GDPR

Auto Added by WPeMatico

Preclusio uses machine learning to comply with GDPR, other privacy regulations

As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy regulations.

“We have a platform that is deployed on-prem in our customer’s environment, and helps them identify what data they’re collecting, how they’re using it, where it’s being stored and how it should be protected. We help companies put together this broad view of their data, and then we continuously monitor their data infrastructure to ensure that this data continues to be protected,” company co-founder and CEO Heather Wade told TechCrunch.

She says that the company made a deliberate decision to keep the solution on-prem. “We really believe in giving our clients control over their data. We don’t want to be just another third-party SaaS vendor that you have to ship your data to,” Wade explained.

That said, customers can run it wherever they wish, whether that’s on-prem or in the cloud in Azure or AWS. Regardless of where it’s stored, the idea is to give customers direct control over their own data. “We are really trying to alert our customers to threats or to potential privacy exceptions that are occurring in their environment in real time, and being in their environment is really the best way to facilitate this,” she said.

The product works by getting read-only access to the data, then begins to identify sensitive data in an automated fashion using machine learning. “Our product automatically looks at the schema and samples of the data, and uses machine learning to identify common protected data,” she said. Once that process is completed, a privacy compliance team can review the findings and adjust these classifications as needed.

Wade, who started the company in March, says the idea formed at previous positions where she was responsible for implementing privacy policies and found there weren’t adequate solutions on the market to help. “I had to face the challenges first-hand of dealing with privacy and compliance and seeing how resources were really taken away from our engineering teams and having to allocate these resources to solving these problems internally, especially early on when GDPR was first passed, and there really were not that many tools available in the market,” she said.

Interestingly Wade’s co-founder is her husband, John. She says they deal with the intensity of being married and startup founders by sticking to their areas of expertise. He’s the marketing person and she’s the technical one.

She says they applied to Y Combinator because they wanted to grow quickly, and that timing is important with more privacy laws coming online soon. She has been impressed with the generosity of the community in helping them reach their goals. “It’s almost indescribable how generous and helpful other folks who’ve been through the YC program are to the incoming batches, and they really do have that spirit of paying it forward,” she said.

Powered by WPeMatico

E3’s organizer apologizes after revealing information for thousands of journalists

The Entertainment Software Association issued an apology of sorts after making available the contact information for more than 2,000 journalists and analysts who attended this year’s E3.

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” the organization said via statement. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”

It’s not clear whether the organization attempted to reach out to those impacted by the breach.

In a kind of bungle that utterly boggles the mind in 2019, the ESA had made available on its site a full spreadsheet of contact information for thousands of attendees, including email addresses, phone numbers and physical addresses. While many or most of the addresses appear to be businesses, journalists often work remotely, and the availability of a home address online can present a real safety concern.

After all, many gaming journalists are routinely targets of harassments and threats of physical violence for the simple act of writing about video games on the internet. That’s the reality of the world we currently live in. And while the information leaked could have been worse, there’s a real potential human consequence here.

That, in turn, presents a pretty compelling case that the ESA is going to have a pretty big headache on its hands under GDPR. Per the rules,

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

There is, indeed, a pretty strong argument to made that said breach could “result in a risk to the rights and freedoms of natural persons.” Failure to notify individuals in the allotted time period could, in turn, result in some hefty fines.

It’s hard to say how long the ESA knew about the information, though YouTuber Sophia Narwitz, who first brought this information to light publicly, may have also been the first to alert the organization. The ESA appears to have been reasonably responsive in pulling the spreadsheet down, but the internet is always faster, and that information is still floating around online and fairy easily found.

VentureBeat notes rightfully that spreadsheets like these are incredibly valuable to convention organizations, representing contact information some of the top journalists in any given industry. Many will no doubt think twice before sharing this kind of information again, of course.

Notably (and, yes, ironically), the Black Hat security conference experienced a similar breach this time last year. It chalked the issue up to a “legacy system.”

Natasha Lomas contributed to this report

Update: An email has since been sent to those impacted, noting,

We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.

Again, we apologize for the inconvenience and have already taken steps to ensure this will not happen again.

So that’s that part taken care of, at least.

Powered by WPeMatico

Ethyca raises $4.2M to simplify GDPR compliance

GDPR, the European data privacy regulations, have been in effect for more than a year, but it’s still a challenge for companies to comply. Ethyca, a New York City startup, has created a solution from the ground up to help customers adhere to the regulations, and today it announced a $4.2 million investment led by IA Ventures and Founder Collective.

Table Management, Sinai Ventures, Cheddar founder Jon Steinberg and Moat co-founder Jonah Goodhart also participated.

At its heart, Ethyca is a data platform that helps companies discover sensitive data, then provides a mechanism for customers to see, edit or delete their data from the system. Finally, the solution enables companies to define who can see particular types of data across the organization to control access. All of these components are designed to help companies comply with GDPR regulations.

ethyca enterprise transaction log

Ethyca enterprise transaction log (Screenshot: Ethyca)

Company co-founder Cillian Kieran says that the automation component is key and should greatly reduce the complexity and cost associated with complying with GDPR rules. From his perspective, current solutions that involve either expensive consultants or solutions that require some manual intervention don’t get companies all the way there.

“These solutions don’t actually solve the issue from an infrastructure point of view. I think that’s the distinction. You can go and use the consultants, or you can use a control panel that tells you what you need to do. But ultimately, at some point you’re either going to have to build or deploy code that fixes some issues, or indeed manually manage or remediate those [issues]. Ethyca is designed for that and takes away those risks because it is managing privacy by design at the infrastructure level,” Kieran explained.

If you’re worried about the privacy of providing information like this to a third-party vendor, Kieran says that his company never actually sees the raw data. “We are a suite of tools that sits between business processes. We don’t capture raw data, We don’t see personal information. We find information based on unique identifiers,” he said.

The company has been around for more than a year, but has been spending its first year developing the solution. He sees this investment as validation of the problem his startup is trying to solve. “I think the investment represents the growing awareness fundamentally from both with the investor community, and also in the tech world, that data privacy as a regulatory constraint is real and will compound itself,” he said.

He also points out that GDPR is really just the tip of the privacy regulation iceberg, with laws in Australia, Brazil and Japan, as well as California and other states in the U.S. due to come online next year. He says his solution has been designed to deal with a variety of privacy frameworks beyond GDPR. If that’s so, his company could be in a good position moving forward.

Powered by WPeMatico

Why commerce companies are the advertising players to watch in a privacy-centric world

Justin Choi
Contributor

Justin Choi is the founder and CEO of Nativo, which empowers brands and publishers through its advanced platform for content.

The unchecked digital land grab for consumers’ personal data that has been going on for more than a decade is coming to an end, and the dominoes have begun to fall when it comes to the regulation of consumer privacy and data security.

