Privacy XFN

Welcome to Privacy XFN, curating the best reads at the intersection of data privacy and tech. This week we’re covering the U.K.'s plans to overhaul its privacy laws, China's crackdown of foreign IPOs, Ohio's plans to be the fourth state with a privacy law, and much more.

And in news just in this morning: WhatsApp has been fined nearly $270 million by Irish authorities today for not being transparent about how it uses data. More on WhatsApp global privacy challenges below.

—The Transcend team

The U.K. government has announced it will reform its data protection rules following its departure from the EU. British Digital Secretary Oliver Dowden said the rules would be designed to encourage innovation and economic growth.


  • The U.K. is looking to reach data transfer agreements with six target nations, including the U.S. and Australia.
  • A quick reminder: In June, the EU approved of the U.K.'s privacy rules which meant data transfers between the two regions were allowed to continue.
  • The EU could suspend data transfers with the U.K. if it doesn't approve of the new rules.
  • The U.K government wants New Zealand privacy commissioner John Edwards to replace Elizabeth Denham as information commissioner when her term expires on Oct. 31.

The Guardian

Another week, more privacy news from China: The Chinese government will introduce new rules prohibiting companies from going public abroad if they possess large amounts of data. The rules are targeted at tech giants but aren't expected to impact companies in other industries such as pharmaceuticals. They're likely to go into effect in Q4, and some companies have been asked to delay their IPOs.


  • In July, the Cyberspace Administration of China (CAC) ordered companies that store data of at least one million users to apply for a cybersecurity review, if they want to go public abroad.
  • Last month, Chinese ride-hailing giant Didi delayed plans to expand into Europe amidst ongoing scrutiny from the government.
  • Didi was removed from Chinese app stores in July after the government said it illegally collected user data.
  • China's crackdown continues: The CAC also published a draft proposal banning companies from developing algorithms that trigger addictive behavior.


Ohio lawmakers have introduced the Ohio Personal Privacy Act. The bill would apply to companies with over 100,000 customers or generate at least $25M in annual revenue. It would also cover companies that make at least half their revenue from processing data or control data of a minimum of 25,000 consumers.


  • Under the bill, companies would need to be transparent with consumers about what data they've collected and make corrections if requested.
  • Consumers could also ask companies to stop selling their data and have it deleted.
  • The bill doesn't give consumers a private right of action, and the attorney general can issue fines of up to $5,000 for each violation.

National Law Review

6 unique features of our Consent Manager: You may already know that Transcend’s Consent Manger is designed to move companies beyond cookie banners, but did you know it also enables more precise choices for site owners and their users?

Read post
Some technologists have expressed concerns about Google's Privacy Budget. They called the concept "vague" and warned Chrome's functionality could be diminished if it isn't correctly implemented.


  • What is Privacy Budget: it protects users from fingerprinting and restricts the amount of data that's accessible via a browser.
  • One concern is that Privacy Budget could block websites from determining if someone has logged on.
  • Google wants to incorporate the tool in Privacy Sandbox, which is set to launch in 2023.
  • Technologists have criticized Google for not being transparent about how it will implement the technology.


WhatsApp said it would update its Brazilian privacy policy following months of discussions with regulators. The company said it wouldn't delete accounts that didn't accept its new privacy policy that was rolled out worldwide in May.


  • WhatsApp vowed to provide the ANPD, Brazil's data protection body, with all relevant documents and reports when requested.
  • It will give users educational materials outlining how to use the app safely. 
  • Meanwhile in Asia: On Oct. 22, an Indian court will hear WhatsApp and Facebook's legal challenge to new internet rules, they say violate privacy rights.
  • In news just in: WhatsApp was fined nearly $270 million by Irish authorities on Thursday for not being transparent about how it uses data collected from people. WhatsApp said it would appeal the decision.


Privacy concerns have emerged as usage of geofence warrants by law enforcement has increased over the past three years. Last week, Google revealed the number of geofence warrants it received rose from 982 in 2018 to 11,554 last year. They now account for over a quarter of data requests Google gets from law enforcement.


  • Privacy activists say the warrants violate the fourth amendment, designed to protect Americans from unreasonable search and seizures.
  • In June 2020, New York state lawmakers introduced a bill that would ban the warrants. 
  • This was the first piece of legislation in the U.S. that would regulate the use of the tool, but it has yet to pass.
  • Google's not alone: Snapchat, Uber, and Apple have also received geofence warrants.


21-year-old hacker John Binns told the WSJ he carried out the attack on T-Mobile last month. Over 50 million customers had their personal information, including names, social security numbers, and dates of birth exposed.


  • Binns said he was able to identify weak spots via an unspecified tool that anyone can use.
  • Binns called T-Mobile's security "awful" as he was able to bypass the company's defenses via an unprotected router.
  • The hacker said he wanted to gain attention but didn't reveal if he'd been compensated for the attack.
  • It's unclear if Binns worked alone or with others.


In other privacy news:
  • Google will pay Apple $15B this year to remain the default search engine on Safari, up from $10B previously. Some have questioned how this reflects on Apple's commitment to privacy.
  • 19 out of 24 U.S. government agencies, including the Departments of Defense and Homeland Security, employ facial recognition technology, according to a report from the Government Accountability Office.
  • New Mexico Attorney General Hector Balderas filed a lawsuit against Rovio Entertainment, accusing it of selling data of children under 13. Rovio developed Angry Birds.
  • Illinois Gov. J.B. Pritzker signed two bills designed to protect the privacy rights of sexual assault victims.
  • A 134GB server belonging to Chinese developer EskyFun was compromised, exposing the personal information of users.

Improved privacy, improved ROI—a case study: When Indiegogo needed a privacy partner who could give their users a modern and secure data privacy, they chose Transcend. But that was just the start. Read how by switching to Transcend, Indiegogo was able to reduce consumer privacy request processing costs by 80%.

Learn more

Privacy XFN is delivered to your inbox every Thursday morning and is sent by Transcend. We're an engineering company that makes it simple for companies to give their users control over their personal data. Learn more.