Crea sito

COVID-19 symptom self-reporting app from startup Zoe and academic partners expands to the U.S.

If you want to contribute to efforts to better understand and contain the COVID-19 pandemic, and you’re based in the U.S., you can do a lot with very little effort by downloading a free iOS and Google Play application called simply ‘COVID Symptom Tracker.’ The app was originally developed in partnership with food science startup Zoe, and released first in the U.K., and was quickly downloaded by nearly one million people in its first day of availability.
The app aims to supplement information provided by testing programs and other public measures of the spread of the coronavirus using self-reported information provided by individuals. It includes a self-reporting quiz that takes roughly one minute per day to complete, and also provides an estimated picture of the potential spread of the virus in your immediate area.
There are a number of different, similar efforts to use self-reported information as a signal in determining the full spread of the virus, in the absence of plentiful, accurate and consistent testing across geographies. One other high-profile project, founded by Pinterest CEO and co-founder Ben Silbermann, launched earlier this month, and offers a similar self-reporting mechanism, for similar purposes – with a mandate of offering up information shared with research partners and health organizations.
The COVID-19 Symptom Tracker has the advantage of already having been used at scale in the U.K., and the information its gathering will be used in a study that’s already in progress, led by King’s College epidemiologist Tim Spector, along with Harvard Medical School professor and infectious disease specialist Andrew Chan. The research team is providing regular updates about their work and the project via a public blog, too.
The goals of the research resulting from the app include forming a better understanding of COVID-19s symptoms, and how they might cluster, as well as helping identify high-risk and high-spread areas, and figuring out who might be most at risk in future. Data shared by individuals is protected under GDPR, and it’s used strictly for non-profit purposes, with any commercial purposes off the table. The group behind the app also advises that while they may share information more broadly with other medical researchers, it strips the data of any potential identifying information before doing so.
These efforts can definitely contribute to a better understanding of COVID-19 and its transmission, and because they’re relatively low-lift in terms of how much time you need to spend with them, it’s probably worth considering using more than one. Sensitivities around sharing info are always going to vary, of course, but if you’re okay with the trade-offs outlined, this does seem like an easy way to do something from the comfort and safety of your own home.

Cookie consent still a compliance trash-fire in latest watchdog peek

The latest confirmation of the online tracking industry’s continued flouting of EU privacy laws which — at least on paper — are supposed to protect citizens from consent-less digital surveillance comes by via Ireland’s Data Protection Commission (DPC).
The watchdog did a sweep survey of around 40 popular websites last year — covering sectors including media and publishing; retail; restaurants and food ordering services; insurance; sport and leisure; and the public sector — and in a new report, published yesterday, it found almost all failing on a number of cookie and tracking compliance issues, with breaches ranging from minor to serious.
Twenty were graded ‘amber’ by the regulator, which signals a good response and approach to compliance but with at least one serious concern identified; twelve were graded ‘red’, based on very poor quality responses and a plethora of bad practices around cookie banners, setting multiple cookies without consent, badly designed cookies policies or privacy policies, and a lack of clarity about whether they understood the purposes of the ePrivacy legislation; while a further three got a borderline ‘amber to red’ grade.
Just two of the 38 controllers got a ‘green’ rating (substantially compliance with any concerns straightforward and easily remedied); and one more got a borderline ‘green to amber’ grade.
EU law means that if a data controller is relying on consent as the legal basis for tracking a user the consent must be specific, informed and freely given. Additional court rulings last year have further finessed guidance around online tracking — clarifying pre-checked consent boxes aren’t valid, for example.
Yet the DPC still found examples of cookie banners that offer no actual choice at all. Such as those which serve a dummy banner with a cookie notice that users can only meaningless click ‘Got it!’. (‘Gotcha data’ more like.. )
In fact the watchdog writes that it found ‘implied’ consent being relied upon by around two-thirds of the controllers, based on the wording of their cookie banners (e.g. notices such as: “by continuing to browse this site you consent to the use of cookies”) — despite this no longer meeting the required legal standard.
“Some appeared to be drawing on older, but no longer extant, guidance published by the DPC that indicated consent could be obtained ‘by implication’, where such informational notices were put in place,” it writes, noting that current guidance on its website “does not make any reference to implied consent, but it also focuses more on user controls for cookies rather than on controller obligations”.
Another finding was that all but one website set cookies immediately on landing — with “many” of these found to have no legal justification for not asking first, as the DPC determined they fall outside available consent exemptions in the relevant regulations.
It also identified widespread abuse of the concept of ‘strictly necessary’ where the use of trackers are concerned. “Many controllers categorised the cookies deployed on their websites as having a ‘necessary’ or ‘strictly necessary’ function, where the stated function of the cookie appeared to meet neither of the two consent exemption criteria set down in the ePrivacy Regulations/ePrivacy Directive,” it writes in the report. “These included cookies used to establish chatbot sessions that were set prior to any request by the user to initiate a chatbot function. In some cases, it was noted that the chatbot function on the websites concerned did not work at all.
“It was clear that some controllers may either misunderstand the ‘strictly necessary’ criteria, or that their definitions of what is strictly necessary are rather more expansive than the definitions provided in Regulation 5(5),” it adds.
Another problem the report highlights is a lack of tools for users to vary or withdraw their consent choices, despite some of the reviewed sites using so called ‘consent management platforms’ (CMPs) sold by third-party vendors.
This chimes with a recent independent study of CPMs — which earlier this year found illegal practices to be widespread, with “dark patterns and implied consent… ubiquitous”, as the researchers put it.
“Badly designed — or potentially even deliberately deceptive — cookie banners and consent-management tools were also a feature on some sites,” the DPC writes in its report, detailing some examples of Quantcast’s CPM which had been implemented in such a way as to make the interface “confusing and potentially deceptive” (such as unlabelled toggles and a ‘reject all’ button that had no effect).
Pre-checked boxes/sliders were also found to be common, with the DPC finding ten of the 38 controllers used them — despite ‘consent’ collected like that not actually being valid consent.
“In the case of most of the controllers, consent was also ‘bundled’ — in other words, it was not possible for users to control consent to the different purposes for which cookies were being used,” the DPC also writes. “This is not permitted, as has been clarified in the Planet49 judgment. Consent does not need to be given for each cookie, but rather for each purpose. Where a cookie has more than one purpose requiring consent, it must be obtained for all of those purposes separately.”
In another finding, the regulator came across instances of websites that had embedded tracking technologies, such as Facebook pixels, yet their operators did not list these in responses to the survey, listing only http browser cookies instead. The DPC suggests this indicates some controllers aren’t even aware of trackers baked into their own sites.
“It was not clear, therefore, whether some controllers were aware of some of the tracking elements deployed on their websites — this was particularly the case where small controllers had outsourced their website management and development to a third-part,” it writes.
The worst sector of its targeted sweep — in terms of “poor practices and, in particular, poor understanding of the ePrivacy Regulations and their purpose” — was the restaurants and food-ordering sector, per the report. (Though the finding is clearly based on a small sampling across multiple sectors.)
Despite encountering near blanket failure to actually comply with the law, the DPC, which also happens to be the lead regulator for much of big tech in Europe, has responded by issuing, er, further guidance.
This includes specifics such as pre-checked consent boxes must be removed; cookie banners can’t be designed to ‘nudge’ users to accept and a reject option must have equal prominence; and no non-necessary cookies be set on landing. It also stipulates there must always be a way for users to withdraw consent — and doing so should be as easy as consenting.
All stuff that’s been clear and increasingly so at least since the GDPR came into application in May 2018. Nonetheless the regulator is giving the website operators in question a further six months’ grace to get their houses in order — after which it has raised the prospect of actually enforcing the EU’s ePrivacy Directive and the General Data Protection Regulation.
“Where controllers fail to voluntarily make changes to their user interfaces and/or their processing, the DPC has enforcement options available under both the ePrivacy Regulations and the GDPR and will, where necessary, examine the most appropriate enforcement options in order to bring controllers into compliance with the law,” it warns.
The report is just the latest shot across the bows of the online tracking industry in Europe.
The UK’s Information Commission’s Office (ICO) has been issuing sternly worded blog posts for months. Its own report last summer found illegal profiling of Internet users by the programmatic ad industry to be rampant — also giving the industry six months to reform.
However the ICO still hasn’t done anything about the adtech industry’s legal blackhole — leading to privacy experts to denouncing the lack of any “substantive action to end the largest data breach ever recorded in the UK”, as one put it at the start of this year.

Privacy experts slam UK’s ‘disastrous’ failure to tackle unlawful adtech

Ireland’s DPC, meanwhile, has yet to put the decision trigger on multiple cross-border investigations into the data-mining business practices of tech giants including Facebook and Google, following scores of GDPR complaints — including several targeting their legal base to process people’s data.
A two-year review of the pan-EU regulation, set for May 2020, provides one hard deadline that might concentrate minds.

Swarm gets all the approvals it needs to begin operating its satellite connectivity service in the U.S.

Space startup Swarm emerged from stealth mode in an unusual way two years ago when it turned out that it had launched some of its satellites in contravention of an FCC order not to do so. The regulator had argued that their satellites, which are tiny spacecraft smaller even than most Cubesats, were in fact too small and couldn’t be reliably tracked using existing technology. Now, two years later, Swarm has announced that it has cleared all the regulatory hurdles it needed to in order to begin operating commercially in the U.S.
Already last year, Swarm got approval from the FCC to send up the 150 satellites it planned for its initial constellation, as well as up to a total of 600, and it gained approval to use the wireless spectrum that it requires to transmit from its satellites to Earth. On top of that, the company has now added regulatory approval to operate in the U.K., New Zealand, Germany, Sweden, Antartica and in international waters, and it gained approval for ground stations in the U.S., the U.K., Antartica, New Zealand and the Azores, with plans for more to come online through the remainder of this year, brining its total ground station network to 30 by end of summer if all goes to plan.
Swarm’s ultimate goal is to provide a worldwide, affordable satellite data network that will be suitable for use in IoT applications, including maritime and ground logistics tracking, and agriculture, as well as for basic communication services for areas that have inadequate ground infrastructure. It’s now at the point where it can begin turning on services using the nine satellites it already has on orbit, as it continues to work towards launching more and expanding its regulatory approvals to cover active operations across more countries.

Researchers develop emergency ventilator based on resuscitation bags used in ambulances

The need for innovative solutions to address shortages in crucial medical equipment is greater than ever, and a new initiative from a global team of biomedical engineering experts is a perfect example. The team developed a way for resuscitation bags – common pieces of equipment carried by ambulances and paramedics around the world, and typically in strong supply at hospitals – to be repurposed as emergency ventilator hardware.
Georgia Tech and Emory University biomedical engineering professor Susan Margulies, who is an expert in ventilator-associated lung injuries, said in a press release that while it is “heartwarming” to see US manufacturers open-source designs of existing FDA-approved fit-for-purpose ventilators, there’s a need still for a “simple, low-cost design” that can boost the numbers of usable equipment without requiring a manufacturing line spinning up.
The device developed by the group of researchers adapts what’s called a “bag-valve-mask” or BVM for short, resulting in a piece of hardware the can simultaneously work for two patients at the same time. It can be made from stock sheet metal components and plastic gears, and works with common wall adapters or 12-volt car batteries for power sources, making them flexible for use in either permanent care facilities or temporary field hospitals.