We’re witnessing the beginning of a sweeping upheaval in how companies are allowed to obtain, process, manage, use and sell consumer data, and the implications for the digital ad competitive landscape are massive.

On the backdrop of evolving privacy expectations and requirements, we’re seeing the rise of a new class of digital advertising player: consumer-facing apps and commerce platforms. These commerce companies are emerging as the most likely beneficiaries of this new regulatory privacy landscape — and we’re not just talking about e-commerce giants like Amazon.

Traditional commerce companies like eBay, Target and Walmart have publicly spoken about advertising as a major focus area for growth, but even companies like Starbucks and Uber have an edge in consumer data consent and, thus, an edge over incumbent media players in the fight for ad revenues.

Tectonic regulatory shifts

GettyImages 912948496

Image via Getty Images / alashi

By now, most executives, investors and entrepreneurs are aware of the growing acronym soup of privacy regulation, the two most prominent ingredients being the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act).

Powered by WPeMatico

The other smartphone business

With the smartphone operating system market sewn up by Google’s Android platform, which has a close to 90% share globally, leaving Apple’s iOS a slender (but lucrative) premium top-slice, a little company called Jolla and its Linux-based Sailfish OS is a rare sight indeed: A self-styled ‘independent alternative’ that’s still somehow in business.

The Finnish startup’s b2b licensing sales pitch is intended to appeal to corporates and governments that want to be able to control their own destiny where device software is concerned.

And in a world increasingly riven with geopolitical tensions that pitch is starting to look rather prescient.

Political uncertainties around trade, high tech espionage risks and data privacy are translating into “opportunities” for the independent platform player — and helping to put wind in Jolla’s sails long after the plucky Sailfish team quit their day jobs for startup life.

Building an alternative to Google Android

Jolla was founded back in 2011 by a band of Nokia staffers who left the company determined to carry on development of mobile Linux as the European tech giant abandoned its own experiments in favor of pivoting to Microsoft’s Windows Phone platform. (Fatally, as it would turn out.)

Nokia exited mobile entirely in 2013, selling the division to Microsoft. It only returned to the smartphone market in 2017, via a brand-licensing arrangement, offering made-in-China handsets running — you guessed it — Google’s Android OS.

If the lesson of the Jolla founders’ former employer is ‘resistance to Google is futile’ they weren’t about to swallow that. The Finns had other ideas.

Indeed, Jolla’s indie vision for Sailfish OS is to support a whole shoal of differently branded, regionally flavored and independently minded (non-Google-led) ecosystems all swimming around in parallel. Though getting there means not just surviving but thriving — and doing so in spite of the market being so thoroughly dominated by the U.S. tech giant.

TechCrunch spoke to Jolla ahead of this year’s Mobile World Congress tradeshow where co-founder and CEO, Sami Pienimäki, was taking meetings on the sidelines. He told us his hope is for Jolla to have a partner booth of its own next year — touting, in truly modest Finnish fashion, an MWC calendar “maybe fuller than ever” with meetings with “all sorts of entities and governmental representatives”.

Jolla co-founder, Sami Pienimaki, showing off a Jolla-branded handset in May 2013, back when the company was trying to attack the consumer smartphone space. 
(Photo credit: KIMMO MANTYLA/AFP/Getty Images)

Even a modestly upbeat tone signals major progress here because an alternative smartphone platform licensing business is — to put it equally mildly — an incredibly difficult tech business furrow to plough.

Jolla almost died at the end of 2015 when the company hit a funding crisis. But the plucky Finns kept paddling, jettisoning their early pursuit of consumer hardware (Pienimäki describes attempting to openly compete with Google in the consumer smartphone space as essentially “suicidal” at this point) to narrow their focus to a b2b licensing play.

The early b2b salespitch targeted BRIC markets, with Jolla hitting the road to seek buy in for a platform it said could be moulded to corporate or government needs while still retaining the option of Android app compatibility.

Then in late 2016 signs of a breakthrough: Sailfish gained certification in Russia for government and corporate use.

Its licensing partner in the Russian market was soon touting the ability to go “absolutely Google-free!“.

Buy in from Russia

Since then the platform has gained the backing of Russian telco Rostelecom, which acquired Jolla’s local licensing customer last year (as well as becoming a strategic investor in Jolla itself in March 2018 — “to ensure there is a mutual interest to drive the global Sailfish OS agenda”, as Pienimäki puts it).

Rostelecom is using the brand name ‘Aurora OS‘ for Sailfish in the market which Pienimäki says is “exactly our strategy” — likening it to how Google’s Android has been skinned with different user experiences by major OEMs such as Samsung and Huawei.

“What we offer for our customers is a fully independent, regional licence and a tool chain so that they can develop exactly this kind of solution,” he tells TechCrunch. “We have come to a maturity point together with Rostelecom in the Russia market, and it was natural move plan together, that they will take a local identity and proudly carry forward the Sailfish OS ecosystem development in Russia under their local identity.”

“It’s fully compatible with Sailfish operating system, it’s based on Sailfish OS and it’s our joint interest, of course, to make it fly,” he adds. “So that as we, hopefully, are able to extend this and come out to public with other similar set-ups in different countries those of course — eventually, if they come to such a fruition and maturity — will then likely as well have their own identities but still remain compatible with the global Sailfish OS.”

Jolla says the Russian government plans to switch all circa 8M state officials to the platform by the end of 2021 — under a project expected to cost RUB 160.2 billion (~$2.4BN). (A cut of which will go to Jolla in licensing fees.)

It also says Sailfish-powered smartphones will be “recommended to municipal administrations of various levels,” with the Russian state planning to allocate a further RUB 71.3 billion (~$1.1BN) from the federal budget for that. So there’s scope for deepening the state’s Sailfish uptake.

Russian Post is one early customer for Jolla’s locally licensed Sailfish flavor. Having piloted devices last year, Pienimäki says it’s now moving to a full commercial deployment across the whole organization — which has around 300,000 employees (to give a sense of how many Sailfish powered devices could end up in the hands of state postal workers in Russia).

A rugged Sailfish-powered device piloted by Russian post

Jolla is not yet breaking out end users for Sailfish OS per market but Pienimäki says that overall the company is now “clearly above” 100k (and below 500k) devices globally.

That’s still of course a fantastically tiny number if you compare it to the consumer devices market — top ranked Android smartphone maker Samsung sold around 70M handsets in last year’s holiday quarter, for instance — but Jolla is in the b2b OS licensing business, not the handset making business. So it doesn’t need hundreds of millions of Sailfish devices to ship annually to turn a profit.

Scaling a royalty licensing business to hundreds of thousands of users is sums to “good business”, , says Pienimäki, describing Jolla’s business model for Sailfish as “practically a royalty per device”.

“The success we have had in the Russian market has populated us a lot of interesting new opening elsewhere around the world,” he continues. “This experience and all the technology we have built together with Open Mobile Platform [Jolla’s Sailfish licensing partner in Russia which was acquired by Rostelecom] to enable that case — that enables a number of other cases. The deployment plan that Rostelecom has for this is very big. And this is now really happening and we are happy about it.”

