Month: October 2018

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.

The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.

Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.

It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.

The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.

Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.

The storage server, hosted in an Amazon S3 bucket, stored user profile pictures, but remained open at the time of writing. For that reason, we’re not linking to it.

Diachenko, who wrote up his findings, contacted the company via the email address a week ago but the company only secure the server after TechCrunch reached out.

“We recently became aware that certain data associated with FitMetrix technology stored online may have been publicly exposed,” said Jason Loomis, Mindbody’s chief information security officer. “We took immediate steps to close this vulnerability,” he added. “Current indications are that this data included a subset of the consumers managed by FitMetrix, which was acquired by Mindbody in February 2018, and did not include any login credentials, passwords, credit card information or personal health information,” he said.

Diachenko rebuffed Mindbody’s claim, saying that there was “some” health information in the data, based on his analysis of the data. TechCrunch also found several records including height, weight and shoe sizes.

When asked to clarify, Mindbody spokesperson Jennifer Saxon would not comment further.

It’s not known how many people accessed the database, but Diachenko said that he wasn’t the first to find the exposed database.

A ransom note was buried in one of the tables by a scammer who claimed to have downloaded the database’s contents and would only restore it for bitcoin. But the scammer wasn’t so successful and failed to delete the data. Although the scammer asked for 0.1 bitcoin — some $650 at today’s rate — their bitcoin address received only 0.13 bitcoin at its most.

Mindbody said that it will “comply with all applicable legal obligations” in reporting the data exposure to U.S. and European authorities, but wouldn’t say if it will inform customers of the security lapse.

The company may also face action from European authorities under GDPR, the new data protection regulation, which can fine a company up to four percent of its global worldwide revenue for data breaches and negligent data exposures.

Walmart and PayPal this morning announced a partnership that will see the two collaborating on financial services and products, including new PayPal cash in and cash out services at Walmart stores, as well as the ability for PayPal Cash MasterCard customers to access their cash balance in-store at service desks, ATMs and cash registers.

The PayPal cash in and cash out money services will cost customers a $3 service fee, the companies say, as will the ability to pull cash out from MasterCard while in store. The companies declined to say how that fee is being shared.

Customers are also able to load cash into their PayPal balance while at Walmart, but this is not a new service as of today, we’re told.

The deal marks the first time that PayPal mobile app users will be able to take cash out from their PayPal balance while in a brick-and-mortar environment, though PayPal several years ago had partnered with retailers like Home Depot for integrations at the register.

In the years since, PayPal’s brick-and-mortar ambitions have died down, as Apple Pay and other tap-to-pay solutions grew to become the more popular way to pay via mobile devices at checkout.

In more recent months, PayPal has chosen to form closer ties with its earlier payment rivals, including through tighten integrations with Apple’s iOS, Samsung Pay, Android Pay, and other major stakeholders like Visa and MasterCard.

The Walmart partnership could be seen through the same lens, as Walmart, too, had once backed its own mobile payment platform, Current C, along with Target, CVS, Best Buy, and many other large retailers. It abandoned those efforts a couple of years ago and today, just offers Walmart Pay, its own scan-to-pay payments service that connects with customers’ saved credit, debit and gift cards.

With the PayPal deal, Walmart customers aren’t necessarily able to “check out” with PayPal, but they can go into the store, and get cash from PayPal – which can then be used to make purchases.

“Today’s news is the first time our two companies are working together to build products for our shared customers,” said Dan Schulman, President and CEO, PayPal, in a statement. “We consider this a key collaboration for both PayPal and Walmart. We are committed to working together to make it simple and easy for people to use PayPal cash in and cash out money services at every Walmart location in the U.S. We look forward to working hand-and-hand to help people and families with their financial services needs,” he added.

PayPal cash is available immediately at Walmart, while PayPal cash out will be available at all U.S. stores by early November.

 

With its regulatory woes behind it — and the acqui-hire of fintech startup Pariti — Tandem‘s product roadmap appears to be picking up pace.

The challenger bank founded by Ricky Knox has launched its second credit card today, this time targeting people in the U.K. who have yet to build up a credit history at all. Credit cards are already one of the most effective ways of improving your credit score (presuming you are approved for one and always repay on time, of course) and it seems that Tandem wants a piece of that action.

Dubbed the “Journey Card,” Tandem says the new credit card is “a way for those who haven’t had credit before to build up a strong credit profile”. The upstart bank says it is tapping into a climate where people are realising the importance of credit scores for building a better future and how essential a decent credit score is when taking out further credit such as a car loan, mortgage and other longer-term financial products.

