Year: 2020

I enjoy driving the Polestar 2 more than the Tesla Model 3. The Polestar 2 is more comfortable, seemingly better built, and has a better infotainment system. In all the traditional automotive metrics, it’s a better car, and yet I find it hard to recommend over the Tesla Model 3.

The Polestar 2 often excels where the Tesla Model 3 falters. The fit and finish of the 2 are on par with anything from BMW, Mercedes, or Volvo as Polestar is a close partner to the Swedish luxury brand.

However, while the Polestar 2 is fantastic, the car lacks the appealing Tesla ecosystem. Polestar does not have a network of their EV charging stations, and it’s unknown if the company will roll out novel features through over-the-air updates. Tesla has a culture around its brand that’s exciting and enticing.

Review

I spent a long morning in the Polestar 2, navigating suburban traffic and racing around the dirt roads near Hell, MI. I drove the EV on the highway, took it shopping, and lived with the car. After driving the car for a few hours, there were still 120 miles left on the battery.

The EPA has yet to announce the range rating on the Polestar 2, but Polestar itself says it can go up to 275 miles on a charge. I experienced something a bit less — more like 250 miles. That said, during my short time with the vehicles, I drove it hard and fast. The winding dirt roads loved the AWD system and 49/51 weight balance.

The Polestar 2 is a lovely vehicle, and the build quality is superb. The doors close with a resounding thud, the seats are supportive and comfortable, and the dash is constructed of several recycled material that is simultaneously upscale but responsible. It feels like a car from a mature car company.

I cannot stress enough how well built the Polestar 2 feels, and that’s likely due to its close ties with Volvo.

Started just three years ago within Volvo and Geely, Polestar was quickly spun out as its own automaker though retains close ties to both parents. As such, Polestar is considered an automotive original equipment manufacturer (OEM) just like Volvo, General Motors, and BMW. Polestar is independent of Volvo and Geely with its VIN numbers, manufacturing facilities, and executive team.

Polestar 2 is the second vehicle from the young automotive startup. The company started with the Polestar 1, a $155,000 hybrid grand tourer that’s limited to 1,500 cars with only 450 coming to North America over three years. I drove a production Polestar 1 a few weeks ago and found the powertrain to be fantastic. The hybrid system is tuned in a way that makes it an excellent driver’s car on the same level as the best tourers.

Polestar says it’s designing its cars to be enjoyable to drive, and the company is two for two. The hybrid Polestar 1 is lovely to drive in a powerful, masculine way. The all-electric Polestar 2 is naturally different from the Polestar 1 and is still tuned for the driver’s enjoyment.

Like said at the top, the Polestar 2 is a better car to drive than the Tesla Model 3.

The Polestar 2’s electric motors deliver power with restrained control. Instead of being jerky or quick, the electric Polestar 2 is smooth and refined. When massing the gas pedal, the Polestar 2 gradually lays down the power, starting slowly and accelerating quickly. Don’t mistake what I’m saying. The Polestar 2 is still quick, able to hit 60 mph in less than 5 seconds, which is fast enough for any family vehicle. In my experience, the Model 3’s electric power delivery is tuned to deliver a lot of power at the moment of acceleration. The Model 3 is very quick, but it’s too fast to some, even in standard modes.

The difference between the Polestar 2 and Model 3’s acceleration is subtle but essential. The Model 3 can smoke the Polestar 2 in a drag race, and yet that’s not relevant to most drivers. To me, the slightly slower, but still quick, Polestar 2 is more enjoyable to drive.

The Polestar 2 turns in with confidence and has nary an understeer. It’s controllable like the best four-door sedans. This is due to several things. One, the car has a nearly perfect weight balance with 49% in the front and 51% in the back. And most of that weight is on the bottom of the car, where the batteries are located, reducing body sway. Second, the electric motors on each axle provide fantastic traction through an AWD system.

How is it to live with the Polestar 2 and drive it every day? I can’t say. I was only in the vehicle for a few hours. The backseat seems roomy enough for a mid-size car, and the floor area feels more substantial than a Tesla Model 3. The hatch area is large, and there’s a small storage compartment in the front.

The driving range is a downside with the Polestar 2. In comparison with the Tesla Model 3, the Polestar 2 comes up short. The Model 3 can go up to 322 miles fully charged while the Polestar 2’s is around 275 miles. Interestingly, the Polestar 2 has a larger battery pack than the Model 3. But it’s also heavier as the Polestar 2 is built on a Volvo/Geely platform also used for gasoline-powered vehicles.

There are hints of Volvo’s design language throughout the Polestar 2. To me, the design is futuristically chic, and I love it. The Polestar 2 has presence and poise. It’s angular while being fluid. Inside is more of the same with solid lines and sharp curves.

Polestar CEO Thomas Ingenlath is a long time car designer, and his influences are evident. The design seems paramount to the Polestar experience. Before Polestar, he was Volvo’s Senior Vice President of Design after holding similar positions within Volkswagen Group at Audi and Skoda.

The Polestar 2’s interior is more minimalist than most vehicles but still busier than the Model 3. There are few physical buttons: hazard lights, radio power, rear defrost, front defrost, and a knob for volume (volume should always be on a spinning knob). The two stalks on the steering column control their normal functions, and the steering wheel is sourced from Volvo’s latest cars and features media controls and cruise controls.

The large center screen is easy to read and is in a great location. I didn’t experience an offensive glare during my few hours with the Polestar 2. Please note, in the picture here, the center screen is dim because as soon as the front seats are empty, the car dims the screen to save battery.

