Month: October 2018

Facebook is celebrating the two-year anniversary of its Craigslist competitor, Facebook Marketplace, with the launch of new features powered by A.I. Specifically, the social network says it’s adding price range suggestions and auto-categorization features to make selling easier, and it says it’s testing camera features that would use A.I. to make product recommendations.

Automating price suggestions and categorization, however, is not unique to Facebook – eBay earlier this year introduced a feature in its mobile app that will fill out your listings for you, using technologies like structured data and predictive analytics. Letgo can also make generalized price suggestions.

In Facebook’s case, the company says it will be able to categorize items based on the photo and description, then suggest a price range (e.g. $50-$75) for sellers to choose from. According to the company, when this autosuggest feature is enabled, sellers are less likely to abandon their listings, it has learned. (9% of sellers abandoned listings before the feature was enabled, it noted.)

Facebook also highlighted some of the other ways it uses A.I. – to automatically enhance the lighting of images uploaded by sellers, for instance, and for detecting and removing inappropriate content.

And while not A.I.-based, the company additionally noted its new buyer and seller ratings where people can rate their experience and leave feedback.

Further down the road, things may get more interesting. Facebook lightly teases its plans to turn Marketplace into more of a discovery tool for finding things you want to buy using your smartphone camera. For example, the company writes in a blog post, you could point your camera at something you like – such as your friend’s cool headphones – snap a photo, and then Marketplace would search across its listings for similar items.

This sort of visual search tech is also common among competitors, including eBay again, plus Pinterest and even Google. Facebook, then, is playing a bit of catch-up for the time being.

Further down the road, Facebook’s plans for Marketplace put it more directly up against Pinterest. It says it envisions using A.I. in the future to help people with home design – like, by uploading a photo of their living room, then getting suggestions about furniture to buy. Home design and inspiration, of course, is the bread-and-butter of sites like Pinterest, Houzz and others, including newcomer Hutch.

That said, even if it’s lacking in some features today, Facebook Marketplace is not one to be counted out. Thanks to Facebook’s size and scale (and the annoying way it continuously red badged the Marketplace icon, forcing users to keep tapping it), the company says its buy-and-sell platform has grown to be used by more than one out of every three people in the U.S. on a monthly basis.

 

 

 

Palo Alto Networks launched in 2005 in the age of firewalls. As we all know by now, the enterprise expanded beyond the cozy confines of a firewall long ago and vendors like Palo Alto have moved to securing data in the cloud now too. To that end, the company announced its intent to pay $173 million for RedLock today, an early-stage startup that helps companies make sure their cloud instances are locked down and secure.

The cloud vendors take responsibility for securing their own infrastructure, and for the most part the major vendors have done a decent job. What they can’t do is save their customers from themselves and that’s where a company like RedLock comes in.

As we’ve seen time and again, data has been exposed in cloud storage services like Amazon S3, not through any fault of Amazon itself, but because a faulty configuration has left the data exposed to the open internet. RedLock watches configurations like this and warns companies when something looks amiss.

When company emerged from stealth just a year ago, Varun Badhwar, company founder and CEO told TechCrunch that this is part of Amazon’s shared responsibility model. “They have diagrams where they have responsibility to secure physical infrastructure, but ultimately it’s the customer’s responsibility to secure the content, applications and firewall settings,” Badhwar told TechCrunch last year.

Badhwar speaking in a video interview about the acquisition says they have been focused on helping developers build cloud applications safely and securely, whether that’s Amazon Web Services, Microsoft Azure or Google Cloud Platform. “We think about [RedLock] as guardrails or as bumper lanes in a bowling alley and just not letting somebody get that gutter ball and from a security standpoint, just making sure we don’t deviate from the best practices,” he explained.

“We built a technology platform that’s entirely cloud-based and very quick time to value since customers can just turn it on through API’s, and we love to shine the light and show our customers how to safely move into public cloud,” he added.

He believes that customers will benefit from RedLock’s compliance capabilities being combined with Palo Alto’s analytics capabilities to provide a more complete cloud security solution. It will also fit nicely with Evident.io, a cloud infrastructure security startup, the company acquired in March for $300 million.