Jolla’s “Russia operation” is now beginning “a mass deployment phase”, he adds, predicting it will “quickly ramp up the volume to very sizeable”. So Sailfish is poised to scale.

Step 3… profit?

While Jolla is still yet to turn a full-year profit Pienimäki says several standalone months of 2018 were profitable, and he’s no longer worried whether the business is sustainable — asserting: “We don’t have any more financial obstacles or threats anymore.”

It’s quite the turnaround of fortunes, given Jolla’s near-death experience a few years ago when it almost ran out of money, after failing to close a $10.6M Series C round, and had to let go of half its staff.

It did manage to claw in a little funding at the end of 2015 to keep going, albeit as much leaner fish. But bagging Russia as an early adopter of its ‘independent’ mobile Linux ecosystem looks to have been the key tipping point for Jolla to be able to deliver on the hard-graft ecosystem-building work it’s been doing all along the way. And Pienimäki now expresses easy confidence that profitability will flow “fairly quickly” from here on in.

“It’s not an easy road. It takes time,” he says of the ecosystem-building company Jolla hard-pivoted to at its point of acute financial distress. “The development of this kind of business — it requires patience and negotiation times, and setting up the ecosystem and ecosystem partners. It really requires patience and takes a lot of time. And now we have come to this point where actually there starts to be an ecosystem which will then extend and start to carry its own identity as well.”

In further signs of Jolla’s growing confidence he says it hired more than ten people last year and moved to new and slightly more spacious offices — a reflection of the business expanding.

“It’s looking very good and nice for us,” Pienimäki continues. “Let’s say we are not taking too much pressure, with our investors and board, that what is the day that we are profitable. It’s not so important anymore… It’s clear that that is soon coming — that very day. But at the same time the most important is that the business case behind is proven and it is under aggressive deployment by our customers.”

The main focus for the moment is on supporting deployments to ramp up in Russia, he says, emphasizing: “That’s where we have to focus.” (Literally he says “not screwing up” — and with so much at stake you can see why nailing the Russia case is Jolla’s top priority.)

While the Russian state has been the entity most keen to embrace an alternative (non-U.S.-led) mobile OS — perhaps unsurprisingly — it’s not the only place in the world where Jolla has irons in the fire.

Another licensing partner, Bolivian IT services company Jalasoft, has co-developed a Sailfish-powered smartphone called Accione.

Jalasoft’s ‘liberty’-touting Accione Sailfish smartphone

It slates the handset on its website as being “designed for Latinos by Latinos”. “The digitalization of the economy is inevitable and, if we do not control the foundation of this digitalization, we have no future,” it adds.

Jalasoft founder and CEO Jorge Lopez says the company’s decision to invest effort in kicking the tyres of Jolla’s alternative mobile ecosystem is about gaining control — or seeking “technological libration” as the website blurb puts it.

“With Sailfish OS we have control of the implementation, while with Android it is the opposite,” Lopez tells TechCrunch. “We are working on developing smart buildings and we need a private OS that is not Android or iOS. This is mainly because our product will allow the end user to control the whole building and doing this with Android or iOS a hackable OS will bring concerns on security.”

Lopez says Jalasoft is using Accione as its development platform — “to gather customer feedback and to further develop our solution” — so the project clearly remains in an early phase, and he says that no more devices are likely to be announced this year.

But Jolla can point to more seeds being sewn with the potential, with work, determination and patience, to sprout into another sizeable crop of Sailfish-powered devices down the line.

Complexity in China

Even more ambitiously Jolla is also targeting China, where investment has been taken in to form a local consortium to develop a Chinese Sailfish ecosystem.

Although Pienimäki cautions there’s still much work to be done to bring Sailfish to market in China.

“We completed a major pilot with our licensing customer, Sailfish China Consortium, in 2017-18,” he says, giving an update on progress to date. “The public in market solution is not there yet. That is something that we are working together with the customer — hopefully we can see it later this year on the market. But these things take time. And let’s say that we’ve been somewhat surprised at how complex this kind of decision-making can be.”

“It wasn’t easy in Russia — it took three years of tight collaboration together with our Russian partners to find a way. But somehow it feels that it’s going to take even more in China. And I’m not necessarily talking about calendar time — but complexity,” he adds.

While there’s no guarantee of success for Jolla in China, the potential win is so big given the size of the market that even if they can only carve out a tiny slice, such as a business or corporate sector, it’s still worth going after. And he points to the existence of a couple of native mobile Linux operating systems he reckons could make “very lucrative partners”.

That said, the get-to-market challenge for Jolla in China is clearly distinctly different vs the rest of the world. This is because Android has developed into an independent (i.e. rather than Google-led) ecosystem in China as a result of state restrictions on the Internet and Internet companies. So the question is what could Sailfish offer that forked Android doesn’t already?

An Oppo Android powered smartphone on show at MWC 2017

Again, Jolla is taking the long view that ultimately there will be appetite — and perhaps also state-led push — for a technology platform bolster against political uncertainty in U.S.-China relations.

“What has happened now, in particular last year, is — because of the open trade war between the nations — many of the technology vendors, and also I would say the Chinese government, has started to gradually tighten their perspective on the fact that ‘hey simply it cannot be a long term strategy to just keep forking Android’. Because in the end of the day it’s somebody else’s asset. So this is something that truly creates us the opportunity,” he suggests.

“Openly competing with the fact that there are very successful Android forks in China, that’s going to be extremely difficult. But — let’s say — tapping into the fact that there are powers in that nation that wish that there would be something else than forking Android, combined with the fact that there is already something homegrown in China which is not forking Android — I think that’s the recipe that can be successful.”

Not all Jolla’s Sailfish bets have paid off, of course. An earlier foray by an Indian licensing partner into the consumer handset market petered out. Albeit, it does reinforce their decision to zero in on government and corporate licensing.

“We got excellent business connections,” says Pienimäki of India, suggesting also that it’s still a ‘watch this space’ for Jolla. The company has a “second move” in train in the market that he’s hopeful to be talking about publicly later this year.

It’s also pitching Sailfish in Africa. And in markets where target customers might not have their own extensive in-house IT capability to plug into Sailfish co-development work Pienimäki says it’s offering a full solution — “a ready made package”, together with partners, including device management, VPN, secure messaging and secure email — which he argues “can be still very lucrative business cases”.

Looking ahead and beyond mobile, Pienimäki suggests the automotive industry could be an interesting target for Sailfish in the future — though not literally plugging the platform into cars; but rather licensing its technologies where appropriate — arguing car makers are also keen to control the tech that’s going into their cars.

“They really want to make sure that they own the cockpit. It’s their property, it’s their brand and they want to own it — and for a reason,” he suggests, pointing to the clutch of major investments from car companies in startups and technologies in recent years.