In the end, the build quality speaks to confidence. The Polestar 2 doesn’t feel risky, like a Model 3, which has had countless design and manufacturing issues. The Polestar 2 doesn’t feel like a startup’s second vehicle.

[gallery ids="2031618,2031625,2031624,2031623,2031622,2031621,2031620,2031619"]

Android Automotive (not Android Auto)

Polestar is the first company to offer Android Automotive. Different from Android Auto, Android Automotive is the primary interface for Polestar 2. It controls everything from the radio to climate to vehicle settings and maps, apps, and connected services.

Android Automotive is impressive. The interface is clean and as responsive as the best smartphone. To take advantage of all the features, users need to be signed in to a Google Account. Some users might opt to sign in to their main account or create another just for the Polestar 2. Either way, once signed in, the system connects maps, apps, and the rest of the person’s services, including devices connected to a Google Home account.

Android Automotive can still be used without signing into Google. By skipping this step, users will have access to most connected features, but some personalization options are unavailable.

Google Assistant is built into Android Automotive, and it’s the first in-car voice service I’ve used that worked well. Just say, “Okay, Google, turn on Spotify,” and it turns on Spotify. Say a location, and it pulls up the place. Ask it to change the temperature, and it will change the temperature since Android Automotive also controls the in-vehicle climate control. Some features depend on a data connection, while others, most in-car settings, work without a data connection.

Android Automotive impressed during my time in the Polestar 2. It has a logical layout and is easy to use. The system is coming to other vehicles soon. Polestar is just the first automaker to deploy the system.

Android Automotive works with iOS devices, too. The Polestar 2 will soon gain CarPlay through an over-the-air update, and iPhone users can pair their devices to Android Automotive through a Bluetooth connection, too.

Polestar or Tesla?

I walked away from the Polestar 2 impressed, yet it’s hard to issue a complete recommendation. To me, even with a shorter range, the Polestar 2 is a better vehicle than the Model 3. But the Model 3 has something missing from the Polestar 2: The Tesla factor.

For all its quirky faults, Tesla has a history of bold innovation that’s resulted in a nationwide network of chargers, constant new features delivered from over-the-air updates, and fun quirks that delight and impress. Like Pet Mode. After a suggestion on Twitter to Elon Musk, Tesla quickly rolled out a mode that lets users keep their pets safe while displaying an informative message on the center screen. It’s a small but telling detail about the Tesla experience, and it’s unclear (and unlikely) that Polestar will offer the same experience.

Polestar isn’t selling against the Model 3 but rather selling against Tesla. When a person buys a Tesla, they’re buying into an ecosystem of services that complement the vehicle. Tesla knows better than most that a car is often a lifestyle choice, and the company built an impressive culture.

Polestar executives seem to know they’re fighting an uphill battle.

On one side, the company is battling Tesla’s ecosystem, and culture and Polestar is seemingly following in Telsa’s footsteps. The car company is forgoing selling cars in dealer’s lots and is opening storefronts like Tesla’s company stores. These locations are in high profile areas like marque shopping areas alongside luxury brands. Like Tesla showrooms. However, to help get vehicles in buyer’s hands quicker, these locations will be owned by Volvo dealerships who will facilitate sales and service.

Polestar sees itself selling against luxury mid-size vehicles from European brands rather than Tesla itself. At least that’s what the company says publicly. It makes sense to a point. The build quality of a Polestar vehicle is superior than that of a Tesla and on the same level as the best from Europe.

So is the Polestar 2 better than a Tesla Model 3? Yes. But deciding which one to buy is a complicated question.

The Tesla Model 3 can drive farther on a charge and is seamlessly integrated with Tesla’s Supercharger network. That’s a significant factor that buyers should consider. Tesla’s commitment to continue rolling out new features should also be a consideration for buyers as it keeps the vehicles fresh and exciting.

The Polestar 2 carries a higher price than the Model 3, but they’re in the same range. Well equipped Polestar 2 vehicles start around $60,000 while similarly-spec’d Model 3 cars go for around $50,000. In the United States, both cars are eligible for a $7,500 tax credit.

Tesla, aside, Polestar built a fantastic vehicle in the Polestar 2, and that should be applauded. The car company is three years old, only has 800 employees worldwide, and has yet scaled to the point of making world-class vehicles. Few other car companies can make those claims. And the company has big plans for the future. Polestar says it’s on track to deliver the SUV Polestar 3 in 2022, which will feature an all-new platform and a lot longer range.

Polestar built the car, now it needs to get the word out.

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast (now on Twitter!), where we unpack the numbers behind the headlines.

This week we had the full crew around once again, Natasha Mascarenhas, Danny Crichton, Chris Gates, and myself. And as always, it was key to have the full crew as there was an ocean of news to get through. Before we get into the show, make sure you’ve checked out Danny’s latest work on the TechCrunch List and let’s get into it:

• The TikTok saga continues: This week we spent a few minutes discussing why bankers are incentivized to make the proposed TikTok-Microsoft deal as competitive as possible. Or at least make it look as competitive as possible. And, there’s some data from inside Microsoft about how the deal is being viewed.
• Airbnb could file to go public this month! It might go public before the year is out! That’s way better than we expected. (Bloomberg got its Q2 finances.)
• Palantir could file for a direct listing next month! That’s great. We wanted to know what Palantir really is, namely a consultancy or a tech company. And then we played valuation bingo so that we can look back later and mock ourselves.
• I was very excited about the Duck Creek IPO. Few of my friends joined me in being excited.
• The three of us also took a minute to riff on the latest Pinterest news, namely that it’s poorly run and is sexist per its now-former COO. We’d love to stop covering these stories, but they keep happening so, on we go.
• Danny had some neat SPAC data to share, helping illustrate that SPACs are not merely a meme, they are a real, driving force of public company action this year. As was Tesla’s announced stock split, which led us to ask why a few times.
• Next up, Natasha walked us through her latest work digging into how GenZ is shaking up the funding world. We framed the changes in some historical context, and decided that really in the end the kids are alright.
• Danny brought us to a close, with a note on Conduit (connecting founders and early-stage investors) and Circle (creator software). Both are worth your time.