Basically, the modification works by squeezing the bags automatically and mechanically, whereas they’d normally be squeezed manually by a paramedic to revive a patient. The mechanized squeezing can continue for days, turning them into a workable (if emergency use only) ventilator for continuous care for COVID-19 patients, when no other ventilator hardware is available.
This design is the result of a collaboration between Cranfield University in the UK, as well as Georgia Tech and Emory University. It’s already been prototyped, tested, and iterated upon, and the team behind the concept is now working to move the design to broader manufacturing in partnership with the Emory University Office of Technology.
The potential of this design is significant in areas where access to resources and modern manufacturing equipment/supply sources for ventilators and other, more complex solutions being developed aren’t as abundant. That’s been flagged as a huge areas of concern by the World Health Organization, as the COVID-19 pandemic has hit developed countries hard, overtaxing even their advanced and well-resourced healthcare systems. Other nations with less mature health systems and fewer resources available to frontline care workers will need alternative solutions to address the crisis.

COVID-hit UK startups cry out for help, as UK gov trails Europe in its response

The UK government is reportedly looking at a range of options to support the startup industry, possibly involving a co-investment model involving state-owned funds (via the British Business Bank) and private VC funds. Investors have been warning that typically loss-making, early-stage startups are at risk of collapse amid the coronavirus crisis. But the moves come far later than generous packages put together by Continental European governments to support their startup sectors.
Ministers understood to be keen to support the strong UK startup and innovation sector and options allegedly being considered include convertible loans, which could either be later repaid or turned into equity stakes owned by the state. This would require matched co-investment with VCs, ensuring only existing venture-backed startups would be eligible.
The FT reports that ministers want to do this on a case-by-case basis and only after companies have first sought fresh capital from private investors.
Also being considered is additional grant funding via InnovateUK, a government body providing support to innovative businesses, and an expansion of R&D tax credits.
However, the scale of any government intervention is expected to be far more modest than the government’s previously announced support for small, medium and large companies and their workers, given investors are normally deep-pocketed and tech startups typically employ far fewer people than traditional industries. By contrast, the French and German governments committed €4bn and €2bn in relief for their respective tech startup sectors.
The proposals under consideration include ones put forward by a number of significant players in the UK tech industry, who jointly launched a campaign over the weekend to pressure the government into creating a support package to aid startups struggling to deal with the COVID-19 crisis.
The move comes in the wake of moves by other European countries, such as France and Germany, which have announced significant initiatives.
The Save Our Startups (SOS) campaign published an open letter to British prime minister Boris Johnson warning the country could “lose a generation of startups and high growth businesses to COVID-19.”
It claims more than 30,000 startups employing some 330,000 people do not qualify for existing support measures and are therefore in jeopardy if new policies are not developed to help them.
The campaign was launched by crowdfunding platform Crowdcube and industry body Coadec, and is supported by leading tech figures including Brent Hoberman, the co-founder of Lastminute.com; Alex Chesterman, the cofounder of Zoopla, LoveFilm and Cazoo; and Arnaud Massenet, cofounder of Net-a-Porter.
It is also joined by organizations including The Entrepreneurs Network, Draper Esprit, Virgin Startups, Vala Capital, Innovate Finance, UK Business Angels Association (UKBAA), EISA, Tech London Advocates, Capital Enterprise and Seedrs .
Jeff Lynn, executive chairman and co-founder of Seedrs, who was a signatory to the letter, commented: “The growth of the startup ecosystem has been one of the great successes of the UK economy over the past decade. All that work is now threatened by COVID-19, and that’s why it is essential that the government step in to help at this precarious time–just as the French and German governments are doing. The Save Our Startups campaign sets out three sensible and crucial requests that will make all the difference in ensuring that our startups can continue to be European and world leaders in the decade ahead. I am very pleased that Seedrs and Coadec, both of which I co-founded and chair, are Founding Partners of the campaign, and I hope everyone in the ecosystem will sign onto it.”
The open letter said: “These businesses are making a huge contribution to the economy but are often yet to make a profit because they are investing in their people, technology and bringing innovative products and services to market. They are highly unlikely to qualify for the Coronavirus Business Interruption Loan Scheme (CBILS), which was introduced to provide financial support for SMEs during this pandemic.”
The letter points out that the French and German Governments have already worked to craft support for startups.
Save Our Startups has a three-point proposal for the government, calling on it to:
• Provide an equity-based liquidity package suitable to save startups at risk. While CBILS covers a proportion of UK businesses, the majority of startups and high-growth companies will be excluded and as a result, unsupported.
• Fast track payments to startups from public funding schemes – in particular, R&D tax credits and Innovate UK funding grants. Private sector liquidity has taken a major hit during the crisis with angels and micro-funds unable to provide startups and high growth businesses with bridging money.
• Change EIS, SEIS and VCTs to stimulate private equity investment into startup and high growth businesses, since many startups are losing access to debt or equity support.
However, some investors are cool on the idea, pointing out that the government could end up owning stakes in companies that would not otherwise have raised private-sector money, and that there should be a natural falling-off of weaker companies at a time of public crisis.
Investor Robin Klein of Localglobe commented on Twitter that: “The UK Govt has done an incredible job supporting the startup ecosystem” but he called the SOS campaign a “knee jerk” reaction and although he was “100% in favour of rapid BBB and other govt support” this would be through established tools.”

The UK Govt has done an incredible job supporting the startup ecosystem: EIS, BBB, InnovateUK, R&D tax credits. 8 out of 10 startups won’t reach Series A. Please don’t ‘knee jerk’ react to the call to ‘save our startups’ by deploying much needed Tax payers ££ directly.
— Robin Klein (@robinklein) April 5, 2020

Luke Lang, cofounder of Crowdcube, which initiated the campaign with Coadec, commented: “Other European countries have raced to rescue its startup and tech communities, with French and German Governments committing €6bn in funding. The UK is sluggish by comparison, and further delays are unforgivable and threaten thousands of promising startup and high-growth businesses with huge potential.”
The full letter by Save Our Startups can be read here. And the list of signatories is below:
Darren Westlake — cofounder and chief executive, Crowdcube
Luke Lang — cofounder, CrowdcubeBrent Hoberman — cofounder and chairman, Founders Factory; previously cofounder, Lastminute.com
Alex Chesterman — founder and chief executive, Cazoo; previously cofounder, LoveFilm and Zoopla
Arnaud Massenet — cofounder, Net-a-Porter
Mike Muller — cofounder, ARM
Anthony Fletcher — chief executive, Graze
Tania Boler — founder, Elvie
Doug Monro — cofounder and chief executive, Adzuna />
Jeff Lynn — cofounder and executive chairman, Seedrs
Saurav Chopra — cofounder and chief executive, Perkbox
Daniel Korski — founder and chief executive, PUBLIC
David Dunn — chair, UK Tech Cluster Group
Philip Salter — founder, The Entrepreneurs Network
Andrew Tibbitts — chief operating officer, TechHub
Charlotte Crosswell — chief executive, Innovate Finance
Jenny Tooth OBE — chief executive, UKBAA
Jonathan Sibilia — partner, Draper Esprit
Dom Hallas — executive director, The Coalition for a Digital Economy (Coadec)
John Spindler — cofounder and chief executive, Capital Enterprise
Mark Brownridge — director general, EIS Association
Natasha Guerra — cofounder, Runway East
Andy Fishburn — managing director, Virgin Startup
Russ Shaw — founder, Tech London Advocates
Alex Davies — founder and chief executive, Wealth Club
Bruce Davies — director, UK Crowdfunding Association
Andrew Roughan — managing director, Plexal
Jasper Smith — founder, Vala Capital
Gaby Hersham — founder, Huckletree
Carlos Silva — cofounder, Seedrs
Robert Walsh — managing partner, Q Ventures

Modsy confirms layoffs, 10 months after announcing its $37M Series C

Modsy, an e-commerce company that creates 3D renderings of customized rooms, has confirmed to TechCrunch that it laid off a number of staff. In addition, several of its executives, including CEO Shanna Tellerman, will take a 25% pay cut. TechCrunch first heard about the layoffs from a source. The company’s confirmation of cuts comes amid a wave of layoffs in the technology and startup communities. 
In a statement from the CEO Shanna Tellerman to TechCrunch, Modsy said that “[i]n an effort to maintain a sustainable business during these unprecedented circumstances, we made a round of necessary layoffs and ended a number of designer contracts this week.” The company reaffirmed belief in its “long-term growth plans” in the same statement.
Modsy did not immediately respond when asked about how many individuals were impacted by this layoff. Update: The company declined to share the number of employees impacted.
The startup is backed by investors including TCV, Comcast Ventures, Norwest Venture Partners, GV, BBG Ventures, according to Crunchbase data. It has raised $70.8 million in known capital to date. 
Modsy bets on individuals looking to glam up their homes by better visualizing the new furniture they want to buy. Users can enter the measurements of their living room and add budget and style preferences, and Modsy will help them with custom designs and finding furniture that fits — literally.
The layoffs show that customer appetite might be changing. Last week, home improvement platform Houzz confirmed that it has scratched plans to create in-house furniture for sale. It also laid off 10 people across three locations: the U.K., Germany and China. Houzz is comparatively larger than Modsy, with a roughly $4 billion valuation. But scratching its in-house plan that would have likely brought in more capital is yet another data point in how e-commerce companies are struggling right now to get consumers to spend on items other than beans, booze and bread starters.
In retrospect there were rumblings that the company was cutting staff. A number of recent reviews from its Glassdoor page note layoffs, with one review from March 25, 2020 calling them “mass” in nature; our original source on the company’s recent cuts also noted their breadth.
You can find other social media posts concerning the company’s layoffs, some noting more than one wave. TechCrunch has not confirmed if the recent layoffs are the first of two, or merely the first set of cuts. 
A little over 10 months ago the company was in a very different mood. Back in May of 2019, flush with new capital, Modsy’s CEO said that the “home design space, the inspiration category is thriving.” 
“Pinterest just IPO’d, and it seems as if every TV channel is entering the home design category,” she said. “Meanwhile, e-commerce sites have barely changed since the introduction of the Internet.”

Virgin Orbit announces new plans for first Asian spaceport in Oita, Japan

Virgin Orbit may be focusing its production efforts right now on making ventilators to support healthcare workers battling COVID-19, but it’s also still making moves to build out the infrastructure that will underpin its small satellite launch business. To that end, the new space company unveiled a new partnership with Oita Prefecture in Japan to build a new spaceport there from which to launch and land its horizontal take-off launch vehicle carrier aircraft.
Working in collaboration with ANA Holdings and the Space Port Japan Association, Virgin Orbit says it is currently targeting Oita Airport as the site for its next launch site – the first in Asia – with a plan to start flying missions from the new location as early as 2022.
There are still a number of steps that have to take place before the Oita airport becomes official – including performing a technical study in partnership with local government to determine the feasibility of using the proposed site. Already, Oita is home to facilities from a number of corporations including Toshiba, Nippon Steel, Canon, Sony, Daihatsu and more, but this would marks its first entry into the space industry, an area where Oita is hoping to encourage in future.
“We are eager to host the first horizontal takeoff and landing spaceport in Japan. We are also honored to be able to collaborate with brave technology companies solving global-level problems through their small satellites,” said Katsusada Hirose, Governor for the Oita Prefectural Government, in a press release. “We hope to foster a cluster of space industry in our prefecture, starting with our collaboration with Virgin Orbit.”
Virgin Orbit is looking to scale its efforts globally in a number of ways, even as it gears up for a first demonstration launch of its orbital small satellite delivery capabilities sometime later this year. The company announced plans to provide launch services from a forthcoming spaceport facility in Cornwall for the UK market, and it’s also looking at standing up a site in Guam.
The horizontal launch model that Virgin Orbit uses means that it can much more easily leverage traditional airport infrastructure and processes to set up launch sites, and doing so can provide domestic launch capabilities essentially on-demand for countries looking to add small satellite flight to their in-country housed services. That’s a big selling point, and Oita securing should be a considerable win and for Japan as the site of a first Virgin Orbit port across the whole continent.

