Month: September 2020

Microsoft this morning announced plans to acquire ZeniMax Media Inc. for $7.5 billion. The gaming holding company is the parent to a number of high profile publishers, including Bethesda Game Studios, id Software, ZeniMax Online Studios, Arkane, MachineGames, Tango Gameworks, Alpha Dog and Roundhouse Studios.

Once approved, the deal would bring some of the industry’s highest profile franchises under the Microsoft banner, including Elder Scrolls, Doom, Fallout, Qyuake, Wolfenstein, Dishonored, Prey and Starfield.

“All of their great work will of course continue and grow and we look forward to empowering them with the resources and support of Microsoft to scale their creative visions to more players in new ways for you,” Xbox head Phil Spencer said in a blog post announcing the news.

Bethesda SVP Pete Hines addressed the acquisition on the publisher’s own blog, writing, “The world, our industry, and our company has changed a lot in the 34 years since Bethesda Softworks was first founded. Today, it changed again. And I know that brings up questions. But the key point is we’re still Bethesda. We’re still working on the same games we were yesterday, made by the same studios we’ve worked with for years, and those games will be published by us.”

With both a new a Xbox and Playstation due on in the coming months, the closing of such a deal could put Microsoft in a key position in terms of title exclusivity. The parties have yet to discuss how such a move will ultimately impact how big franchises like Elder Scrolls and Doom will be approached on competing systems.

In 2014, Zenimax sued Facebook, following Id Software cofounder John Carmack’s move to Oculus. The suit sought $4 billion in damages, alleging stolen trade secrets. A court found in Zenimax’s favor over copyright infringement and breach of contract, but not trade secrets. The parties settled out of court.

You know a deal is signed and going to close when the parties keep fact checking each other and no one can agree on what the deal actually says.

We’ve been following the TikTok / Oracle deal for sometime here on TechCrunch, and over the weekend, it seemed like we finally got to the finish line of one of the strangest M&A processes we’ve seen. But the last 48 hours have made everything so confused, I am not sure we even know what the deal is despite it being approved.

Overnight, my colleague Rita Liao put together a nice fact check on what we know now about the TikTok deal, based on ByteDance’s official statements. The key is that “China’s ByteDance confirms it will retain an 80% stake in TikTok after selling a total of 20% to Oracle, its ‘trusted technology partner,’ and Walmart, its ‘commercial partner.’”

That’s been our assumption, that Oracle is taking 12.5% in TikTok Global, and Walmart will take 7.5%. The deal terms would value TikTok at about $60 billion by some estimates.

That’s a simple story, but apparently not the full one, because now there is another wrinkle happening here.

In a new statement attributed to its executive vice president Ken Glueck, Oracle said that “Upon creation of TikTok Global, Oracle/Walmart will make their investment and the TikTok Global shares will be distributed to their owners, Americans will be the majority and ByteDance will have no ownership in TikTok Global.”

President Donald Trump has spoken out about the deal himself in places like CNBC, arguing that TikTok must be completely controlled by Americans.

From what I can glean (and to be honest, given the shifting landscape and war of words, it’s not clear that even the participants know what is going on), “TikTok” the app is going to be housed in a new company called TikTok Global, that will be located outside of China proper. There appears to be no other “TikTok” entity. ByteDance will continue to own its China-centric apps Douyin (which also is a short video social service targeting the Chinese market), Toutiao, and others and obviously keep running them.

So how can a company simultaneously own a majority of the company and 0% of a company? TechCrunch is investigating, or at least, combing through the rubble of this deal and trying to make heads or tails of it.

Last year, Amazon announced its Sidewalk network, a new low-bandwidth, long-distance wireless protocol it developed to help connect smart devices inside and — maybe even more importantly — outside of your home. Sidewalk, which is somewhat akin to a mesh network that, with the right amount of access points, could easily cover a whole neighborhood, is now getting closer to launch.

As Amazon announced today, compatible Echo devices will become Bluetooth bridges for the Sidewalk network later this year and select Ring Floodlight and Spotlight Cams will also be part of the network. Since these are low-bandwidth connections, Amazon expects that users won’t mind sharing a small fraction of their bandwidth with their neighbors.

