Year: 2021

If you only stayed up to date with the Coinbase direct listing this week, you’re forgiven. It was, after all, one heck of a flotation.

But underneath the cryptocurrency exchange’s public debut, other IPO news that matters did happen this week. And the news adds up to a somewhat muddled picture of the current IPO market.

To cap off the week, let’s run through IPO news from UiPath, Coinbase, Grab, AppLovin and Zenvia. The aggregate dataset should help you form your own perspective about where today’s IPO markets really are in terms of warmth for the often-unprofitable unicorns of the world.

Recall that we’re in the midst of a slightly more turbulent IPO window than we saw during the last quarter. After seemingly watching every company’s IPO price above-range and then charge higher on opening day, several companies pulled their offerings as the second quarter started. It was a surprise.

Since then we’ve seen Compass go public, but not at quite the level of performance it might have anticipated, and, then, this week, much has happened.

What follows is a mini-digest of IPO news from the week, tagged with our best read of just how bullish (or not) the happening really was:

• UiPath’s first IPO price interval: Neutral to bearish. Though we anticipate that UiPath will set a higher IPO price interval before it begins to trade, that its first swing at-bat was a valuation cut of around $9 billion did not set our hearts aflame. And we could be wrong about it getting valued more richly before starting to trade.
  
  

GM and LG Chem announced Friday plans to build a second U.S. battery cell factory — a $2.3 billion facility in Spring Hill, Tennessee that will supply the automaker with the cells needed for the 30 electric vehicle models it plans to launch by mid decade.

Construction on the plant, which is located next to GM’s existing Spring Hill factory, will begin immediately, the company’s CEO and Chairman Mary Barra said in a press conference. The battery factory, which is expected to be complete by late 2023, and create 1,300 jobs.

Once fully operational, the joint venture’s two battery factories will have production capacity of more than 70 gigawatt hours, which LG Chem Energy Solutions CEO Jong Hyun Kim noted is two times bigger than the Tesla gigafactory in Nevada. Tesla’s factory in Sparks, Nevada, which is part of a partnership with Panasonic, has a 35 GW-hour capacity.

The foundation of GM’s shift to EVs is its Ultium platform, and the Ultium lithium-ion batteries, which will be built at the Spring Hill factory. These new batteries will use less of the rare earth material cobalt and feature a single common cell design that can be configured more efficiently for higher energy density and a smaller space than our current batteries, Barra said.

“This versatility means we can put more battery power into a wider variety of vehicles, and at a better price for customers,” Barra said. “It’s truly a revolution in electric vehicle technology that will help democratize EV ownership for millions of customers, which will change lives and change the world.”

GM has used LG Chem as a lithium-ion and electronics supplier for at least a decade. The companies began working together in 2009. That relationship deepened as GM developed and then launched the Chevy Bolt EV.  In 2019, GM and LG Chem formed a joint venture to mass produce battery cells as the automaker began to shift towards more electric vehicles. The two companies said at the time that they would invest up to a total of $2.3 billion into the new joint venture and establish a battery cell assembly plant on a greenfield manufacturing site in the Lordstown area of Northeast Ohio that will create more than 1,100 new jobs.

Steel construction began in July 2020 on the Ultium Cells LLC battery cell manufacturing facility in Lordstown, a nearly 3-million-square-foot factory that will mass produce Ultium battery cells and packs. The Lordstown factory will be able produce 30 gigawatts hours of capacity annually.

The batteries produced at the Lordstown factory along with GM’s underlying electric architecture will be used in a broad range of products across its Cadillac, Buick, Chevrolet and GMC brands, as well as the Cruise Origin autonomous shuttle that was revealed in January 2020. The Cadillac Lyriq EV flagship and an all-electric GMC Hummer, which will be revealed this fall and go into production in the fourth quarter of 2021, will use the Ultium battery system. GM plans to reveal the Lyriq at a virtual event August 6.

This modular architecture, called “Ultium,” (same as the battery) will be capable of 19 different battery and drive unit configurations, 400-volt and 800-volt packs with storage ranging from 50 kWh to 200 kWh, and front, rear and all-wheel drive configurations. At the heart of the new modular architecture will be the large-format pouch battery cells manufactured at this new factory.