An EU coalition of techies is backing a “privacy-preserving” standard for COVID-19 contacts tracing

A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.
China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.
Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.
The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.
In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.
The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.
The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.
While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?
Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.
Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.
Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.
The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.
“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.
“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”
Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”
The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.
Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.
On its website PEPP-PT explains the approach thus:

Mode 1
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.
Mode 2
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.

Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”
While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”
Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:
Backend architecture and technology that can be deployed into local IT infrastructure and can handle hundreds of millions of devices and users per country instantly.
Managing the partner network of national initiatives and providing APIs for integration of PEPP-PT features and functionalities into national health processes (test, communication, …) and national system processes (health logistics, economy logistics, …) giving many local initiatives a local backbone architecture that enforces GDPR and ensures scalability.
Certification Service to test and approve local implementations to be using the PEPP-PT mechanisms as advertised and thus inheriting the privacy and security testing and approval PEPP-PT mechanisms offer.
Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.
However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.
Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”

Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020

A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.
“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.
“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.
“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”
We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.
“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”
“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.
“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”
The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.
Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.
Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.
Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.
But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.
Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.
Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.

Pre-school EdTech startup Lingumi raises £4m, adds some free services during Covid-19

At these difficult times, parents are concerned for their children’s education, especially given so much of it has had to go online during the Covid-19 pandemic. But what about pre-schoolers who are missing out?
Pre-school children are sponges for information but don’t get formal training on reading and writing until they enter the classroom when they are less sponge-like and surrounded by 30 other children. Things are tougher for non-English speaking children who’s parents want them to learn English.
Lingumi, a platform aimed at toddlers learning critical skills, has now raised £4 million in a funding round led by China-based technology fund North Summit Capital – a fund run by Alibaba’s former Chief Data Scientist Dr Min Wanli – alongside existing investors LocalGlobe, ADV, and Entrepreneur First.
The startup, launched in 2017, is also announcing the launch of daily free activity packs and videos to support children and families during the COVID-19 outbreak, and has pledged to donate 20% of its sales during this period to the Global Children’s Fund.
Lingumi’s interactive courses offer one-to-one tutoring with a kind ‘social learning’ and its first course helps introduce key English grammar and vocabulary from the age of 2.
Instead of tuning into live lessons with tutors, which are typically timetabled and expensive, Lingumi’s lessons are delivered through interactive speaking tasks, teacher videos, and games. At the end of each lesson, children can see videos of Lingumi friends speaking the same words and phrases as them. Because the kids are watching videos, Lingumi is cheaper than live courses, and thus more flexible for parents.
The company launched the first Lingumi course in China last year, focused on teaching spoken English to non-English speakers. The platform is now being used by more than 100,000 families globally, including in mainland China, Taiwan, UK, Germany, Italy, and France. More than 1.5 million English lessons have taken place in China over the past six months, and 40% of active users are also playing lessons daily. Lingumi says its user base grew 50% during China’s lockdown and it has had a rapid uptake in Europe.
“Lingumi’s rapid expansion in the Chinese market required a strategic local investor, and Dr Min and the team had a clear-sighted understanding of the technology and scale opportunity both in China, and globally.”
Dr Wanli Min, general partner at North Summit Capital, commented: “It is only the most privileged children who can access native English speakers for one-on-one tutoring… Lingumi has the potential to democratize English learning and offer every kid a personalized curriculum empowered by AI & Lingumi’s ‘asynchronous teaching; model.”
Competitors to include Lingumi include live teaching solutions like VIPKid, and learning platforms like Jiliguala in China, or Lingokids in the West.

Uber Eats beefs up its grocery delivery offer as COVID-19 lockdowns continue

Uber Eats has beefed up grocery delivery options in three markets hard hit by the coronavirus.
Uber’s food delivery division said today it’s inked a partnership with supermarket giant Carrefour in France to provide Parisians with 30 minute home delivery on a range of grocery products, including everyday foods, toiletries and cleaning products.
The service is starting with 15 stores in the city, with Uber Eats saying it plans to scale it out rapidly nationwide “in the coming weeks”.
In Spain it’s partnered with the Galp service station brand to offer a grocery delivery service that consists of basic foods, over the counter medicines, beverages and cleaning products in 15 cities across the following 8 provinces: Badajoz, Barcelona, Cádiz, Córdoba, Madrid, Málaga, Palma de Mallorca and Valencia.
Uber Eats said there will be an initial 25 Galp convenience stores participating. The service will not only be offered via the Uber Eats app but also by phone for those without access to a smartphone or Internet.
The third market it’s inked deals in is Brazil, where Uber said it’s partnering with a range of pharmacies, convenience stores and pet shops in Sao Paulo to offer home delivery on basic supplies.
“Over the counter medicines will be available from the Pague Menos chain of pharmacies, grocery products from Shell Select convenience stores and pet supplies from Cobasi — one of the largest pet shop chains in the country,” it said. “The new services will be available on the Uber Eats app, with plans to launch in other Brazil states and cities in the coming weeks.”
The grocery tie-ups are not Uber Eats’ first such deals. The company had already inked partnerships with a supermarket in Australia (Coles) and the Costcutter brand in the UK, where around 600 independent convenience stores are offered via its app.
Uber Eats also lets independent convenience stores in countries around the world self listed on its app. However the latest tie-ups put more branded meat on the bone of its grocery offer in Europe and LatAm — with the Carrefour tie-up in France marking its first partnership with a major supermarket in Europe.
It’s worth noting Spain’s food delivery rival, Glovo, has an existing grocery-delivery partnership with the French supermarket giant in markets including its home country — which likely explains why Uber Eats has opted for a different partner in Spain.
Asked whether it’s looking to further expand grocery deliveries in other markets hit by the public health emergency Uber Eats told us it’s exploring opportunities to partner with more supermarkets, convenience stores and other retailers around the world.
As part of its response to the threat posed by the COVID-19 pandemic, the company has switched all deliveries to contactless by default — with orders left at the door or as instructed by a user.

Europe’s Deliveroo and Glovo switch on contactless delivery during COVID-19 pandemic

It also told us it’s providing drivers and delivery people with access to hand sanitiser, gloves and disinfectant wipes, as soon as they become available. And said it’s dispensing guidance to users of its apps on hygiene best practice and limiting the spread of the virus.
Uber Eats has previously said it will provide 14 days of financial support for drivers and delivery people who get diagnosed with COVID-19 or are personally placed in quarantine by a public health authority due to their risk of spreading the virus, with the amount based on their average earnings over the last six months or less.
The policy is due for review on April 6.

Africa Roundup: Africa’s tech ecosystem responds to COVID-19

In March, the virus gripping the world — COVID-19 — started to spread in Africa. In short order, actors across the continent’s tech ecosystem began to step up to stem the spread.
Early in March Africa’s coronavirus cases by country were in the single digits, but by mid-month those numbers had spiked leading the World Health Organization to sound an alarm.
“About 10 days ago we had 5 countries affected, now we’ve got 30,” WHO Regional Director Dr Matshidiso Moeti said at a press conference on March 19. “It’s has been an extremely rapid…evolution.” 
By the World Health Organization’s stats Tuesday there were 3671 COVID-19 cases in Sub-Saharan Africa and 87 confirmed deaths related to the virus — up from 463 cases and 8 deaths on March 18.
As the COVID-19 began to grow in major economies, governments and startups in Africa started measures to shift a greater volume of transactions toward digital payments and away from cash — which the World Health Organization flagged as a conduit for the spread of the coronavirus.
Africa’s leader in digital payment adoption — Kenya — turned to mobile-money as a public-health tool.
At the urging of the Central Bank and President Uhuru Kenyatta, the country’s largest telecom, Safaricom, implemented a fee-waiver on East Africa’s leading mobile-money product, M-Pesa, to reduce the physical exchange of currency.
The company announced that all person-to-person (P2P) transactions under 1,000 Kenyan Schillings (≈ $10) would be free for three months.
Kenya has one of the highest rates of digital finance adoption in the world — largely due to the dominance of M-Pesa  in the country — with 32 million of its 53 million population subscribed to mobile-money accounts, according to Kenya’s Communications Authority.
On March 20, Ghana’s central bank directed mobile money providers to waive fees on transactions of GH₵100 (≈ $18), with restrictions on transactions to withdraw cash from mobile-wallets.
Ghana’s monetary body also eased KYC requirements on mobile-money, allowing citizens to use existing mobile phone registrations to open accounts with the major digital payment providers, according to a March 18 Bank of Ghana release.
Growth in COVID-19 cases in Nigeria, Africa’s most populous nation of 200 million, prompted one of the country’s largest digital payments startups to act.
Lagos based venture Paga made fee adjustments, allowing merchants to accept payments from Paga customers for free — a measure “aimed to help slow the spread of the coronavirus by reducing cash handling in Nigeria,” according to a company release.

Africa turns to mobile payments as a tool to curb COVID-19

In March, Africa’s largest innovation incubator, CcHub, announced funding and engineering support to tech projects aimed at curbing COVID-19 and its social and economic impact.
The Lagos and Nairobi based organization posted an open application on its website to provide $5,000 to $100,000 funding blocks to companies with COVID-19 related projects.
CcHub’s CEO Bosun Tijani expressed concern for Africa’s ability to combat a coronavirus outbreak. “Quite a number of African countries, if they get to the level of Italy or the UK, I don’t think the system… is resilient enough to provide support to something like that,” Tijani said.

CcHub funds tech to curb COVID-19 on concerns of an Africa outbreak

Cape Town based crowdsolving startup Zindi — that uses AI and machine learning to tackle complex problems — opened a challenge to the 12,000 registered engineers on its platform.
The competition, sponsored by AI4D, tasks scientists to create models that can use data to predict the global spread of COVID-19 over the next three months. The challenge is open until April 19, solutions will be evaluated against future numbers and the winner will receive $5,000.
Zindi will also sponsor a hackathon in April to find solutions to coronavirus related problems.
Image Credits: Sam Masikini via Zindi
On the digital retail front, Pan-African e-commerce company Jumia announced measures it would take on its network to curb the spread of COVID-19.
The Nigeria headquartered operation — with online goods and services verticals in 11 African countries — said it would donate certified face masks to health ministries in Kenya, Ivory Coast, Morocco, Nigeria and Uganda, drawing on its supply networks outside Africa.
The company has also offered African governments use of of its last-mile delivery network for distribution of supplies to healthcare facilities and workers.
Jumia is reviewing additional assets it can offer the public sector. “If governments find it helpful we’re willing to do it,” CEO Sacha Poignonnec told TechCrunch.