In addition, the company also announced that Tile will be the first third-party Sidewalk device to use the network when it launches its compatible tracker in the near future.

When Amazon first announced Sidewalk, it didn’t quite detail how the network would work. That’s also changing today, as the company published a whitepaper about how it will ensure privacy and security on this shared network. To talk about all of that — and Amazon’s overall vision for Sidewalk — I sat down with the general manager of Sidewalk, Manolo Arana.

Arana stressed that we shouldn’t look at Sidewalk as a competitor to Thread or other mesh networking protocols. “I want to make sure that you see that Sidewalk is actually not competing with Thread or any of the other mesh networks available,” he said. “And indeed, when you think about applications like ZigBee and Z-Wave, you can connect to Sidewalk the same way.” He noted that the team isn’t trying to replace existing protocols but just wants to create another transport mechanism — and a way to manage the radios that connect the devices.

And to kickstart the network and create enough of a presence to allow homeowners to connect their smart lights at the edge of their properties, for example, what better way for Amazon than to use the Echo family of devices.

“Echos are going to serve as bridges, that’s going to be a big thing for us,” Arana said. “You can imagine the number of customers that will benefit from that feature. And for us to be able to have that kind of service, that’s super important. And Tile is going to be the first edge device, the first Sidewalk-enabled device, and they’ll be able to track your valuables, your wallet, whatever it is that you love.”

And in many ways, that’s the promise of Sidewalk. You share a bit of bandwidth with your neighbors and in return, you get the ability to connect to a smart light in your garden that would otherwise be outside of your own network, for example, or get motion sensor alerts even when your home WiFi is out, or to track your lost dog who is wearing a smart pet finder (something Amazon showed off when it first announced Sidewalk).

In today’s whitepaper, the team notes that Amazon will make sure that shared bandwidth is capped and provide a simple on/off control for compatible devices to give users the choice to participate. The maximum bandwidth a device can use is capped at 500MB and the bandwidth between a bridge and the Sidewalk server in the cloud won’t exceed 80Kbps.

The overall architecture of the Sidewalk service is pretty straightforward. The endpoint, say a connected garden light, talks to the bridge (or gateway, as Amazon also calls it in its documentation). Those gateways will use Bluetooth Low Energy (BLE), Frequency Shift Keying (FSK) and LoRa in the 900 MHz band connect to the devices on one side — and then talk to the Sidewalk Network server in the cloud on the other.

That network server — which is operated by Amazon — manages incoming packets and ensure that they come from authorized devices and services. The server then talks to the application server, which is either operated by Amazon or a third-party vendor.

All these communications are encrypted multiple times and even Amazon won’t be able to know the commands or messages that are being passed through the network. There are three layers of encryption here. First, there’s the application layer that enables the communication between the application server and the endpoint. Then, there’s Sidewalk’s network layer, which protects the packets over the air and in addition, there’s the so-called Flex layer which is added by the gateway and which provides the network server with what Amazon calls “a trusted reference of message-received time and adds an additional layer of packet confidentiality.”

In addition, whatever routing information Amazon receives is purged ever 24 hours and device IDs are regularly rotated to ensure data can’t be tied to individual customers, in addition to using one-way hashing keys and other cryptographic techniques.

Arana stressed that the team decided not to go public with this project until it had gone through extensive penetration tests, for example, and added kill switches and advanced security features. The team also developed novel techniques to provision devices inside the network securely.

He also noted that the silicon vendors who want to enable their products for Sidewalk have to go through an extensive testing procedure.

“When you look at the level of security requirements for the silicon to be part of Sidewalk, many of our silicon [vendors] haven’t been qualified, just because it needs to be the new version, it needs to have certain secure boot features and things. That has been quite an eye-opener for everyone, to see that IoT is definitely improving — and it is going to get to a super level — but there’s a lot of work to do and this is part of it. We took it on and embraced that security level to the maximum and the vendors have been extremely positive and forthcoming working with us.”

Among those vendors the team has been working with are Silicon Labs, Texas Instruments and Nordic Semiconductor.

To test Sidewalk, Amazon partnered with the Red Cross to run a proof of concept implementation to help it track blood collection supplies between its distribution centers and donation sites.