Robotic process automation platform UiPath filed its first S-1/A this week, setting an initial price range for its shares. The numbers were impressive, if slightly disappointing because what UiPath indicated in terms of its potential IPO value was a lower valuation than it earned during its final private fundraising. It’s hard to say that a company looking to go public at a valuation north of $25 billion is a letdown, but compared to preceding levels of hype, the numbers were a bit of a shock.

---

The Exchange explores startups, markets and money. 

Read it every morning on Extra Crunch or get The Exchange newsletter every Saturday.

---

Here at The Exchange, we wondered if the somewhat slack news regarding UiPath’s potential IPO valuation was a warning to late-stage investors; the number of unicorns being minted or repriced higher feels higher than ever, and late-stage money has never been more active in the venture-backed startup world than it has been recently.

If UiPath were about to eat about $10 billion in worth to go public, it wouldn’t be the best indicator of how some of those late-stage bets will perform.

But in good news for UiPath shareholders, most everyone — ourselves included! — who discussed the company’s price range didn’t dig into the fact that the company first disclosed quarterly results to the same S-1/A filing that included its IPO valuation interval. And those numbers are very interesting, so much so that The Exchange is now generally expecting UiPath to target a higher price interval before it debuts.

That should either limit or close its private/public valuation gap, and, we imagine, lower a few investors’ blood pressure. Let’s look at the numbers.

UiPath’s fascinating 2020

The top-line numbers for UiPath’s 2020 are impressive. As we’ve discussed, the company grew its revenues from $336.2 million in 2019 to $607.6 million in 2020, while boosting its gross profit margin by 7 percentage points to 89% last year. That’s great!

And it improved its net margins from -155% in 2019 to just -15% in 2020. The company’s rapid growth, improving revenue quality and extreme deficit reduction were among the reasons it was a bit surprising to see its estimated public-market value come in so far underneath its final private price.

But let’s dig into the company’s quarterly results — a big thanks to the reader who sent us in this direction — to get a clearer picture of UiPath. Here’s the data:

Level, a startup that aims to give companies a more flexible way to offer benefits to employees, has raised $27 million in a Series A funding round led by Khosla Ventures and Lightspeed Venture Partners.

Operator Collective and leading angels also participated in the financing, along with previous backers First Round Capital and Homebrew. The round was raised at a “nine-figure” valuation, according to founder and CEO Paul Aaron, who declined to be more specific.

Founded in 2018, New York City-based Level says it’s “rebuilding insurance from the ground up” via flexible networks and real-time claims with the goal of helping employers and employees get the most out of their benefit dollars. 

Employers can customize plans to do things like offer 100% coverage across treatments. The company also touts the ability to process claims in four hours. 

“That’s lightning fast when compared to 30- to 60-day claims often processed by traditional payers,” said Aaron, who as one of the first employees at Square, led the network team at Oscar Health and is an inventor of several patents in the payments space.

Level first launched employer-sponsored dental benefits in the summer of 2019 and started serving its first beta customers that fall. It also now offers vision plans. The company has more than 10,000 members from companies such as Intercom, Udemy, KeepTruckin and Thistle that have paid for care via its platform. 

“Insurance is confusing and often feels unfair. Networks restrict where you can go, billing takes weeks and you always seem to owe more than you expect,” Aaron said. “We believe paying with insurance should be as easy as any other purchase.”

Level says it is taking a full-stack approach and building end-to-end tools, from automated underwriting to real-time benefit analytics. 

It plans to launch a new insurance product aimed at “helping smaller businesses offer bigger benefits” that typically only enterprises have the ability to offer. The company also aims to help employers get money back for any unused benefits after paying a fixed amount each month. Ultimately, the goal is to be able to offer a full suite of products that will allow companies of all sizes — from two employees to 20,000 — provide better benefits for their teams. 

Level claims that its self-insured dental and vision products let companies offer more coverage to their teams while often cutting nearly 20% from their benefits budget. 

“Employers already spend so much money on benefits, and neither they nor their teams get enough out of it,” said Jana Messerschmidt from Lightspeed Venture Partners, in a written statement. “Businesses of all sizes need to compete for talent with innovative benefits that help people get more from their paychecks. Level offers a far superior employee experience, and you’re getting bang for your buck.” 

Meanwhile, Khosla’s Samir Kaul said he believes Level can do for insurance and benefits “what Square Cash did for person-to-person payments.”