And that was our show! We are back Monday morning. Stay cool!

Amazon has launched an online pharmacy in Bangalore, the capital of India’s southern Karnataka state, as the e-commerce group looks to spread its tentacles in more categories in one of its key overseas markets.

The company said on Friday its new service, called Amazon Pharmacy, has started accepting orders for both over-the-counter and prescription-based medicines in Bangalore. (In India, antibiotics and several other drugs can often be purchased from pharmacies without prescriptions.)

Amazon Pharmacy is also selling traditional herbal medicines and some health devices such as glucose meters, nebulisers, and handheld massagers.

“This is particularly relevant in present times as it will help customers meet their essential needs while staying safe at home,” an Amazon spokesperson said in a statement.

Online sales of medicine in India, for which New Delhi currently does not have clear regulations, presents yet another major opportunity for Amazon that has invested more than $6.5 million to date into its India operations and where it competes with Walmart-owned Flipkart.

For Amazon, pharmacy is not a new idea. The company, which has hired several health experts in recent years, acquired online pharmacy startup PillPack for nearly $1 billion in 2018.

Scores of startups such as 1mg, Netmeds, Medlife, and PharmEasy currently sell medicines in India online and deliver to most parts of the country. 1mg, which has raised more than $170 million, today delivers orders in more than a 1,000 cities in the country, for instance.

These startups, as with any e-commerce player, offer enticing discounts to customers on each order to increase their market share. On that front, Amazon says it is also offering up to 20% discount on all orders.

In recent months, Amazon has expanded into a handful of new categories in India. It launched its food delivery service in parts of Bangalore in May and received approval to sell and deliver alcohol in the state of West Bengal a month later.

Last month, the company started to sell auto-insurance in India and said it planned to expand its insurance service to offer coverage on health, flight and cabs in the future.

Its expansion into more categories comes as Flipkart is also entering new spaces including hyperlocal delivery that it piloted in Bangalore late last month.

Both the firms are now facing an emerging challenger: India’s richest man. Mukesh Ambani’s Reliance Retail, the largest retail chain in India, began testing e-commerce venture JioMart late last year.

The service, which is now operational in over 200 cities and towns across India, reported selling over 400,000 orders a day last month, surpassing daily peak figures of grocery delivery startups BigBasket and Grofers.

Local media has reported that Amazon is eyeing a multi-billion dollar stake in Reliance Retail. Ambani’s other venture, telecoms giant Jio Platforms, has raised about $20 billion from Facebook, Google, and 11 other high-profile investors in recent months. Ambani said last month that the company had concluded fundraise for Jio Platforms and is looking forward to “induct global partners and investors in Reliance Retail in the next few quarters.”

The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands.

The suits will argue that mass surveillance of Internet users to carry out real-time bidding ad auctions cannot possibly be compatible with strict EU laws around consent to process personal data.

The litigants believe the collective claims could exceed €10BN, should they eventually prevail in their arguments — though such legal actions can take several years to work their way through the courts.

In the UK, the case may also face some legal hurdles given the lack of an established model for pursuing collective damages in cases relating to data rights. Though there are signs that’s changing.

Non-profit foundation, The Privacy Collective, has filed one case today with the District Court of Amsterdam, accusing the two data broker giants of breaching the EU’s General Data Protection Regulation (GDPR) in their processing and sharing of people’s information via third party tracking cookies and other adtech methods.

The Dutch case, which is being led by law-firm bureau Brandeis, is the biggest-ever class action in The Netherlands related to violation of the GDPR — with the claimant foundation representing the interests of all Dutch citizens whose personal data has been used without their consent and knowledge by Oracle and Salesforce. 

A similar case is due to be filed later this month at the High Court in London England, which will make reference to the GDPR and the UK’s PECR (Privacy of Electronic Communications Regulation) — the latter governing the use of personal data for marketing communications. The case there is being led by law firm Cadwalader. 

Under GDPR, consent for processing EU citizens’ personal data must be informed, specific and freely given. The regulation also confers rights on individuals around their data — such as the ability to receive a copy of their personal information.

It’s those requirements the litigation is focused on, with the cases set to argue that the tech giants’ third party tracking cookies, BlueKai and Krux — trackers that are hosted on scores of popular websites, such as Amazon, Booking.com, Dropbox, Reddit and Spotify to name a few — along with a number of other tracking techniques are being used to misuse Europeans’ data on a massive scale.

Per Oracle marketing materials, its Data Cloud and BlueKai Marketplace provider partners with access to some 2BN global consumer profiles. (Meanwhile, as we reported in June, BlueKai suffered a data breach that exposed billions of those records to the open web.)

While Salesforce claims its marketing cloud ‘interacts’ with more than 3BN browsers and devices monthly.

Both companies have grown their tracking and targeting capabilities via acquisition for years; Oracle bagging BlueKai in 2014 — and Salesforce snaffling Krux in 2016.

 

Discussing the lawsuit in a telephone call with TechCrunch, Dr Rebecca Rumbul, class representative and claimant in England & Wales, said: “There is, I think, no way that any normal person can really give informed consent to the way in which their data is going to be processed by the cookies that have been placed by Oracle and Salesforce.