“What we do with this is very simple tracking,” Arana said. “If you think about what they need, it is: did [the supplies] leave the building? Did they arrive at the other building? And it’s just it’s an immense simplification for them in terms of the logistics and creates efficiencies in terms of the distribution of those [supplies].”

This is obviously not so much a consumer use case, but it does show the potential for Sidewalk to also take on more industrial use cases over time. As of now, that’s not necessarily what the team is focusing on, but Arana noted that there are a lot of use cases where Sidewalk may be able to replace cell networks to provide IoT connectivity for sensors and other small edge devices that don’t have large bandwidth requirements — and adding cellular connectivity also makes these devices more expensive to build.

Since Amazon is jumpstarting the network with its Echo and Ring Devices, chances are you’ll hear quite a bit more about Sidewalk in the near future.

With many of us are still more or less confined to our own homes and limited social spaces for the foreseeable future, and for a lot of you, that has led to a rediscovery of the joys of biking. Bike riding is a great way to spend time outdoors exploring your own town or city, and if you’re just getting into exploring this hobby, or if you’re a long-time bike rider looking for an upgrade, the Lumos Matrix smart helmet is a sensible piece of tech with a solid design that combines a number of connected features into one great package.

The basics

The Matrix is a version of Lumos’ smart helmet updated with modern, urban helmet aesthetics and a new large LED display on the back that can be programmed to show a variety of different patterns, including simple images. It includes a built-in front light in addition to the rear light panel, as well as integrated turn signals that work with an included physical handlebar remote, or in concert with an Apple Watch app. It’s available in either a gloss white finish, or a matte black (as reviewed).

Lumos has designed the Matrix to work with a wide range of head sizes, thanks in part to two sets of included velcro pads for the inside of the helmet, but due mostly to the adjustable, ratcheting sizing harness on the inside. This can be easily dialled to tighten or loosen the helmet, helping it fit heads ranging between 22 and 24-inches in size.

The exterior of the Lumos is made of an ABS plastic that provides full weatherproofing, so that you can wear it in the rain without having to worry about the condition of the embedded electronics. There’s also a MIPS (Multi-directional Impact Protection System) option that you can add on if you want an additional level of safety and security, though that’s not yet shipping and should be “available soon” according to the company.

A button integrated into the helmet’s strap lets you turn it on and off, and cycle between the built-in patters. You can pair the helmet via Bluetooth with your smartphone, too, and use the dedicated app to customize features including brightness, and even creating your own custom patterns for the rear display. In the box, you’ll also find a charging cable with a standard USB A connector on one end, and a proprietary magnetic charging surface on the other for powering up both your helmet and the handlebar remote.

Design and performance

The Lumos Matrix features a mostly continuous surface, with four vents on the top of the helmet for airflow, with an integrated brim built into the shell. As mentioned, there’s a front-facing light built-in to the helmet and protected by a transparent plastic covering, as well as a rear panel of 7×11 led lights, which create a dot matrix-style display that can display images or animations, including scrolling text. These LEDs are all full RGB, allowing the user to take full advantage for their own, or built-in display creations.

Lumos also makes the Kickstart, which features a more aerodynamic, thoroughly vented design. The look of the Matrix is more akin to helmets used in skateboarding, and for urban commuter bicyclists. Despite its more solid-looking design, in testing I found that it was actually very comfortable and cool, allowing plenty of airflow. The helmet sits a bit high on the head, but has ample hard foam padding and definitely feels like a solid piece of protective gear. Overall, the extreme quality of the construction and level of the finishes on the Matrix help it earn its higher price tag.

The Matrix is also comfortable, and the adjustable sizing straps ensure a snug fit that means the helmet won’t be shifting around at all while worn. The activation button located on the chin strap near your ear is easy to find and press, with a tactile response combined with an auditory signal so you’ll know it’s on. There’s also a built-in magnetic holder for the included two-button handlebar turn signal remote in the rear interior of the helmet itself, which is super useful when wearing the helmet out on errands.