Investor First Round Capital claims to have saved 47% by switching from fully insured to Level. And, Thistle says it saw 41% in savings by switching to Level. 

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

Natasha and Danny and Alex and Grace were all here to chat through the week’s biggest tech happenings. It was yet another busy week, but that just means we had a great time putting the show together and recording it. Honestly we have a lot of fun this week, and we hope that you crack a smile while we dig through the latest as a team.

Ready? Here’s the rundown:

• The Coinbase direct listing! Here’s our notes on its S-1, its direct listing reference price, and its results. And we even wrote about the impact that it might have on other startup verticals!
• Grab’s impending SPAC! As it turns out Natasha loves SPACs now, and even Danny and Alex had very little to say that was rude about this one.
• Degreed became a unicorn, proving yet again that education for the enterprise is a booming sub-sector.
• Outschool also became an edtech unicorn, thanks to a new round led by Coatue and everyone’s rich cousin, Tiger Global. The conversation soon devolved into how Tiger Global is impacting the broader VC ecosystem, thanks to a fantastic analysis piece that you have to read here. 
• Papa raised $60 million, also from Tiger Global. What do you call tech aimed at old folks? Don’t call it elder tech, we have a brand new phrase in store. Let’s see if it catches on.
• AI chips! Danny talks the team through grokking Groq, so that we can talk about TPUs without losing our minds. He’s a good egg.
• And, finally, Slice raised more money. Not from Tiger Global. We have good things to say about it.

And that is our show! We are back on Monday morning!

Google’s historical collection of location data has got it into hot water in Australia where a case brought by the country’s Competition and Consumer Commission (ACCC) has led to a federal court ruling that the tech giant misled consumers by operating a confusing dual-layer of location settings in what the regulator describes as a “world-first enforcement action”.

The case relates to personal location data collected by Google through Android mobile devices between January 2017 and December 2018.

Per the ACCC, the court ruled that “when consumers created a new Google Account during the initial set-up process of their Android device, Google misrepresented that the ‘Location History’ setting was the only Google Account setting that affected whether Google collected, kept or used personally identifiable data about their location”.

“In fact, another Google Account setting titled ‘Web & App Activity’ also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default,” it wrote.

The Court also ruled that Google misled consumers when they later accessed the ‘Location History’ setting on their Android device during the same time period to turn that setting off because it did not inform them that by leaving the ‘Web & App Activity’ setting switched on, Google would continue to collect, store and use their personally identifiable location data.

“Similarly, between 9 March 2017 and 29 November 2018, when consumers later accessed the ‘Web & App Activity’ setting on their Android device, they were misled because Google did not inform them that the setting was relevant to the collection of personal location data,” the ACCC added.

Similar complaints about Google’s location data processing being deceptive — and allegations that it uses manipulative tactics in order to keep tracking web users’ locations for ad-targeting purposes — have been raised by consumer agencies in Europe for years. And in February 2020 the company’s lead data regulator in the region finally opened an investigation. However that probe remains ongoing.

Whereas the ACCC said today that it will be seeking “declarations, pecuniary penalties, publications orders, and compliance orders” following the federal court ruling. Although it added that the specifics of its enforcement action will be determined “at a later date”. So it’s not clear exactly when Google will be hit with an order — nor how large a fine it might face.

The tech giant may also seek to appeal the court ruling.

Google said today it’s reviewing its legal options and considering a “possible appeal” — highlighting the fact the Court did not agree wholesale with the ACCC’s case because it dismissed some of the allegations (related to certain statements Google made about the methods by which consumers could prevent it from collecting and using their location data, and the purposes for which personal location data was being used by Google).

Here’s Google’s statement in full:

“The court rejected many of the ACCC’s broad claims. We disagree with the remaining findings and are currently reviewing our options, including a possible appeal. We provide robust controls for location data and are always looking to do more — for example we recently introduced auto delete options for Location History, making it even easier to control your data.”

While Mountain View denies doing anything wrong in how it configures location settings — while simultaneously claiming it’s always looking to improve the controls it offers its users — Google’s settings and defaults have, nonetheless, got it into hot water with regulators before.