“When you start digging into it there are numerous, fairly pernicious ways in which these cookies can and probably do operate — such as cookie syncing, and the aggregation of personal data — so there’s really, really serious privacy concerns there.”

The real-time-bidding (RTB) process that the pair’s tracking cookies and techniques feed, enabling the background, high velocity trading of profiles of individual web users as they browse in order to run dynamic ad auctions and serve behavioral ads targeting their interests, has, in recent years, been subject to a number of GDPR complaints, including in the UK.

These complaints argue that RTB’s handling of people’s information is a breach of the regulation because it’s inherently insecure to broadcast data to so many other entities — while, conversely, GDPR bakes in a requirement for privacy by design and default.

The UK Information Commissioner’s Office has, meanwhile, accepted for well over a year that adtech has a lawfulness problem. But the regulator has so far sat on its hands, instead of enforcing the law — leaving the complainants dangling. (Last year, Ireland’s DPC opened a formal investigation of Google’s adtech, following a similar complaint, but has yet to issue a single GDPR decision in a cross-border complaint — leading to concerns of an enforcement bottleneck.)

The two lawsuits targeting RTB aren’t focused on the security allegation, per Rumbul, but are mostly concerned with consent and data access rights.

She confirms they opted to litigate rather than trying to try a regulatory complaint route as a way of exercising their rights given the “David vs Goliath” nature of bringing claims against the tech giants in question.

“If I was just one tiny person trying to complaint to Oracle and trying to use the UK Information Commissioner to achieve that… they simply do not have the resources to direct at one complaint from one person against a company like Oracle — in terms of this kind of scale,” Rumbul told TechCrunch.

“In terms of being able to demonstrate harm, that’s quite a lot of work and what you get back in recompense would probably be quite small. It certainly wouldn’t compensate me for the time I would spend on it… Whereas doing it as a representative class action I can represent everyone in the UK that has been affected by this.

“The sums of money then work — in terms of the depths of Oracle’s pockets, the costs of litigation, which are enormous, and the fact that, hopefully, doing it this way, in a very large-scale, very public forum it’s not just about getting money back at the end of it; it’s about trying to achieve more standardized change in the industry.”

“If Salesforce and Oracle are not successful in fighting this then hopefully that send out ripples across the adtech industry as a whole — encouraging those that are using these quite pernicious cookies to change their behaviours,” she added.

The litigation is being funded by Innsworth, a litigation funder which is also funding Walter Merricks’ class action for 46 million consumers against Mastercard in London courts. And the GDPR appears to be helping to change the class action landscape in the UK — as it allows individuals to take private legal action. The framework can also support third parties to bring claims for redress on behalf of individuals. While changes to domestic consumer rights law also appear to be driving class actions.

Commenting in a statement, Ian Garrard, managing director of Innsworth Advisors, said: “The development of class action regimes in the UK and the availability of collective redress in the EU/EEA mean Innsworth can put money to work enabling access to justice for millions of individuals whose personal data has been misused.”

A separate and still ongoing lawsuit in the UK, which is seeking damages from Google on behalf of Safari users whose privacy settings it historically ignored, also looks to have bolstered the prospects of class action style legal actions related to data issues.

While the courts initially tossed the suit last year, the appeals court overturned that ruling — rejecting Google’s argument that UK and EU law requires “proof of causation and consequential damage” in order to bring a claim related to loss of control of data.

The judge said the claimant did not need to prove “pecuniary loss or distress” to recover damages, and also allowed the class to proceed without all the members having the same interest.

Discussing that case, Rumbul suggests a pending final judgement there (likely next year) may have a bearing on whether the lawsuit she’s involved with can be taken forward in the UK.

“I’m very much hoping that the UK judiciary are open to seeing these kind of cases come forward because without these kinds of things as very large class actions it’s almost like closing the door on this whole sphere of litigation. If there’s a legal ruling that says that case can’t go forward and therefore this case can’t go forward I’d be fascinated to understand how the judiciary think we’d have any recourse to these private companies for these kind of actions,” she said.

Asked why the litigation has focused on Oracle and Saleforce, given there are so many firms involved in the adtech pipeline, she said: “I am not saying that they are necessarily the worst or the only companies that are doing this. They are however huge, huge international multimillion-billion dollar companies. And they specifically went out and purchased different bits of adtech software, like BlueKai, in order to bolster their presence in this area — to bolster their own profits.

“This was a strategic business decision that they made to move into this space and become massive players. So in terms of the adtech marketplace they are very, very big players. If they are able to be held to account for this then it will hopefully change the industry as a whole. It will hopefully reduce the places to hide for the other more pernicious cookie manufacturers out there. And obviously they have huge, huge revenues so in terms of targeting people who are doing a lot of harm and that can afford to compensate people these are the right companies to be targeting.”

Rumbul also told us The Privacy Collective is looking to collect stories from web users who feel they have experienced harm related to online tracking.

“There’s plenty of evidence out there to show that how these cookies work means you can have very, very egregious outcomes for people at an individual level,” she added. “Whether that can be related to personal finance, to manipulation of addictive behaviors, whatever, these are all very, very possible — and they cover every aspect of our lives.”

Consumers in England and Wales and the Netherlands are being encouraged to register their support of the actions via The Privacy Collective’s website.

