Privacy XFN

Welcome to Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering Apple's decision to analyze iCloud images, the FTC and lawmakers turn up the heat on Facebook, how Amazon has benefited from Apple's recent privacy changes, and more.

A l​​​​​ast reminder: Join us at noon PT today to hear privacy engineering talks from Doordash, Twitter, and Transcend. Data minimization, handling potential zero-day exploits, and more. Register now.

—The Transcend team

Apple will use cryptographic hashes to detect and report images containing child abuse that are uploaded to iCloud. But privacy experts have expressed concerns foreign governments will force Apple to give them access to encrypted data.


  • Google and Facebook have used the technology for years, but Apple said its system is superior to others as it only analyzes the hashes.
  • Apple said the technology can't be altered to analyze other forms of content.
  • WhatsApp CEO Will Cathcart criticized the move, and over 6,600 experts from various industries have asked the tech giant to reverse its decision.
  • A quick recap: In June, Apple announced it would eliminate mail-based tracking pixels, which enable marketers to track if a user opened their email.
  • The tech giant also introduced “Private Relay,” which will conceal the web browsing activity of users on Safari.


The FTC said Facebook provided an "inaccurate" justification for why it banned the accounts of researchers that are analyzing ad transparency and misinformation on the company's platform. Last week, Facebook said Ad Observatory, a tool created by New York University researchers, collected data in a manner that violates the company's policies.


  • In 2019, Facebook was fined $5B by the FTC for failing to adequately monitor how data is collected by third parties.
  • Facebook agreed to a data privacy agreement with the FTC, where the tech giant vowed to obtain consent from users before sharing personal data with third parties.
  • Initially, the company said it was forced to suspend the accounts to ensure compliance with the data privacy agreement but later retracted the statement.
  • On Monday, Democratic lawmakers called on Facebook to explain why its actions.

The Hill

Still on Facebook, the social media giant is beginning to lose some of its market share in the advertising industry to Amazon. In June, Apple announced apps would have to seek permission from users before tracking their activity. So far, only 25% of users have opted in, which has diminished the effectiveness of Facebook ads.


  • The U.S. digital advertising market is worth $191B.
  • Google (28.8%) and Facebook (25.4%) are the dominant players, while Amazon controls 10.7%.
  • Amazon's ad revenue grew by 87.5% in Q2 compared to 56% for Facebook.
  • Last month, Facebook warned revenue growth would slow down "significantly" in the next few quarters in part due to Apple's recent privacy changes.
  • It's important to note that while Amazon has taken market share from both Google and Facebook, it still has a long way to go before it can be considered a significant threat.


The State of Consent Management: We surveyed 100 global technical leaders on how they manage user tracking and consent preferences on their company’s websites. Leaders acknowledge they face a tension balancing customer trust and online experiences. Read the full report for more insights.

Download Now
Brazil's National Data Protection Authority (ANPD) vowed to penalize companies that don't comply with the country's data protection rules that went into effect at the beginning of this month. The rules limit the amount of personal data government agencies and private businesses can process.


  • Companies that don't comply can be fined $9.6M daily.
  • The ANPD could also limit the amount of data violators can process or issue an outright ban.
  • In a recent survey of 207 companies 40% admitted they wouldn't be fully compliant with the rules by the Aug. 1 deadline.


As states move ahead with their own privacy law overhauls, the definition of sensitive personal information remains unclear, argues David Zetoony of Greenberg Traurig. Some privacy laws clearly specify what categories are considered sensitive while others don't.


  • California's CCPA doesn't use the term but gives certain categories such as social security numbers more protection. California's CRPA uses the term.
  • The NIST Privacy Framework doesn't define the term, but ISO 27701 and 29100 say any category that could have a major impact on a data subject during a breach is considered sensitive.
  • GDPR, CPRA, Virginia, and Colorado's privacy laws consider biometric information sensitive if used to identify a data subject.
  • The CCPA considers this data sensitive only in combination with a name.

National Law Review

Facebook's new prayer request feature has attracted privacy concerns. The tool enables users in faith-based Facebook groups to create a post requesting prayers for personal challenges in their life. Other members can click the “I prayed” button, like the post, leave a comment, or send a direct message.


  • Advertisers can't target ads based on a prayer post.
  • Some faith leaders have welcomed the tool, but others have expressed privacy concerns as individuals will be sharing traumatic personal events.
  • Facebook says the tool is designed to support faith-based communities and began testing it in the U.S. last December.

Associated Press

U.S. border patrol agents will be required to wear body cameras. A recent privacy assessment said any footage that's usable for a criminal case could be stored for up to 75 years. Otherwise, it should be deleted in 180 days.


  • The initial rollout will occur in New Mexico, California, Texas, Vermont, and Arizona later this year.
  • 7,500 cameras will be deployed in total, with 6,000 coming this year.
  • Arrests at the U.S.-Mexico border have hit a 20-year high.


In other privacy news:
  • One to share with your team: how to close online accounts while preserving privacy, from Consumer Reports.
  • Fintech startup Plaid agreed to a $58M settlement after it was accused of accessing customer's financial information without their permission.
  • New York City Mayor Bill DeBlasio's decision to mandate vaccine passports has drawn privacy concerns.
  • WhatsApp introduced a new privacy feature that lets users send photos and videos that automatically disappear after they've been viewed.
  • Canadian Prime Minister Justin Trudeau's Liberal Party is facing an investigation from a provincial watchdog over its use of facial recognition technology to select candidates for the next federal election.
  • U.S. prisons could use artificial intelligence to study phone calls made by inmates.

Consent management, reinvented: Existing consent managers are broken. They only regulate 3rd party scripts – leaving your company non-compliant, and users with a terrible experience. So, we reinvented how they work.

Get early access

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.