Jumia adapts Pan-African e-commerce network in response to COVID-19

More Africa-related stories @TechCrunch
Visa partners with Paga on payments and fintech for Africa and abroad
Did African startups raise $496M, $1B or $2B in 2019?
A snapshot of the leading startups in Africa’s top VC markets
African tech around the ‘net
Twitter CEO will ‘reevaluate’ plan to spend months in Africa citing coronavirus concerns
EWB Canada launches $24M Africa-focused tech venture fund
Nigeria rolls out broadband to boost growth

How Huawei is dividing Western nations

The relationship between the United Kingdom and Australia is not usually a flashpoint in international relations. After all, the two allies share a common language, ancestry, and monarch. So what caused a dustup recently that saw a senior Australian parliamentarian rebuke the British foreign secretary, and for a group of Australian MPs to then cancel a trip to London in protest?
The answer is fears over Huawei, the Chinese telecom giant at the center of the 5G next-generation wireless debate. Australian officials were miffed when the British government recommended that the company be allowed to play a limited role in the U.K.’s 5G deployment despite calling it a “high risk” supplier due to its close ties to the Chinese government (the company’s founder, Ren Zhengfei, served for many years as an engineer in the People’s Liberation Army). The Australian government, a fellow member of the Five Eyes intelligence alliance (which includes the two countries plus the United States, Canada, and New Zealand), disagreed back in 2017 when it barred Huawei on national security grounds.
Now, two close allies are at cross purposes about the very future of the internet. What’s at stake is not just who equips the future of telecom infrastructure, but the very values that the internet itself holds.
Two countries, ocean(s) apart
It’s not just Australia and Britain that find themselves separated by an ocean (or two). In America, Huawei has become the Trump Administration’s favorite company to hate. In a speech at this year’s Munich Security Conference, Defense Secretary Mark Esper called the company “today’s poster child” for “nefarious activity” while another White House official compared the company to “the Mafia.”  It should come as no surprise that the company is the target of trade restrictions, a criminal action against its CFO, and a concerted diplomatic campaign. 

The US is charging Huawei with racketeering

America’s concerns are twofold. First, that critical infrastructure provided by a Chinese company with such close ties to the country’s central leadership is an unacceptable security risk. Second, that arresting Huawei’s increasing dominance risks surrendering any chance for American leadership in 5G technology.
National security considerations have predominantly driven policymakers in Australia. More alert by geography to the strategic risks posed by China, Canberra moved early and decisively to bar Huawei from participating in its 5G networks at all. “The fundamental issue is one of trust between nations in cyberspace,” writes Simeon Gilding, until recently the head of the Australian Signals Directorate’s signals intelligence and offensive cyber missions.
That lack of trust between China and Australia is compounded by the difficult geopolitics of the Asia-Pacific. “It’s not hard to imagine a time when the U.S. and China end up in some sort of conflict,” says Tom Uren of the Australian Strategic Policy Institute (ASPI). “If there was a shooting war, it is almost inevitable that the U.S. would ask Australia for assistance and then we’d be in this uncomfortable situation if we had Huawei in our networks that our critical telecommunications networks would literally be run by an adversary we were at war with.”
Gilding warned, “It’s simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party.” And no matter what reassurances Huawei executives have given, they just simply haven’t been able to ally those concerns. Beijing didn’t help Huawei’s case when it passed its 2017 Intelligence Law, which obliges all Chinese companies and individuals to assist with intelligence efforts if asked. “People were always afraid [that might happen],” adds Uren, “and having it in writing really solidified those concerns.”
As a result, Canberra’s policy to ban Huawei has been largely uncontroversial. With the exception of some of the country’s telecom companies, “the decision [to ban Huawei] has bipartisan backing,” says Simon Jackman, CEO of the US Studies Centre at the University of Sydney.
Calling out London
American officials wish their British counterparts shared Australia’s outlook – and haven’t been shy about saying so. Secretary of State Mike Pompeo urged the UK to “relook” at the decision and lobbied Prime Minister Boris Johnson on the issue on a recent trip to London. Meanwhile, Defense Secretary Esper has made clear that electing to use Huawei could threaten allies’ access to American intelligence. “If countries choose to go the Huawei route,” Mr. Esper told reporters on the sidelines of the Munich Security Conference, “it could well jeopardize all the information sharing and intelligence sharing we have been talking about, and that could undermine the alliance, or at least our relationship with that country.”
U.S. Secretary of State Mike Pompeo leaves 10 Downing Street after a meeting with British Prime Minister Boris Johnson on 30 January 2020 in London, England. (Photo by WIktor Szymanowicz/NurPhoto via Getty Images)
British officials not only believe this to be a bluff – the Five Eyes intelligence alliance is much too strong in their view – but have a different assessment of the risk Huawei poses. “Everyone’s perception of the Huawei risk is particular to them,” says Nigel Inkster, a former deputy chief of MI6 now at the London-based International Institute for Strategic Studies (IISS).
The U.K. goes even further though. Experts in the British government, which started using Huawei in its 3G and 4G networks back in 2003, believe that not only can the risks be mitigated, but they are being overstated in the first place. “The Australian approach is driven by the kind of worst-case analysis of the risk 5G could pose in effect on the brink of war,” says Inkster. “I don’t think the U.K. envisages going to war with China any time soon.”
Inkster and other top officials remain confident in the Huawei Cyber Security Evaluation Centre (HCSEC), which was established by the National Cyber Security Centre (NCSC) back when Huawei was first introduced into Britain’s telecom networks. “We’ve never ‘trusted’ Huawei,” wrote NCSC Technical Director Dr. Ian Levy in a January 2020 blogpost. As a result, the U.K. has “always treated them as a ‘high risk vendor’ and worked to limit their use in the UK and put extra mitigations around their equipment and services.”
Levy and the government’s other cybersecurity experts believe that their system will continue to work. “The basic cyber security measures that have been used for 3/4G also apply to 5G,” argues Marcus Willett, who also served as the first Director of Cyber at GCHQ, Britain’s signals-intelligence agency. “If Huawei had been playing games, we would have discovered it by now,” says Pauline Neville-Jones, a Conservative member of the House of Lords, and previously security minister and cybersecurity advisor in former British Prime Minister David Cameron’s government.
British regulations already restrict Huawei and other high-risk vendors in several ways, including capping their market share at 35% and ensuring their equipment is continuously evaluated by HCSEC. In addition, by preventing Huawei’s 5G kit from being used near sensitive sites and limiting it to the periphery of the network (as opposed to the core), British officials are confident that they can contain any additional risk.
That’s not to say Huawei doesn’t face stiff opposition from some corners. Even if you mitigated the risk, it’s “quite a leap to allow the Chinese to be intimately involved in something as sensitive as this,” one U.K. retired diplomat, who spoke on condition of anonymity due to the sensitivity of the topic, told me. And the company is no one’s first choice. “If the U.K. didn’t have Huawei in its system, it wouldn’t choose to have Huawei now,” Lady Neville-Jones told me. “But we are in a different place [than Australia] and we have set up a system which we believe enables us to manage the risk. And by God, we will be on alert. We’re not stupid. [But] you say to yourself, at the end of the day, do you trust your technical people or not? And there’s never been a complaint on backdoors or traps.” Indeed, government experts have often caught coding errors she adds. “I suspect the result of [British inspections] is that technically Huawei is a better company than it might otherwise have been.”
The British position is also rooted in game theory. “Even if you could [bring down the network], when would you do it?” asks Willett, formerly of GCHQ. “It is effectively a ‘one shot’ capability – if used by China, it would undermine the position of all Chinese companies in the world tech market. China would therefore presumably save the ‘one shot’ for war or near-war, in which case it would need to be sure it would work. That is not easy.”
Australian experts are skeptical, though. “I think [the British] are overconfident in their ability to mitigate [the risk],” Uren, the ASPI expert, told me. His view – widely shared in Australia – is that defenders always think they can defend a system until they can’t, and giving a Chinese company access to the network is already a concession too far. “Cybersecurity is all about raising the costs for the attacker,” writes Gildling, the former Australian official. “Network access through vendors — which need to be all over 5G networks to maintain their equipment — effectively reduces the access cost to zero.”
The economic equation in Europe
It’s hard to understate the difference geography makes, though. In America and Australia — Pacific powers — China is physically present. For Europeans — including Britain — the risks of a rising China don’t carry the same emotional weight.
“The idea of China being a direct security threat is still somewhat abstract,” says Dr. Janka Oertel of the European Council on Foreign Relations. With the exception of countries like Poland and Estonia which are reliant on U.S. military support and thus more willing to toe Washington’s line, “European governments have just begun to asses the risk China can pose in the cyber realm.” Partly to allay those rising concerns, Huawei about a year ago established a a Cyber Security Transparency Centre in Brussels, the de facto capital of the European Union. Unlike Britain’s HCSEC, however, it is not an independent evaluation center and it is not designed to carry out the same functions.
Economics dominate the conversation on the continent more than national security concerns. The fragmented telecom market in Europe (105 mobile operators versus just four in America), has also proven beneficial to Huawei. In a competitive environment where cost has become everything, the state-subsidized Huawei is often able to underprice its competitors. Even in Britain, security concerns were weighed against the fact that “stripping out [the Huawei components already in the system] and starting again would carry enormous costs,” Inkster told me.
Still, Oertel thinks the debate in Europe is being debated on the wrong grounds. “It’s really hard to say Huawei is cheaper than Ericsson or Nokia. No one has the numbers because these are all contracts between private companies. We’re talking a lot of hypotheticals.” Her concern is that while Huawei might seem cheaper now, that might change if it’s able to squeeze out competitors and raise prices.
The battle isn’t over yet, though. Ericsson and Nokia maintain that they are competitive on technology and cost. Indeed, Ericsson is already running 27 5G networks in 15 countries and was just selected by the Danish government to build the country’s 5G network, displacing existing Huawei equipment. Meanwhile in Germany, the government’s move toward using Huawei has run into sharp opposition in the Bundestag, the German federal parliament. Norbert Röttgen, a prominent member of Chancellor Angela Merkel’s own party, helped draft a bill that would bar any “untrustworthy” company from “both the core and peripheral networks.”
Norbert Roettgen, CDU at the Bundespressekonferenz the occasion of the candidacy for the CDU chairmanship, on February 18, 2020 in Berlin, Germany. (Photo by Felix Zahn/Photothek via Getty Images)
The Trump Administration is still concerned enough about Huawei’s potential ability to dominate 5G worldwide that it is actively campaigning for a Western alternative. “We are encouraging allied and U.S. tech companies to develop alternative 5G solutions,” Defense Secretary Esper said in Munich, where he also exhorted fellow security officials to “develop our own secure 5G network … so we don’t regret our decisions later.” 
Other American officials have suggested even more extraordinary measures. Declaring in a February speech that nothing less than “our economic future is at stake,” Attorney General William Barr (who also served formerly as a long-time lawyer for U.S. telecom and TechCrunch parent company Verizon) bluntly called on the U.S. and its allies to “actively consider” a proposal for the government and U.S. companies to take a controlling stake in Nokia and Ericsson. “Putting our large market and financial muscle behind one or both of these firms would make it a far more formidable competitor.”
Ericsson dismisses these comments. “Personally, I find it odd that Barr is even thinking like this really,” Gabriel Solomon, a senior Ericsson executive in Europe, told me. “We were first to commercial deployment in four continents. We are in a very competitive market.”
Indeed, that echoes a common view in Europe: that the goal of American policy on Huawei is less about security and more about market share – and making sure America, not China, owns the future of 5G. And that has its own risks. “Cutting out Huawei altogether potentially moves us toward a kind of bipolar, bifurcated internet, which if taken to logical extreme would have some very serious adverse implications for everyone in terms of cost, a slowdown in innovation, and general reduction in intellectual and technical interchange,” says Inkster, the former MI6 official.
Things would be easier, Europeans say, if America presented an obvious alternative. Without one, America’s allies feel they have little choice but to use Huawei if they don’t want to fall behind technologically. “The West has got itself in a mess,” says the retired British diplomat. “It is a striking failure of political cooperation and coordination that we should find ourselves in this position.”
There is still optimism on both sides of the Atlantic that a Western solution can be found. As Röttgen of Germany wrote in a tweet in February:

The #USA & EU could team up to counter #China’s #5G dominance. We share the same security concerns & should cooperate to expand alternatives. But to do so we must know that tariffs against Brussels are off the table. Partners don’t threaten one another. https://t.co/ZPvZFKWNYq
— Norbert Röttgen (@n_roettgen) February 8, 2020

Rather than pick a champion, another solution would be to level the playing field. “Telecoms security doesn’t pay,” concedes Dr. Levy of HCSEC. And “externalising the security costs of particular choices (including vendor) will help operators make better security risk management decisions.” Another option: better national screening investment mechanisms that would limit the ability of state-owned enterprises to operate unfairly.
But to get there requires coordination and cooperation – and that isn’t necessarily as forthcoming as you might expect. Germans still remember that the NSA hacked Chancellor Merkel’s phone – and the Trump Administration’s trade war has targeted Europe almost as much as it has China. Röttgen cautioned that cooperation on 5G was connected: “[W]e must know that tariffs against Brussels are off the table,” he said in the same tweet. “Partners don’t threaten one another.” Meanwhile, Huawei is earning goodwill by sending medical equipment to Europe to help combat the COVID-19 pandemic.
“Technology was supposed to unite us,” laments Jackman, the Australian professor; “instead it’s driving us apart not just from our rivals, but our allies, too.”

Rocket startup Skyrora shifts production to hand sanitizer and face masks for coronavirus response

One of the newer companies attempting to join the rarified group of private space launch startups actually flying payloads to orbit has redirected its entire UK-based manufacturing capacity towards COVID-19 response. Skyrora, which is based in Edinburgh, Scotland, is answering the call of the UK government and the NHS to manufacturers to do what they can to provide much-needed healthcare equipment for frontline responders amid the coronavirus crisis.
Skyrorary says that the entirety of its UK operations, including all human resources and its working capital are now dedicated to COVID-19 response. The startup, which was founded in 2017, had been working towards test flights of its first spacecraft, making progress including an early successful engine test using its experimental, more eco-friendly rocket fuel that was completed in February.
For now, though, Skyrora will be focusing full on building hand sanitizer, its first effort to support the COVID-19 response. The company has already produce their initial batch using WHO guidelines and requirements, and now aims to scale up its production efforts to the point where it can manufacture the sanitizer at a rate of over 10,000 250 ml bottles per week.
There’s actually a pretty close link between rocketry and hand sanitizer: Ethanol, the form of alcohol that provides the fundamental disinfecting ingredient for hand sanitizer, has been used in  early rocket fuel. Skyrora’s ‘Ecosene’ fuel is a type of kerosene, however, which is a much more common modern aviation and rocket fuel.
In addition to sanitizer, Skyrora is now in talks with the Scottish Government to see where 3D-printed protective face masks might have a beneficial impact on ensuring health worker safety. It’s testing initial prototypes now, and will look to mass produce the protective equipment after those tests verify its output.
Plenty of companies are pitching in where they can, including by shifting their production lines and manufacturing capacity towards areas of greatest need. It’s definitely an ‘all-hands-on-deck’ moment, but there’s definitely a question of what happens to businesses that shift their focus this dramatically once the emergency passes, especially for young startups in emerging industries.

Duolingo’s new app teaches children how to read and write

Until now, Duolingo‘s focus was always squarely on teaching languages, but today, the company launched Duolingo ABC, a free English literacy app for children ages 3 to 6. Originally, the company had planned on unveiling this app later in the year, but due to the COVID-19 pandemic, it decided to launch it early to help parents who are now suddenly finding themselves homeschooling their children.
The ad-free app is now available in the U.S., UK, Ireland, Australia and New Zealand. It includes over 300 short lessons that teach basic reading and writing skills.
For now, the app is only available in English and on iOS, though Duolingo will likely add support for other platforms in the future.
“We created
It’s interesting to see Duolingo branch out from its sole focus on those who want to learn new languages. ABC not only focuses on native speakers but also on a far younger audience than the rest of its courses. It’ll be interesting to see if this heralds a push into the wider education space for Duolingo or just a one-off app.

Dyson and Gtech answer UK call for ventilator design and production to support COVID-19 response

Companies around the world are shifting production lines and business models to address the needs of governments and healthcare agencies in their efforts to slow the spread of COVID-19. Two companies answering that call are Dyson and Gtech, both of which are working on ventilator hardware, leveraging their experience building vacuums and other motor-driven airflow gadgets to spin up new designs and get them validated and produced as quickly as possible.
Dyson, the globally-recognized appliance maker, is working with The Technology Partnership (TTP) on a brand new ventilator design called the CoVent. This design is meant to be made quickly at at high volumes, and leverages Dyson’s existing Digital Motor design, as well as the company’s air purification products, to deliver safe and consistent ventilation for COVID-19 patients, according to an internal email from founder James Dyson to Dyson employees and provided to TechCrunch.
Dyson was reacting to a request from UK Prime Minister Boris Johnson for ventilator supplies, and intends to first fulfil an order of 10,000 units o the UK Government. Its ventilator still needs to be tested and its production process approved by the government and the UK’s Medicines and Healthcare Products Regulatory Agency (the MHRA, its FDA equivalent), but Dyson says in the email that “the race is now on to get it into production.” The company notes that experts from both the UK’s national healthcare agency and the MHRA have been involved throughout its design process, which should help expedite approvals.
The CoVent meets the specifications set out by clinicians for ventilator hardware, and is both bed-mounted and portable with a battery power supply, for flexible us across a variety of settings, including during patient transportation. Because it uses a lightly modified version Dyson’s existing Digital Motor design, the company says that the fan units needed for its production are “available in very high volume.”
“I am proud of what Dyson engineers and our partners at TTP have achieved. I am eager to see this new device in production and in hospitals as soon as possible,” Dyson wrote in his email. “This is clearly a time of grave international crisis, I will therefore donate 5,000 units to the international effort, 1,000 of which will go to the United Kingdom.”
Meanwhile, Gtech, another UK home appliance and vacuum maker, has likewise done what it can to answer the government’s call for ventilator hardware. The company’s owner Nick Grey said that it received a request to build up to 30,000 ventilators in just a two-week span, which promoted them to quickly set about figuring out what went into the design of this medical hardware.
Gtech’s team developed a ventilator that can be made from parts easily made from abundant stock materials, or off-the-shelf pre-assembled parts. The company says that it can spin up production of around 100 per day within a week or two, so long as it can source steel fabrication and CNC machining suppliers.
In addition to its own production capacity, Gtech is making its ventilator designs available for free to the broader community in order to ramp production. The company says that “there’s no reason why thousands of emergency ventilators can’t be made each day” in this way, according to an interview with Grey and CTV News. Like the Dyson model, Gtech’s design will need assessment and certification from the UK government and regulators before they can be put into use.

Tesla CEO Elon Musk: New York gigafactory will reopen for ventilator production

Tesla CEO Elon Musk said Wednesday that the company’s factory in Buffalo, New York will open “as soon as humanly possible” to produce ventilators that are in short supply due to the spread of the COVID-19 pandemic.
His comments, which were made Wednesday via Twitter, follows previous statements by the CEO outlining plans to either donate ventilators or work to increase production of the critical piece of medical equipment needed for patients who are hospitalized with COVID-19, a respiratory disease caused by coronavirus. COVID-19 attacks the lungs and can cause acute respiratory distress syndrome and pneumonia. And since there is no clinically proven treatment yet, ventilators are relied upon to help people breathe and fight the disease. There are about 160,000 ventilators in the United States and another 12,700 in the National Strategic Supply, the NYT reported.

Giga New York will reopen for ventilator production as soon as humanly possible. We will do anything in our power to help the citizens of New York.
— Elon Musk (@elonmusk) March 25, 2020

Last week, Tesla said in a statement it would suspend production at its Fremont, Calif. factory, where it assembles its electric vehicles, and its Buffalo, N.Y gigafactory, except for “those parts and supplies necessary for service, infrastructure and critical supply chains.”
It isn’t clear based on Musk’s statements when the Buffalo plant would reopen or how long it would take to convert a portion of its factory, which is used to produce solar panels. Musk didn’t say if this was part of a possible collaboration with Medtronic .
Medtronic CEO Omar Ishrak told CNBC on Wednesday that it is increasing capacity of its critical care ventilators and partnering with others such as Tesla. He said Medtronic is open sourcing one its lower end ventilators in less acute situations for others to, to make as quickly as they can. These lower end ventilators, which are easier to produce because there are fewer components, can be used as an intermediary step in critical care.
Tesla is one of several automakers, including GM, Ford and FCA that has pledged support to either donate supplies or offer resources to make more ventilators. Earlier this week, Ford said it is working with GE Healthcare to expand production capacity of a ventilator.
GM is working with Ventec Life Systems to help increase production of respiratory care products such as ventilators. Ventec will use GM’s logistics, purchasing and manufacturing expertise to build more ventilators. The companies did not provide further details such as when production might be able to ramp up or how many ventilators would be produced.

Qatar Airways adds 10K seats while other airlines draw down their schedules

While most domestic and international airlines are cutting thousands of flights from their schedules due to the fallout of the COVID-19 pandemic, Qatar Airways is taking another route. The airline is actually stepping up some of its flying again, after also announcing some cuts in the last few days, by adding 10,000 extra seats back to its network.
It’s doing so by adding extra flights to Paris, Perth and Dublin from its hub in Doha, and by using its A380 fleet for flights to Frankfurt, London Heathrow and Perth. In addition, it’s adding charter service to Europe from the U.S. and Asia.
Unlike other airlines, Qatar still serves 75 destinations, including to the U.S., though the airline acknowledges that this could quickly change as some countries adopt tighter restrictions.
In many ways, Qatar’s decision seems counterintuitive, especially given that even its local competitors like Emirates have cut most of their schedules and many U.S. airlines now only serve a handful of international destinations. But Qatar argues that its mission right now is to “reunite stranded passengers with their loved ones.” The company’s data backs this up, with planes to the UK, France and Germany leaving with about 80 percent of their seats sold, but outbound flights only being 36 percent full. The airline says it flew about 100,000 passengers in the last seven days.
The demand here clearly is from passengers trying to get home. That likely won’t last and Qatar, too, will end up shutting down more of its routes. But for the time being, it’s one of the few airlines that are still offering flights on many of these routes, something it can do because its hub in Doha also remains open for transit passengers. Emirates and Ethiad, for example, would likely keep some of its flights going, too, but their hub airports are now closed and other major hubs like Singapore and Hong Kong have banned all transit passengers.