RedLock launched in 2015 and has raised $12 million.

At CES, media software maker Plex said it would this year add support for podcasts, web series and other digital media to its platform. It then rolled out podcasts this May, and now it’s introducing its own curated collection of web series. The company today is launching Plex Web Shows in beta, which will offer unlimited, on-demand streaming of online shows from brands like GQ, Saveur, Epicurious, Pitchfork, Condé Nast, The New Yorker, Fandor, Vanity Fair, and others.

The shows will span a range of interests, including food, home and garden, science, technology, entertainment and pop culture, says Plex. In addition shows from the big-name brand partners, which also include Bonnier, TWiT, Ovation and more, there will also be a handful of shows from indie creators, like Epic Meal Time, ASAPscience, Household Hacker, People are Awesome, and The Pet Collective. 

Plex tells us that there will be over 19,000 episodes across 67 shows at launch, with more on the way.

Some partners and Plex have revenue share agreements in place, the company also says, based on ad sales that Plex manages. The details are undisclosed.

Plex got its start as software for organizing users’ home media collections of video, music, and photos, but has in recent months been shifting its focus to address the needs of cord cutters instead. It launched tools for watching live TV through an antenna, and recording shows and movies to a DVR.

It’s also recently said it’s shutting down other features, like support for streaming content from Plex Cloud as well as Plex’s directory of plugins, in order to better focus on its new ambitions.

Along the way, Plex has also rolled out other features designed for media consumption including not only podcast, but also the addition of a news hub within its app, thanks its acquisition of streaming news startup, Watchup.

With the launch of Web Shows, Plex is again finding a way to give its users something to watch without having to make the sort of difficult content deals that other live TV streaming services today do – like Sling TV, PlayStation Vue, or YouTube TV, for example.

“We really care about each user’s personal media experience, and want to be ‘the’ platform for the media that matters most to them,” Plex CEO Keith Valory tells TechCrunch. “This started with helping people with their own personal media libraries, and then we added over-the-air television, news, podcasts, and now web shows. Sources for quality digital content continues to explode, but the user experience for discovering and accessing it all has never been worse. It’s chaos,” he continues.

“This is the problem we are solving. We’re working hard to make tons of great content available in one beautiful app, and giving our users the tools to customize their own experience to include only the content that matters to them,” Valory adds.

Access to Web Shows is available across devices through the Plex app, where there’s now a new icon for “Web Shows.” From here, you’ll see the familiar “On Deck” section – those you’re following – as well as personalized recommendations, trending episodes, and links to view all the available web shows and a list of you’re subscribed to.

You can also browse shows by category – like “Arts & Entertainment,” “Computers & Electronics,” “Science,” etc. Or find those that were “Recently Played” or are “New” to Plex.

Each episode will display information like the show’s length, synopsis, publish date and title, and will let you play, pause, mark as watched/unwatched, and add to your queue.

The launch of Web Shows is another step Plex is making towards its new goal of becoming a platform for all your media – not just your home collection, but everything that streams, too – like podcast, web series and TV. (All it’s missing now is a Roku-like interface for jumping into your favorite on-demand streaming apps. That’s been on its long-term roadmap, however.)

Web Shows will be free to all of Plex’s now 19 million registered users, not just Plex Pass subscribers. The feature is live on iOS, Android, Android TV, and Apple TV.

Brandless is only a little over a year old, but the ecommerce platform is already working on IRL channels to market to and connect with its customers.

From October 24 to November 4, Brandless will be hosting a pop-up shop within the Milk Building in NYC, at 459 W. 14th Street. This is Brandless’ second pop-up shop — in May, Brandless launched a pop-up in LA.

Brandless sells more than 350 items through its website, all of which are meant to be ‘better for you’. This includes vegan, non-GMO, and/or organic snacks, fair-trade coffee, clean beauty products, and 100 percent organic toilet paper.

