Privacy XFN

Welcome to this week’s Privacy XFN, curating the best reads at the intersection of data privacy and tech. We’re covering ongoing talks between the U.S. and EU over a new privacy agreement, states introducing new laws to protect employee privacy during the COVID-19 pandemic, an early Facebook investor urges President Biden to stand up to big tech, and much more.

—The Transcend team

It remains unknown when the U.S. and EU will reach a new agreement to allow cross-border data flow as talks enter their second year. The European Court of Justice declared the EU-US Privacy Shield invalid in July 2020, saying it didn't do an adequate job of protecting the privacy of European residents.


  • Privacy experts have warned 5,400 firms could be forced to relocate their digital infrastructure to the EU if both sides don't reach an agreement.
  • The U.S. Commerce Department has introduced temporary solutions such as standard contractual clauses and binding corporate rules.
  • These measures are costly and impact small and medium-sized businesses, which made up the bulk of the companies protected by Privacy Shield.
  • What's next: President Biden stressed the importance of reaching a new deal during a meeting with European leaders last month, and negotiations will continue throughout the summer.


Several states have introduced new laws to protect employee privacy during the COVID-19 pandemic. In Oregon, consent must be obtained before personal data is collected for contact tracing. In Hawaii, employers can only require employees to install a location-tracking app on their company-owned phones and not their personal ones.


  • States such as Florida and Georgia have banned government agencies from issuing vaccine passports due to privacy concerns.
  • The Biden administration said it wouldn't introduce vaccine passports in April.
  • In Montana, employers can't implement vaccine mandates.
  • A Washington state bill that would have restricted the collection of health data was vetoed by Gov. Jay Inslee due to concerns it would hinder attempts to limit the spread of the virus.


In more California privacy developments, the state's Attorney General has make clear his position that data tracking for advertising and analytics purposes—including cookie-based tracking—fits within the CCPA's definition of a data “sale.” AG Rob Bonta recently sent out enforcement letters to advertisers and social media platforms to ensure they’re complying with the law.


  • Legal experts say Bonta will look at how analytics trackers are being used and if they monitor people offline or on multiple sites when determining if a company is complying with the law.
  • Each unintentional cookie-related violation will result in a $2,500 fine. 
  • Every intentional violation will lead to a $7,500 penalty.
  • Looking ahead: Bonta has the authority to treat each violation separately but experts say he’s unlikely to do so.


The State of Consent Management: We surveyed 100 global technical leaders on how they manage user tracking and consent preferences on their company’s websites. Leaders acknowledge they face a tension balancing customer trust and online experiences. Read the full report for more insights.

Download now
President Biden must take a stronger stance against tech giants to protect privacy rights, argues early Facebook investor Roger McNamee. McNamee says the absence of a federal privacy law has enabled tech giants to engage in "surveillance capitalism," where they aggregate large amounts of personal data and prioritize profits over user wellbeing.


  • McNamee urged Biden to introduce legislation focused on privacy, antitrust, and consumer safety.
  • McNamee praised some of Biden's appointments, such as FTC Commissioner Lina Khan.
  • A recent Lawfare blog post argues the FTC's "outdated" conflict of interest rules prevent it from hiring the right talent to investigate tech giants.
  • Earlier this month, Biden signed an executive order urging agencies like the FTC to introduce new rules that limit the amount of data tech companies can collect.
  • Who is Roger McNamee? He was an early Facebook investor but has become a vocal critic of tech giants and their business models.


Venmo has introduced new privacy features, eliminating the public feed that shows all transactions. Users will now only be able to view transactions made by people on their friend list.


  • A quick recap: In May, Buzzfeed reporters were able to find President Biden’s personal account within minutes, which raised privacy concerns.
  • Venmo gave users the ability to set their friends list as public, visible to friends, or private.
  • Users were also allowed to opt-out of appearing in other users' friend lists.


Facial recognition startups have raised over $500M so far this year, up from $622M in all of 2020. The funding occurred despite states and cities such as Maine, Massachusetts, and Minneapolis limiting or banning the technology this year due to privacy concerns.


  • The U.S. doesn't have a federal law regulating the use of facial recognition.
  • Earlier this month, Israeli startup AnyVision raised a $235M Series C that valued it at over $1B.
  • Last week, Clearview AI raised a $38M Series B at a $130M valuation. The company is banned in Canada and under a joint investigation by the U.K. and Australia.
  • Last year, Amazon and Microsoft pledged to stop selling their facial recognition technology to law enforcement following the death of George Floyd at the hands of the Minneapolis police.


Google has given further details on how it will roll out its Privacy Sandbox. It was initially to be introduced this year, but in June, the tech giant delayed the rollout until 2023 to give stakeholders more time to adapt.


  • Google is currently in the discussion stage, which will end in Q3 2021.
  • The technology will become available to developers during the testing stage between Q4 2021 and Q3 2022.
  • Google will launch privacy sandbox in Chrome during the “ready for adoption” phase between Q1 2022 and Q3 2022.
  • Stage 1 of the transition phase will occur between Q4 2022 and Q2 2023, where Google will assess how the rollout is going.
  • Google will end support for third-party cookies during Stage 2 of the transition phase in Q3 2022.

Search Engine Roundtable


In other privacy news

  • Hong Kong’s government will be able to limit access to social media as part of a new privacy law.
  • Human rights groups say that a new Indian law that permits the collection of genetic data violates privacy rights.
  • WhatsApp CEO Will Cathcart says NSO Group’s spyware targeted 1,400 accounts in 2019, including officials in critical national security positions for countries that are U.S. allies.
  • TikTok was fined $885,000 by the Netherlands’ Data Protection Authority for failing to translate its privacy statement into Dutch.
  • The Office of the Australian Information Commissioner said Uber violated the country’s privacy laws after it failed to disclose a 2016 data breach that impacted 1.2 million people.
  • Twenty-seven states have contracts with, which uses facial recognition technology to verify the identity of individuals seeking unemployment benefits.

Consent Management, Reinvented: Existing consent managers are broken. They only regulate 3rd party scripts – leaving your company non-compliant, and users with a terrible experience. So, we reinvented how they work—want to join as a beta partner? 

Get early access

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.