In a statement, Christiaan Alberdingk Thijm, lead lawyer at Brandeis, said: “Your data is being sold off in real-time to the highest bidder, in a flagrant violation of EU data protection regulations. This ad-targeting technology is insidious in that most people are unaware of its impact or the violations of privacy and data rights it entails. Within this adtech environment, Oracle and Salesforce perform activities which violate European privacy rules on a daily basis, but this is the first time they are being held to account. These cases will draw attention to astronomical profits being made from people’s personal information, and the risks to individuals and society of this lack of accountability.”

“Thousands of organisations are processing billions of bid requests each week with at best inconsistent application of adequate technical and organisational measures to secure the data, and with little or no consideration as to the requirements of data protection law about international transfers of personal data. The GDPR gives us the tool to assert individuals’ rights. The class action means we can aggregate the harm done,” added partner Melis Acuner from Cadwalader in another supporting statement.

We reached out to Oracle and Salesforce for comment on the litigation.

Oracle EVP and general counsel, Dorian Daley, said:

The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts.  As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Despite Oracle’s fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith.  Oracle will vigorously defend against these baseless claims.

A spokeswoman for Salesforce sent us this statement:

At Salesforce, Trust is our #1 value and nothing is more important to us than the privacy and security of our corporate customers’ data. We design and build our services with privacy at the forefront, providing our corporate customers with tools to help them comply with their own obligations under applicable privacy laws — including the EU GDPR — to preserve the privacy rights of their own customers.

Salesforce and another Data Management Platform provider, have received a privacy related complaint from a Dutch group called The Privacy Collective. The claim applies to the Salesforce Audience Studio service and does not relate to any other Salesforce service.

Salesforce disagrees with the allegations and intends to demonstrate they are without merit.

Our comprehensive privacy program provides tools to help our customers preserve the privacy rights of their own customers. To read more about the tools we provide our corporate customers and our commitment to privacy, visit salesforce.com/privacy/products/

The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands.

The suits will argue that mass surveillance of Internet users to carry out real-time bidding ad auctions cannot possibly be compatible with strict EU laws around consent to process personal data.

The litigants believe the collective claims could exceed €10BN, should they eventually prevail in their arguments — though such legal actions can take several years to work their way through the courts.

In the UK, the case may also face some legal hurdles given the lack of an established model for pursuing collective damages in cases relating to data rights. Though there are signs that’s changing.

Non-profit foundation, The Privacy Collective, has filed one case today with the District Court of Amsterdam, accusing the two data broker giants of breaching the EU’s General Data Protection Regulation (GDPR) in their processing and sharing of people’s information via third party tracking cookies and other adtech methods.

The Dutch case, which is being led by law-firm bureau Brandeis, is the biggest-ever class action in The Netherlands related to violation of the GDPR — with the claimant foundation representing the interests of all Dutch citizens whose personal data has been used without their consent and knowledge by Oracle and Salesforce. 

A similar case is due to be filed later this month at the High Court in London England, which will make reference to the GDPR and the UK’s PECR (Privacy of Electronic Communications Regulation) — the latter governing the use of personal data for marketing communications. The case there is being led by law firm Cadwalader. 

Under GDPR, consent for processing EU citizens’ personal data must be informed, specific and freely given. The regulation also confers rights on individuals around their data — such as the ability to receive a copy of their personal information.

It’s those requirements the litigation is focused on, with the cases set to argue that the tech giants’ third party tracking cookies, BlueKai and Krux — trackers that are hosted on scores of popular websites, such as Amazon, Booking.com, Dropbox, Reddit and Spotify to name a few — along with a number of other tracking techniques are being used to misuse Europeans’ data on a massive scale.

Per Oracle marketing materials, its Data Cloud and BlueKai Marketplace provider partners with access to some 2BN global consumer profiles. (Meanwhile, as we reported in June, BlueKai suffered a data breach that exposed billions of those records to the open web.)

While Salesforce claims its marketing cloud ‘interacts’ with more than 3BN browsers and devices monthly.

Both companies have grown their tracking and targeting capabilities via acquisition for years; Oracle bagging BlueKai in 2014 — and Salesforce snaffling Krux in 2016.

 

Discussing the lawsuit in a telephone call with TechCrunch, Dr Rebecca Rumbul, class representative and claimant in England & Wales, said: “There is, I think, no way that any normal person can really give informed consent to the way in which their data is going to be processed by the cookies that have been placed by Oracle and Salesforce.

“When you start digging into it there are numerous, fairly pernicious ways in which these cookies can and probably do operate — such as cookie syncing, and the aggregation of personal data — so there’s really, really serious privacy concerns there.”

The real-time-bidding (RTB) process that the pair’s tracking cookies and techniques feed, enabling the background, high velocity trading of profiles of individual web users as they browse in order to run dynamic ad auctions and serve behavioral ads targeting their interests, has, in recent years, been subject to a number of GDPR complaints, including in the UK.

These complaints argue that RTB’s handling of people’s information is a breach of the regulation because it’s inherently insecure to broadcast data to so many other entities — while, conversely, GDPR bakes in a requirement for privacy by design and default.

The UK Information Commissioner’s Office has, meanwhile, accepted for well over a year that adtech has a lawfulness problem. But the regulator has so far sat on its hands, instead of enforcing the law — leaving the complainants dangling. (Last year, Ireland’s DPC opened a formal investigation of Google’s adtech, following a similar complaint, but has yet to issue a single GDPR decision in a cross-border complaint — leading to concerns of an enforcement bottleneck.)

The two lawsuits targeting RTB aren’t focused on the security allegation, per Rumbul, but are mostly concerned with consent and data access rights.

She confirms they opted to litigate rather than trying to try a regulatory complaint route as a way of exercising their rights given the “David vs Goliath” nature of bringing claims against the tech giants in question.

