Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech. We’re covering an agreement between the EU and U.K. that will ensure cross-border data flows continue, Google's plans to delay the removal of third-party cookies by almost two years, Congress facing pressure to pass a privacy law as calls for vaccine passports rise, and more.

—The Transcend team

The European Union (EU) approved the U.K.'s privacy rules, meaning data will continue to flow between the two regions after Brexit. The EU ruled that the U.K.'s privacy rules are on par with its own — including GDPR. The bloc assured its citizens their personal data will receive the same level of protection when it's sent to the U.K.


  • Businesses had expressed concerns that billions of dollars worth of digital trade would be jeopardized if both sides failed to reach an agreement.
  • When a post-Brexit trade deal was struck in December, it included a temporary six-month provision to ensure the cross-border data flow wasn't stopped.
  • The EU implemented a “sunset clause,” which means the deal will expire in four years. The bloc said it would intervene if the U.K. deviates from its data standards.
  • What's next: The U.K. had already recognized the EU's privacy rules and is now looking to reach similar agreements with other countries.

The Guardian

Google will delay plans to remove third-party cookies from Chrome until late 2023. The tech giant had initially planned to phase out cookies in early 2022 but said the move will give stakeholders more time to adapt to the new tools it's developing as part of the privacy sandbox.


  • Google's plans have attracted lawsuits and investigations from regulators in the U.S and EU.
  • The tech giant is facing simultaneous pressure to strengthen user-privacy protections without disrupting the $455B global online-ad market.
  • Chrome is the world's dominant browser, controlling 65% of the market.
  • An update on everyone else: Rival browsers such as Mozilla Firefox and Safari have already limited cookies.


A message from TRANSCEND

What's really involved in building a privacy request system in house?

In this guide, we provide a breakdown of the essential elements to build an automated privacy request workflow, with advice from our experts who build these systems for a variety of multinational companies.

Also included: The six key questions you should have answers for before you start to guide your cross-functional conversations.

Get the guide

As calls for vaccine passports rise, the U.S. must pass new privacy legislation according to the Brookings Institution. Failure to do so could jeopardize personal data as more private companies begin to seek proof of vaccination.


  • The U.K., China, and India are among a list of countries that have introduced vaccine passports.
  • However, the U.S. lacks a data privacy law, and states such as Arkansas, Florida, and Indiana have passed legislation prohibiting vaccine passports.
  • The Biden administration has said the U.S. won't have a "centralized, universal federal vaccinations database,”
  • However, companies such as Walmart, which has administered vaccines, are required to maintain vaccination records.

The Brookings Institution

Consent Management, Reinvented:

Existing consent managers are broken. They only regulate 3rd party scripts – leaving your company non-compliant, and users with a terrible experience. So, we reinvented how they work—want to join as a beta partner?

Get early access

Former TikTok employees say its Chinese parent company ByteDance has a tight grip on the app, raising privacy concerns the Chinese government could collect personal information of Americans. One person said ByteDance employees can access American's personal data.


  • TikTok's privacy policy acknowledges that data could be shared with ByteDance but claims it has "rigorous access controls and a strict approval process."
  • Last year, Former President Donald Trump signed an executive order banning TikTok due to national security concerns unless it was sold to an American company.
  • Earlier this month, President Joe Biden overturned Trump's order but said the government must establish guidelines to analyze risks posed by apps with connections to rival countries.
  • Separate but related: TikTok is facing a $1.8B lawsuit in the Netherlands after a consumer group accused the app of illegally aggregating the personal data of children.


Privacy advocates have expressed concerns about new tools IBM is building to ensure online advertising algorithms don't discriminate. A team of 14 people will spend the next six months analyzing how to prevent unintended bias in ads and messaging.


  • Evidence shows that certain demographics such as Black people and women are blocked from viewing ads because of illegal decisions made by advertisers or algorithms.
  • The two largest global ad sellers Facebook and Google, have made some changes, but the issue still persists.
  • IBM analyzed its own ad purchases, and preliminary data indicates they can be shown to all demographics without impacting key metrics.

Venture Beat

Canadian Prime Minister Justin Trudeau's Liberal Party could be investigated over its use of facial recognition to select candidates for the next election. The investigation would be carried out by British Columbia's information and privacy commissioner. B.C. is the only Canadian province with privacy laws that allow it to independently probe the actions of political parties.


  • The party says it only uses the technology to confirm the identity of eligible voters at its nomination meetings which are being held online due to the COVID-19 pandemic.
  • The Liberals say an individual's information is deleted once their identity has been confirmed.
  • The party defended its use of the technology and said it aligned with the public guidance issued by Canada's privacy commissioner.


The U.S. Supreme Court rejected multiple cases centered around searches of electronic devices at the U.S. border. The move comes as lower courts across the U.S. are being swamped with cases to determine the constitutionality of searches of personal devices.


  • In February, a circuit court said Customs and Border Protection agents can search electronic devices without a search warrant.
  • The Supreme Court didn't take up this case despite appeals from the American Civil Liberties Union and the Electronic Frontier Foundation.
  • In a separate case, the Justice Department asked the court to review a case where evidence against a man charged with importing cocaine was obtained via a warrantless search.


In other privacy news:

  • Law enforcement officials in Baltimore can't use data obtained via the city's spy plane program after a court ruled it violated the fourth amendment.
  • Amazon bought encrypted messaging app Wickr for an undisclosed price.
  • 86% of consumers want companies to be more transparent over how they use personal data, according to a new report from Facebook.
  • Campaigners are calling the U.K.'s National Health Service's Somerset Foundation Trust plans to sell 1.1 million records to Sensyne Health "an invasion of privacy."
  • Privacy concerns have been raised about the Indian government's plans to establish online databases of farmers.

Transcend in 10 Mins:

In this short on-demand demo, Transcend CEO Ben Brook walks through how we can help improve your privacy ROI with scalable, secure, and future-proof privacy infrastructure.

Watch Now

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.