Back in 2019 France’s data watchdog, the CNIL, fined it $57M over a number of transparency and consent failures under the EU’s General Data Protection Regulation. That remains the largest GDPR penalty issued to a tech giant since the regulation came into force a little under three years ago — although France has more recently sanctioned Google $120M under different EU laws for dropping tracking cookies without consent.

Australia, meanwhile, has forged ahead with passing legislation this year that directly targets the market power of Google (and Facebook) — passing a mandatory news media bargaining code in February which aims to address the power imbalance between platform giants and publishers around the reuse of journalism content.

The pandemic has made telemedicine video visits in the U.S. almost commonplace, but in Latin America, where broadband isn’t widely available, 1Doc3 is using text and chat to provide access to care. Today, the Colombia-based company announced a $3 million pre-Series A led by MatterScale Ventures and Kayyak Ventures.

“I’m on a nice MacBook for this interview, but that’s not the case of most people in LatAm,” said Javier Cardona, co-founder and CEO of 1Doc3. The company’s name is a play on the phonetics of 1, 2, 3 in Spanish.

Reaching your primary care doctor when you’re not feeling well is getting harder and harder, and 1Doc3 aims to solve that problem in LatAm by offering a telemedicine platform powered by AI that does symptom assessment, triage and pre-diagnosis before connecting the patient to a doctor.

“In 97% of our consultations, you’re connected to a doctor in a matter of minutes,” Cardona said.

After seeing the doctor, the patient can also get their prescriptions delivered to their home through 1Doc3. The startup, like others in the space, is trying to close the loop so patients can get care quickly without having to leave their homes.

In addition to Colombia, the company already has operations in Mexico and plans to use part of the funding to expand further in the region as well as building out a marketing and sales team, which it hasn’t had thus far. 

1Doc3 reaches customers directly and by establishing corporate partnerships where the companies themselves pay for their employees’ medical care through the startup. One of Cardona’s goals is to bring the unit economics down so that smaller businesses can also afford 1Doc3, which for corporates, now charges between $3-4 a month/employee.

“For big companies, the money isn’t an issue, but our region is comprised of small to medium-sized businesses,” Cardona said.

The company, which was founded in 2013 and was a finalist in TechCrunch’s Latin American Battlefield in 2018, experienced massive growth in 2020, going from 2,500 to 35,000 consultations per month from February to December 2020, respectively, which led the company to be cashflow positive last year. In March of 2021, the company had $120,000 in MRR.

Like many startups, the jolt to found 1Doc3 came from a personal experience faced by the founder.  

“When I was in Tanzania I had a medical need and I was definitely not going to go to a doctor in Tanzania, and I couldn’t reach any doctor online, not even in the U.S., and I became a little obsessed with this problem,” said Cardona, who was working in the Middle East and Africa at the time. 

This round brings the total raised by 1Doc3 to $5 million. Other investors that participated in the round include Swanhill Capital, Simma Capital and existing investors The Venture City, EWA capital (previously Mountain Nazca Colombia) and Startup Health.

If you think cyberattacks are scary, what if those attacks were directed at your cardiac pacemaker? Medtronic, a medical device company, has been in hot water over the last couple of years because its pacemakers were getting hacked through their internet-based software updating systems. But in a new partnership with Sternum, an IoT cybersecurity startup based in Israel, Medtronic has focused on resolving the issue.

The problem was not with the medical devices themselves, but with the remote systems used to update the devices. Medtronic’s previous solution was to disconnect the devices from the internet, which in and of itself can cause other issues to arise.

“Medtronic was looking for a long-term solution that can help them with future developments,” said Natali Tshuva, Sternum’s founder and CEO. The company has already secured about 100,000 Medtronic devices.

Sternum’s solution allows medical devices to protect themselves in real-time. 

“There’s this endless race against vulnerability, so when a company discovers a vulnerability, they need to issue an update, but updating can be very difficult in the medical space, and until the update happens, the devices are vulnerable,” Tshuva told TechCrunch. “Therefore, we created an autonomous security that operates from within the device that can protect it without the need to update and patch vulnerabilities,” 

However, it is easier to protect new devices than to go back and protect legacy devices. Over the years hackers have gotten more and more sophisticated, so medical device companies have had to figure out how to protect the devices that are already out there.  

 “The market already has millions — perhaps billions — of medical devices connected, and that could be a security and management nightmare,” Tshuva added.

