Banner Image
qoute Image

When you’re running a global company, what you’re trying to find is some common standard that you can apply.

- Jane Horvath, Attorney at Gibson Dunn

Welcome to Snippets 🔥 The FTC is coming in hot to the new year, releasing a detailed statement about what is and isn't acceptable when it comes to genetic privacy and the claims made by genetic analysis companies. The full statement is worth a read, but the TL;DR? Keep customers' data safe and don't tell lies about your product. 

In other news, Beijing authorities claim to have cracked Apple's AirDrop, the need for industry standards and regulation for neurotechnology has become more pressing, Carta lands in hot water, and more. 


DNA PRIVACY

FTC issues DNA privacy guidance

Image

Adobe

Following enforcement actions against 1Health/Vitagene, CRI Genetics, and Genelink for failure to protect consumer privacy, the Federal Trade Commission (FTC) has released DNA data protection guidance for manufacturers of genetic analysis products.
  • As part of its statement, the FTC reiterated its commitment to protecting genetic data—marking it as a top agency priority following the issue of its Biometric Policy Statement in May 2023.
  • Manufacturers were reminded they must keep both genetic data and customer accounts secure, and were warned against making exaggerated claims about the accuracy of their genetic tests.
  • The FTC also noted it will be scrutinizing the use of AI algorithms in DNA sequencing—warning companies to avoid “loose talk” in marketing claims about their use of AI.
TRANSCEND NEWS

Celebrating the top privacy transformations of 2023 💫

To celebrate all that our customers accomplished last year, we launch Data Rights Unwrapped—our first annual, special look at what Transcend customers achieved as privacy leaders in 2023.

We couldn’t be more proud and humbled to partner with so many innovative, industry-leading companies, and are so excited to highlight the transformative impact of their privacy initiatives throughout the year!

AIRDROP

China breaks AirDrop encryption to identify senders

Image

Future Publishing via Getty Images

A state-backed Chinese tech company has developed a system to identify senders of messages via AirDrop, according to claims by government authorities in Beijing.
  • The bid to decrypt user identities is part of a larger crackdown in China on undesirable content.
  • The technique breaks the encryption on the iPhone’s device log to identify numbers and email addresses of AirDrop message users.
  • Beijing’s judicial bureau said the method would eliminate bad influences and inappropriate remarks, while also claiming that it has been used by the police to identify multiple criminal suspects.

NEUROPRIVACY

Neurotechnology and the privacy regulation landscape

Image

Angela Weiss/AFP via Getty Images

As neurotechnology brings literal mind-reading closer to reality, Sara Pullen Guercio, an associate at law firm Alston & Bird, has called on companies to develop standards that will eventually set the precedent for future privacy legislation.
  • The need for industry standards and regulation has become increasingly acute—as investment in neurotechnology has ramped up in recent years. 
  • Elon Musk’s implantable brain chip, Neuralink, has received FDA clearance, while Meta has teased a neural interface wristband that studies arm muscle signals to control devices.
  • The US currently doesn't have legislation to protect neurodata. Though HIPAA covers Protected Health Information (PHI), it does not apply to non-PHI data collected from implanted devices.

IN OTHER NEWS
  • France’s data regulator requests input on draft regulations for Transfer Impact Assessments.
  • How AI could equip bad actors to misuse biometric data.
  • Navigating the legal quagmire of a cyber incident.
  • The best browsers to protect your digital privacy.
  • 23andMe blames victims for data breach.

REGULATION

How will privacy legislation evolve in 2024?

Image

Ivy Liu

With only 45% of companies identifying as “very prepared” to address US privacy regulation, and 60% of executives stating it’s difficult to stay up-to-date on the litany of state privacy laws, many organizations are left wondering how they’ll be able to navigate the complex regulatory landscape in 2024.
  • The raft of state privacy laws passed in 2023 will force companies to inspect data at a technical level to understand how it's being fed into their systems.
  • With an election looming, Congressional action is unlikely—but federal agencies are taking proactive steps to strengthen privacy, as with the FTC’s proposed updates to COPPA.
  • Internationally, the EU’s Digital Services Act and the AI Act will impact how companies collect and use data for advertising, while the US will likely see AI provisions being worked into broader consumer privacy laws at both the state and local level.

BREACH

Carta exits trading after privacy breach allegations

Image

Michael Nagle/Bloomberg

Carta, a Silicon Valley-based equity management software provider, is shutting down its share trading platform—following allegations that company representatives attempted to trade customer shares without consent.
  • Carta, which primarily sells to start-ups, allegedly used confidential information without client consent to press clients’ investors to sell their stakes in the secondary market.
  • The incident came to light after one of Carta’s customers, software firm Linear, claimed Carta was “doing cold outreach to our angel investors about selling Linear shares.”
  • Linear cofounder Karri Saarinen pointed out that Carta couldn’t have identified the angel investors without accessing private information provided by Linear when implementing the platform.
TRANSCEND NEWS

New year, new tools! Explore Transcend's major platform expansion

Recently, we announced a massive expansion of our product suite—making it even simpler for the world’s best brands to manage complex privacy compliance challenges.

With this new release, we've expanded our proven platform three-fold, aligning along five pillars of most urgent need: Data Asset Intelligence, Data Discovery & Classification, Autonomous Privacy Operations, Risk Intelligence, and AI Governance. Learn more about this major update below.

Transcend Horizontal Logo

Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.

You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.