“This is definitely an interesting area. We are not directly there ourself — and we are not capable to extend ourself there but we are discussing with partners who are in that very business whether they could utilize our technologies there. That would then be more or less like a technology licensing arrangement.”

A trust balancing model

While Jolla looks to be approaching a tipping point as a business, in terms of being able to profit off of licensing an alternative mobile platform, it remains a tiny and some might say inconsequential player on the global mobile stage.

Yet its focus on building and maintaining trusted management and technology architectures also looks timely — again, given how geopolitical spats are intervening to disrupt technology business as usual.

Chinese giant Huawei used an MWC keynote speech last month to reject U.S.-led allegations that its 5G networking technology could be repurposed as a spying tool by the Chinese state. And just this week it opened a cybersecurity transparency center in Brussels, to try to bolster trust in its kit and services — urging industry players to work together on agreeing standards and structures that everyone can trust.

In recent years U.S.-led suspicions attached to Russia have also caused major headaches for security veteran Kaspersky — leading the company to announce its own trust and transparency program and decentralize some of its infrastructure, including by spinning up servers in Europe last year.

Businesses finding ways to maintain and deepen the digital economy in spite of a little — or even a lot — of cross-border mistrust may well prove to be the biggest technology challenge of all moving forward.

Especially as next-gen 5G networks get rolled out — and their touted ‘intelligent connectivity’ reaches out to transform many more types of industries, bringing new risks and regulatory complexity.

The geopolitical problem linked to all this boils down to how to trust increasing complex technologies without any one entity being able to own and control all the pieces. And Jolla’s business looks interesting in light of that because it’s selling the promise of neutral independence to all its customers, wherever they hail from — be it Russia, LatAm, China, Africa or elsewhere — which makes its ability to secure customer trust not just important but vital to its success.

Indeed, you could argue its customers are likely to rank above average on the ‘paranoid’ scale, given their dedicated search for an alternative (non-U.S.-led) mobile OS in the first place.

“It’s one of the number one questions we get,” admits Pienimäki, discussing Jolla’s trust balancing act — aka how it manages and maintains confidence in Sailfish’s independence, even as it takes business backing and code contributions from a state like Russia.

“We tell about our reference case in Russia and people quickly ask ‘hey okay, how can I trust that there is no blackbox inside’,” he continues, adding: “This is exactly the core question and this is exactly the problem we have been able to build a solution for.”

Jolla’s solution sums to one line: “We create a transparent platform and on top of fully transparent platform you can create secure solutions,” as Pienimäki puts it.

“The way it goes is that Jolla with Sailfish OS is always offering the transparent Sailfish operating system core, on source code level, all the time live, available for all the customers. So all the customers constantly, in real-time, have access to our source code. Most of it’s in public open source, and the proprietary parts are also constantly available from our internal infrastructure. For all the customers, at the same time in real-time,” he says, fleshing out how it keeps customers on board with a continually co-developing software platform.

“The contributions we take from these customers are always on source code level only. We don’t take any binary blobs inside our software. We take only source code level contributions which we ourselves authorize, integrate and then we make available for all the customers at the very same moment. So that loopback in a way creates us the transparency.

“So if you want to be suspicion of the contributions of the other guys, so to say, you can always read it on the source code. It’s real-time. Always available for all the customers at the same time. That’s the model we have created.”

“It’s honestly quite a unique model,” he adds. “Nobody is really offering such a co-development model in the operating system business.

“Practically how Android works is that Google, who’s leading the Android development, makes the next release of Android software, then releases it under Android Open Source and then people start to backboard it — so that’s like ‘source, open’ in a way, not ‘open source’.”

Sailfish’s community of users also have real-time access to and visibility of all the contributions — which he dubs “real democracy”.

“People can actually follow it from the code-line all the time,” he argues. “This is really the core of our existence and how we can offer it to Russia and other countries without creating like suspicion elements each side. And that is very important.

“That is the only way we can continue and extend this regional licensing and we can offer it independently from Finland and from our own company.”

With global trade and technology both looking increasingly vulnerable to cross-border mistrust, Jolla’s approach to collaborative transparency may offer something of a model if other businesses and industries find they need to adapt themselves  in order for trade and innovation to keep moving forward in uncertain political times.

Antitrust and privacy uplift

Last but not least there’s regulatory intervention to consider.

A European Commission antitrust decision against Google’s Android platform last year caused headlines around the world when the company was slapped with a $5BN fine.

More importantly for Android rivals Google was also ordered to change its practices — leading to amended licensing terms for the platform in Europe last fall. And Pienimäki says Jolla was a “key contributor” to the Commission case against Android.

European competition commissioner Margrethe Vestager, on April 15, 2015 in Brussels, as the Commission said it would open an antitrust investigation into Google’s Android operating system. (Photo credit: JOHN THYS/AFP/Getty Images)

The new Android licensing terms make it (at least theoretically) possible for new types of less-heavily-Google-flavored Android devices to be developed for Europe. Though there have been complaints the licensing tweaks don’t go far enough to reset Google’s competitive Android advantage.

Asked whether Jolla has seen any positive impacts on its business following the Commission’s antitrust decision, Pienimäki responds positively, recounting how — “one or two weeks after the ruling” — Jolla received an inbound enquiry from a company in France that had felt hamstrung by Google requiring its services to be bundled with Android but was now hoping “to realize a project in a special sector”.

The company, which he isn’t disclosing at this stage, is interested in “using Sailfish and then having selected Android applications running in Sailfish but no connection with the Google services”.

“We’ve been there for five years helping the European Union authorities [to build the case] and explain how difficult it is to create competitive solutions in the smartphone market in general,” he continues. “Be it consumer or be it anything else. That’s definitely important for us and I don’t see this at all limited to the consumer sector. The very same thing has been a problem for corporate clients, for companies who provide specialized mobile device solutions for different kind of corporations and even governments.”

While he couches the Android ruling as a “very important” moment for Jolla’s business last year, he also says he hopes the Commission will intervene further to level the smartphone playing field.

“What I’m after here, and what I would really love to see, is that within the European Union we utilize Linux-based, open platform solution which is made in Europe,” he says. “That’s why we’ve been pushing this [antitrust action]. This is part of that. But in bigger scheme this is very good.”

He is also very happy with Europe’s General Data Protection Regulation (GDPR) — which came into force last May, plugging in a long overdue update to the bloc’s privacy rules with a much beefed up enforcement regime.

GDPR has been good for Jolla’s business, according to Pienimäki, who says interest is flowing its way from customers who now perceive a risk to using Android if customer data flows outside Europe and they cannot guarantee adequate privacy protections are in place.

“Already last spring… we have had plenty of different customer discussions with European companies who are really afraid that ‘hey I cannot offer this solution to my government or to my corporate customer in my country because I cannot guarantee if I use Android that this data doesn’t go outside the European Union’,” he says.