While the company has succeeded in making these products relatively affordable — everything is $3 — there is a disconnect between the way customers experience these products online. The pop-up shop (which Brandless is calling Pop-up with Purpose) is built around taste and trial, with tasting flight menus, a snack wall, a fair-trade coffee bar, and a clean beauty lounge. The pop-up will also showcase all of Brandless’s products, including a few items which have yet to ship.

But this place isn’t meant to feel like a grocery store or pharmacy. CEO Tina Sharkey hopes that the Brandless pop up creates a space for communities to discuss these products.

Sharkey says that there was plenty to learn from the LA-based pop-up. First and foremost, people want to taste and try the products without any frills. In LA, the Brandless team used its own products to create fancy meals to serve to customers. At the end of the day, however, those customers wanted to try individual ingredients, like organic olive oil.

Brandless believes, above all, that these pop-ups can serve as a way to connect with customers, and give them a way to experience the products, rather than focusing on sales or conversions.

That said, Brandless saw a double-digit percentage lift in traffic to the site in the area surrounding the LA pop-up shop.

As Brandless starts to experiment with offline locations, it’s worth noting that Sharkey insists that Brandless products will never appear on shelves in non-Brandless retail stores. But she didn’t rule out the idea of creating a permanent Brandless retail store, adding that this is still early days and that pop-up shops give the company a chance to figure out what works for customers.

Sharkey says the company’s greatest challenge is “we can’t go fast enough.”

GoodTime, the algorithmically enhanced interview process management platform, has raised $5 million in a new round of funding led by Bullpen Capital.

The company uses natural language processing to link interview candidates with the right interviewers inside an organization. The idea is to make the hiring process run more smoothly for large organizations and give overworked human resources staffers a new organizational tool in their toolbox to build better staffing processes.

To do this Ahryun Moon, Jasper Sone and Peter Lee, the co-founders of GoodTime, have built a tool that uses the calendar as its organizing principle. The idea is that the sooner interviews can be booked with the right people, the better it is for an organization.

Staffing is about more than just setting up an interview, though, so GoodTime also factors in relevant information about both an applicant and an interviewer including data like gender, ethnicity, and relevant university and previous work-history information.

Recruiting coordinators can manage the entire process and make it as frictionless as possible for companies — and in this competitive hiring environment, companies may run the risk of losing out if they can’t pull the trigger on a potential applicant quickly enough.

It’s a problem that GoodTime’s chief executive, Moon, knows all too well. As a former recruiting coordinator at Mulesoft, Airbnb and Dropbox, Moon is well-versed in the problems of recruiting professionals.

She even managed to convince her former employers at Airbnb and Dropbox to adopt the new platform. Those companies have seen their applicants confirm interviews within three hours by using the platform and seen their time-to-hire rates reduced by 40%, according to a statement from the company.

GoodTime, which was seed funded last year with a $2 million investment from Walden Ventures and Big Basin Capital, managed to attract the education and staffing focused investment GSV Accelerate, and Array.vc to its latest round. GoodTime is also a graduate of the Alchemist Accelerator program. 

Based in San Francisco, GoodTime currently has 18 employees on staff and has reached profitability on the strength of its existing customers.

Honda will commit $2.75 billion as part of an agreement with GM and its self-driving technology subsidiary Cruise to develop and produce a new kind of autonomous vehicle.

As part of the agreement, Honda will invest $2 billion over the next 12 years into the effort. Honda is also making a direct equity investment of $750 million into Cruise, which pushes the company’s valuation up to $14.6 billion.

This new vehicle, described by GM president Dan Ammann as the “next evolution in the future of transportation,” will be produced at high volume for global deployment.

Cruise founder and CEO Kyle Vogt didn’t elaborate what this next-generation autonomous vehicle might look like. But during a call with TechCrunch on Wednesday he used words like “innovative,” “space-efficient” “and multi-purpose.”

“When you have the chance to design a vehicle from the ground up, we’re not limited to thinking from the perspective of, ok there’s an autonomous vehicle that looks and feels like an existing vehicle, what can we do with it?” Vogt said. “It lets us invert the problem and think from first principles of what we can do with a vehicle that’s built from scratch.”