In addition to potentially doing harm to an individual, hackers have been taking advantage of device vulnerability as the gateway of choice into a hospital’s network, possibly causing a breach that can affect many more people. Tshuva explained that hospital networks are secured from the inside out, but devices that connect to the networks but are not protected can create a way in.

In fact, health systems have been known to experience the most data breaches out of any sector, accounting for 79% of all reported breaches in 2020. And in the first 10 months of last year, we saw a 45% increase in cyberattacks on health systems, according to data by Health IT Security.

In addition to Sternum’s partnership with Medtronic, the company also launched this week an IoT platform that allows, “devices to protect themselves, even when they are not connected to the internet,” Tshuva said.

Sternum, which raised about $10 million to date, also offers cybersecurity for IoT devices outside of healthcare, and according to Tshuva, the company focuses on areas that are “mission-critical.” Examples include railroad infrastructure sensors and management systems, and power grids.

Tshuva, who grew up in Israel, holds a master’s in computer science and worked for the Israeli Defense Force’s 8200 unit — similar to the U.S.’s National Security Alliance — said she always wanted to make an impact in the medical field. “I looked to combine the medical space with my life, and I realized I could have an impact on remote care devices,” she said.

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on 533M+ accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Article 82 of the GDPR provides for a ‘right to compensation and liability’ for those affected by violations of the law. Since the regulation came into force, in May 2018, related civil litigation has been on the rise in the region.

The Ireland-based digital rights group is urging Facebook users who live in the European Union or European Economic Area to check whether their data was breach — via the haveibeenpwned website (which lets you check by email address or mobile number) — and sign up to join the case if so.

Information leaked via the breach includes Facebook IDs, location, mobile phone numbers, email address, relationship status and employer.

Facebook has been contacted for comment on the litigation.

The tech giant’s European headquarters is located in Ireland — and earlier this week the national data watchdog opened an investigation, under EU and Irish data protection laws.

A mechanism in the GDPR for simplifying investigation of cross-border cases means Ireland’s Data Protection Commission (DPC) is Facebook’s lead data regulator in the EU. However it has been criticized over its handling of and approach to GDPR complaints and investigations — including the length of time it’s taking to issue decisions on major cross-border cases. And this is particularly true of Facebook.

With the three-year anniversary of the GDPR fast approaching, the DPC has multiple open investigations into various aspects of Facebook’s business but has yet to issue a single decision against the company.

(The closest it’s come is a preliminary suspension order issued last year, in relation to Facebook’s EU to US data transfers. However that complaint long predates GDPR; and Facebook immediately filed to block the order via the courts. A resolution is expected later this year after the litigant filed his own judicial review of the DPC’s processes).

Since May 2018 the EU’s data protection regime has — at least on paper — baked in fines of up to 4% of a company’s global annual turnover for the most serious violations.

Again, though, the sole GDPR fine issued to date by the DPC against a tech giant (Twitter) is very far off that theoretical maximum. Last December the regulator announced a €450k (~$547k) sanction against Twitter — which works out to around just 0.1% of the company’s full-year revenue.

That penalty was also for a data breach — but one which, unlike the Facebook leak, had been publicly disclosed when Twitter found it in 2019. So Facebook’s failure to disclose the vulnerability it discovered and claimed to fix by September 2019 — which led to the leak of 533M accounts now — suggests it should face a higher sanction from the DPC than Twitter received.

However even if Facebook ends up with a more substantial GDPR penalty for this breach the watchdog’s caseload backlog and plodding procedural pace makes it hard to envisage a swift resolution to an investigation that’s only now a few days old.

Judging by past performance it’ll be years before the DPC decides on this 2019 Facebook leak — which likely explains why the DRI sees value in instigating class-action style litigation in parallel to the regulatory investigation.

“Compensation is not the only thing that makes this mass action worth joining. It is important to send a message to large data controllers that they must comply with the law and that there is a cost to them if they do not,” DRI writes on its website.

It also submitted a complaint about the Facebook breach to the DPC earlier this month, writing then that it was “also consulting with its legal advisors on other options including a mass action for damages in the Irish Courts”.

It’s clear that the GDPR enforcement gap is creating a growing opportunity for litigation funders to step in in Europe and take a punt on suing for data-related compensation damages — with a number of other mass actions announced last year.