“You can’t indemnify in a way that. And that’s been really good for us as well.”

Powered by WPeMatico

Has the fight over privacy changed at all in 2019?

Few issues divide the tech community quite like privacy. Much of Silicon Valley’s wealth has been built on data-driven advertising platforms, and yet, there remain constant concerns about the invasiveness of those platforms.

Such concerns have intensified in just the last few weeks as France’s privacy regulator placed a record fine on Google under Europe’s General Data Protection Regulation (GDPR) rules which the company now plans to appeal. Yet with global platform usage and service sales continuing to tick up, we asked a panel of eight privacy experts: “Has anything fundamentally changed around privacy in tech in 2019? What is the state of privacy and has the outlook changed?” 

This week’s participants include:

TechCrunch is experimenting with new content forms. Consider this a recurring venue for debate, where leading experts – with a diverse range of vantage points and opinions – provide us with thoughts on some of the biggest issues currently in tech, startups and venture. If you have any feedback, please reach out: Arman.Tabatabai@techcrunch.com.


Thoughts & Responses:


Albert Gidari

Albert Gidari is the Consulting Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers, before retiring to consult with CIS on its privacy program. He negotiated the first-ever “privacy by design” consent decree with the Federal Trade Commission. A recognized expert on electronic surveillance law, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received and the number of affected user accounts, ultimately resulting in greater public disclosure of such requests.

There is no doubt that the privacy environment changed in 2018 with the passage of California’s Consumer Privacy Act (CCPA), implementation of the European Union’s General Data Protection Regulation (GDPR), and new privacy laws enacted around the globe.

“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.””

For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations. For another, the major platforms now are lobbying for passage of a federal privacy law in the U.S. This is not surprising after a year of privacy miscues, breaches and negative privacy news. But does all of this mean a fundamental change is in store for privacy? I think not.

The fundamental model sustaining the Internet is based upon the exchange of user data for free service. As long as advertising dollars drive the growth of the Internet, regulation simply will tinker around the edges, setting sideboards to dictate the terms of the exchange. The tech companies may be more accountable for how they handle data and to whom they disclose it, but the fact is that data will continue to be collected from all manner of people, places and things.

Indeed, if the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.

While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.” No one even knows what “more privacy” means. If it means that users will have more control over the data they share, that is laudable but not achievable in a world where people have no idea how many times or with whom they have shared their information already. Can you name all the places over your lifetime where you provided your SSN and other identifying information? And given that the largest data collector (and likely least secure) is government, what does control really mean?

All this is not to say that privacy regulation is futile. But it is to recognize that nothing proposed today will result in a fundamental shift in privacy policy or provide a panacea of consumer protection. Better privacy hygiene and more accountability on the part of tech companies is a good thing, but it doesn’t solve the privacy paradox that those same users who want more privacy broadly share their information with others who are less trustworthy on social media (ask Jeff Bezos), or that the government hoovers up data at rate that makes tech companies look like pikers (visit a smart city near you).

Many years ago, I used to practice environmental law. I watched companies strive to comply with new laws intended to control pollution by creating compliance infrastructures and teams aimed at preventing, detecting and deterring violations. Today, I see the same thing at the large tech companies – hundreds of employees have been hired to do “privacy” compliance. The language is the same too: cradle to grave privacy documentation of data flows for a product or service; audits and assessments of privacy practices; data mapping; sustainable privacy practices. In short, privacy has become corporatized and industrialized.

True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compounds in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean Privacy Law” to eliminate data breaches or profiling or abuses.

The privacy world is complicated and few people truly understand the number and variety of companies involved in data collection and processing, and none of them are in Congress. The power to fundamentally change the privacy equation is in the hands of the people who use the technology (or choose not to) and in the hands of those who design it, and maybe that’s where it should be.


Gabriel Weinberg

Gabriel Weinberg is the Founder and CEO of privacy-focused search engine DuckDuckGo.

Coming into 2019, interest in privacy solutions is truly mainstream. There are signs of this everywhere (media, politics, books, etc.) and also in DuckDuckGo’s growth, which has never been faster. With solid majorities now seeking out private alternatives and other ways to be tracked less online, we expect governments to continue to step up their regulatory scrutiny and for privacy companies like DuckDuckGo to continue to help more people take back their privacy.

“Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information.”

We’re also seeing companies take action beyond mere regulatory compliance, reflecting this new majority will of the people and its tangible effect on the market. Just this month we’ve seen Apple’s Tim Cook call for stronger privacy regulation and the New York Times report strong ad revenue in Europe after stopping the use of ad exchanges and behavioral targeting.

At its core, this groundswell is driven by the negative effects that stem from the surveillance business model. The percentage of people who have noticed ads following them around the Internet, or who have had their data exposed in a breach, or who have had a family member or friend experience some kind of credit card fraud or identity theft issue, reached a boiling point in 2018. On top of that, people learned of the extent to which the big platforms like Google and Facebook that collect the most data are used to propagate misinformation, discrimination, and polarization. Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information. Fortunately, there are alternatives to the surveillance business model and more companies are setting a new standard of trust online by showcasing alternative models.


Melika Carroll

Melika Carroll is Senior Vice President, Global Government Affairs at Internet Association, which represents over 45 of the world’s leading internet companies, including Google, Facebook, Amazon, Twitter, Uber, Airbnb and others.

We support a modern, national privacy law that provides people meaningful control over the data they provide to companies so they can make the most informed choices about how that data is used, seen, and shared.

“Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.”

Internet companies believe all Americans should have the ability to access, correct, delete, and download the data they provide to companies.

Americans will benefit most from a federal approach to privacy – as opposed to a patchwork of state laws – that protects their privacy regardless of where they live. If someone in New York is video chatting with their grandmother in Florida, they should both benefit from the same privacy protections.

It’s also important to consider that all companies – both online and offline – use and collect data. Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.

Two other important pieces of any federal privacy law include user expectations and the context in which data is shared with third parties. Expectations may vary based on a person’s relationship with a company, the service they expect to receive, and the sensitivity of the data they’re sharing. For example, you expect a car rental company to be able to track the location of the rented vehicle that doesn’t get returned. You don’t expect the car rental company to track your real-time location and sell that data to the highest bidder. Additionally, the same piece of data can have different sensitivities depending on the context in which it’s used or shared. For example, your name on a business card may not be as sensitive as your name on the sign in sheet at an addiction support group meeting.

This is a unique time in Washington as there is bipartisan support in both chambers of Congress as well as in the administration for a federal privacy law. Our industry is committed to working with policymakers and other stakeholders to find an American approach to privacy that protects individuals’ privacy and allows companies to innovate and develop products people love.


Johnny Ryan

Dr. Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer at Brave. His previous roles include Head of Ecosystem at PageFair, and Chief Innovation Officer of The Irish Times. He has a PhD from the University of Cambridge, and is a Fellow of the Royal Historical Society.