In other words, don’t expect it to look like a Chevy Bolt, or any other “car-like” vehicle.

The three companies plan to “explore global opportunities for commercial deployment of the Cruise network.”

“This is the logical next step in General Motors and Honda’s relationship, given our joint work on electric vehicles, and our close integration with Cruise,” GM Chairman and CEO Mary Barra said in a statement. “Together, we can provide Cruise with the world’s best design, engineering and manufacturing expertise, and global reach to establish them as the leader in autonomous vehicle technology — while they move to deploy self-driving vehicles at scale.”

The milestone agreement follows the giant $2.25 billion investment made by Softbank’s vision fund in May.

You’d be forgiven if you thought Amazon was finished announcing new hardware after last month’s massive Echo event. The retail giant has at least a few more announcements up its sleeve, starting with updates to the Fire TV line. The new TV Stick 4K and refreshed Alexa Voice Remote are up for pre-order today.

At $50, the revamped Fire TV Stick 4K features a new quad core processor, promising faster streaming and quick loading. The updated TV dongle also adds Dolby Vision and Dolby Atmos and features access to 500K movies/TV episodes, an array of apps and an Alexa voice interface via remote or nearby Echo.

The news follows Roku’s recent move to bring down the cost of its 4K-ready streamers, with its new $40 and up Premiere line of players.

There’s also a new Alexa Voice Remote on the block. The new peripheral sounds like much more of a universal remote than its predecessor. The device sports Bluetooth and multi-directional infrared, letting users control TVs, AV equipment and cable boxes, among others.

There are buttons for power, volume and mute, but the voice is really the thing here, naturally. It’s compatible with just about all of Amazon’s Fire products. It ships as part of the $40 Fire TV Stick 4K package, or comes bundled with the Fire TV Cube for $120. You also can buy it solo for $30.

The Fire TV Stick 4K starts shipping on Halloween in the U.S. and Canada. It will arrive in the U.K., Germany and India in November and Japan before end of year.

Jigsaw, the division owned by Google parent Alphabet, has revealed Intra, a new app aimed at protecting users from state-sponsored censorship.

Intra is a new app that aims to prevent DNS manipulation attacks. Whenever you visit a website, the easy-to-remember web address is converted to a less-than-memorable IP address — often over an unsecured connection. That makes it easy for oppressive governments — like Turkey, which has used this technique before — to intercept web addresses requests and either kill them in their tracks to stop sites from loading, or redirect to a fake site.

By passing all your browsing queries and app traffic through an encrypted connection to a trusted Domain Name Server, Intra says it ensures you can use your app without meddling or get to the right site without interference.

“Intra is dead simple to use. Just download the app and turn it on,” Jigsaw said. “That’s it.”

Jigsaw has already seen some successes in parts of the world where internet access is restricted or monitored. The government in Venezuela reportedly used DNS manipulation to prevent citizens from accessing news sites and social networks.

The app uses Google’s own trusted DNS server by default, but users can also funnel their browsing requests through Cloudflare, which also hosts its own publicly accessible secure DNS server, or any other secure DNS server.

Admittedly, that requires a bit of trust for Google and Cloudflare — or any third party. A Jigsaw spokesperson told TechCrunch that Intra’s use of Google’s DNS is covered by its privacy policy, and Cloudflare also has its own.

Jigsaw said it will bake the app into Android Pie, which already allows already allows encrypted DNS connections. But Jigsaw is also making the app available for users in parts of the world with weaker economies that make upgrading from older devices near-impossible so they can benefit from the security features.

It’s the latest piece in the security and privacy puzzle that Jigsaw is trying to solve.

The little-known Alphabet division is focused on preventing censorship, threats of online harassment and countering violent extremism. The incubator focuses on empowering free speech and expression by providing tools and services that make online safer for higher-risk targets.

Jigsaw has also invested its time on several other anti-censorship apps, including Project Shield, which protects sites against distributed denial-of-service attacks, as well as Outline, which gives reporters and activists a virtual private network that funnels data through a secure channel.