In the case of DRI its focus is evidently on seeking to ensure that digital rights are upheld. But it told RTE that it believes compensation claims which force tech giants to pay money to users whose privacy rights have been violated is the best way to make them legally compliant.

Facebook, meanwhile, has sought to play down the breach it failed to disclose — claiming it’s ‘old data’ — a deflection that ignores the fact that dates of birth don’t change (nor do most people routinely change their mobile number or email address).

Plenty of the ‘old’ data exposed in this latest massive Facebook data leak will be very handy for spammers and fraudsters to target Facebook users — and also now for litigators to target Facebook for data-related damages.

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on 533M+ accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Article 82 of the GDPR provides for a ‘right to compensation and liability’ for those affected by violations of the law. Since the regulation came into force, in May 2018, related civil litigation has been on the rise in the region.

The Ireland-based digital rights group is urging Facebook users who live in the European Union or European Economic Area to check whether their data was breach — via the haveibeenpwned website (which lets you check by email address or mobile number) — and sign up to join the case if so.

Information leaked via the breach includes Facebook IDs, location, mobile phone numbers, email address, relationship status and employer.

Facebook has been contacted for comment on the litigation.

The tech giant’s European headquarters is located in Ireland — and earlier this week the national data watchdog opened an investigation, under EU and Irish data protection laws.

A mechanism in the GDPR for simplifying investigation of cross-border cases means Ireland’s Data Protection Commission (DPC) is Facebook’s lead data regulator in the EU. However it has been criticized over its handling of and approach to GDPR complaints and investigations — including the length of time it’s taking to issue decisions on major cross-border cases. And this is particularly true of Facebook.

With the three-year anniversary of the GDPR fast approaching, the DPC has multiple open investigations into various aspects of Facebook’s business but has yet to issue a single decision against the company.

(The closest it’s come is a preliminary suspension order issued last year, in relation to Facebook’s EU to US data transfers. However that complaint long predates GDPR; and Facebook immediately filed to block the order via the courts. A resolution is expected later this year after the litigant filed his own judicial review of the DPC’s processes).

Since May 2018 the EU’s data protection regime has — at least on paper — baked in fines of up to 4% of a company’s global annual turnover for the most serious violations.

Again, though, the sole GDPR fine issued to date by the DPC against a tech giant (Twitter) is very far off that theoretical maximum. Last December the regulator announced a €450k (~$547k) sanction against Twitter — which works out to around just 0.1% of the company’s full-year revenue.

That penalty was also for a data breach — but one which, unlike the Facebook leak, had been publicly disclosed when Twitter found it in 2019. So Facebook’s failure to disclose the vulnerability it discovered and claimed to fix by September 2019 — which led to the leak of 533M accounts now — suggests it should face a higher sanction from the DPC than Twitter received.

However even if Facebook ends up with a more substantial GDPR penalty for this breach the watchdog’s caseload backlog and plodding procedural pace makes it hard to envisage a swift resolution to an investigation that’s only now a few days old.

Judging by past performance it’ll be years before the DPC decides on this 2019 Facebook leak — which likely explains why the DRI sees value in instigating class-action style litigation in parallel to the regulatory investigation.

“Compensation is not the only thing that makes this mass action worth joining. It is important to send a message to large data controllers that they must comply with the law and that there is a cost to them if they do not,” DRI writes on its website.

It also submitted a complaint about the Facebook breach to the DPC earlier this month, writing then that it was “also consulting with its legal advisors on other options including a mass action for damages in the Irish Courts”.

It’s clear that the GDPR enforcement gap is creating a growing opportunity for litigation funders to step in in Europe and take a punt on suing for data-related compensation damages — with a number of other mass actions announced last year.

In the case of DRI its focus is evidently on seeking to ensure that digital rights are upheld. But it told RTE that it believes compensation claims which force tech giants to pay money to users whose privacy rights have been violated is the best way to make them legally compliant.

Facebook, meanwhile, has sought to play down the breach it failed to disclose — claiming it’s ‘old data’ — a deflection that ignores the fact that dates of birth don’t change (nor do most people routinely change their mobile number or email address).

Plenty of the ‘old’ data exposed in this latest massive Facebook data leak will be very handy for spammers and fraudsters to target Facebook users — and also now for litigators to target Facebook for data-related damages.