However, although the new Journey Card shares the same low FX fees when spending abroad, there are some key differences compared to the original Tandem Cashback Card. These include no cash back, for starters, and what appears to be a higher APR in recognition of the higher risk Tandem is taking on.

With that said, both cards integrate with the Tandem mobile banking app, which acts as a Personal Finance Manager (PFM), including letting you aggregate your non-Tandem bank account data from other bank accounts or credit cards you might have. Very recently the app has released a plethora of updates (including digital statements, at last!), and these include some useful budgeting tools, which sits well alongside a credit card designed to help you build your credit score.

Meanwhile, it is becoming clearer that Tandem sees consumer credit as its “attack vector” in the consumer banking space, as apposed to offering a current account or pre-paid/debit card, although I wouldn’t be surprised to see the challenger bank go there eventually. It already offers a fixed-saver account, after all.

Says Ricky Knox, CEO of Tandem: “The integration of credit products into our app is a game-changer for the industry. Our competitors have launched some great pre-loaded and debit cards, but we will own credit in this space”.

Zuora, the SaaS company helping organizations manage payments for subscription businesses, announced today that it had been selected as a Premier Partner in the Amazon Pay Global Partner Program. 

The “Premier Partner” distinction means businesses using Zuora’s billing platform can now easily integrate Amazon’s digital payment system as an option during checkout or recurring payment processes. 

The strategic rationale for Zuora is clear, as the partnership expands the company’s product offering to prospective and existing customers.  The ability to support a wide array of payment methodologies is a key value proposition for subscription businesses that enables them to service a larger customer base and provide a more seamless customer experience.

It also doesn’t hurt to have a deep-pocketed ally like Amazon in a fairly early-stage industry.  With omnipotent tech titans waging war over digital payment dominance, Amazon has reportedly doubled down on efforts to spread Amazon Pay usage, cutting into its own margins and offering incentives to retailers.

As adoption of Amazon Pay spreads, subscription businesses will be compelled to offer the service as an available payment option and Zuora should benefit from supporting early billing integration.

For Amazon Pay, teaming up with Zuora provides direct access to Zuora’s customer base, which caters to tens of millions of subscribers. 

With Zuora minimizing the complexity of adding additional payment options, which can often disrupt an otherwise unobtrusive subscription purchase experience, the partnership with Zuora should help spur Amazon Pay adoption and reduce potential friction.

“By extending the trust and convenience of the Amazon experience to Zuora, merchants around the world can now streamline the subscription checkout experience for their customers,” said Vice President of Amazon Pay, Patrick Gauthier.  “We are excited to be working with Zuora to accelerate the Amazon Pay integration process for their merchants and provide a fast, simple and secure payment solution that helps grow their business.”

The world subscribed

The collaboration with Amazon Pay represents another milestone for Zuora, which completed its IPO in April of this year and is now looking to further differentiate its offering from competing in-house systems or large incumbents in the Enterprise Resource Planning (ERP) space, such as Oracle or SAP.   

Going forward, Zuora hopes to play a central role in ushering a broader shift towards a subscription-based economy. 

Tien Tzuo, founder and CEO of Zuora, told TechCrunch he wants the company to help businesses first realize they should be in the subscription economy and then provide them with the resources necessary to flourish within it.

“Our vision is the world subscribed.”  said Tzuo. “We want to be the leading company that has the right technology platform to get companies to be successful in the subscription economy.”

The partnership will launch with publishers “The Seattle Times” and “The Telegraph”, with both now offering Amazon Pay as a payment method while running on the Zuora platform.

Zuora, the SaaS company helping organizations manage payments for subscription businesses, announced today that it had been selected as a Premier Partner in the Amazon Pay Global Partner Program. 

The “Premier Partner” distinction means businesses using Zuora’s billing platform can now easily integrate Amazon’s digital payment system as an option during checkout or recurring payment processes. 

The strategic rationale for Zuora is clear, as the partnership expands the company’s product offering to prospective and existing customers.  The ability to support a wide array of payment methodologies is a key value proposition for subscription businesses that enables them to service a larger customer base and provide a more seamless customer experience.

It also doesn’t hurt to have a deep-pocketed ally like Amazon in a fairly early-stage industry.  With omnipotent tech titans waging war over digital payment dominance, Amazon has reportedly doubled down on efforts to spread Amazon Pay usage, cutting into its own margins and offering incentives to retailers.