Today in lovely Beirut, Lebanon TechCrunch held its first Startup Battlefield in the country. Over 700 people watched the show on site, which featured speakers from throughout the Middle East and 15 startups competing in Startup Battlefield.

A winner will be chosen at the end of the day and they will walk away with a $25,000 prize. As of this post’s publication, a winner has not been picked.

What follows, is each company’s Startup Battlefield pitch in the order that they appeared on stage.

[Please note: Videos will be added to this list as they become available]

Startup Battlefield Competition – Flight #1

BuildInk

Real estate construction firms nowadays are struggling to keep up with the fast-moving pace of technological advancements in order to fulfill the market constantly changing demands. Buildink is offering a revolutionary solution for construction firms, via a scalable and mobile friendly Cable Robot Concrete 3D printer and Signature Concrete Mixture. Concrete 3D printing will not only open the space for unlimited architectural designs, it will also reduce the overall construction cost.

Harmonica

Harmonics is the leading marriage making app in MENA that not only match singles but also help them build healthy relationships. Launched in Cairo with a unique matching algorithm of one match at a time, powered by a strong team of phycologists, managed to reach a 100,000 user base in only few months.

Material Solved

MaterialSolved is a data visualization software for chemical/nano compounds. MaterialSolved helps scientists and scientific illustrators create complex scientific 3D models, static illustrations, and animations in an efficient way. Unlike general purpose graphics and visualization software, we use a new model that merges several algorithms to achieve significant time and cost reduction and make many visual representations possible.

MoneyFellows

MoneyFellows enables access to interest free credit and helps savers to easily reach their saving goals. We do this by digitizing the traditional ROSCA model (Rotating Savings and Credit Association).
How it works:
1- Group of people joins together to contribute a fixed monthly installment into a common pot.
2- Every month one of the users takes the whole pot as a payout.
3- Circle ends when all circle participants gets his/her payout once.
4- Circle is then usually repeated with the same group of people over again.”

Neotic AI

Neotic.ai created auto-traders for financial markets, giving the opportunity for everyone to use advanced technology to get higher returns on their savings. In other words, Neotic users can find ready to use, plug and play, live tested, AI powered trading strategies and deploy them directly on the broker account without writing any single line of code.

It’s been just over four months since Europe’s tough new privacy framework came into force. You might believe that little of substance has changed for big tech’s data-hungry smooth operators since then — beyond firing out a wave of privacy policy update spam, and putting up a fresh cluster of consent pop-ups that are just as aggressively keen for your data.

But don’t be fooled. This is the calm before the storm, according to the European Union’s data protection supervisor, Giovanni Buttarelli, who says the law is being systematically flouted on a number of fronts right now — and that enforcement is coming.

“I’m expecting, before the end of the year, concrete results,” he tells TechCrunch, sounding angry on every consumer’s behalf.

Though he chalks up some early wins for the General Data Protection Regulation (GDPR) too, suggesting its 72 hour breach notification requirement is already bearing fruit.

He also points to geopolitical pull, with privacy regulation rising up the political agenda outside Europe — describing, for example, California’s recently passed privacy law, which is not at all popular with tech giants, as having “a lot of similarities to GDPR”; as well as noting “a new appetite for a federal law” in the U.S.

Yet he’s also already looking beyond GDPR — to the wider question of how European regulation needs to keep evolving to respond to platform power and its impacts on people.

Next May, on the anniversary of GDPR coming into force, Buttarelli says he will publish a manifesto for a next-generation framework that envisages active collaboration between Europe’s privacy overseers and antitrust regulators. Which will probably send a shiver down the tech giant spine.

Notably, the Commission’s antitrust chief, Margrethe Vestager — who has shown an appetite to take on big tech, and has so far fined Google twice ($2.7BN for Google Shopping and staggering $5BN for Android), and who is continuing to probe its business on a number of fronts while simultaneously eyeing other platforms’ use of data — is scheduled to give a keynote at an annual privacy commissioners’ conference that Buttarelli is co-hosting in Brussels later this month.

Her presence hints at the potential of joint-working across historically separate regulatory silos that have nonetheless been showing increasingly overlapping concerns of late.