Airlines start canceling more flights from Europe as new restrictions go into effect

Babbel makes its language learning app free for all US students

Babbel, the Berlin-based paid language learning app, today announced that, in light of the COVID-19 pandemic, it is making its service available for free to all K-12 and college students until the end of the term. Previously, the company offered a similar deal for students in Italy, the U.K., Germany, Spain and France.
The service currently offers courses for Spanish, French, German, Italian, Portuguese, Polish, Russian, Dutch, Turkish, Danish, Norwegian, Swedish, Indonesian and English. Students who want to sign up (or whose parents force them to do so) only need a valid school address to get started.
“The number of students being affected by high school and college closures across the U.S. is increasing daily, and the education system is anticipated to be further disrupted in the coming weeks,” said Julie Hansen, Babbel’s U.S. CEO. “As students are being forced to stay at home, Babbel is in a position to help right now and that is exactly what we want to do. At this time of global concern, we are reminded of the similarities we have with other people around the world, rather than that which divides us.”

The company also tells me that it is seeing increased demand from schools that are looking for ways to keep their students practicing their language skills while they are out of the classroom. Even without taking these students into account, though, Babbel’s overall subscriber numbers are actually up right now, which comes as a bit of a surprise, given that most people are probably not currently thinking about learning the basics of a language for their next vacation.
“Since people globally are bound to their homes we see a steep uptake in learning activity,” said Babbel CEO Arne Schepker. “More than ever, large numbers of people are currently starting a new language journey with Babbel. This is something that makes us extremely humble and grateful. If our work helps to make your day just a little bit better I think this is more than we ever could have asked for.”
Across geographies, Babbel is seeing the same trends, where new subscriptions slow down as the pandemic first becomes top of mind and then picks up again once school closing and rules like shelter-in-place go into effect. The same also holds true for existing subscribers, who, on average, are now more active, too. Unsurprisingly, though, “travel” isn’t quite the motivator for new learners that it was before this pandemic hit.
The popular free language learning app Duolingo, too, is seeing similar growth. The company tells me its new user growth is up 40% worldwide, and especially high in countries that have been aggressive about their isolation measures. In the last week alone, Duolingo saw a 91% increase in new users in the U.S., and even higher growth in European countries like France and Spain. With TOEFL and IELTS testing centers in China and other countries closed, Duolingo’s certification program is also seeing close to 300% growth in China and Korea.

UK turns to WhatsApp to share coronavirus information

Three years ago, the U.K. government chastised WhatsApp for using enabling end-to-end encryption by default. Today, it’s relying on the encrypted messaging app as a vital service for sharing information about the coronavirus pandemic.
The new chatbot, supplied by the U.K. government, will let anyone subscribe to official advice about the pandemic, known as COVID-19, in the hope of reducing the burden on its national health system.
Send “hi” to 07860 064422 (or +44 7860 064422 for international users) over WhatsApp to start receiving updates.
The U.K. government’s official WhatsApp account, which it’s using to share information about the coronavirus pandemic. (Image: TechCrunch)
The U.K. government said the service will also allow the government to send messages to all opted-in users if required. Currently the U.K. does not have a national emergency alert system, unlike the U.S., to notify citizens on mass about incidents or emergencies. South Korea was praised for its use of sending up-to-date emergency alerts to citizens, which experts say has helped to “flatten the curve” of infections, a reference to slowing the rate of infection to help ease the burdens on hospitals.
British Prime Minister Boris Johnson declared a national lockdown on Tuesday, ordering all non-essential citizens and residents to stay at home in an effort to fight the spread of the pandemic.
U.K. authorities had faced criticism for failing to issue the stay-at-home order sooner. Several other countries and cities with spiking infection rates, including Italy and New York, had ordered their citizens to remain at home.
As of Wednesday, there were more than 438,000 confirmed global cases of COVID-19, with 19,000 deaths recorded.

UK researchers develop new low-cost, rapid COVID-19 test that could even be used at home

A new type of test developed by UK researchers from the Brunel University London, Lancaster University and the University of Surrey can provide COVID-19 detection in as little as 30 minutes, using hand-held hardware that costs as little as £100 (around $120 USD) with individual swab sample kits that cost around $5 per person. The test is based on existing technology that has been used in the Philippines for testing viral spread in chickens, but it’s been adapted by researchers for use with COVID-19 in humans, and the team is now working on ramping mass production.
This test would obviously need approval by local health regulatory bodies like the FDA before it goes into active use in any specific geography, but the researchers behind the project are “confident it will respond well,” and say they could even make it available for use “within a few weeks.” The hardware itself is battery-operated and connects to a smartphone application to display diagnostic results and works with nasal or throat swabs, without requiring that samples be round-tripped to a lab.
There are other tests already approved for use that use similar methods for on-site testing, including kits and machines from Cepheid and Mesa Biotech. These require expensive dedicated table-top micro-labs, however, which is installed in dedicated healthcare facilities including hospitals. This test from UK scientists has the advantage of running on inexpensive hardware, with testing capabilities for up to six people at once, which can be deployed in doctor’s offices, hospitals and even potentially workplaces and homes for truly widespread, accessible testing.
Some frontline, rapid results tests are already in use in the EU and China, but these are generally serological tests that rely on the presence of antibodies, whereas this group’s diagnostics are molecular, so it can detect the presence of viral DNA even before antibodies are present. This equipment could even potentially be used to detect the virus in asymptomatic individuals who are self-isolating at home, the group notes, which would go a long way to scoping out the portion of the population that’s not currently a priority for other testing methods, but that could provide valuable insight into the true extend of silent, community-based transmission of the coronavirus.

New coronavirus research suggests vaccines developed to treat it could be long-lasting

A new study from Italian researchers suggests that the SARS-CoV-2 coronavirus, which is the cause of the COVID-19 pandemic currently causing a global health crisis, is relatively slow to mutate – meaning that any effective vaccine that is developed to prevent people from getting infected should be broadly effective across geographically separated populations, and over a relatively long period of time.
The research, conducted by two independent teams working separate from one another, including scientists at the “Lazzaro Spallanzani” National Institute for Infectious Diseases (IRCCS) in Rome and the Forensic Division of the Department of Biomedical Sciences and Public Health (DSBSP) at Ancona University Hospital, performed genetic sequencing tests using tech developed by Thermo Fisher Scientific on samples of the virus taken from Italian patients. They then compared these samples to a reference genome that was sequenced from a sample of the virus taken from the original Wuhan outbreak some two months prior.
The differences between the two virus samples was very small, speaking in terms of genetic variation – only five new variants appeared in the later Italian samples, which is an early indication that the SARS-CoV-2 coronavirus remains fairly stable even over the course of a long train of transmission across multiple individuals and populations.
This is heartening news, especially given that other coronaviruses can be quick to mutate. Consider the standard seasonal flu: it essentially constantly mutates, which is why each year a new flu vaccine is developed, with researchers essentially racing the clock to anticipate which newly mutated strains will pose the greatest threat in each flu season, adapting the inoculation and urging the public to get their updated shot.
Other viruses either mutate very slowly, or don’t mutate at all, and the coronavirus that leads to COVID-19 appears to be among the former. In addition to this Italian study, work done by John Hopkins University and other health science researchers around the world have supported this view. An endeavor by a UK consortium to more comprehensively track mutations over time should provide an even clearer view.
As far as the COVID-19 pandemic goes, this new support for the theory that the virus behind it is a slow-moving one in terms of its genetic makeup is very good news indeed. Any vaccine is still likely at least a year way, but this research at least suggests that when it does arrive, it’ll be effective broadly, and for at least a few years at a time.

Ford, 3M, GE and the UAW to build respirators, ventilators and faceshields for coronavirus fight

Ford announced the details of its current manufacturing efforts around building much-needed medical supplies for front-line healthcare workers and COVID-19 patients on Tuesday. Its efforts include building Powered Air-Purifying Respirators (PAPRs) with partner 3M, including a new design that employs existing parts from both partners to deliver effectiveness and highly-scalable production capacity.
Ford says that it’s also going to be building face shields, leaning on its 3D printing capabilities, with an anticipated production rate of over 100,000 units per week. These are key pieces of personal protective equipment (PPE) used by frontline healthcare staff to protect them against virus-containing droplets that are spread by patients through coughing and sneezing in clinical settings. The company has designed a new face shield, which will be tested with the first 1,000 units this week at Detroit Mercy, Henry Ford Health Systems and Detroit Medical Center Sinai-Grace Hospitals in Michigan to evaluate their efficacy. Provided they perform as planned, Ford anticipates scaling to building 75,000 by end of week, with 100,000 able to be made in one of the company’s Plymouth, MI production facilities each week thereafter.
The automaker is also going to be working with GE on expanding production capacity for GE Healthcare’s ventilator, with a simplified design that should allow for higher volume production. That’s part of a response to a U.S. government request for more units to support healthcare needs, the company said. On top of its U.S.-focused ventilator project with GE, Ford is also working on a separate effort to spin up ventilator production targeting the UK based on a request for aid from that country’s government, and it’s also shipping back 165,000 N95 respirator masks that were sent by the company from the U.S. to China earlier this year, since the need for that equipment is now greater back in the U.S., the company said, and China’s situation continues to improve.
Over the weekend, President Trump tweeted that U.S. automakers, including Ford, GM and Tesla had received the “go ahead” to make “ventilators and other metal products, fast.”
“We have had preliminary discussions with the U.S. and U.K. governments and looking into the feasibility,” Ford spokesperson Rachel McCleery said at the time in a statement to TechCrunch . “It’s vital that we all pull together to help the country weather this crisis and come out the other side stronger than ever.”
Based on this update, it seems like Ford did indeed move quickly to take stock of where it could contribute, and in what capacity. The company will be looking at using both its own and partner facilities to produce this much-needed medical equipment, it said on Tuesday during a press conference call about the announcement, and it’ll also be leveraging existing parts and equipment to speed production capabilities and capacity.
The PAPRs that Ford is building, for instance, will use off-the-shelf components from the automaker’s F-150 truck’s cooled seating, as well as 3M’s existing HEPA filters. These respirators could potentially offer significant advantages in use compared to N95s, since they are battery-powered and can filter airborne virus particles for up to eight hours on a single, swappable standard power tool battery pack worn at the waist. Asked about production timelines and capacity, 3M Global Technical Director Mike Kesti said that they’re still working that out, with a focus on how Ford can supplement existing PAPR production before moving into producing their new version.
“[Ford is] helping us expand the capacity of our existing units,” Kesti said. “So impact will be over the next days and weeks to just increase capacity of our existing [PAPR]. But we’re also working closely together with them the leverage components both from Ford, that they have available, and 3M, particularly our filters that meet the NIOSH [National Institute for Occupational Safety and Health] regulatory requirements, and trying to integrate that into a modified design that will meet the NIOSH regulation performance requirements, and scale it up as as quickly as possible.”
Ford is also assisting 3M with ramping production of its existing N95 respiratory masks, Kesti said.
Ford and GE don’t yet have a timeline, or estimates of production capacity for the new types of ventilators they’re working on either, but the team is “working feverishly to get to the release point,” according to GE Healthcare VP and Chief Quality Officer Tom Westrick.
“We don’t have specific timelines and numbers related to the to the design and the release of the new ventilators,” he said. “Although, obviously this is of utmost importance to both us and Ford.”

LetsBeatCOVID.net launches to track the spread of the Coronavirus in the UK/US

A startup behind one of the world’s most successful tech platforms for doctors has launched a new initiative to try and track the spread of the Coronavirus, initially in the UK but soon in the US.
Developed by MedShr – the app used by a million doctors to aid them in the diagnostic process – LetsBeatCOVID.net is designed to allow members of the public to complete a short survey about their health and exposure to COVID-19 in order that health services can save more lives.
Members of the public are asked to complete a short anonymous survey about themselves and are able to add information for others in their household or family. They can then update their responses if their situation changes using a randomly generated code to log back in. MedShr says users will, therefore, be able to hide their identity if they are concerned about their privacy. They will, however, be asked to verify their location via the phone’s browser in order to generate more accurate data about the spread of symptoms.
 