In terms of the smart features, Lumos has created a very sensible set of defaults for the on-board lighting that make it easy to just turn on the helmet and get riding. The built-in patterns offer a range of options, but all do the job of increasing your visibility – and the bright lighting means that it adds to your ability to be seen by motorists, other cyclists and pedestrians even while you’re biking in bright daylight.

The customizability of the rear dot matrix display is also super handy. Even if you’re not interested in creating colorful designs to express your artistic self, you can use it for much more practical reasons – like displaying a simple scrolling message (ie. ‘biking with kids’) in order to alert anyone else around to reasons to pay heightened attention.

The included Lumos handlebar remote is paired out of the box, and is extremely reliable in terms of activating the turn signals on the helmet. Lumos’ smartwatch app was much more hit-or-miss for me in terms of recognizing my arm gestures reliably to automate the signalling, but that’s really a value-add feature anyway, and totally not necessary to get the full benefit of the helmet. The app’s integration with Apple Health for workout tracking while biking is also fantastic, and really adds to the overall experience of using the Matrix helmet.

Bottom line

The Lumos Matrix is a fantastic bike helmet, with an amazing integrated smart lighting system that’s both bright and highly customizable. There’s a reason this thing is carried at Apple Stores – it’s top quality in terms of construction, software integration and design. That said, its retail price starts at $249.95 – which is a lot when you consider that a good quality MIPS helmet without smart features will only set you back about $60 or so.

When you consider just how much technology is onboard the Matrix, however, the pricing becomes a lot easier to swallow. It’s true that dedicated lights also aren’t expensive, but the ones on the Matrix are very high quality and extremely visible in all lighting conditions. And the Matrix offers unique features you won’t find anywhere else, including active turn signals and automated brake lights, which really add to your ability to safely share the road with other cyclists and vehicles.

It seems that distance learning is even coming for the healthcare industry.

As remote work becomes the order of the day in the COVID-19 era, any tool that can bring training and education services to folks across industries is gaining a huge amount of investor interest — and that includes healthcare.

Virtual reality tools like those on offer from Osso VR have been raising investor dollars at a rapid clip, and now the Palo Alto, Calif.-based virtual reality distribution platform joins their ranks with a $14 million round of financing.

The money came from a clutch of investors led by the investment arm of Kaiser Permanente, a healthcare giant whose network of managed care facilities and services spans the country. Previous backers and new investors like SignalFire, GSR, Scrum Ventures, Leslie Ventures and OCA Ventures, also participated in the funding. 

Osso has seen its adoption skyrocket during the pandemic as medical device manufacturers and healthcare networks turn to training tools. that don’t require a technician to be physically present.

According to company founder Dr. Justin Barad, the market for medical device education services alone is currently around $3 billion to $5 billion and growing rapidly.

Staffed by a team that comes from Industrial Light and Magic, Electronic Arts, Microsoft, and Apple, Osso VR makes generic educational content for training purposes and then produces company specific virtual reality educational videos for companies like Johnson and Johnson. Those productions can run the gamut from instructional videos on vascular surgery to robotic surgery training tips and tricks.

While Kaiser Permanente Ventures’ Amy Belt Raimundo said that the strategic investor’s decisions to commit capital aren’t based on what Kaiser Permanente uses, necessarily, the organization does take its cues from what employees want.

“We don’t tie our investment to a deployment or customer contract, but we look for the same signals within Kaiser Permanente,” said Belt Raimundo. But the organization did have employees interested in using the Osso technology. “We made the announcement that we are looking at [Osso VR] technology for use. And that’s where the investment and commercial decision was signaling off of each other, because the response showed that there was an unmet need there,” she said.

Osso VR currently has around 30 customers, 12 of which are in the medical device space. The company uses Oculus Quest headsets and is deployed in 20 teaching hospitals across 20 different countries. In a recent validation study, surgeons training with Osso VR showed a 230 percent improvement in overall surgical performance, the company said in a statement.

The goal, according to Barad, a lifelong coder with a game development credit from Activision/Blizzard, is to democratize healthcare. “This is about improving patient outcomes, democratizing access, and improving education,” said Barad. “Now that the technology is growing and maturing and VR is growing as a platform, we can attack the broader problems,” in healthcare, he said.