As adoption of Amazon Pay spreads, subscription businesses will be compelled to offer the service as an available payment option and Zuora should benefit from supporting early billing integration.

For Amazon Pay, teaming up with Zuora provides direct access to Zuora’s customer base, which caters to tens of millions of subscribers. 

With Zuora minimizing the complexity of adding additional payment options, which can often disrupt an otherwise unobtrusive subscription purchase experience, the partnership with Zuora should help spur Amazon Pay adoption and reduce potential friction.

“By extending the trust and convenience of the Amazon experience to Zuora, merchants around the world can now streamline the subscription checkout experience for their customers,” said Vice President of Amazon Pay, Patrick Gauthier.  “We are excited to be working with Zuora to accelerate the Amazon Pay integration process for their merchants and provide a fast, simple and secure payment solution that helps grow their business.”

The world subscribed

The collaboration with Amazon Pay represents another milestone for Zuora, which completed its IPO in April of this year and is now looking to further differentiate its offering from competing in-house systems or large incumbents in the Enterprise Resource Planning (ERP) space, such as Oracle or SAP.   

Going forward, Zuora hopes to play a central role in ushering a broader shift towards a subscription-based economy. 

Tien Tzuo, founder and CEO of Zuora, told TechCrunch he wants the company to help businesses first realize they should be in the subscription economy and then provide them with the resources necessary to flourish within it.

“Our vision is the world subscribed.”  said Tzuo. “We want to be the leading company that has the right technology platform to get companies to be successful in the subscription economy.”

The partnership will launch with publishers “The Seattle Times” and “The Telegraph”, with both now offering Amazon Pay as a payment method while running on the Zuora platform.

If you think that Flash, the once-popular web plugin, couldn’t die fast enough, even those annoying fake Flash installers riddled with malware aren’t going anywhere any time soon. In fact, they’re getting even sneakier.

New research out of Palo Alto Networks found a recent spike of fake Flash installers not only dropping cryptocurrency mining malware on vulnerable computers — but actually installing Flash while it’s there.

The researchers said that this new technique is a way to deceive the user by tricking them into thinking that it’s a legitimate Flash installer.

Once the installer opens, it quietly implants XMRig, an open source cryptocurrency miner that uses the computer’s processor and graphics card to start mining. All the generated funds are siphoned off to a Monero wallet — making it near impossible to trace. When the mining malware is implanted, the installer downloads a legitimate Flash installer from Adobe’s website and installs it.

Since March, the researchers found over a hundred fake Flash updaters alone.

It’s a little ironic that Flash, one of the buggiest plugins and most attack prone over the years, is still causing headaches. When Flash wasn’t used as a way to used as a way to push malware on users, hackers were imitating it and using the plugin as a springboard to launch their own fake attacks. Flash became so much of a problem that Google began sandboxing Flash (and other plugins) in Chrome almost a decade ago because Flash-based malware was so prevalent.

But since the rise of the more universally supported and easier to use HTML5, Flash use has rapidly been on the decline.

Adobe is set to retire Flash in 2020. Maybe at its demise, we’ll see fewer fake Flash installers too?

Shimon is a marbima-playing robot with some real soul. This crazy little robot, created by Gil Weinberg at the Georgia Tech Center for Music Technology, can listen to the other players around it and play out little ditties in response to the music. In short, it’s the world’s best jazz and hip hop collaborator because, unlike humans, Shimon can never get drunk and forget the van keys back at that Taco Bell in Fresno.

“Most of what Shimon is playing is generated using a new process where he creates hundreds of melodies off line based on deep learning analysis of large musical data sets,” said Weinberg. “Then us humans (me and my students) choose melodies we like and orchestrate / structure them into songs. It’s a new form of robot-human collaboration, at least for us.”

In this video Shimon and crew play along to Dash Smith, an Atlanta-based rapper who freestyles while Shimon and you’ll also notice another Georgia Tech product, a robotic drumming prosthesis that gives the drummer the power of four Neil Perts.

Weinberg, Shimon’s human, is excited by the new developments.

“Still under development is the other new element – we are working letting Shimon analyze in real time the rhythm, melodies and semantic meaning of the free style rapper lyrics and use this analysis to drive Shimon’s improvisation. As you know we have explored mostly improvised music, starting with drum circles moving to Jazz, rock jam-bands, and African marimba bands,” said Weinberg. “We are now ready to move to the next frontier of real time collaborative improvisation – free style rapping, where the hope is that the rapper will be influenced by what Shimon is coming up with and vice versa.”