“If I was just one tiny person trying to complaint to Oracle and trying to use the UK Information Commissioner to achieve that… they simply do not have the resources to direct at one complaint from one person against a company like Oracle — in terms of this kind of scale,” Rumbul told TechCrunch.

“In terms of being able to demonstrate harm, that’s quite a lot of work and what you get back in recompense would probably be quite small. It certainly wouldn’t compensate me for the time I would spend on it… Whereas doing it as a representative class action I can represent everyone in the UK that has been affected by this.

“The sums of money then work — in terms of the depths of Oracle’s pockets, the costs of litigation, which are enormous, and the fact that, hopefully, doing it this way, in a very large-scale, very public forum it’s not just about getting money back at the end of it; it’s about trying to achieve more standardized change in the industry.”

“If Salesforce and Oracle are not successful in fighting this then hopefully that send out ripples across the adtech industry as a whole — encouraging those that are using these quite pernicious cookies to change their behaviours,” she added.

The litigation is being funded by Innsworth, a litigation funder which is also funding Walter Merricks’ class action for 46 million consumers against Mastercard in London courts. And the GDPR appears to be helping to change the class action landscape in the UK — as it allows individuals to take private legal action. The framework can also support third parties to bring claims for redress on behalf of individuals. While changes to domestic consumer rights law also appear to be driving class actions.

Commenting in a statement, Ian Garrard, managing director of Innsworth Advisors, said: “The development of class action regimes in the UK and the availability of collective redress in the EU/EEA mean Innsworth can put money to work enabling access to justice for millions of individuals whose personal data has been misused.”

A separate and still ongoing lawsuit in the UK, which is seeking damages from Google on behalf of Safari users whose privacy settings it historically ignored, also looks to have bolstered the prospects of class action style legal actions related to data issues.

While the courts initially tossed the suit last year, the appeals court overturned that ruling — rejecting Google’s argument that UK and EU law requires “proof of causation and consequential damage” in order to bring a claim related to loss of control of data.

The judge said the claimant did not need to prove “pecuniary loss or distress” to recover damages, and also allowed the class to proceed without all the members having the same interest.

Discussing that case, Rumbul suggests a pending final judgement there (likely next year) may have a bearing on whether the lawsuit she’s involved with can be taken forward in the UK.

“I’m very much hoping that the UK judiciary are open to seeing these kind of cases come forward because without these kinds of things as very large class actions it’s almost like closing the door on this whole sphere of litigation. If there’s a legal ruling that says that case can’t go forward and therefore this case can’t go forward I’d be fascinated to understand how the judiciary think we’d have any recourse to these private companies for these kind of actions,” she said.

Asked why the litigation has focused on Oracle and Saleforce, given there are so many firms involved in the adtech pipeline, she said: “I am not saying that they are necessarily the worst or the only companies that are doing this. They are however huge, huge international multimillion-billion dollar companies. And they specifically went out and purchased different bits of adtech software, like BlueKai, in order to bolster their presence in this area — to bolster their own profits.

“This was a strategic business decision that they made to move into this space and become massive players. So in terms of the adtech marketplace they are very, very big players. If they are able to be held to account for this then it will hopefully change the industry as a whole. It will hopefully reduce the places to hide for the other more pernicious cookie manufacturers out there. And obviously they have huge, huge revenues so in terms of targeting people who are doing a lot of harm and that can afford to compensate people these are the right companies to be targeting.”

Rumbul also told us The Privacy Collective is looking to collect stories from web users who feel they have experienced harm related to online tracking.

“There’s plenty of evidence out there to show that how these cookies work means you can have very, very egregious outcomes for people at an individual level,” she added. “Whether that can be related to personal finance, to manipulation of addictive behaviors, whatever, these are all very, very possible — and they cover every aspect of our lives.”

Consumers in England and Wales and the Netherlands are being encouraged to register their support of the actions via The Privacy Collective’s website.

In a statement, Christiaan Alberdingk Thijm, lead lawyer at Brandeis, said: “Your data is being sold off in real-time to the highest bidder, in a flagrant violation of EU data protection regulations. This ad-targeting technology is insidious in that most people are unaware of its impact or the violations of privacy and data rights it entails. Within this adtech environment, Oracle and Salesforce perform activities which violate European privacy rules on a daily basis, but this is the first time they are being held to account. These cases will draw attention to astronomical profits being made from people’s personal information, and the risks to individuals and society of this lack of accountability.”

“Thousands of organisations are processing billions of bid requests each week with at best inconsistent application of adequate technical and organisational measures to secure the data, and with little or no consideration as to the requirements of data protection law about international transfers of personal data. The GDPR gives us the tool to assert individuals’ rights. The class action means we can aggregate the harm done,” added partner Melis Acuner from Cadwalader in another supporting statement.

We reached out to Oracle and Salesforce for comment on the litigation.

Oracle EVP and general counsel, Dorian Daley, said:

The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts.  As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Despite Oracle’s fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith.  Oracle will vigorously defend against these baseless claims.

A spokeswoman for Salesforce sent us this statement:

At Salesforce, Trust is our #1 value and nothing is more important to us than the privacy and security of our corporate customers’ data. We design and build our services with privacy at the forefront, providing our corporate customers with tools to help them comply with their own obligations under applicable privacy laws — including the EU GDPR — to preserve the privacy rights of their own customers.

Salesforce and another Data Management Platform provider, have received a privacy related complaint from a Dutch group called The Privacy Collective. The claim applies to the Salesforce Audience Studio service and does not relate to any other Salesforce service.

Salesforce disagrees with the allegations and intends to demonstrate they are without merit.