 

Nikola Corp. founder and Executive Chairman Trevor Milton is stepping down from the electric truck company effective immediately. This comes in the wake of a report from a noted short-selling accusing the company of fraud. Milton is succeeded by Stephen Girsky, a former General Motors executive who was already on the company’s board.

Nikola company stock fell as far as 30% in pre-market trading, currently trading around $25 a share. Over the last few months, the stock experienced wild trading with at one time the stock hitting $79 a share.

“The focus should be on the company and its world-changing mission, not me. I intend to defend myself against false accusations leveled against me by outside detractors,” Milton said in a statement posted on Twitter.

This month, Hindenburg Research, a short seller, published a report alleging Nikola is misleading investors. Nikola refutes the claims.

“These allegations by the short seller are false and misleading and designed to manipulate the market to profit from a manufactured decline in Nikola’s stock price,” Nikola said, following Hindenburg Research’s report.

This report came on the heels of a significant deal for Nikola. The young automaker had just signed an agreement with General Motors that gave GM 11% ownership in the upstart in exchange for technology and assistance getting Nikola’s first model to market.

Electric trucks, both consumer and commercial versions, are quickly becoming a battleground for automakers. The market is ripe for innovation, and incumbent automakers are looking for partners to kickstart operations. Ford, the leader in consumer trucks, sided with Michigan-based Rivian, which is helping develop electric vehicles for Ford. General Motors’ recent partnership with Nikola seemed smart at the time of its announcement. Still, now, after the Hindenburg Report, the viability of the deal is in question, and with that, the future of GM’s electric pickup.

In a new report, Amnesty International says it’s found evidence of EU companies selling digital surveillance technologies to China — despite the stark human rights risks of technologies like facial recognition ending up in the hands of an authoritarian regime that’s been rounding up ethnic Uyghurs and holding them in “re-education” camps.

The human rights charity has called for the bloc to update its export framework, given that the export of most digital surveillance technologies is currently unregulated — urging EU lawmakers to bake in a requirement to consider human rights risks as a matter of urgency.

“The current EU exports regulation (i.e. Dual Use Regulation) fails to address the rapidly changing surveillance dynamics and fails to mitigate emerging risks that are posed by new forms of digital surveillance technologies [such as facial recognition tech],” it writes. “These technologies can be exported freely to every buyer around the globe, including Chinese public security bureaus. The export regulation framework also does not obligate the exporting companies to conduct human rights due diligence, which is unacceptable considering the human rights risk associated with digital surveillance technologies.”

“The EU exports regulation framework needs fixing, and it needs it fast,” it adds, saying there’s a window of opportunity as the European legislature is in the process of amending the exports regulation framework.

Amnesty’s report contains a number of recommendations for updating the framework so it’s able to respond to fast-paced developments in surveillance tech — including saying the scope of the Recast Dual Use Regulation should be “technology-neutral”, and suggesting obligations are placed on exporting companies to carry out human rights due diligence, regardless of size, location or structure.

We’ve reached out to the European Commission for a response to Amnesty’s call for updates to the EU export framework.

The report identifies three EU-based companies — biometrics authentication solutions provider Morpho (now Idemia) from France; networked camera maker Axis Communications from Sweden; and human (and animal) behavioral research software provider Noldus Information Technology from the Netherlands — as having exported digital surveillance tools to China.

“These technologies included facial and emotion recognition software, and are now used by Chinese public security bureaus, criminal law enforcement agencies, and/or government-related research institutes, including in the region of Xinjiang,” it writes, referring to a region of north-west China that’s home to many ethnic minorities, including the persecuted Uyghurs.

“None of the companies fulfilled their human rights due diligence responsibilities for these transactions, as prescribed by international human rights law,” it adds. “The exports pose significant risks to human rights.”

Amnesty suggests the risks posed by some of the technologies that have already been exported from the EU include interference with the right to privacy — such as via eliminating the possibility for individuals to remain anonymous in public spaces — as well as interference with non-discrimination, freedom of opinion and expression, and potential impacts on the rights to assembly and association too.

We contacted the three EU companies named in the report for a response.