GoFundMe, the social fundraising platform that has raised over $5 billion from over 50 million donors for causes, today is taking a big step into fundraising for charities and other non-profit organizations, and specifically helping charities dedicated to adolescent girls in the process. The startup is partnering with former First Lady Michelle Obama and the Obama Foundation to launch the Global Girls Alliance Fund, a platform within GoFundMe designed for fundraising specifically for grassroots organizations that work on girls education initiatives.

The new platform is being rolled out as part of a bigger effort that Obama and the Obama Foundation are announcing today called the Global Girls Alliance, a program to empower adolescent girls through education.

Obama has been a strong supporter of the general cause, which — even with the advances we have seen in education and women’s rights — has been a persistent one globally. An estimated 98 million adolescent girls — that is, mostly-teenage females of secondary school age — are currently not in school, working out to one out of every five females in this age bracket, according to research from Unesco.

“I’m thrilled to announce the Obama Foundation’s launch of the Global Girls Alliance,” said Obama in a statement. “We want to lift up the grassroots leaders in communities all over the world who are clearing away the hurdles that too many girls face. Because the evidence is clear: educating girls isn’t just good for the girls, it’s good for all of us.”

The Fund is designed to be the a way for girls’ education charities to get donations through crowdsourcing, alongside whatever other routes they are using to raise money, whether it be through other fundraising efforts, via NGOs or other support.

Crowdfunding of the sort that has been built out by groups like GoFundMe provides a degree of transparency to donors beyond what they might have traditionally seen when making donations to charities. Donors can see who else is contributing money, and how much; and the organizations can provide more details about their progress and how they are using the money.

These organizations could have, of course, alwaysb gone directly to GoFundMe (or indeed other causes-oriented crowdfunding sites, such as Facebook or others), and some might already have done so.

The benefit of the Global Girls Alliance Fund is that it gives these causes a degree of economy of scale: together they have more visibility and virality potential (campaigns going viral being a major component of why they can do so well on these platforms). With the Obama machine behind it, they might get more firepower too by way of the Obama Foundation’s own outreach efforts. A single girls’ education charity may never find its way to the Today Show — a very popular breakfast show in the US — but Michelle Obama has. She’s announcing the news today on the program, to coincide with the International Day of the Girl.

GoFundMe has set up the Funding site so that people who are interested in giving money to the cause can donate either to a general GGA Fund, or to a specific grassroots project, which will be listed on the landing page. It’s kicking off with six funding options, five projects and the general GGA Fund, and more will be added and changed over time.

This is breaking new ground for GoFundMe in a couple of ways. For starters, this is the first time that GoFundMe has worked with a foundation to essentially provide a micro-site of sorts for funding a specific subset of charities around a single cause. GoFundMe’s work with charities versus individuals is a relatively new chapter for the startup — it really moved into the field in earnest in March this year after it integrated and relaunched CrowdRise, a charity-focused fundraising startup that it had acquired in 2017.

It’s also a new step ahead for GoFundMe in terms of how it works with organizations globally. Some of the groups that are falling under the Global Girls Alliance are coming from developing countries. Payments globally is a very fragmented space, and different countries have their own preferred methods for paying, and for drawing down funds people pay for goods and services. That situation is compounded in developing countries by the fact that is a high proportion of people who are “unbanked” — that is, without bank accounts, without payment cards, and without credit histories — three of the basic fundamentals that you need to make payments in developed countries.

That has meant that GoFundMe will be integrating with a wider variety of payment solutions globally in order to enable them to use its platform, both to raise money from the widest number of people, and to be able to eventually draw down and use funds. We’ve asked for GoFundMe to provide more details of who it’s working with on this front and will update as we learn more. For now, it looks like anyone with a credit card can join and donate to the Global Girls Alliance, and it will be interesting to see how and if they extend that to people without credit cards. (There are services like M-Pesa in Kenya that have bypassed traditional card infrastructure, and so alternatives do indeed exist.)

Hopefully, the transparency of fundraising on GoFundMe will also let us stay up to date on this initiative to see how it develops and if it and the Obama Foundation can pull it off. On a more personal note, I do hope it does.

Shopify, the provider of payment and logistics management software and services for retailers, has opened its first physical storefront in Los Angeles.

The first brick and mortar location for the Toronto-based company, is nestled in a warren of downtown Los Angeles boutique shops in a complex known as the Row DTLA.