Anyone who completes the survey and chooses to enter their email will also get personalized guidance to help them understand their personal situation.
The not-for-profit initiative is led by Dr Asif Qasim, a Consultant Cardiologist based in London, England. Dr Qasim founded MedShr, an online network that enables doctors to connect and share data and knowledge with each other, in 2013.
Dr. Qasim said: “A million doctors around the world are working very hard to protect patients with COVID-19 in difficult and unprecedented circumstances. We are hearing from them that they don’t have the information they need to plan services and avert a crisis such as the one Italy is now facing. We believe this app could help.” Dr. Qasim says the data will be shared with health authorities fighting the pandemic.
LetsBeatCOVID.net could make it easier for members of the public to provide the information urgently needed by hospitals and governments by allowing hospitals to understand how many people are: more likely to require medical help or hospitalization; have been in contact with someone with COVID-19 but do not have any symptoms; have mild symptoms of COVID-19; or believe or know they have already had COVID-19 and recovered.
The spread and devastating impact of Coronavirus (COVID-19) is unprecedented. Hospitals in China and Italy have struggled to care for the large numbers of people who become infected with the virus, especially those who needed Intensive Care and breathing support with a ventilator. Doctors and scientists believe that the UK, US and many other countries could be just a few weeks away from the devastating death toll that Italy is now experiencing. 
MedShr is a HIPAA and GDPR compliant professional network for doctors, nurses and other healthcare professionals currently used by over one million members in 190 countries.

With lower bandwidth, Disney+ opens streaming service in UK, Ireland, 5 other European countries, France to come online April 7

Disney+, the streaming service from the Walt Disney Company, has been rapidly ramping up in the last several weeks. But while some of that expansion has seen some hiccups, other regions are basically on track. Today, as expected, Disney announced that it is officially launching in the UK, Ireland, Germany, Italy, Spain, Austria, and Switzerland; it also reconfirmed the delayed debut in France will be coming online on April 7.
Seven is the operative number here, it seems: it’s the largest multi-country launch so far for the service.
“Launching in seven markets simultaneously marks a new milestone for Disney+,“ said Kevin Mayer, Chairman of Walt Disney Direct-to-Consumer & International, in a statement. “As the streaming home for Disney, Marvel, Pixar, Star Wars, and National Geographic, Disney+ delivers high-quality, optimistic storytelling that fans expect from our brands, now available broadly, conveniently, and permanently on Disney+. We humbly hope that this service can bring some much-needed moments of respite for families during these difficult times.”
Pricing is £5.99/€6.99 per month, or £59.99/€69.99 for an annual subscription. Belgium, the Nordics, and Portugal, will follow in summer 2020.
The service being rolled out will feature 26 Disney+ Originals plus an “extensive collection” of titles (some 500 films, 26 exclusive original movies and series and thousands of TV episodes to start with) from Disney, Pixar, Marvel, Star Wars, National Geographic, and other content producers owned by the entertainment giant, in what has been one of the boldest moves yet from a content company to go head-to-head with OTT streaming services like Netflix, Amazon and Apple.
The expansion of Disney+ has been caught a bit in the crossfire of world events. The new service is launching at what has become an unprecedented time for streaming: because of the coronavirus pandemic, a lot of of the world is being told to stay home.
That means huge demand for new services to entertain and distract people who are now sheltering in place. But it has also been putting a huge strain on broadband networks, and to be a responsible streamer (and to make sure quality is not too impacted), Disney confirmed (as it previously said it would) it would be launching the service with “lower overall bandwidth utilization by at least 25%.
Titles in the mix debuting today include “The Mandalorian” live-action Star Wars series; a live-action “Lady and the Tramp,” “High School Musical: The Musical: The Series,”; “The World According to Jeff Goldblum” docuseries from National Geographic; “Marvel’s Hero Project,” which celebrates extraordinary kids making a difference in their communities; “Encore!,” executive produced by the multi-talented Kristen Bell; “The Imagineering Story” a 6-part documentary from Emmy and Academy Award-nominated filmmaker Leslie Iwerks and animated short film collections “SparkShorts” and “Forky Asks A Question” from Pixar Animation Studios.
Some 600 episodes of “The Simpsons” is also included (with the latest season 31 coming later this year).
With entire households now being told to stay together and stay inside, we’re seeing a huge amount of pressure being put on to broadband networks and a true test of the multiscreen approach that streaming services have been building over the years. In this case, you can use all the usuals: mobile phones, streaming media players, smart TVs and gaming consoles to watch the Disney+ service (including Amazon devices, Apple devices, Google devices, LG Smart TVs with webOS, Microsoft’s Xbox Ones, Roku, Samsung Smart TVs and Sony / Sony Interactive Entertainment, with the ability to use four concurrent streams per subscription, or up to 10 devices with unlimited downloads. As you would expect, there is also the ability to set up parental controls and individual profiles.
Carriers with paid-TV services that are also on board so far include Deutsche Telekom, O2 in the UK, Telefonica in Spain, TIM in Italy and Canal+ in France when the country comes online. No BT in the UK, which is too bad for me (sniff). Sky and NOW TV are also on board.

Jumia adapts Pan-African e-commerce network in response to COVID-19

Pan-African e-commerce company Jumia is adapting its digital retail network to curb the spread of COVID-19.
The Nigeria headquartered operation — with online goods and services verticals in 11 African countries — announced a series of measures on Friday. Jumia will donate certified face masks to health ministries in Kenya, Ivory Coast, Morocco, Nigeria and Uganda, drawing on its supply networks outside Africa.
The company has offered African governments use of of its last mile delivery network for distribution of supplies to healthcare faculties and workers. Jumia will also reduce fees on its JumiaPay finance product to encourage digital payments over cash, which can be a conduit for the spread of coronavirus.
Governments in Jumia’s operating countries have started to engage the private sector on a possible COVID-19 outbreak on the continent, according to Jumia CEO Sacha Poignonnec .
“I don’t have a crystal ball and no one knows what’s gonna happen,” he told TechCrunch on a call. But in the event the virus spreads rapidly on the continent, Jumia is reviewing additional assets it can offer the public sector. “If governments find it helpful we’re willing to do it,” Poignonnec said.
Africa’s COVID-19 cases by country were in the single digits until recently, but those numbers spiked last week leading the World Health Organization to sound an alarm. “About 10 days ago we had 5 countries affected, now we’ve got 30,” WHO Regional Director Dr Matshidiso Moeti said at a press conference Thursday. “It’s has been an extremely rapid…evolution.” 
By the World Health Organization’s latest stats Monday there were 1321 COVID-19 cases in Africa and 34 confirmed deaths related to the virus — up from 463 cases and 10 deaths last Wednesday.

Dr. Moeti noted that many socioeconomic factors in Africa — from housing to access to running water — make common measures to curb COVID-19, such as social-distancing or frequent hand washing, challenging. She went on to explain that the World Health Organization is looking for solutions that are adoptable to the Africa’s circumstances, including working with partners and governments to get sanitizing materials to hospitals and families.
As coronavirus cases and related deaths grow, governments in Africa are responding. South Africa, which has the second-largest number of COVID-19 cases on the continent, declared a national disaster last week, banned public gatherings and announced travel restrictions on the U.S.
Kenya has imposed its own travel and crowd restrictions and the country’s President Uhuru Kenyatta urged citizens and businesses to opt for digital-payments as a safer means for transactions.
Across Africa’s tech ecosystem — which has seen significant growth in startups and now receives $2 billion in VC annually — a number of actors are stepping up.
Image Credit: Jumia
In addition to offering its logistics and supply network, Jumia is collaborating with health ministries in several countries to use its website and mobile platforms to share COVID-19 related public service messages.
Heeding President Kenyatta’s call, last week Kenya’s largest telecom Safaricom waived fess on its M-Pesa mobile-money product (with over 20 million users) to increase digital payments use and lower the risk of spreading the COVID-19 through handling of cash.

Kenya turns to M-Pesa mobile-money to stem the spread of COVID-19

Africa’s largest innovation incubator CcHub announced funding and a call for tech projects aimed at reducing COVID-19 and its social and economic impact.
A looming question for Africa’s tech scene is how startups in major markets such as Nigeria, Kenya and South Africa will weather major drops in revenue that could occur from a wider coronavirus outbreak.
Jumia is well capitalized, after going public in a 2019 IPO on the New York stock exchange, but still has losses exceeding its 2019 revenue of €160 million.
On managing business through a possible COVID-19 Africa downturn, “We’re very long-term oriented so it’s about doing what’s right with the governments and thinking about how we can help,” said Jumia’s CEO Sacha Poignonnec.
“Revenue wise, it’s really to early to tell. We do believe that e-commerce in Africa is a trend that goes beyond this particular situation.”

Ford, GM, Tesla given the ‘go ahead’ to produce ventilators, Trump says

Ford, GM and Tesla have been given the “go ahead” to make ventilators to help alleviate a shortage amid the COVID-19 pandemic, President Donald Trump said in a tweet Sunday that ended with a challenge to auto executives to show how good their companies are.
Ventilators are a critical piece of medical equipment for patients who are hospitalized with COVID-19, a respiratory disease caused by coronavirus. COVID-19 attacks the lungs and can cause acute respiratory distress syndrome and pneumonia. And since there is no clinically proven treatment yet, ventilators are relied upon to help people breathe and fight the disease. There are about 160,000 ventilators in the United States and another 12,700 in the National Strategic Supply, the NYT reported.
The tweet follows a plea Sunday morning from NY Gov. Andrew Cuomo for the federal government to nationalize medical supply acquisition instead of leaving it to individual states. Cuomo is one of a growing group of officials to call for Trump to order companies to produce medical supplies under the Defense Production Act, a law that allows the federal government to compel private industry to produce materials needed for national defense.
Without the nationalization, states are competing against each other for supplies, Cuomo said. Prices have spiked as a result, putting more pressure on a health care system.

Ford, General Motors and Tesla are being given the go ahead to make ventilators and other metal products, FAST! @fema Go for it auto execs, lets see how good you are? @RepMarkMeadows @GOPLeader @senatemajldr
— Donald J. Trump (@realDonaldTrump) March 22, 2020

Trump has issued an executive order that invokes the Defense Production Act, but it’s unclear if it has been used. Trump said last week during a press conference that it had been, but Federal Emergency Management Agency head Peter Gaynor told reporters Sunday that the president has not yet ordered any companies to make more critical supplies.

I’m calling on the Federal Government to nationalize the medical supply chain.
The Federal Government should immediately use the Defense Production Act to order companies to make gowns, masks and gloves.
Currently, states are competing against other states for supplies.
— Andrew Cuomo (@NYGovCuomo) March 22, 2020

Several automakers said last week they were looking into the feasibility of producing ventilators. GM said Friday that it is working with Ventec Life Systems to help increase production of respiratory care products such as ventilators that are needed by a growing number of hospitals as the COVID-19 pandemics spreads throughout the U.S. The partnership is part of StopTheSpread.org, a coordinated effort of private companies to respond to COVId-19, a disease caused by coronavirus.
Ford told TechCrunch in an email Sunday that it stands ready to help the administration, including the possibility of producing ventilators and other equipment.
“We have had preliminary discussions with the U.S. and U.K. governments and looking into the feasibility,” the Ford spokesperson Rachel McCleery said. “It’s vital that we all pull together to help the country weather this crisis and come out the other side stronger than ever.”
SpaceX and Tesla CEO Elon Musk tweeted Saturday that he had a discussion with Medtronic about ventilators. Medtronic later confirmed those talks in a tweet. He had previously tweeted that SpaceX and Tesla will work on ventilators, without providing specifics.
Tesla could not be reached for comment.

