Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at slightly under 1,200 words, we’re covering how Amazon's ad business could benefit from Apple's recent privacy changes, a bipartisan bill aimed at blocking advertisers from targeting children, WhatsApp alleviating fears users won't have access to their account, and more.

—The Transcend team

Amazon's advertising business could benefit from Apple's recent privacy changes, according to CNBC. As part of iOS 14.5, it has become easier for iPhone and iPad users to block advertisers from tracking them. Amazon’s strong first-party relationship with consumers is appealing to advertisers, who still want to collect data that enables them to target ads and measure performance.


  • While Amazon will be forced to show a prompt that lets users opt-out, it can still track them once they're in its properties. Amazon can still monitor which ads they saw or clicked, or purchased from.
  • Amazon has more than 200 million Prime members, which means the value of its consumer data to advertisers will increase due to Apple's recent changes.
  • Amazon reports ad revenue under the “other” business category, which grew by 69% year-over-year in Q1 to $6.9B.


Lawmakers in the Senate this week introduced the bipartisan Children and Teens’ Online Privacy Protection Act prohibiting advertisers from targeting children. Internet companies would have to obtain consent before they begin aggregating data from youths aged 13-15. Currently, such protections only exist for children aged 12 and under.


  • If companies “reasonably know” minors are on their websites, they must obtain consent before collecting data. Currently, companies are only required to seek consent if they have  “actual knowledge” youth under 13 are on their website or if they're directly targeting children.
  • While similar bills have been introduced in the past, child safety advocates are more optimistic Congress will turn the legislation into law.
  • In related news: 44 attorney generals asked Facebook to suspend plans to launch a special version of Instagram for children due to health concerns, potential exposure to online predators, and cyberbullying. Companies are required to obtain permission from parents if they collect data from users under 13 according to federal children’s privacy rules

The Washington Post

WhatsApp announced users won't "have their accounts deleted or lose functionality" if they don't accept a new privacy policy by May 15th. In February, WhatsApp warned users who fail to agree to the new policy by May 15th would lose functionality. Instead, the company will now issue a reminder telling users to accept the changes, and delay blocking features.


  • After a few weeks, Whatsapp will issue "persistent reminders" and begin to limit functionality as users won't be allowed to access the standard chat list from the app. If users still don't accept the changes within an additional few weeks, they'll lose functionality.
  • Why the policy is controversial: There are fears the changes will worsen WhatsApp's encryption, and user data will be shared with Facebook. However, the policy only impacts conversations with businesses as messages could be stored on Facebook's servers or used in advertising.
  • Other platforms such as Signal and Telegram have risen in popularity since WhatsApp announced its new policy.

The Verge

Calculate the cost of privacy:

Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it now
Massachusetts passed a new police reform law limiting the use of facial recognition. Police will only be allowed to compare images to the database of photos and names for other agencies such as the FBI when they've obtained a court order.


  • Local police aren't allowed to have contracts with private companies, but these restrictions don't exist for the state police or FBI.
  • Privacy advocates argue the FBI and state police can share information they've obtained from private companies with local police.
  • Cities like San Francisco, Minneapolis, and Portland have banned the use of facial recognition by law enforcement.


Google will implement a new “safety” section in Google Play that will force app developers to be transparent about what data is collected and how it's stored and used. Developers that comply with distinct privacy policies such as data encryption will be allowed to promote these details in the app listing. 


  • The move comes after Apple announced developers would be required to share their app's privacy practices in brief summaries on the App Store in December.
  • Key Differences: Apple's labels highlight what data is being collected. Google is focused on informing users about if users can trust the entities collecting the data.
  • The tech giant will introduce the new features in the second quarter of 2022.


Speaking of Google, a lawsuit was filed against the tech giant accusing it of violating privacy rights by storing and selling users' personal information. Law firm Cotchett, Pitre, and McCarthy has accused Google of secretly monitoring user behavior and selling the data to advertisers via auctions.


  • The lawsuit alleges that Google uses its products such as YouTube, Gmail, and the Chrome browser to aggregate personal data about its users' locations, ethnicities, and interests.
  • The information is auctioned off to bidders who want to advertise on a page that the user is likely to view.
  • The suit argues that while there's only one auction winner, all participants can profit off of the information.
  • Cotchett, Pitre, and McCarthy said it has been tracking these allegations for several months.


The U.K.'s  National Cyber Security Centre (NCSC) encouraged smart cities to strengthen their digital defenses, or they'll be vulnerable to hackers. The NCSC warned that sensors and internet-connected devices can be hacked by criminals and foreign governments to steal data.


  • The agency said the risks would increase as more devices become interconnected.
  • Failure to implement proper defense measures could result in “breaches of privacy,” according to the NCSC.
  • In 2019, hackers successfully shut down the Johannesburg City Council's cyber network and energy distribution company.


In other privacy news:

  • Musicians, academics, and human-rights groups are asking Spotify not to develop its newly patented technology for emotional speech recognition.
  • 45 attorney generals have asked Congress to provide them with additional funding for the antitrust investigation.
  • The Cyberspace Administration of China introduced new regulations to tighten state control over mobile app information sources and limit notification volumes.
  • Zynga bought the advertising technology platform Chartboost for $250M as it adjusts to Apple's new privacy policies. Zynga owns hundreds of iPhone apps.
  • Daniel Roesler, project lead of VAX.Codes discussed how Open Austin built a privacy-first COVID-19 vaccine verification system at our most recent privacy_infra() engineering event.

Transcend in 10 Mins:

In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch Now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.