Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech for better cross-functional outcomes. Coming in at slightly under 1,200 words, we’re covering more federal privacy bill rumblings, criticisms of Canada's new privacy legislation, continued pressure on Congress to pass facial recognition regulations, and other global privacy movements.

—The Transcend team

Sen. Amy Klobuchar introduced a new bipartisan consumer data privacy bill that would give users the ability to opt-out of data tracking and collection. Companies would also be required to simplify their terms of agreement and notify users of a data breach within 72 hours.


  • This bill was first introduced by Klobuchar in 2019, following Facebook’s Cambridge Analytica scandal, however, it fell short in the Republican-controlled Senate. It has a better chance of passing now that Democrats control Congress.
  • Since 2019, several state privacy bills have passed, such as the California Consumer Privacy Act and Virginia's Consumer Data Protection Act.
  • Tech giants such as Facebook and Microsoft have urged Congress to establish a federal privacy framework to make it easier for them to comply.

The Verge

Privacy commissioners and experts say Canadian Prime Minister Justin Trudeau's privacy Bill C-11, which aims to upgrade the country's data protection rules, is insufficient. Critics say citizens and businesses are vulnerable due to antiquated rules that haven't been updated for new technology, such as facial recognition, and an absence of enforcement power for regulators. 


  • Canada's data privacy laws haven't been updated in 20 years, and critics warn the country could fall behind Europe. For example, in the U.K., regulators have stronger enforcement powers, enabling them to carry out raids which their Canadian counterparts can't do.
  • Earlier this year, Canadian federal privacy commissioner Daniel Therrien criticized facial recognition company Clearview AI's practice of taking photos posted on social media to build a database, but he couldn't force them to delete it.
  • As part of Bill C-11, companies that don't protect users' personal data will be fined 5% of global revenue, which Therrien calls "unjustifiably narrow and protracted."
  • What's next: Therrien has submitted 60 recommendations and urged the government to prioritize the privacy rights of individuals over commercial interests.


Facebook’s Nick Clegg has written an op-ed for CNBC urging Congress to pass new legislation for internet regulation and outlined four areas where he sees bipartisan support. Clegg praised lawmakers in Europe, India, and Australia for proposing laws that protect privacy. He also expressed concerns that Vietnam, Russia, and Turkey are adopting "the Chinese internet model" to expand surveillance.


  • First, Clegg says Congress should reform Section 230 to ensure companies remove illegal content in a transparent and accountable manner. They should only be given liability protection if they can demonstrate proof of this.
  • Second, Clegg urged Congress to launch a concentrated effort to combat influence operations by holding the individuals and organizations behind them responsible.
  • Third, Clegg says the U.S. should legislate a new federal privacy framework.
  • Fourth, Clegg recommends establishing a new digital regulator and outlining rules on data portability.


Calculate the cost of privacy: Try our new Privacy Request Cost Calculator to understand the costs of your privacy program, and to bring hard numbers to your next strategy conversation.

Try it out
Speaking of Congress, pressure continues to mount to pass legislation regulating the use of facial recognition by law enforcement, more than a year after the killing of George Floyd. Last week, Amazon indefinitely extended a ban on police usage of its facial recognition software. Privacy advocates praised Amazon's decision but urged Congress to take additional steps.


  • The House has already passed the George Floyd Justice in Policing Act, which would prevent law enforcement from using facial recognition technology in body cameras. It's unknown if this will pass in the Senate.
  • The bipartisan Fourth Amendment Is Not For Sale Act has been introduced in the Senate, which focuses on the Clearview AI facial recognition program used by police nationwide.
  • States and cities such as San Francisco and Virginia have passed legislation that bans or limits the use of facial recognition technology by law enforcement.
  • It comes as the U.S. Postal Service is using Clearview AI's facial recognition to identify suspects in investigations.

The Washington Post

WhatsApp sued the Indian government over new regulations that would force it to violate privacy protections. In February, the Indian government passed new regulations for social media and streaming platforms, mandating they remove any content identified by officials within 36 hours. They would also have to identify the "first originator of information" if ordered by authorities.


  • WhatsApp said it would have to break end-to-end encryption to comply, which would violate user privacy. It's asking the Delhi High Court to declare the law unconstitutional.
  • WhatsApp has 500M users in India, but rival apps such as Signal and Telegram have experienced a rise in downloads after the Facebook-owned company introduced its new privacy policy, which went into effect on May 15.
  • Last week, the government reportedly asked WhatsApp to remove its new policy due to concerns about its impact on the "choice and autonomy of Indian citizens."


More than a hundred U.S. municipalities have purchased surveillance technology from Chinese companies Hikvision and Dahua, according to TechCrunch. Both companies are linked to China's reported suppression of Uighur Muslims in the Xinjiang region.


  • China has been accused of keeping more than one million Uighur Muslims in "re-education camps" in Xinjiang. The U.S., EU, U.K., and Canada have accused China of committing genocide, which Beijing denies.
  • In 2019, the U.S. government added Hikvision and Dahua to its economic blacklist, and Congress has blocked federal agencies from buying technology from both companies due to national security concerns.
  • However, states and municipalities can purchase the technology as long as federal funds aren't used.


Patrick Breyer, a member of the European Parliament, says new legislation aimed at platforms such as Facebook and Google should strengthen users' privacy rights and preserve their right to anonymity. Last year, the European Commission introduced the Digital Services Act (DSA), which would force tech giants to take additional steps to combat illegal content. They'd also have to prevent activity that could violate fundamental rights or influence elections and public health.


  • Breyer calls the DSA weak and industry-friendly. He has called on the commission to pass legislation that transfers power from companies to the people and democratic institutions.
  • Breyer recommends including the right to anonymity and giving public officials the authority to remove illegal content instead of self-governance by tech giants.
  • What's next: The European Parliament wants to establish a common position before the end of the year and begin negotiations with EU countries in 2022.


In other privacy news:
  • Todd Feathers reports in The Markup on the U.S. Census Bureau's bumpy privacy overhaul
  • The Cyberspace Administration of China identified and criticized 105 apps, including the Chinese equivalent of TikTok and LinkedIn, for aggregating personal data that violated the nation's privacy laws.
  • Ireland’s Data Protection Commissioner has resumed its investigation into Facebook's data transfer policy after its high court ruled in its favor.
  • American Express was fined £90,000 ($127,111) by the U.K's Information Commissioner's Office for sending more than four million marketing emails to customers who had opted against receiving them.

Transcend in 10 Mins: In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch Now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.