Our comprehensive privacy program provides tools to help our customers preserve the privacy rights of their own customers. To read more about the tools we provide our corporate customers and our commitment to privacy, visit salesforce.com/privacy/products/

After Epic Games picked a fight with Apple over the sizable chunk of fees the company takes on transactions in its mobile ecosystem, it looks like the Fortnite developer will be waging a war on two fronts.

Epic added a direct payment option to its mobile game early Thursday, prompting Apple to remove Fortnite from the App Store. Now, the Android version of Fortnite has gone missing from Google’s own app marketplace too.

In a statement, Google defended the decision to remove Fortnite for breaking its platform rules:

“The open Android ecosystem lets developers distribute apps through multiple app stores. For game developers who choose to use the Play Store, we have consistent policies that are fair to developers and keep the store safe for users. While Fortnite remains available on Android, we can no longer make it available on Play because it violates our policies. However, we welcome the opportunity to continue our discussions with Epic and bring Fortnite back to Google Play.”

While Epic’s legal filing and in-game spoof of Apple’s iconic 1984 commercial make for a flashy fight, it’s not Epic’s first tangle over the mobile version of Fortnite. The company actually decided to keep Fortnite out of the Google Play Store back in 2018 over complaints very similar to its current crusade against the 30 percent cut that Google and Apple take from sales in their app stores. Fortnite is free-to-play, but players buy seasonal passes that unlock its progression system as well an in-game cosmetic items like skins that make Epic a ton of money and don’t affect gameplay.

When Epic gave in and brought Fortnite back to the Google Play Store this April, it did so with a statement condemning Google’s treatment of apps outside of its own app marketplace. While all apps in Apple’s iOS come from the App Store, Google actually does allow apps like Fortnite to be sideloaded outside of Google Play, but the experience is generally less smooth and accompanied with warnings about malware.

“Google puts software downloadable outside of Google Play at a disadvantage, through technical and business measures such as scary, repetitive security pop-ups for downloaded and updated software, restrictive manufacturer and carrier agreements and dealings… Because of this, we’ve launched Fortnite for Android on the Google Play Store,” an Epic Games spokesperson said in April.

Fortnite is still available on Android, just not through Google’s app store. On its website, Epic points players to a direct download via QR code and the game is also available through Samsung’s Galaxy Store on supported devices.

Epic Games takes on Apple, Instagram fixes a security issue and Impossible Foods raises $200 million. This is your Daily Crunch for August 13, 2020.

The big story: Apple removes Fortnite from the App Store

The controversy over Apple’s App Store policies has expanded to include Epic Games and its hit title Fortnite. The company introduced a direct payment option for its in-game currency on mobile, leading Apple to remove the app for violating App Store rules.

“Epic enabled a feature in its app which was not reviewed or approved by Apple, and they did so with the express intent of violating the App Store guidelines regarding in-app payments that apply to every developer who sells digital goods or services,” Apple said.

Epic, meanwhile, said it’s taking legal action against Apple, and that the game’s removal is “yet another example of Apple flexing its enormous power in order to impose unreasonable restraints and unlawfully maintain its 100% monopoly over the iOS In-App Payment Processing Market.”

The tech giants

Bracing for election day, Facebook rolls out voting resources to US users — The hub will centralize election resources for U.S. users and ideally inoculate at least some of them against the platform’s ongoing misinformation epidemic.

Instagram wasn’t removing photos and direct messages from its servers — A security researcher was awarded a $6,000 bug bounty payout after he found Instagram retained photos and private direct messages on its servers long after he deleted them.

Slack and Atlassian strengthen their partnership with deeper integrations — At the core of these integrations is the ability to get rich unfurls of deep links to Atlassian products in Slack.

Startups, funding and venture capital

Impossible Foods gobbles up another $200 million — Since its launch the plant-based meat company has raised $1.5 billion from investors.

Omaze raises $30 million after expanding beyond celebrity campaigns — The Omaze model has shifted away from celebrity-centric campaigns to include fundraisers offering prizes like an Airstream Caravel or a trip to the Four Seasons resort in Bora Bora.

We’re exploring the future of SaaS at Disrupt this year — We’re bringing Canaan Partners’ Maha Ibrahim, Andreessen Horowitz’s David Ulevitch and Bessemer Venture Partners’ Mary D’Onofrio together to help explain how the landscape has changed.

Advice and analysis from Extra Crunch

How to get what you want in a term sheet — Lior Zorea discusses the reality of term sheets.

Five success factors for behavioral health startups — Courtney Chow and Justin Da Rosa of Battery Ventures argue that behavioral health is particularly suited to benefit from the digitization trends COVID-19 has accelerated.

Minted.com CEO Mariam Naficy shares ‘the biggest surprise about entrepreneurship’ — Naficy got into the weeds with us on topics that founders don’t often discuss.

Everything else

Digital imaging pioneer Russell Kirsch dies at 91 — It’s hard to overstate the impact of his work, which led to the first digitally scanned photo and the creation of what we now think of as pixels.

AMC will offer 15-cent tickets when it reopens 100+ US theaters on August 20 — The theater juggernaut announced plans to reopen more than 100 theaters in the U.S. on August 20.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

A lot of studies and discussion of social media use time spent on the platforms as evidence for various theories and conclusions — but it turns out that people are actually super bad at telling how long they spend on them, according to research from Facebook.

If you were conducting a study that was looking at how social media use potentially affected or was affected by mood, for instance, you would likely rely on self-reported statistics for both measures.

