Brussels effect," raises concerns among some academics that it is imposing its values on other countries. Some legal scholars argue that the EU has become, in effect, a sovereign for the rest of the world in terms of data privacy.


  • Anu Bradford of Columbia Law School terms this pattern "unilateral regulatory globalization," in which one country's or region's regulations are extended beyond their borders to the global market.
  • Paul M. Schwartz of the University of Berkeley School of Law argues that GDPR's global impact is a result of its influence as an early model of privacy rights protection, rather than a nefarious plot out of Brussels.
  • Róisín Á. Costello of the Dublin City University's School of Law notes that the European Court of Justice took an aggressive approach in the Schrems II by striking down EU-U.S. Privacy Shield on the grounds that U.S. legal protections did not meet the EU's concept of data privacy rights.


In other privacy news...
  • Apple's launch event on April 20 is expected to debut App Tracking Transparency, which will require companies to get permission from iPad and iPhone users to track them. 
  • During the first half of April, Google began implementing its Federated Learning of Cohorts (FLoC) technology intended to replace third-party trackers in the Chrome browser.
  • The privacy watchdog of German state Hamburg is trying to block WhatsApp's new privacy policy, in effect usurping Ireland's role as General Data Protection Regulation enforcer for parent company Facebook.
  • Class-action privacy lawsuits against home security and monitoring companies are on the rise.

Transcend in 10 Minutes: In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.