Tech companies will probably have to adapt to two privacy trends.

“As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.”

First, the GDPR is emerging as a de facto international standard.

In the coming years, the application of GDPR-like laws for commercial use of consumers’ personal data in the EU, Britain (post-EU), Japan, India, Brazil, South Korea, Malaysia, Argentina, and China will bring more than half of global GDP under a similar standard.

Whether this emerging standard helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws. Unless there is a federal GDPR-like law in the United States, there may be a degree of friction and the potential of isolation for United States companies.

However, there is an opportunity in this trend. The United States can assume the global lead by doing two things. First, enact a federal law that borrows from the GDPR, including a comprehensive definition of “personal data”, and robust “purpose specification”. Second, invest in world-leading regulation that pursues test cases, and defines practical standards. Cutting edge enforcement of common principles-based standards is de facto leadership.

Second, privacy and antitrust law are moving closer to each other, and might squeeze big tech companies very tightly indeed.

Big tech companies “cross-use” user data from one part of their business to prop up others. The result is that a company can leverage all the personal information accumulated from its users in one line of business, and for one purpose, to dominate other lines of business too.

This is likely to have anti-competitive effects. Rather than competing on the merits, the company can enjoy the unfair advantage of massive network effects even though it may be starting from scratch in a new line of business. This stifles competition and hurts innovation and consumer choice.

Antitrust authorities in other jurisdictions have addressed this. In 2015, the Belgian National Lottery was fined for re-using personal information acquired through its monopoly for a different, and incompatible, line of business.

As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.


John Miller

John Miller is the VP for Global Policy and Law at the Information Technology Industry Council (ITI), a D.C. based advocate group for the high tech sector.  Miller leads ITI’s work on cybersecurity, privacy, surveillance, and other technology and digital policy issues.

Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike. However, as times change and innovation progresses at a rapid rate, it’s clear the laws protecting consumers’ data and privacy must evolve as well.

“Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike.”

As the global regulatory landscape shifts, there is now widespread agreement among business, government, and consumers that we must modernize our privacy laws, and create an approach to protecting consumer privacy that works in today’s data-driven reality, while still delivering the innovations consumers and businesses demand.

More and more, lawmakers and stakeholders acknowledge that an effective privacy regime provides meaningful privacy protections for consumers regardless of where they live. Approaches, like the framework ITI released last fall, must offer an interoperable solution that can serve as a model for governments worldwide, providing an alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.

Companies are also increasingly aware of the critical role they play in protecting privacy. Looking ahead, the tech industry will continue to develop mechanisms to hold us accountable, including recommendations that any privacy law mandate companies identify, monitor, and document uses of known personal data, while ensuring the existence of meaningful enforcement mechanisms.


Nuala O’Connor

Nuala O’Connor is president and CEO of the Center for Democracy & Technology, a global nonprofit committed to the advancement of digital human rights and civil liberties, including privacy, freedom of expression, and human agency. O’Connor has served in a number of presidentially appointed positions, including as the first statutorily mandated chief privacy officer in U.S. federal government when she served at the U.S. Department of Homeland Security. O’Connor has held senior corporate leadership positions on privacy, data, and customer trust at Amazon, General Electric, and DoubleClick. She has practiced at several global law firms including Sidley Austin and Venable. She is an advocate for the use of data and internet-enabled technologies to improve equity and amplify marginalized voices.

For too long, Americans’ digital privacy has varied widely, depending on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings.

“Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away.”

We are burdened with trying to make informed choices that align with our personal privacy preferences on hundreds of devices and thousands of apps, and reading and parsing as many different policies and settings. No individual has the time nor capacity to manage their privacy in this way, nor is it a good use of time in our increasingly busy lives. These notices and choices and checkboxes have become privacy theater, but not privacy reality.

In 2019, the legal landscape for data privacy is changing, and so is the public perception of how companies handle data. As more information comes to light about the effects of companies’ data practices and myriad stewardship missteps, Americans are surprised and shocked about what they’re learning. They’re increasingly paying attention, and questioning why they are still overburdened and unprotected. And with intensifying scrutiny by the media, as well as state and local lawmakers, companies are recognizing the need for a clear and nationally consistent set of rules.

Personal privacy is the cornerstone of the digital future people want. Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away. The Center for Democracy & Technology wants to help craft those legal principles to solidify Americans’ digital privacy rights for the first time.


Chris Baker

Chris Baker is Senior Vice President and General Manager of EMEA at Box.

Last year saw data privacy hit the headlines as businesses and consumers alike were forced to navigate the implementation of GDPR. But it’s far from over.

“…customers will have trust in a business when they are given more control over how their data is used and processed”

2019 will be the year that the rest of the world catches up to the legislative example set by Europe, as similar data regulations come to the forefront. Organizations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact. This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed, and customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

Starting with the U.S., 2019 will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.


Christopher Wolf

Christopher Wolf is the Founder and Chair of the Future of Privacy Forum think tank, and is senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy.

With the EU GDPR in effect since last May (setting a standard other nations are emulating),

“Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.”

with the adoption of a highly-regulatory and broadly-applicable state privacy law in California last Summer (and similar laws adopted or proposed in other states), and with intense focus on the data collection and sharing practices of large tech companies, the time may have come where Congress will adopt a comprehensive federal privacy law. Complicating the adoption of a federal law will be the issue of preemption of state laws and what to do with the highly-developed sectoral laws like HIPPA and Gramm-Leach-Bliley. Also to be determined is the expansion of FTC regulatory powers. Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.

Powered by WPeMatico

Google faces GDPR complaint over ‘deceptive’ location tracking

A group of European consumer watchdogs has filed a privacy complaint against Google — arguing the company uses manipulative tactics in order to keep tracking web users’ locations for ad-targeting purposes.

The consumer organizations are making the complaint under the EU’s new data protection framework, GDPR, which regulators can use to levy major fines for compliance breaches — of up to 4 percent of a company’s global annual turnover.

Under GDPR, a consent-based legal basis for processing personal data (e.g. person’s location) must be specific, informed and freely given.

In their complaint, the groups, which include Norway’s Consumer Council, argue that Google does not have proper legal basis to track users through “Location History” and “Web & App Activity” — settings which are integrated into all Google accounts, and which, for users of Android -based smartphones, they assert are particularly difficult to avoid.

The Google mobile OS remains the dominant smartphone platform globally, as well as across Europe.

“Google is processing incredibly detailed and extensive personal data without proper legal grounds, and the data has been acquired through manipulation techniques,” said Gro Mette Moen, acting head of the Norwegian Consumer Council’s digital services unit in a statement.

“When we carry our phones, Google is recording where we go, down to which floor we are on and how we are moving. This can be combined with other information about us, such as what we search for, and what websites we visit. Such information can in turn be used for things such as targeted advertising meant to affect us when we are receptive or vulnerable.”