See, for example, Germany’s Federal Cartel Office accusing Facebook of using its size to strong-arm users into handing over data. And the French Competition Authority probing the online ad market — aka Facebook and Google — and identifying a raft of problematic behaviors. Last year the Italian Competition Authority also opened a sector inquiry into big data.

Traditional competition law theories of harm would need to be reworked to accommodate data-based anticompetitive conduct — essentially the idea that data holdings can bestow an unfair competitive advantage if they cannot be matched. Which clearly isn’t the easiest stinging jellyfish to nail to the wall. But Europe’s antitrust regulators are paying increasing mind to big data; looking actively at whether and even how data advantages are exclusionary or exploitative.

In recent years, Vestager has been very public with her concerns about dominant tech platforms and the big data they accrue as a consequence, saying, for example in 2016, that: “If a company’s use of data is so bad for competition that it outweighs the benefits, we may have to step in to restore a level playing field.”

Buttarelli’s belief is that EU privacy regulators will be co-opted into that wider antitrust fight by “supporting and feeding” competition investigations in the future. A future that can be glimpsed right now, with the EC’s antitrust lens swinging around to zoom in on what Amazon is doing with merchant data.

“Europe would like to speak with one voice, not only within data protection but by approaching this issue of digital dividend, monopolies in a better way — not per sectors,” Buttarelli tells TechCrunch. 

“Monopolies are quite recent. And therefore once again, as it was the case with social networks, we have been surprised,” he adds, when asked whether the law can hope to keep pace. “And therefore the legal framework has been implemented in a way to do our best but it’s not in my view robust enough to consider all the relevant implications… So there is space for different solutions. But first joint enforcement and better co-operation is key.”

From a regulatory point of view, competition law is hampered by the length of time investigations take. A characteristic of the careful work required to probe and prove out competitive harms that’s nonetheless especially problematic set against the blistering pace of technological innovation and disruption. The law here is very much the polar opposite of ‘move fast and break things’.

But on the privacy front at least, there will be no 12 year wait for the first GDPR enforcements, as Buttarelli notes was the case when Europe’s competition rules were originally set down in 1957’s Treaty of Rome.

He says the newly formed European Data Protection Board (EDPB), which is in charge of applying GDPR consistently across the bloc, is fixed on delivering results “much more quickly”. And so the first enforcements are penciled in for around half a year after GDPR ‘Day 1’.

“I think that people are right to feel more impassioned about enforcement,” he says. “We see awareness and major problems with how the data is treated — which are systemic. There is also a question with regard to the business model, not only compliance culture.

“I’m expecting concrete first results, in terms of implementation, before the end of this year.”

“No blackmailing”

Tens of thousands of consumers have already filed complaints under Europe’s new privacy regime. The GDPR updates the EU’s longstanding data protection rules, bringing proper enforcement for the first time in the form of much larger fines for violations — to prevent privacy being the bit of the law companies felt they could safely ignore.

The EDPB tells us that more than 42,230 complaints have been lodged across the bloc since the regulation began applying, on May 25. The board is made up of the heads of EU Member State’s national data protection agencies, with Buttarelli serving as its current secretariat.

“I did not appreciate the tsunami of legalistic notices landing on the account of millions of users, written in an obscure language, and many of them were entirely useless, and in a borderline even with spamming, to ask for unnecessary agreements with a new privacy policy,” he tells us. “Which, in a few cases, appear to be in full breach of the GDPR — not only in terms of spirit.”

He also professes himself “not surprised” about Facebook’s latest security debacle — describing the massive new data breach the company revealed on Friday as “business as usual” for the tech giant. And indeed for “all the tech giants” — none of whom he believes are making adequate investments in security.

“In terms of security there are much less investments than expected,” he also says of Facebook specifically. “Lot of investments about profiling people, about creating clusters, but much less in preserving the [security] of communications. GDPR is a driver for a change — even with regard to security.”

Asked what systematic violations of the framework he’s seen so far, from his pan-EU oversight position, Buttarelli highlights instances where service operators are relying on consent as their legal basis to collect user data — saying this must allow for a free choice.