At the time of writing only Axis Communications had replied — pointing us to a public statement, where it writes that its network video solutions are “used all over the world to help increase security and safety”, adding that it “always” respects human rights and opposes discrimination and repression “in any form”.

“In relation to the ethics of how our solutions are used by our customers, customers are systematically screened to highlight any legal restrictions or inclusion on lists of national and international sanctions,” it also claims, although the statement makes no reference to why this process did not prevent it from selling its technology to China.

On the domestic front, European lawmakers are in the process of fashioning regional rules for the use of ‘high risk’ applications of AI across the bloc — with a draft proposal due next year, per a recent speech by the Commission president.

Thus far the EU’s executive has steered away from an earlier suggestion that it could seek a temporary ban on the use of facial recognition tech in public places. It also appears to favor lighter touch regulation which defines only a sub-set of ‘high risk’ applications, rather than imposing any blanket bans. Additionally regional lawmakers have sought a ‘broad’ debate on circumstances where use of remote use of biometric identification could be justified, suggesting nothing is yet off the table.

Playco is a new mobile gaming startup created by Game Closure co-founder Michael Carter and Zynga co-founder Justin Waldron, as well as game producers Takeshi Otsuka and Teddy Cross.

Although the Tokyo-headquartered company is only announcing its existence today, it’s already a unicorn — it says it’s raised $100 million in Series A funding, at a valuation “just north of $1 billion.”

The round was led by Josh Buckley and Sequoia Capital, with participation from Sozo Ventures, Raymond Tonsing’s Caffeinated Capital, Keisuke Honda’s KSK Angel Fund, Taizo Son’s Mistletoe Singapore, Digital Garage, Will Smith’s Dreamers, Makers Fund and others.

Carter (Playco’s CEO) said the startup will be revealing its first games later this year. For now, he wants to talk about Playco’s vision: It’s trying to address the fact that “it’s very difficult to get two people into a single game in the App Store.” After all, downloading an app is a pretty big hurdle, especially compared to the early days of web and social gaming, when all you needed was a link.

“We’re going to bring that back,” Carter said — with Playco’s titles, sharing and playing a mobile game with your friend should be as simple as texting or calling them. “All it really takes is a hyperlink.”

He pointed to a number of technologies that can enable this “instant play” experience on mobile, including cloud gaming, HTML5 and platform-specific tools like Apple’s new App Clips. He claimed the team is “very good at this cutting edge technology” — and the company has created its own game engine — but he said technology is not the sole focus: “That’s just table stakes.”

Waldron (Playco’s president) argued that this represents the next big platform shift in gaming, and it will require “reinventing a lot of the most popular genres today” while also creating entirely new genres, in the same way that social gaming enabled new types of games.

“If you think about FarmVille, there were no farm games being advertised being in local console games store,” Waldron said. “They don’t market well; if you put up a poster for a farm game, no one wants to play.” But if your friends invite you by sending you some digital crops, then you absolutely want to play.

Carter added that enabling instant play also means that the games themselves have to be fairly straightforward, at least at first glance.

“Ultimately, as we build up the portfolio, we think about what makes the game accessible to anyone on the planet, any ethnicity, any language,” he said. “And the answer is: It has to be broadly appealing. That doesn’t mean we can’t build into it relatively interesting and deep features, but the initial impression has to be the right sort of experience that people can easily relate to.”

Carter also acknowledged that it’s unusual for a startup to raise so much money in its Series A (“It’s not your typical company, and it’s not your typical Series A”), but he said that being more ambitious with fundraising allowed Playco to quickly grow the team to 75 people.

“Bringing talented people together is the most important thing, and [thanks to the funding,] we haven’t had to make any really hard decisions,” he said.

As for how its games will make money, Waldron suggested that Playco will borrow from (but also potentially evolve) many of the existing business models in gaming.

“We don’t need to reinvent the wheel,” he said. “There’s going to be amazing things we can learn from my last company — we ended up inventing a lot of the ways these games are monetizing today … But these new technologies available today create new opportunities. The world has changed a lot since then, and I don’t think everything has caught up.”

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach of all time”.

The publication follows a now two-year-old complaint lodged with Ireland’s Data Protection Commission (DPC) claiming unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB) process — including dominant RTB systems devised by Google and the Internet Advertising Bureau (IAB).