Responding to the complaint, a Google spokesperson sent TechCrunch the following statement:

Location History is turned off by default, and you can edit, delete, or pause it at any time. If it’s on, it helps improve services like predicted traffic on your commute. If you pause it, we make clear that — depending on your individual phone and app settings — we might still collect and use location data to improve your Google experience. We enable you to control location data in other ways too, including in a different Google setting called Web & App Activity, and on your device. We’re constantly working to improve our controls, and we’ll be reading this report closely to see if there are things we can take on board.

Earlier this year the Norwegian watchdog produced a damning report calling out dark pattern design tricks being deployed by Google and Facebook meant to manipulate users by nudging them toward “privacy intrusive options.” It also examined Microsoft’s consent flows, but judged the company to be leaning less heavily on such unfair tactics.

Among the underhand techniques that the Google-targeted GDPR complaint, which draws on the earlier report, calls out are allegations of deceptive click-flow, with the groups noting that a “location history” setting can be enabled during Android set-up without a user being aware of it; key settings being both buried in menus (hidden) and enabled by default; users being presented at the decision point with insufficient and misleading information; repeat nudges to enable location tracking even after a user has previously turned it off; and the bundling of “invasive location tracking” with other unrelated Google services, such as photo sorting by location.

GDPR remains in the early implementation phrase — just six months since the regulation came into force across Europe. But a large chunk of the first wave of complaints have been focused on consent, according to Europe’s data protection supervisor, who also told us in October that more than 42,000 complaints had been lodged in total since the regulation came into force.

Where Google is concerned, the location complaint is by no means the only GDPR — or GDPR consent-related — complaint it’s facing.

Another complaint, filed back in May also by a consumer-focused organization, took aim at what it dubbed the use of “forced consent” by Google and Facebook — pointing out that the companies were offering users no choice but to have their personal data processed to make use of certain services, yet the GDPR requires consent to be freely given.

Powered by WPeMatico

Tech giants offer empty apologies because users can’t quit

A true apology consists of a sincere acknowledgement of wrong-doing, a show of empathic remorse for why you wronged and the harm it caused, and a promise of restitution by improving ones actions to make things right. Without the follow-through, saying sorry isn’t an apology, it’s a hollow ploy for forgiveness.

That’s the kind of “sorry” we’re getting from tech giants — an attempt to quell bad PR and placate the afflicted, often without the systemic change necessary to prevent repeated problems. Sometimes it’s delivered in a blog post. Sometimes it’s in an executive apology tour of media interviews. But rarely is it in the form of change to the underlying structures of a business that caused the issue.

Intractable Revenue

Unfortunately, tech company business models often conflict with the way we wish they would act. We want more privacy but they thrive on targeting and personalization data. We want control of our attention but they subsist on stealing as much of it as possible with distraction while showing us ads. We want safe, ethically built devices that don’t spy on us but they make their margins by manufacturing them wherever’s cheap with questionable standards of labor and oversight. We want groundbreaking technologies to be responsibly applied, but juicy government contracts and the allure of China’s enormous population compromise their morals. And we want to stick to what we need and what’s best for us, but they monetize our craving for the latest status symbol or content through planned obsolescence and locking us into their platforms.

The result is that even if their leaders earnestly wanted to impart meaningful change to provide restitution for their wrongs, their hands are tied by entrenched business models and the short-term focus of the quarterly earnings cycle. They apologize and go right back to problematic behavior. The Washington Post recently chronicled a dozen times Facebook CEO Mark Zuckerberg has apologized, yet the social network keeps experiencing fiasco after fiasco. Tech giants won’t improve enough on their own.

Addiction To Utility

The threat of us abandoning ship should theoretically hold the captains in line. But tech giants have evolved into fundamental utilities that many have a hard time imagining living without. How would you connect with friends? Find what you needed? Get work done? Spend your time? What hardware or software would you cuddle up with in the moments you feel lonely? We live our lives through tech, have become addicted to its utility, and fear the withdrawal.

If there were principled alternatives to switch to, perhaps we could hold the giants accountable. But the scalability, network effects, and aggregation of supply by distributors has led to near monopolies in these core utilities. The second-place solution is often distant. What’s the next best social network that serves as an identity and login platform that isn’t owned by Facebook? The next best premium mobile and PC maker behind Apple? The next best mobile operating system for the developing world beyond Google’s Android? The next best ecommerce hub that’s not Amazon? The next best search engine? Photo feed? Web hosting service? Global chat app? Spreadsheet?

Facebook is still growing in the US & Canada despite the backlash, proving that tech users aren’t voting with their feet. And if not for a calculation methodology change, it would have added 1 million users in Europe this quarter too.

One of the few tech backlashes that led to real flight was #DeleteUber. Workplace discrimination, shady business protocols, exploitative pricing and more combined to spur the movement to ditch the ridehailing app. But what was different here is that US Uber users did have a principled alternative to switch to without much hassle: Lyft. The result was that “Lyft benefitted tremendously from Uber’s troubles in 2018” eMarketer’s forecasting director Shelleen Shum told the USA Today in May. Uber missed eMarketer’s projections while Lyft exceeded them, narrowing the gap between the car services. And meanwhile, Uber’s CEO stepped down as it tried to overhaul its internal policies.

This is why we need regulation that promotes competition by preventing massive mergers and giving users the right to interoperable data portability so they can easily switch away from companies that treat them poorly

But in the absence of viable alternatives to the giants, leaving these mainstays is inconvenient. After all, they’re the ones that made us practically allergic to friction. Even after massive scandals, data breaches, toxic cultures, and unfair practices, we largely stick with them to avoid the uncertainty of life without them. Even Facebook added 1 million monthly users in the US and Canada last quarter despite seemingly every possible source of unrest. Tech users are not voting with their feet. We’ve proven we can harbor ill will towards the giants while begrudgingly buying and using their products. Our leverage to improve their behavior is vastly weakened by our loyalty.

Inadequate Oversight

Regulators have failed to adequately step up either. This year’s congressional hearings about Facebook and social media often devolved into inane and uninformed questioning like how does Facebook earn money if its doesn’t charge? “Senator, we run ads” Facebook CEO Mark Zuckerberg said with a smirk. Other times, politicians were so intent on scoring partisan points by grandstanding or advancing conspiracy theories about bias that they were unable to make any real progress. A recent survey commissioned by Axios found that “In the past year, there has been a 15-point spike in the number of people who fear the federal government won’t do enough to regulate big tech companies — with 55% now sharing this concern.”

When regulators do step in, their attempts can backfire. GDPR was supposed to help tamp down on the dominance of Google and Facebook by limiting how they could collect user data and making them more transparent. But the high cost of compliance simply hindered smaller players or drove them out of the market while the giants had ample cash to spend on jumping through government hoops. Google actually gained ad tech market share and Facebook saw the littlest loss while smaller ad tech firms lost 20 or 30 percent of their business.