Or “no blackmailing”, as he puts it.

Facebook, for example, does not offer any of its users, even its users in Europe, the option to opt out of targeted advertising. Yet it leans on user consent, gathered via dark pattern consent flows of its own design, to sanction its harvesting of personal data — claiming people can just stop using its service if they don’t agree to its ads.

It also claims to be GDPR compliant.

It’s pretty easy to see the disconnect between those two positions.

“In cases in which it is indispensable to build on consent it should be much more than in the past based on exhaustive information; much more details, written in a comprehensive and simple language, accessible to an average user, and it should be really freely given — so no blackmailing,” says Buttarelli, not mentioning any specific tech firms by name as he reels off this list. “It should be really freely revoked, and without expecting that the contract is terminated because of this.

“This is not respectful of at least the spirit of the GDPR and, in a few cases, even of the legal framework.”

His remarks — which chime with what we’ve heard before from privacy experts — suggest the first wave of complaints filed by veteran European data protection campaigner and lawyer, Max Schrems, via his consumer focused data protection non-profit noyb, will bear fruit. And could force tech giants to offer a genuine opt-out of profiling.

The first noyb complaints target so-called ‘forced consent‘, arguing that Facebook; Facebook-owned Instagram; Facebook-owned WhatsApp; and Google’s Android are operating non-compliant consent flows in order to keep processing Europeans’ personal data because they do not offer the aforementioned ‘free choice’ opt-out of data collection.

Schrems also contends that this behavior is additionally problematic because dominant tech giants are gaining an unfair advantage over small businesses — which simply cannot throw their weight around in the same way to get what they want. So that’s another spark being thrown in on the competition front.

Discussing GDPR enforcement generally, Buttarelli confirms he expects to see financial penalties not just investigatory outcomes before the year is out — so once DPAs have worked through the first phase of implementation (and got on top of their rising case loads).

Of course it will be up to local data protection agencies to issue any fines. But the EDPB and Buttarelli are the glue between Europe’s (currently) 28 national data protection agencies — playing a highly influential co-ordinating and steering role to ensure the regulation gets consistently applied.

He doesn’t say exactly where be thinks the first penalties will fall but notes a smorgasbord of issues that are being commonly complained about, saying: “Now we have an obvious trend and even a peak, in terms of complaints; different violations focusing particularly, but not only, on social media; big data breaches; rights like right of access to information held; right to erasure.”

He illustrates his conviction of incoming fines by pointing to the recent example of the ICO’s interim report into Cambridge Analytica’s misuse of Facebook data, in July — when the UK agency said it intended to fine Facebook the maximum possible (just £500k, because the breach took place before GDPR).

A similarly concluded data misuse investigation under GDPR would almost certainly result in much larger fines because the regulation allows for penalties of up to 4% of a company’s annual global turnover. (So in Facebook’s case the maximum suddenly balloons into the billions.)

The GDPR’s article 83 sets out general conditions for calculating fines — saying penalties should be “effective, proportionate and dissuasive”; and they must take into account factors such as whether an infringement was intentional or negligent; the categories of personal data affected; and how co-operative the data controller is as the data supervisor investigates.

For the security breach Facebook disclosed last week the EU’s regulatory oversight process will involve an assessment of how negligent the company was; what response steps it took when it discovered the breach, including how it communicated with data protection authorities and users; and how comprehensively it co-operatives with the DPC’s investigation. (In a not-so-great sign for Facebook the Irish DPC has already criticized its breach notification for lacking detail).

As well as evaluating a data controller’s security measures against GDPR standards, EU regulators can “prescribe additional safeguards”, as Buttarelli puts it. Which means enforcement is much more than just a financial penalty; organizations can be required to change their processes and priorities too.

And that’s why Schrems’ forced consent complaints are so interesting.

Because a fine, even a large one, can be viewed by a company as revenue-heavy as Facebook as just another business cost to suck up as it keeps on truckin’. But GDPR’s follow on enforcement prescriptions could force privacy law breakers to actively reshape their business practices to continue doing business in Europe.

