|
|
"The seizure of millions of Americans’ sensitive information by Trump, Musk and other[s] [...] is plainly illegal."
— Senator Ron Wyden on the introduction of the Privacy Act Modernization Act of 2025
|
|
Happy April! And welcome back to Snippets 👋 Here's what's been happening at the intersection of privacy and tech:
- Genetic testing company 23andMe filed for bankruptcy, raising questions about the future of their massive DNA database
- Democratic senators are pushing to modernize a 1974 law to counter the Department of Government Efficiency (DOGE)
- Genetic database OpenSNP will shut down, citing 23andMe's bankruptcy and the global rise of authoritarian governments
- And so much more!
|
|
|
|
|
For sale: 23andMe + 15 million users’ genetic data
|
 |
|
Justin Sullivan/Getty Images
|
23andMe's bankruptcy filing and the impending sale, which will include genetic data from the company’s 15 million users, has demonstrated that, once a company controls a person's personal information, that individual has very little say in the data's future use.
|
- State attorneys general have urged 23andMe customers to delete their personal data, however, the sharp spike in deletion requests seems to have overwhelmed the company’s IT infrastructure—with many customers reporting deletion difficulties.
- The Federal Trade Commission (FTC) chairman Andrew Ferguson reminded 23andMe in an open letter of their privacy commitments, which the company has assured the public it will continue to honor.
- However, these assurances are somewhat hollow as genetic testing services fall outside the purview of federal health laws and the patchwork of state laws will hold the company’s potential buyer ultimately responsible.
- Despite the legal grey area, any potential buyer will be closely scrutinized, especially if their business revolves around generative AI—as sensitive data is a key component of many gen AI use cases, including synthetic media and deepfakes.
|
|
|
|
|
|
|
🎥 Navigating Texas’ Privacy Crackdown: What Companies Need to Know Now
|
Join us on April 10 at 9:30am PT for an exclusive webinar unpacking Texas’ evolving privacy landscape, as the Texas AG brings the first-ever state lawsuit under a comprehensive privacy law, investigates enterprise use of children's data, and more.
With actionable insights for businesses, this session will feature:
👤 Tyler Bridegan, Director of Privacy & Tech Enforcement at the Texas Attorney General's Office
👤 Keir Lamont, Senior Director for U.S. Legislation at the Future of Privacy Forum
👤 Ron De Jesus, Field Chief Privacy Officer at Transcend
Have questions for our speakers? Submit them in advance to be part of the discussion!
|
|
|
|
|
|
|
|
Democratic senators push to modernize 1974 privacy law
|
 |
|
Nathan Posner/Getty Images
|
To counter the Department of Government Efficiency’s (DOGE) efforts to access the immense tranches of personal data held by the US government, a group of Democratic Senators have introduced the Privacy Act Modernization Act of 2025.
|
- This new law would make significant updates to the Privacy Act of 1974, which was first passed to address unchecked government surveillance and abuses of personal data during the McCarthy era.
- With DOGE taking over federal data systems and executing mass government lay-offs, Sen. Ron Wyden, one of the bill’s sponsors, said the bill, “ensures individuals can go after the government when officials break the law.”
- The new bill would redefine key terms and remove exemptions on the disclosure of personal data, specifically by introducing stricter criteria for “routine use.”
- The bill would also expand the private right of action, extend coverage to any individual physically present within US borders, restrict cross-referencing across records and agencies, and increase fines from $5,000 to $250,000.
|
|
|
|
|
|
|
|
Genetic database OpenSNP to shut down
|
 |
|
zmeel / Getty Images
|
The fallout from 23andMe’s collapse has claimed another genetic data service company, with OpenSNP co-founder, Bastian Greshake Tozavars, announcing the open-source repository will shutter at the end of the month.
|
- In a blog post, Tozavars noted that the database, which houses user-uploaded genetic information, will be deleted—anchoring the decision on 23andMe’s bankruptcy and the global rise of authoritarian governments.
- Since its inception, OpenSNP has gained over 13,000 users, many of whom are customers of genetic test providers like 23andMe and all of whom could upload test results to find users with similar genetic variations.
- Speaking to TechCrunch, Tozavars noted the decision to close down OpenSNP is a precautionary one to prevent wrongful use of their data—citing “a fascist coup in the US” and the unexplained arrest and disappearance of several immigrants and dissidents.
|
|
|
|
|
|
|
|
- A privacy-first alternative to Google Photos.
- OpenAI raises $40 billion in a recent investment round.
- Is going offline the only way to truly preserve privacy?
- “Ghibli effect” causes record surge in ChatGPT users.
- Pennsylvania pushes for new DNA privacy law.
|
|
|
|
|
|
HIPAA under attack as states target abortion data protections
|
 |
|
Photo by Wichayada Suwanachun/Getty Images
|
The Health Insurance Portability and Accountability Act (HIPAA) is facing a series of coordinated legal challenges as anti-abortion states target a Biden-era rule meant to protect reproductive health data.
|
- Seventeen Republican-led states have sued to overturn the 2024 rule, which blocks law enforcement from accessing reproductive health data across states, with some going further to challenge HIPAA’s core privacy protections.
- In Texas, federal judge Matthew Kacsmaryk, a Trump appointee known for his anti-abortion rulings, has questioned HIPAA’s constitutionality—reflecting broader efforts by Republican-led states to limit health data privacy in cases involving abortion or gender-affirming care.
- Experts warn the lawsuits could allow prosecutors to subpoena patient records across state borders, undermining confidentiality and trust in medical providers, especially amongst immigrants, people of color, and lower-income populations.
|
|
|
|
|
|
|
|
France fines Apple €150 million for ATT violations
|
 |
|
|
France’s competition regulator, the Autorité de la concurrence, fined Apple €150 million ($162 million) for misusing App Tracking Transparency (ATT), a feature that allows users to choose if an app can track their activity across third-party apps for the purposes of targeted advertising.
|
- France’s regulator said that ATT made the use of third-party apps within the iOS ecosystem “excessively complex,” amounting to an abuse of Apple’s dominant market position.
- While acknowledging that ATT was designed for a well-intentioned purpose, the Autorité found fault with its implementation, which requires users to consent once to tracking by Apple but twice to tracking by third parties.
- The regulator ruled that the additional consent pop-up was unnecessary and inconsistent with Apple’s commitment to protecting user data.
|
|
|
|
|
|
|
GoCardless’ Migration to Transcend: Going Beyond Compliance to Build Executive Trust 💡
|
|
Before Transcend, while using a legacy privacy tool, GoCardless experienced significant hurdles in trying to build and scale a privacy program that was agile and tech-forward.
After a full-scale privacy tooling transformation, the GoCardless team was able to cut out hundreds of hours of manual work, evaluate key strategic business initiatives more quickly, and raise executive confidence in the business’s compliance program.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