Europe’s GDPR privacy regulations backfired, reinforcing Google and Facebook’s dominance. Chart via Ghostery, Cliqz, and WhoTracksMe.

Even the Honest Ads act, which was designed to bring political campaign transparency to internet platforms following election interference in 2016, has yet to be passed even despite support from Facebook and Twitter. There’s hasn’t been meaningful discussion of blocking social networks from acquiring their competitors in the future, let alone actually breaking Instagram and WhatsApp off of Facebook. Governments like the U.K. that just forcibly seized documents related to Facebook’s machinations surrounding the Cambridge Analytica debacle provide some indication of willpower. But clumsy regulation could deepen the moats of the incumbents, and prevent disruptors from gaining a foothold. We can’t depend on regulators to sufficiently protect us from tech giants right now.

Our Hope On The Inside

The best bet for change will come from the rank and file of these monolithic companies. With the war for talent raging, rock star employees able to have huge impact on products, and compensation costs to keep them around rising, tech giants are vulnerable to the opinions of their own staff. It’s simply too expensive and disjointing to have to recruit new high-skilled workers to replace those that flee.

Google declined to renew a contract with the government after 4000 employees petitioned and a few resigned over Project Maven’s artificial intelligence being used to target lethal drone strikes. Change can even flow across company lines. Many tech giants including Facebook and Airbnb have removed their forced arbitration rules for harassment disputes after Google did the same in response to 20,000 of its employees walking out in protest.

Thousands of Google employees protested the company’s handling of sexual harassment and misconduct allegations on Nov. 1.

Facebook is desperately pushing an internal communications campaign to reassure staffers it’s improving in the wake of damning press reports from the New York Times and others. TechCrunch published an internal memo from Facebook’s outgoing VP of communications Elliot Schrage in which he took the blame for recent issues, encouraged employees to avoid finger-pointing, and COO Sheryl Sandberg tried to reassure employees that “I know this has been a distraction at a time when you’re all working hard to close out the year — and I am sorry.” These internal apologizes could come with much more contrition and real change than those paraded for the public.

And so after years of us relying on these tech workers to build the product we use every day, we must now rely that will save us from them. It’s a weighty responsibility to move their talents where the impact is positive, or commit to standing up against the business imperatives of their employers. We as the public and media must in turn celebrate when they do what’s right for society, even when it reduces value for shareholders. If apps abuse us or unduly rob us of our attention, we need to stay off of them.

And we must accept that shaping the future for the collective good may be inconvenient for the individual. There’s an oppprtunity here not just to complain or wish, but to build a social movement that holds tech giants accountable for delivering the change they’ve promised over and over.

For more on this topic:

Powered by WPeMatico

SessionM customer loyalty data aggregator snags $23.8 M investment

SessionM announced a $23.8 million Series E investment led by Salesforce Ventures. A bushel of existing investors including Causeway Media Partners, CRV, General Atlantic, Highland Capital and Kleiner Perkins Caufield & Byers also contributed to the round. The company has now raised over $97 million.

At its core, SessionM aggregates loyalty data for brands to help them understand their customer better, says company co-founder and CEO Lars Albright. “We are a customer data and engagement platform that helps companies build more loyal and profitable relationships with their consumers,” he explained.

Essentially that means, they are pulling data from a variety of sources and helping brands offer customers more targeted incentives, offers and product recommendations “We give [our users] a holistic view of that customer and what motivates them,” he said.

Screenshot: SessionM (cropped)

To achieve this, SessionM takes advantage of machine learning to analyze the data stream and integrates with partner platforms like Salesforce, Adobe and others. This certainly fits in with Adobe’s goal to build a customer service experience system of record and Salesforce’s acquisition of Mulesoft in March to integrate data from across an organization, all in the interest of better understanding the customer.

When it comes to using data like this, especially with the advent of GDPR in the EU in May, Albright recognizes that companies need to be more careful with data, and that it has really enhanced the sensitivity around stewardship for all data-driven businesses like his.

“We’ve been at the forefront of adopting the right product requirements and features that allow our clients and businesses to give their consumers the necessary control to be sure we’re complying with all the GDPR regulations,” he explained.

The company was not discussing valuation or revenue. Their most recent round prior to today’s announcement, was a Series D in 2016 for $35 million also led by Salesforce Ventures.

SessionM, which was founded in 2011, has around 200 employees with headquarters in downtown Boston. Customers include Coca-Cola, L’Oreal and Barney’s.

Powered by WPeMatico

BigID scores $30 million Series B months after closing A round

BigID announced a big $30 million Series B round today, which comes on the heels of closing their $14M A investment in January. It’s been a whirlwind year for the NYC data security startup as GDPR kicked in and companies came calling for their products.

The round was led by Scale Venture Partners with participation from previous investors ClearSky Security, Comcast Ventures, Boldstart Ventures, Information Venture Partners and SAP.io.

BigID has a product that helps companies inventory their data, even extremely large data stores, and identify the most sensitive information, a convenient feature at a time where GDPR data privacy rules, which went into effect at the end of May, require that companies doing business in the EU have a grip on their customer data.

That’s certainly something that caught the eye of Ariel Tseitlin from Scale Venture Partners. “We talked to a lot of companies, how they feel more specifically about GDPR, and more broadly about how they think about data within in their organizations, and we got a very strong signal that there is a lot of concern around the regulation and how to prepare for that, but also more fundamentally, that CIOs and chief data officers don’t have a good sense of where data resides within their organizations,” he explained.

Dimitri Sirota, CEO and co-founder, says that GDPR is a nice business driver, but he sees the potential to grow the data security market much more broadly than simply as a way to comply with one regulatory ruling or another. He says that American companies are calling, even some without operations in Europe because they see getting a grip on their customer data as a fundamental business imperative.

BigID product collage. Graphic: BigID

The company plans to expand their partner go-to market strategy in the coming the months, another approach that could translate to increased sales. That will include global systems integrators. Sirota says to expect announcements involving the usual suspects in the coming months. “You’ll see over the next little bit, several announcements with many of the names that you’re familiar with in terms of go-to market and global relationships,” he said.

Finally there are the strategic investors in this deal, including Comcast and SAP, which Sirota thinks will also ultimately help them get enterprise deals they might not have landed up until now. The $30 million runway also gives customers who might have been skittish about dealing with a young-ish startup, more confidence to make the deal.

BigID seems to have the right product at the right time. Scale’s Tseitlin, who will join the board as part of the deal, certainly sees the potential of this company to scale far beyond its current state.

“The area where we tend to spend a lot of time, and I think is what attracted Dimitri to having us as an investor, is that we really help with the scaling phase of company growth,” he said. True to their name, Scale tries to get the company to that next level beyond product/market fit to where they can deliver consistently and continually grow revenue. They have done this with Box and DocuSign and others and hope that BigID is next.

Powered by WPeMatico