Banner Image
qoute Image

That could mean that there is a path to passage. There will just be a lot of moving pieces to make that happen.

- Cobun Zweifel-Keegan on the proposed APRA

Welcome back to Snippets! We've said it before, and we'll say it again: privacy moves fast.

We're out for two weeks and come back to a new draft federal privacy law, multiple new state privacy laws (hello Maryland and Kentucky 👋), several new enforcement actions from the Federal Trade Commission (FTC)... and those are just the top headlines.

This week, we're focusing on the FTC's proposed settlement with telehealth firm Cerebral, why opinions are divided on the American Privacy Rights Act, and how a French developer is working on a privacy-protecting age verification system, as new age verification legislation sweeps the US and the globe. 

It's great to be back. We'll see you next week—same time, same place.


Telehealth provider Cerebral faces $7 million FTC fine


Photo by Amelia Holowaty Krales / The Verge

Telehealth firm Cerebral is facing a $7 million fine from the Federal Trade Commission (FTC)—following multiple allegations of severe customer data misuse.
  • The allegations include security lapses that exposed patient data, disclosing data to third parties for targeted advertising, and lying to customers about how their data is used.
  • According to the FTC, Cerebral shared home and email addresses, phone numbers, insurance details, and medical records for nearly 3.2 million customers with LinkedIn, TikTok, Snapchat, and others.
  • The FTC’s proposed settlement would permanently ban Cerebral from using health information for advertising and would require the company to obtain consent before sharing or selling data.

🎪 Join Transcend at the 2024 RSA Conference!

At this year's conference, Transcend is excited to be exhibiting, offering live demos, joining the Microsoft for Startups activation, and of course, learning more about how to best solve privacy and security professionals' greatest challenges!

Read on to learn where to find us and how you can grab some goodies to take home.


Newly proposed APRA divides privacy community


Getty Images

Expert opinions are split following last week’s release of a draft of the American Privacy Rights Act (APRA), a proposed US federal privacy law meant to eliminate the patchwork of state legislation.
  • The APRA would replace individual consent with a universal standard for minimal data collection, grant a stronger private right of action, and expand the definition of sensitive data.
  • Proponents argue a federal standard eliminates the chaos of multiple state-level protections, most of which lack a private right to action.
  • Skeptics are concerned about the bill's exception for data collection by government entities and worry the APRA would preempt state laws, some of which provide stronger protections in certain areas.


A privacy-friendly option for online age verification


Leon Neal/Getty Images

Though age-verification barriers on adult websites have gained traction in the US and across the globe, skeptics worry they may make consumers vulnerable to hacking, theft, and targeting based on sexual orientation.
  • Current age-verification methods include facial scans, revealing bank account details, and sharing ID cards, all of which can potentially be used to trace an individual's web history.
  • In France, a privacy-friendly alternative is emerging, thanks to computer scientist and professor Olivier Blazy.
  • Blazy worked with the country’s regulator, CNIL, to build a firewall that stands between a website and the verification service.
  • This firewall would conceal a user’s data and browsing habits, only allowing the age verification request to pass through.

  • US House passes two-year reauthorization of Section 702.
  • Indiana Republicans push for detailed access to abortion data.
  • Israeli startup combines AI-driven data analysis with privacy.
  • How ad blockers can protect against government surveillance.
  • Maryland and Kentucky pass new data privacy laws.


DuckDuckGo launches personal data removal product



Privacy-focused browser DuckDuckGo is launching a new tool that automatically scans data broker websites and submits takedown requests.
  • The tool will be available on the Privacy Pro subscription, which also includes access to the company's VPN.
  • After a user submits their name, year of birth, and address, the tool scans 53 data broker websites for matching results, with a dashboard for tracking takedown status.
  • Though a pre-launch demo showed promising results, complications remain—particularly with inaccurate identification of user data based on structural URL differences.


Is the Chief AI Officer here to stay?


Lan Guan, chief AI officer at Accenture, in the company’s Manhattan office © Sasha Maslov/FT

With generative AI rapidly making its way into daily corporate operations, the role of Chief AI Officer (CAIO) has exploded in popularity.
  • Head of AI positions have tripled globally in the last five years—a trend driven in the US by a White House policy mandating that federal agencies appoint CAIOs to increase accountability.
  • Typical CAIO responsibilities include implementing governance and compliance initiatives, overseeing AI deployment, and driving a cultural change towards adoption.
  • Despite high demand and short supply, CAIOs don’t always draw high salaries, leading some experts to question the trend's longevity.

Announcing Field Trips: A CPO Listening Tour 🚌

With the flowers blooming and temperatures rising, it’s hard to resist the allure of a good field trip.

So as Ron De Jesus settles into his first 90 days as Transcend’s new Field Chief Privacy Officer, we're thrilled to announce he's headed out on a series of ‘field trips’ to meet with Chief Privacy Officers across the U.S.

The goal? Listen closely and learn about their needs in the face of rapid, industry-wide change.

Transcend Horizontal Logo

Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.

You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.