There’s no objective way to measure mood, of course, so you have to rely on what the participant says. And one would think that those people would have a pretty decent grasp on how long they spent scrolling through Facebook, Instagram, or Twitter. Not so much!

Everyone understands that these self-reported numbers will have error, and some studies have demonstrated it, but this meta-study from Facebook, comparing self-reporting with actual server logs, shows that the connection is possibly not reliable enough to use for serious scientific work.

Responses to some questions, when compared to internal data, showed that people overestimated their time on site by hours on average. But they also underestimated the number of times they opened the app or site. Take a look at this exciting chart:

As you can see, despite what they thought, very few people actually spent more than three hours on the site per day, with the vast majority spending about one. And the opposite was true of logins: Comparably few people thought they opened the app ten times a day or more, yet that was extremely common. Younger people especially were prone to error, which given that these studies tend to have more of that demographic, only emphasizes the problem.

None of this is to say that Facebook is not a site people spend a lot of — perhaps too much — time on, even by their own estimate. But it’s important for studies of these phenomena to be based on reliable data, and it seems that self-reported data isn’t that.

As Facebook says: “We suggest that researchers not use these values directly but rather interpret people’s self-reported time spent as a noisy estimate of where they fall on a distribution relative to other respondents.”

In other words, instead of saying “teens who spend 2 hours or more on Facebook were more likely to…” you might say, “users in the top 10 percent of self-reported Facebook use were more likely to…” or some such. If exact times online are needed, a tracking app or collaboration with Facebook is probably a good idea.

You can read the full paper describing Facebook’s research here.

Uber and Lyft have lost their bid to delay a preliminary injunction that will force the two ride-hailing app companies to reclassify its drivers as employees. A California superior court judge denied Thursday the companies request to delay the order from going into effect August 20.

The decision sets the stage for a legal fight and will most certainly require both companies to suspend operations temporarily in California if they fail to get the stay extended. Uber confirmed with TechCrunch it plans to file an appeal as soon as possible. Lyft said in an email that it will immediately seek a further stay from the appellate court and will file that motion by the end of this week.

On Monday, California Superior Court Judge Ethan Schulman granted a preliminary injunction forcing Uber and Lyft  to reclassify its drivers as employees. This order is set to go into effect August 20. The judge acknowledged that the order would change the nature of Uber and Lyft’s business practices in “significant ways” and implementing the injunction would be “costly.” However, those hardships weren’t enough to sway the court from classifying drivers as employees, a decision that would force Uber and Lyft to provide unemployment insurance and other benefits.

California Attorney General Xavier Becerra, along with city attorneys from Los Angeles, San Diego and San Francisco, brought the lawsuit against Uber and Lyft to force the companies to comply with AB 5.

Uber’s attorneys requested in its motion that an injunction should be stayed while the Court of Appeals makes its decision over whether the ruling should stand. The attorneys argued that “Uber will almost certainly be forced to shut off the Rides platform in California if the injunction goes into effect, which would irreparably harm Uber and all who rely on its Rides app to generate income for them and their families — particularly in the midst of a pandemic.”

Both companies have made comments this week that if the stay isn’t extended, operations will need to be suspended. It could lead to a more dramatic move — at least from Uber, which has threatened to leave California for good.

As this legal wrangling plays out, Uber and Lyft are also aiming to build support for Prop 22, a measure that voters will have a chance to approve or reject in the November elections.

Prop 22 would require companies like Uber and Lyft to provide a number of protections laid out in AB 5. The measure says drivers must receive an earnings guarantee of at least 120% of minimum wage while on the job, 30 cents per mile for expenses, a healthcare stipend, occupational accident insurance for on-the-job injuries, protection against discrimination and sexual harassment and automobile accident and liability insurance.

There is one key difference that makes it appealing to Uber and Lyft: Prop 22 would keep drivers classified as independent contractors.

Epic Games is launching an all-out campaign against Apple and its App Store rules.

Thursday morning, Epic Games introduced a new payment mechanic through a server side update that allowed gamers to purchase Fortnite’s in-game currency directly, allowing the app to bypass Apple’s in-app purchase framework and the substantial cut that Apple takes. Apple quickly acted in uniformly banning the app from the App Store.

Apple soon released a statement:

“Epic enabled a feature in its app which was not reviewed or approved by Apple, and they did so with the express intent of violating the App Store guidelines regarding in-app payments that apply to every developer who sells digital goods or services.”

The ban was an action Epic Games was ready for.

The company soon shared that they were taking legal action against Apple, alleging that they were abusing their market position, saying in part that “Apple’s removal of Fortnite is yet another example of Apple flexing its enormous power in order to impose unreasonable restraints and unlawfully maintain its 100% monopoly over the iOS In-App Payment Processing Market.”

Minutes later, Epic Games broadcasted a short video inside Fortnite Party Royale, presenting a spin on Apple’s iconic “1984” commercial. On-screen text declared, “Epic Games has defied the App Store Monopoly. In retaliation, Apple is blocking Fortnite from a billion devices. Join the fight to stop 2020 from becoming ‘1984’. #FreeFortnite”

Any legal action against Apple on monopolistic grounds is going to be an uphill battle given the narrow (relatively speaking) focus of the suit, especially given the fact that Apple CEO Tim Cook has already spoken to Congressional anti-trust officials who didn’t seem to deliver any knockouts at the recent Zoom hearings. While the legal efforts might be a challenge, Epic Games wields major influence over the 350 million users of Fortnite and gamers have proven particularly apt at launching campaigns against companies and coming out on top.

This saga comes just days after Apple attracted criticism for denying Microsoft xCloud, a cloud game-streaming application, from the App Store.