For Shopify, Los Angeles is the ideal place to debut a physical storefront showing off the company’s new line of hardware products and the array of services it provides to businesses ranging from newly opened startups to $900 million juggernauts like the Kylie Cosmetics brand.

The city is one of the most dense conglomerations of Shopify customers with over 10,000 merchants using the company’s technologies in the greater Los Angeles area. 400 of those retailers have each earned over $1 million in gross merchandise volume.

In the Los Angeles space, which looks similar to an Apple store, patrons can expect to see demonstrations and tutorials of how Shopify’s tools and features work. Showrooms displaying the work that Shopify does with some of its close partners will also show how business owners can turn their product visions into actual businesses.

Like Apple, Shopify is staffing its store with experts on the platform who can walk new customers or would-be customers through whatever troubleshooting they may need. While also serving as a space to promote large and small vendors using its payment and supply management solution.

“Our new space in downtown LA is a physical manifestation of our dedication and commitment to making commerce better for everyone. We’re thrilled to be able to take our proven educational, support, and community initiatives and put them to work in an always-on capacity,” said Satish Kanwar, VP of Product at Shopify, in a statement. “We know that making more resources available to entrepreneurs, especially early on, makes them far more likely to succeed, and we’re happy to now be offering that through a brick-and-mortar experience in LA.”

Kanwar and Shopify chief operating officer, Harley Finkelstein, envision the new Los Angeles space as another way to support new and emerging retailers looking for tips on how to build their business in the best possible way.

“The path to being your own boss doesn’t need to be lonely or isolating,” said Finkelstein, in a statement. “With Shopify LA we wanted to create a hub where business owners can find support, inspiration, and community. Most importantly, entrepreneurs at all stages and of all sizes can learn together, have first access to our newest products, and propel their entrepreneurial dreams.”

After holding a series of hearings in the wake of the Facebook -Cambridge Analytica data misuse scandal this summer, and attending a meeting with Mark Zuckerberg himself in May, the European Union parliament’s civil liberties committee has called for an update to competition rules to reflect what it dubs “the digital reality”, urging EU institutions to look into the “possible monopoly” of big tech social media platforms.

Top level EU competition law has not touched on the social media axis of big tech yet, with the Commission concentrating recent attention on mobile chips (Qualcomm); and mobile and ecommerce platforms (mostly Google; but Amazon’s use of merchant data is in its sights too); as well as probing Apple’s tax structure in Ireland.

But last week Europe’s data protection supervisor, Giovanni Buttarelli, told us that closer working between privacy regulators and the EU’s Competition Commission is on the cards, as regional lawmakers look to evolve their oversight frameworks to respond to growing ethical concerns about use and abuse of big data, and indeed to be better positioned to respond to fast-paced technology-fuelled change.

Local EU antitrust regulators, including in Germany and France, have also been investigating the Google, Facebook adtech duopoly on several fronts in recent years.

The Libe committee’s call is the latest political call to spin up and scale up antitrust effort and attention around social media. 

The committee also says it wants to see much greater accountability and transparency on “algorithmic-processed data by any actor, be it private or public” — signalling a belief that GDPR does not go far enough on that front.

Libe committee chair and rapporteur, MEP Claude Moraes, has previously suggested the Facebook Cambridge Analytica scandal could help inform and shape an update to Europe’s ePrivacy rules, which remain at the negotiation stage with disagreements over scope and proportionality.

But every big tech data breach and security scandal lends weight to the argument that stronger privacy rules are indeed required.

In yesterday’s resolution, the Libe committee also called for an audit of the advertising industry on social media — echoing a call made by the UK’s data protection watchdog, the ICO, this summer for an ‘ethical pause‘ on the use of online ads for political purposes.

The ICO made that call right after announcing it planned to issue Facebook with the maximum fine possible under UK data protection law — again for the Cambridge Analytica breach.

While the Cambridge Analytica scandal — in which the personal information of as many as 87 million Facebook users was extracted from the platform without the knowledge or consent of every person, and passed to the now defunct political consultancy (which used it to create psychographic profiles of US voters for election campaigning purposes) — has triggered this latest round of political scrutiny of the social media behemoth, last month Facebook revealed another major data breach, affecting at least 50M users — underlining the ongoing challenge it has to live up to claims of having ‘locked the platform down’.

In light of both breaches, the Libe committee has now called for EU bodies to be allowed to fully audit Facebook — to independently assess its data protection and security practices.