The Irish DPC opened an investigation into Google’s online Ad Exchange in May 2019, following a complaint filed by Dr Johnny Ryan (then at Brave, now a senior fellow at the ICCL) in September 2018 — but two years on that complaint, like so many major cross-border GDPR cases, remains unresolved.

And, indeed, multiple RTB complaints have been filed with regulators across the EU but none have yet been resolved. It’s a major black mark against the bloc’s flagship data protection framework.

“September 2020 marks two years since my formal complaint to the Irish Data Protection Commission about the “Real-Time Bidding” data breach. This submission demonstrates the consequences of two years of failure to enforce,” writes Ryan in the report.

Among hair-raising highlights in the ICCL dossier are that:

• Google’s RTB system sends data to 968 companies;
• that a data broker company which uses RTB data to profile people influenced the 2019 Polish Parliamentary Election by targeting LGBTQ+ people; 
• that a profile built by a data broker with RTB data allows users of Google’s system to target 1,200 people in Ireland profiled in a “Substance abuse” category, with other health condition profiles offered by the same data broker available via Google reported to include “Diabetes”, “Chronic Pain”, and “Sleep Disorders”;
• that the IAB’s RTB system allows users to target 1,300 people in Ireland profiled in a “AIDS & HIV” category, based on a data broker profile build with RTB data, while other categories from the same data broker include “Incest & Abuse Support”, “Brain Tumor”, “Incontinence”, and “Depression”;
• that a data broker that gathers RTB data tracked the movements of people in Italy to see if they observed the Covid-19 lockdown;
• that a data broker that illicitly profiled Black Lives Matters protesters in the US has also been allowed to gather RTB data about Europeans;
• that the industry template for profiles includes intimate personal characteristics such as “Infertility”, “STD”, and “Conservative” politics;

“Real-Time Bidding operates behind the scenes on websites and apps. It constantly broadcasts the private things we do and watch online, and where we are in the real-world, to countless companies. As a result, we are all an open book to data broker companies, and others, who can build intimate dossiers about each of us,” it adds. 

We also reached out to the IAB Europe for comment on the report. A spokeswoman told us it would issue a response tomorrow.

Responding to the ICCL submission, the DPC’s deputy commissioner Graham Doyle sent this statement: “Extensive recent updates and correspondence on this matter, including a meeting, have been provided by the DPC. The investigation has progressed and a full update on the next steps provided to the concerned party.”

However in a follow up to Doyle’s remarks, Ryan told TechCrunch he has “no idea” what the DPC is referring to when it mentions a “full update”. On “next steps” he said the regulator informed him it will produce a document setting out what it believes the issues are — within four weeks of its letter, dated September 15.

Ryan expressed particular concern that the DPC’s enquiry does not appear to cover security — which is the crux of the RTB complaints, since GDPR’s security principle puts an obligation on processors to ensure data is handled securely and protected against unauthorized processing or loss. (Whereas RTB broadcasts personal data across the Internet, leaking highly sensitive information in the process, per earlier evidence gathered by the complainants.)

He told TechCrunch the regulator finally sent him a letter, in May 2020, in response to his request to know what the scope of the inquiry is — saying then that it is examining the following issues:

• Whether Google has a lawful basis for processing of personal data, including special category data, for the purposes of targeted advertising via the Authorised Buyers mechanism and, specifically, for the sourcing, sharing and combining of the personal data collected by Google with other companies / partners;
• How Google complies with its transparency obligations, particularly with regard to Art. 5(1), 12, 13 and 14 of the GDPR;
• The legal basis / bases for Google’s retention of personal data processed in the context of the Authorised Buyers mechanism and how it complies with Article 5(1)(c) in respect of its retention of personal data processed through the Authorised Buyers mechanism;

We’ve asked the DPC to confirm whether its investigation of Google’s adtech is also examining compliance with GDPR Article 5(1)f and will update this report with any response.

The DPC did not respond to our question about the timing for any draft decision on Ryan’s two-year-old complaint. But Doyle also pointed us to work this year around cookies and other tracking technologies — including guidance on compliant usage — adding that it has set out its intention to begin related enforcement from next month, when a six-month grace period for industry to comply with the rules on tracking elapses.

