Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at slightly under 1,200 words, we’re covering a recent ruling that went against Facebook, how Apple's recent privacy changes could hurt the social media giant, a wave of new state privacy legislation that has been introduced in the past six months, and more.

—The Transcend team

The Irish High Court rejected Facebook's attempt to block Ireland’s data privacy watchdog from launching an investigation that could force the tech giant to stop sending data from the European Union (EU) to the U.S. Last August, the EU's top court struck down a transatlantic data transfer framework called Privacy Shield, ruling it didn't sufficiently protect the data of European users from the U.S. government.


  • Ireland's Data Protection Commission (DPC) launched an inquiry last year shortly after the ruling. In September 2020, the DPC issued a preliminary order to Facebook, telling it to suspend data transfers from the EU to the U.S.
  • Facebook filed a judicial review and obtained a stay on the DPC's order, which the Irish High Court has now unblocked.
  • What's next: If Facebook is blocked from transferring data between the EU and the U.S., it will have to revamp its data center operations. It's unknown how this could impact Facebook users.
  • The DPC is the lead enforcer of the EU's privacy rules. While this case only affects Facebook, it could have significant ramifications for other tech giants such as Google and Twitter, whose European headquarters are in Ireland.

Associated Press

Speaking of Facebook, Apple's recent privacy changes could hurt the social media giant's business. Developers are now required to obtain permission before they can track users, and so far, less than 6% of individuals have opted in, according to analytics firm Flurry. About 15% of apps have been asking for permission, which indicates that developers have adopted a wait-and-see approach.


  • Facebook's business model is built off aggregating large amounts of information to deliver personalized ads.
  • If Apple's recent changes don't severely impact advertisers and developers, Facebook's value proposition diminishes.
  • Users who don't opt-in will continue to see ads, however, the ads won't be personalized.


A message from TRANSCEND

How much is your company's privacy request program really costing?

Informed by real-world ROI modeling, our free calculator breaks down the variable, fixed, and unpredictable costs of manually processing GDPR & CCPA privacy requests.

Plus, get a customizable spreadsheet to model your company's specific scenario, and a free guidebook to help guide more strategic privacy conversations.

In the past six months alone, more than 100 pieces of legislation across at least 38 states have been introduced to protect data privacy, control speech policies, and promote tech competition, according to the New York Times. States have introduced 27 bills related to online privacy, an increase from two in 2018.


  • While only a limited number of bills have become law, it's clear that states are no longer waiting on Congress, where progress has been slow, to establish new policies.
  • One major bill was Virginia's data privacy law passed in March that allows citizens to learn about the information that's being collected and block companies from selling it. Virginia became just the second state after California to pass a major privacy bill.
  • In response to the bills, Tech giants have ramped up lobbying efforts. In February, Apple deployed its chief privacy engineer, Erik Neuenschwander, to oppose a North Dakota bill that would have enabled developers to sidestep the tech giant's App Store rules. This bill failed in the state's Senate.


Calculate the cost of privacy:

Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it now

The Minnesota Senate passed a bill that would prohibit state and local governments from forcing individuals to share their health status during the COVID-19 pandemic.  Sen. Torrey Westrom said the legislation is designed to safeguard the medical privacy rights of citizens from vaccine passports and contact tracing.


  • As part of the bill, individuals won't be required to show they have antibodies or have obtained a positive or negative test for COVID-19.
  • Citizens won't be required to get vaccinated, tested, or participate in contact tracing.
  • Both Minnesota Gov. Tim Walz and the Biden administration have already said they won't mandate vaccine passports.

Amazon indefinitely extended a ban that prohibits law enforcement from using its facial recognition technology. The tech giant initially imposed the yearlong moratorium in June 2020, following the death of George Floyd at the hands of the Minneapolis police, which sparked nationwide protests against systemic racism and police brutality. It was set to expire on June 1st.


  • Amazon's Rekognition’s facial recognition software has been accused of disproportionately misidentifying women and people of color. This criticism has been backed by two independent studies from 2019.
  • When Amazon first imposed the ban last year, it urged Congress to pass legislation that ensures the ethical usage of facial recognition technology.
  • While Congress has yet to take action, states and municipalities such as Maine, San Francisco, and Massachusetts have restricted or banned the practice.
  • Following Amazon's move, Microsoft announced police wouldn't be allowed to use its facial recognition technology until lawmakers established federal regulations.


Apple reportedly succumbed to the demands of the Chinese government, weakening privacy rights and the speech of users in the Asian nation. according to the New York Times. The tech giant is building a new data center in Guiyang, China, equipped with Apple servers to store Chinese users' personal data. Government employees will operate the data center. The keys to opening the files will remain in China, meaning the government could access them.


  • Apple said it adheres to local laws and uses more advanced encryption technology in China compared to other countries.
  • Apple CEO Tim Cook has previously called data privacy "one of the top issues of the century" and touted the various measures the tech giant has employed to protect it.
  • China accounts for 15% of Apple's revenue, and the majority of its products are built in the Asian nation.
  • The tech giant was forced to transfer some control of user data to an external entity owned by the Chinese government.


Google introduced Android’s new Private Compute Core at its I/O developer conference on Tuesday. The Private Compute Core will occupy a separate spot within Android, and it will store data used in machine learning. It will be open-sourced and audited by third parties.


  • The partition enables Android to protect user data while ensuring it's available for system-level functions.
  • Google said the Private Compute Core will enable the tech giant to introduce new features while protecting users' data.
  • The tech giant introduced other new privacy features such as a setting that provides approximate location sharing.

The Verge

In other privacy news:

  • BuzzFeed reporters were able to locate President Joe Biden's personal Venmo account within 10 minutes. The company has taken down many accounts and issued a statement reiterating its commitment to user privacy.
  • WhatsApp won't be allowed to implement its new privacy policy in Brazil until authorities finish an investigation looking at its impact on users.
  • Zero-party data has emerged as the preferred solution amongst advertisers looking to capitalize on the rise in e-commerce sales during the COVID-19 pandemic.
  • Peloton-rival Echelon had an unsecure API that left riders' data vulnerable, according to Jan Masters, a security researcher at Pen Test Partners.
  • The Biden administration outlined its plans to protect the U.S. from future hacks following the Colonial Pipeline ransomware attack earlier this month.

Transcend in 10 Mins:

In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch Now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.