And if the privacy problem with Facebook is that it’s forcing people-tracking ads on everyone, the solution is surely a version of Facebook that does not require users to accept privacy intrusive advertising to use it.

So GDPR could force the social network behemoth to revise its entire business model.

Which would make even a $1.63BN fine the company could face as a result of Friday’s security breach pale into insignificance.

Accelerating ethics

There’s a wrinkle here though. Buttarelli does not sound convinced that GDPR alone will be remedy enough to fix all privacy hostile business models that EU regulators are seeing. Hence his comment about a “question with regard to the business model”.

And also why he’s looking ahead and talking about the need to evolve the regulatory landscape — to enable joint working between traditionally discrete areas of law. 

“We need structural remedies to make the digital market fairer for people,” he says. “And therefore this is we’ve been successful in persuading our colleagues of the Board to adopt a position on the intersection of consumer protection, competition rules and data protection. None of the independent regulators’ three areas, not speaking about audio-visual deltas, can succeed in their sort of old fashioned approach.

“We need more interaction, we need more synergies, we need to look to the future of these sectoral legislations.”

The challenge posed by the web’s currently dominant privacy-hostile business models is also why, in a parallel track, Europe’s data protection supervisor is actively pushing to accelerate innovation and debate around data ethics — to support efforts to steer markets and business models in, well, a more humanitarian direction.

When we talk he highlights that Sir Tim Berners-Lee will be keynoting at the same European privacy conference where Vestager will appear at — which has an overarching discussion frame of “Debating Ethics: Dignity and Respect in Data Driven Life” as its theme.

Accelerating innovation to support the development of more ethical business models is also clearly the Commission’s underlying hope and aim.

Berners-Lee, the creator of the World Wide Web, has been increasingly strident in his criticism of how commercial interests have come to dominate the Internet by exploiting people’s personal data, including warning earlier this year that platform power is crushing the web as a force for good.

He has also just left his academic day job to focus on commercializing the pro-privacy, decentralized web platform he’s been building at MIT for years — via a new startup, called Inrupt.

Doubtless he’ll be telling the conference all about that.

“We are focusing on the solutions for the future,” says Buttarelli on ethics. “There is a lot of discussion about people becoming owners of their data, and ‘personal data’, and we call that personal because there’s something to be respected, not traded. And on the contrary we see a lot of inequality in the tech world, and we believe that the legal framework can be of an help. But will not give all the relevant answers to identify what is legally and technically feasible but morally untenable.”

Also just announced as another keynote speaker at the same conference later this month: Apple’s CEO Tim Cook.

In a statement on Cook’s addition to the line-up, Buttarelli writes: “We are delighted that Tim has agreed to speak at the International Conference of Data Protection and Privacy Commissioners. Tim has been a strong voice in the debate around privacy, as the leader of a company which has taken a clear privacy position, we look forward to hearing his perspective. He joins an already superb line up of keynote speakers and panellists who want to be part of a discussion about technology serving humankind.”

So Europe’s big fight to rule the damaging impacts of big data just got another big gun behind it.

 

“Question is [how do] we go beyond the simple requirements of confidentiality, security, of data,” Buttarelli continues. “Europe after such a successful step [with GDPR] is now going beyond the lawful and fair accumulation of personal data — we are identifying a new way of assessing market power when the services delivered to individuals are not mediated by a binary. And although competition law is still a powerful instrument for regulation — it was invented to stop companies getting so big — but I think together with our efforts on ethics we would like now Europe to talk about the future of the current dominant business models.

“I’m… concerned about how these companies, in compliance with GDPR in a few cases, may collect as much data as they can. In a few cases openly, in other secretly. They can constantly monitor what people are doing online. They categorize excessively people. They profile them in a way which cannot be contested. So we have in our democracies a lot of national laws in an anti-discrimination mode but now people are to be discriminated depending on how they behave online. So people are targeted with content to make them behave in a certain way. To predict but also to react. This is not the kind of democracy we deserve. This is not our idea.”