Buttarelli also told us last week that it’s his belief none of the tech giants are directing adequate resource at keeping user data safe.

And with Facebook having already revealed a second breach that’s potentially even larger than Cambridge Analytica fresh focus and political attention is falling on the substance of its security practices, not just its claims.

While the Libe committee’s MEPs say they have taken note of steps Facebook made in the wake of the Cambridge Analytica scandal to try to improve user privacy, they point out it has still not yet carried out the promised full internal audit.

Facebook has never said how long this historical app audit will take. Though it has given some progress reports, such as detailing additional suspicious activity it has found to date, with 400 apps suspended at the last count. (One app, called myPersonality, also got banned for improper data controls.)

The Libe committee is now urging Facebook to allow the EU Agency for Network and Information Security (ENISA) and the European Data Protection Board, which plays a key role in applying the region’s data protection rules, to carry out “a full and independent audit” — and present the findings to the European Commission and Parliament and national parliaments.

It has also recommended that Facebook makes “substantial modifications to its platform” to comply with EU data protection law.

We’ve reached out to Facebook for comment on the recommendations — including specifically asking the company whether it’s open to an external audit of its platform.

At the time of writing Facebook had not responded to our question but we’ll update this report with any response.

Commenting in a statement, Libe chair Moraes said: “This resolution makes clear that we expect measures to be taken to protect citizens’ right to private life, data protection and freedom of expression. Improvements have been made since the scandal, but, as the Facebook data breach of 50 million accounts showed just last month, these do not go far enough.”

The committee has also made a series of proposals for reducing the risk of social media being used as an attack vector for election interference — including:

• applying conventional “off-line” electoral safeguards, such as rules on transparency and limits to spending, respect for silence periods and equal treatment of candidates;
• making it easy to recognize online political paid advertisements and the organisation behind them;
• banning profiling for electoral purposes, including use of online behaviour that may reveal political preferences;
• social media platforms should label content shared by bots and speed up the process of removing fake accounts;
• compulsory post-campaign audits to ensure personal data are deleted;
• investigations by member states with the support of Eurojust if necessary, into alleged misuse of the online political space by foreign forces.

A couple of weeks ago, the Commission outted a voluntary industry Code of Practice aimed at tackling online disinformation which several tech platforms and adtech companies had agreed to sign up to, and which also presses for action in some of the same areas — including fake accounts and bots.

However the code is not only voluntary but does not bind signatories to any specific policy steps or processes so it looks like its effectiveness will be as difficult to quantify as its accountability will lack bite.

A UK parliamentary committee which has also been probing political disinformation this year also put out a report this summer with a package of proposed measures — with some similar ideas but also suggesting a levy on social media to ‘defend democracy’.

Meanwhile Facebook itself has been working on increasing transparency around advertisers on its platform, and putting in place some authorization requirements for political advertisers (though starting in the US first).

But few politicians appear ready to trust that the steps Facebook is taking will be enough to avoid a repeat of, for example, the mass Kremlin propaganda smear campaign that targeted the 2016 US presidential election.

The Libe committee has also urged all EU institutions, agencies and bodies to verify that their social media pages, and any analytical and marketing tools they use, “should not by any means put at risk the personal data of citizens”.

And it goes as far as suggesting that EU bodies could even “consider closing their Facebook accounts” — as a measure to protect the personal data of every individual contacting them.

The committee’s full resolution was passed by 41 votes to 10 and 1 abstention. And will be put to a vote by the full EU Parliament during the next plenary session later this month.

In it, the Libe also renews its call for the suspension of the EU-US Privacy Shield.

The data transfer arrangement, which is used by thousands of businesses to authorize transfers of EU users’ personal data across the Atlantic, is under growing pressure ahead of an annual review this month, as the Trump administration has failed entirely to respond as EU lawmakers had hoped their US counterparts would at the time of the agreement being inked in the Obama era, back in 2016.

The EU parliament also called for Privacy Shield to be suspended this summer. And while the Commission did not act on those calls, pressure has continued to mount from MEPs and EU consumer and digital and civil rights bodies.

During the Privacy Shield review process this month the Commission will be pressuring US counterparts to try to gain concessions that it can sell back home as ‘compliance’.

But without very major concessions — and who would bank on that, given the priorities of the current US administration — the future of the precariously placed mechanism looks increasingly uncertain.

Even as more oversight coming down the pipe to rule social media platforms look increasingly certain.