Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at just over 1,200 words, we’re covering Apple's new App Tracking Transparency feature in iOS 14.5 and the fallout, new research on bipartisan support emerging for a national privacy law, an update on Florida's Data Privacy bill, and more.

—The Transcend team

Apple released iOS 14.5 on Monday, which comes with a long-awaited privacy feature called App Tracking Transparency (ATT). ATT forces apps to obtain user permission before they can track a user's activity and share it with other apps or websites. 


  • ATT affects Apple’s ID for Advertisers (IDFA), which enables advertisers to measure iOS users’ activity across apps. This helps them better target ads and gauge the success of their marketing campaigns.
  • Before the release of iOS 14.5, users had to opt out if they didn't want to be tracked. However, apps will now be required to ask users to opt in before they can begin tracking their activity.
  • The move will benefit Apple's ad business as advertisers will be given more data if they purchase Apple’s ad space instead of third parties.
  • China's app moves: On Monday, Chinese regulators issued new guidelines mandating that apps must obtain permission from users before they aggregate personal information. They must also be transparent about what information will be collected and how it will be used.


There's bipartisan support for the U.S. Congress to pass a national data privacy standard, as states move to introduce their own privacy legislation in the interim. Eighty-three percent of all voters said establishing a national standard should be a  “top” or “important” priority for Congress this year. It's a view held by 86% of Democrats and 81% of Republicans.


  • 75% of voters believe states should establish guidelines for data collection, while 72% believe it's Congress's job.
  • Last month, Rep. Suzan DelBene (D-Wash.) introduced the Information Transparency and Personal Data Act. Besides this bill, there has been little progress on the issue so far during this congressional session.
  • California passed the first state privacy law in 2018, which led to more states such as Virginia and Illinois exploring their options.


A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

While we await more news from D.C. on a federal bill, the Florida House approved a new consumer privacy bill. Under the bill, companies will have to be transparent about the consumer data they're aggregating and are required to delete it if requested. Companies that ignore consumer requests and sell data without permission can be sued under the personal cause of action provision.


  • Florida Gov. Ron DeSantis is looking to curb the influence of big tech companies and address concerns from conservatives over censorship.
  • Major businesses strongly oppose the bill and have argued they'd incur billions in compliance costs. It's unknown how long it would take to establish the necessary infrastructure and protocols to ensure compliance.
  • What's next? The bill now goes to the state Senate, where there is strong opposition to the personal cause of action provision.


Calculate the cost of privacy: Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it out

Facial recognition technology should be banned in the EU, argued the European Data Protection Supervisor (EDPS). The agency was commenting on proposed EU rules for use of artificial intelligence (AI), including allowing facial recognition to be employed to look for criminals, terrorists, or missing children.


  • "A stricter approach is necessary given that remote biometric identification [facial recognition], where AI may contribute to unprecedented developments, presents extremely high risks of deep and non-democratic intrusion into individuals' private lives," EDPS said in a statement.
  • The European Commission's proposed AI rules would ban the use of facial recognition in public spaces for law enforcement purposes. 
  • However, there are numerous exceptions to this ban, which are what concerns EDPS. 


Fresh from putting Apple under the spotlight, the French Data Protection Authority (CNIL) intends to begin auditing websites to ensure compliance with cookie regulations. CNIL published guidelines on complying with the cookie rules on Oct. 1, 2020, and gave companies a six-month grace period to come into compliance. 


  • Cookie regulations in Europe are primarily governed by the e-Privacy Directive, but each country implements the directive into national law. The EU is working on an E-Privacy Regulation that would be applicable throughout the EU without the need for national implementing legislation.
  • The French regulator has been active in enforcing cookie rules, fining Google  €135M in December last year. 
  • CNIL also developed a cookie tracking tool that enables consumers to determine what data is being collected by cookies on their browsers.


More than one-third of adults 50 years of age and older said that privacy concerns were a top barrier to adopting new technology, according to a survey of 2,807 adults by AARP Research. More than 80% said they are not sure that what they do online remains private.


  • 38% of older adults cited cost and 37% said lack of knowledge kept them from adopting new technology.
  • "Many of those privacy concerns are absolutely valid,” commented Gennie Gebhart, a privacy researcher at the Electronic Frontier Foundation.
  • Personal data collection fuels a $227B industry, estimates Apple. 


The New York Times (NYT) has shared how they implemented a technical privacy system to protect users' privacy rights and build trust among readers. The newspaper decided to invest in privacy because of the complexity of meeting both domestic and foreign regulations, explained Kelsey Johnson, NYT senior data government manager, at our recent Privacy_Infra() event.


  • "Our team of two was tasked with simultaneously discovering our organization’s data, advertising, marketing, and business operations. All the while, designing [privacy] rules and finding ways to make them work across our products," Johnson related.
  • The NYT launched a project two years ago called Privacy Users Rules and Regulators (PURR), which centralizes business rules and logic for enforcing privacy regulations. 
  • PURR enables the NYT's data governance team to adjust data practices while simplifying implementation across 70 products impacted by the regulations.


In other privacy news...
  • TikTok faces a class-action lawsuit in the U.K. over its collection of children's personal data, which could cost it billions of dollars. 
  • The Minnesota Department of Transportation is working on a privacy and security framework for smart transportation infrastructure and vehicles.
  • GitHub is allowing users to opt out of Google's Federated Learning of Cohorts (FLoC), which is intended to replace cookies but has raised privacy concerns.

Transcend in 10 Mins: In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch Now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.