The regulator also pointed to another related open enquiry — into adtech veteran Quantcast, also beginning in May 2019. (That enquiry followed a submission by privacy rights advocacy group, Privacy International.)

The DPC has said the Quantcast enquiry is examining the lawful basis claimed for processing Internet users’ data for ad targeting purposes, as well as considering whether transparency and data retention obligations are being fulfilled. It’s not clear whether the regulator is looking at the security of the data in that case, either. A summary of the scope of Quantcast enquiry in the DPC’s annual report states:

In particular, the DPC is examining whether Quantcast has discharged its obligations in connection with the processing and aggregating of personal data which it conducts for the purposes of profiling and utilising the profiles generated for targeted advertising. The inquiry is examining how, and to what extent, Quantcast fulfils its obligation to be transparent to individuals in relation to what it does with personal data (including sources of collection, combining and making the data available to its customers) as well as Quantcast’s personal data retention practices. The inquiry will also examine the lawful basis pursuant to which processing occurs.

While Ireland remains under huge pressure over the glacial pace of cross-border GDPR investigations, given it’s the lead regulator for many major tech platforms, it’s not the only EU regulator accused of sitting on its hands where enforcement is concerned.

The UK’s data watchdog has similarly faced anger for failing to act over RTB complaints — despite acknowledging systematic breaches. In its case, after months of regulatory inaction, the ICO announced earlier this year that it had ‘paused ‘its investigation into the industry’s processing of Internet users’ personal data — owing to disruption to businesses as a result of the COVID-19 pandemic.

Babbel, the popular Berlin-based online language learning service, today announced that it has now sold a total of 10 million subscriptions to its service. For a language learning service, that’s quite a substantial number, especially given that Babbel doesn’t really offer a free tier. In part, the company’s march to 10 million subscriptions was accelerated by the COVID-19 pandemic, but Babbel had already seen accelerating growth before, in no small part thanks to its aggressive expansion in the U.S. where Babbel’s subscriber volume and revenue have tripled year over year.

The fact that growth accelerated during the pandemic actually came as a bit of a surprise to the team. Typically, at least in the U.S., demand for language learning is somewhat seasonal and users are often motivated to learn a new language because they are preparing a big trip to Europe, for example.

“We know that in the U.S., we typically find the number one motivation that our users give for why they would want to learn a language is travel, which of course, makes sense, because that is your chance to use the language,” Babbel US CEO Julie Hansen told me. “And in fact, last year, there was record travel from the U.S. to Europe. […] I was very, very concerned for the prospects of our business, not to mention the prospects of our national health.”

But with a bit of lag, after the lockdowns in the U.S. (and around the globe) started, Babbel saw an increase in interest in its service because people wanted to use this time for self-improvement. At the same time, Babbel — like so many other education-related services — launched free tiers for high school and college students, too. Hansen said the company saw at least a “couple of hundred thousand” downloads from those initiatives alone. With that, the company’s user base now also skews a little bit younger (though Hansen also credited the company’s advertising on social and especially TikTok for this).

“You can literally draw a graph per country with the date of school closures, the date of lockdown — and then maybe a day or two for the first couple of Netflix series to go by — and then language learning picked up quite quickly,” Babbel CEO Arne Schepker said.

One area that has been challenging is B2B sales, where Babbel (and its competitors) saw an immediate slowdown, but as Hansen noted, some companies also started leaning more into digital training for their employees, maybe in part because they replaced in-person classes with tools like Babbel. Yet, despite the overall slowdown, Babbel still doubled its B2B revenue year-over-year and recently signed on its fellow Berlin -based company Delivery Hero as one of its customers.

Ahead of the pandemic, Babbel also started investing in its language travel business after it acquired LingoVentura in 2018. And while the team believes that this business will pick up again over time, Schebker acknowledged that nobody is traveling right now, so this business is currently in a holding pattern.

Looking ahead, the company will soon launch what Hensen called “other learning methods,” but the team isn’t quite ready to talk about these yet beyond the fact that Babbel plans to embrace “a multitude of learning experiences” to meet learners where they are.