Addressing #COVID19 is a group effort. We are grateful for the discussion with @ElonMusk and @Tesla as we work across industries to solve problems and get patients and hospitals the tools they need to continue saving lives. We’re all in this together. https://t.co/MdZ3u8k2nR
— Medtronic (@Medtronic) March 21, 2020

Rivian shuts down all facilities over COVID-19 pandemic concerns

Rivian, the buzzy electric vehicle startup that is backed up Amazon and Ford, is shutting down all of its facilities due to the spread of COVID-19, the disease caused by coronavirus.
Rivian employs more than 2,000 workers across several locations, including its headquarters in Plymouth, Michigan, a factory in Normal, Ill. as well as operations in San Jose and Irvine, Calif., where engineers are working on autonomous vehicle technology. Rivian also has an office in the U.K.
The company said Friday that salaried and hourly employees will continue to be paid during the shutdown. Rivian told TechCrunch that most of its facilities have been at 2 to 5% occupancy for about a week. The length of the shutdown is undetermined at this time, a company spokesperson said.

Update: To keep our teams safe and slow the spread of COVID-19, we have shut down all Rivian facilities. We are committed to everyone on our team. Both our salaried and hourly workforce will continue to be paid during this shutdown. Stay safe everyone.
— Rivian (@Rivian) March 20, 2020

Rivian spent the majority of its life in the shadows until November 2018 when it revealed its all-electric R1T pickup and R1S SUV at the LA Auto Show. Since then, the electric automaker has picked up investors and commercial customers such as Ford and Amazon, in addition to the reservations consumers have made for its pickup and SUV.
In December, Rivian announced it had raised $1.3 billion in new funding, the fourth round of capital announced by the company in 2019 alone. It followed prior announcements of $700 million led by Amazon, $500 million from Ford (which includes a collaboration on electric vehicle technology) and $350 million from Cox Automotive.
Lincoln, the luxury brand under Ford, is working with Rivian to develop an “all-new” electric vehicle. Amazon has ordered 100,000 all-electric delivery vans from Rivian, with the first deliveries expected to begin in 2021.
The global COVID-29 pandemic has prompted automakers to temporarily suspend operations in Europe and the U.S., where the disease has started to spread. In China, where the disease first started, factories are coming back online.
Automakers have had varied responses to the pandemic; some took action to suspend production faster than others. Honda kicked off closures in the U.S. Ford, GM and FCA followed after the Big 3 formed a task force with the United Auto Workers. Even as these automakers began implementing new safety precautions in its factories based on recommendations that came out of the task force, the UAW continued to pressure them to close. A couple of cases of employees testing positive for COVID-19 accelerated the closures. Nissan and Volkswagen have also paused operations in the U.S.
Tesla has been a notable hold out. The company announced Thursday it would shut down its Fremont, Calif. factory, beginning March 23. The decision to suspend production there came days after Alameda County officials issued an order to close all nonessential businesses. Tesla kept its doors open anyway, even after officials publicly said that it was not an essential business.
Tesla has suspended operations at its New York factory as well. Tesla’s gigafactory near Reno, Nevada, which produces electric motors and battery packs, is fully operational.
Tesla told employees in an email sent March 18, and viewed by TechCrunch, that it was staying open because it has had “conflicting guidance from different levels of government” over whether it could operate. The human resources department told employees in the email to come to work if their job is to produce, service, deliver or test its electric vehicle
But by Thursday, and after meetings with county officials, the company announced it would suspend production. Some basic operations that will support Tesla’s  charging infrastructure and what it describes as its “vehicle and energy services operations” will continue at the factory, which under normal circumstances has more than 10,000 people working there.

Uber Eats UK waives fees during the coronavirus crisis

Uber Eats is waiving delivery and activations fees in the UK to support restaurants hit by decreasing demand during the coronavirus crisis.
The measure will apply until March 31 when it says it will review it.
On Monday the on-demand food delivery giant announced a similar waiver of delivery fees in the US.
The announcement by Uber Eats UK comes shortly after Just Eat UK said it would reduce its commission and waive some fees for 30 days — as part of an emergency support package for partner restaurants struggling to cope with disruption to their businesses.
“The high street is being hit hard by Coronavirus but the sector can play a critical role in helping the thousands of people who rely on it — for work and as an essential service — during this difficult time,” said Eats UK general manager, Toussaint Wattinne, in a statement.
“We are putting in place a range of initiatives to continue to support restaurant partners, particularly small business owners, as they keep their kitchens firing to feed people across the country.”
Another support measure it’s offering is a new opt-in program for all restaurants on its platform to get daily payments, rather than the standard weekly payment — to help with cash flow.
Today the UK government finally ordered bars and restaurants to close — having previously only advised citizens to stay away from social spaces to help reduce the spread of COVID-19.
Confirmed cases in the country have been increasing steady in recent weeks, approaching 4,000 at the time of writing, with 177 deaths recorded in total so far.
The closure order applies to bars and restaurants nationwide from tonight (Saturday morning) — cementing the economic shock the coronavirus is dealing to the sector.
However food delivery remains an option on the table: Earlier this week the government said it would relax planning regulations to allow pubs and restaurants to offer takeout services straightaway, without needing to apply for permission.
Uber Eats looks to be hoping to capitalize on the contingency provision by onboarding restaurants that haven’t previously offered takeout. It said today it’s adding a fast-tracked onboarding process for new restaurants to help them get online on its platform as soon as possible.
It’s also expanding the number of convenience stores available via the app — and waiving delivery fees for them too.
Keeping the nation fed through the crisis is another pressing operational headache for the UK government as worried shoppers have stripped supermarket shelves — putting strain on ‘just in time’ supply chains. Again, Uber looks to be hoping to help plug any gaps by expanding the surface area for food and grocery orders.
Also today it said it will be introducing a new contactless delivery product feature as a measure that’s intended to shrink the health risks for couriers making deliveries.
The public health crisis has shone a critical spotlight on the lack of protections for platform workers who aren’t covered by employment rights like sick pay — meaning they can either self isolate or earn money.
Several other European on-demand delivery apps have already added similar contactless provisions.

How Uber, Lyft, Seamless and more are addressing taxed gig economy workers

YouTube goes SD streaming by default in Europe due to COVID-19

YouTube has switched to standard definition streaming by default in Europe.
We asked the company if it planned to do this yesterday — today a spokeswoman confirmed the step. The move was reported earlier by Reuters.
It’s a temporary measure in response to calls by the European Commission for streaming platforms to help ease demand on Internet infrastructure during the coronavirus crisis.
Users can still manually adjust video quality but defaults remain a powerful tool to influence overall outcomes.
A YouTube spokesperson confirmed the switch, sending us this statement:
People are coming to YouTube to find authoritative news, learning content and make connections during these uncertain times. While we have seen only a few usage peaks, we have measures in place to automatically adjust our system to use less network capacity. We are in ongoing conversations with the regulators (including Ofcom), governments and network operators all over Europe, and are making a commitment to temporarily default all traffic in the UK and the EU to Standard Definition. We will continue our work to minimize stress on the system, while also delivering a good user experience.
Yesterday Netflix announced it would default to SD streaming in the region for 30 days for the same reason.
In recent days the EU’s internet market commissioner, Thierry Breton, has held discussions with platform executives to urge them to help reduce the load on Internet infrastructure as scores of Europeans are encouraged or required to stay at home as part of quarantine measures.
The Commission is concerned about the impact on online education and remote work if there’s a major spike in demand for digital entertainment services — and is pushing for collective action from platforms and users to manage increased load on Internet infrastructure.
Breton met with Google CEO Sundar Pichai and YouTube CEO Susan Wojcick to press the case for lowering the quality of video streams during the coronavirus crisis.
Today he welcomed YouTube’s move. “Millions of Europeans are adapting to social distancing measures thanks to digital platforms, helping them to telework, e-learn and entertain themselves. I warmly welcome the initiative that Google has taken to preserve the smooth functioning of the Internet during the COVID19 crisis by having YouTube switch all EU traffic to Standard Definition by default. I appreciate the strong responsibility that Mr Pichai and Mrs Wojcicki have demonstrated. We will closely follow the evolution of the situation together,” said Breton in a statement. 
Google’s spokeswoman told us it hasn’t seen much change in regional traffic peaks so far but said there have been changes in usage patterns from more people being at home — with usage expanding across additional hours and some lower usage peaks. (The company routinely makes traffic data available in the Google Traffic and Disruptions Transparency Report.)
YouTube, along with other major social platforms, has faced scrutiny over the risks of their tools being used to spread coronavirus-related misinformation.
Although, in the case of Google, the company appears to have taken a proactive stance in suppressing bogus content and surfacing authoritative sources of health information. YouTube’s spokeswoman noted the homepage directs users to the World Health Organization for info on COVID-19 or other locally relevant authoritative organizations, for instance.
She also noted the company is donating ad inventory to governments and NGOs to use for education and information — pointing to a blog post earlier this month in which Pichai discussed some of the measures it’s taking to shield users from misinformation that could be harmful to public health.
YouTube will be rolling out a campaign rolling across Europe that encourages people to follow health authorities’ guidance and stay home, she added.
Google’s response to the COVID-19 pandemic looks to be a far swifter and more aggressive to the threat posed to public health than its approach to other types of content that can also be harmful to people’s health — such as anti-vaccination content, which YouTube only moved to demonetize last year.

Just Eat cuts its take for 30-days to help restaurants during the COVID-19 crisis

UK takeout marketplace Just Eat has announced a 30-day emergency support package for restaurants on its platform to help them through disruption caused by the coronavirus crisis.
From tomorrow (March 20) until April 19 the package — which Just Eat says is worth £10M+ — will see funds directed back to UK partner restaurants in the form of a commission rebate of one third (33%) on all commissions paid to Just Eat by restaurants; and via the removal of commissions across all collection orders which it intends to help reduce pressure on restaurants’ delivery operations, where collection is still available.
Just Eat also said it’s waiving all sign-up fees for new restaurants joining its platform (which must still meet its standard conditions, such as being registered with the relevant local authority as a food business and having the required hygiene rating); and relaxing any existing arrangements that may be in place with partners to enable them to work with delivery aggregators — “regardless of existing contractual terms”.
It added that it will continue to pay restaurants weekly, including the rebate now in place.
Currently Just Eat has around 35,700 restaurants on its platform in the UK, with delivery available to 95% of UK postcodes.
Commenting in a statement, Andrew Kenny, Just Eat’s UK MD, said:
These are some of the most challenging times the restaurants we work with have ever been through. We want to show our support and help them to keep their doors open, so they can focus on doing what they do best — delivering food to people across the UK every day. We know our Restaurant Partners are worried about their teams — from chefs to delivery drivers — and these measures will go some way to helping them maintain their operations and support their people.
The food delivery industry has a crucial role to play at this time of national crisis and it is only right that as the market leader in the UK Just Eat steps up to help our independent partners so they can keep delivering for the communities that need them.
In the UK and elsewhere there is rising concern about the economic impact of COVID-19 on the hospitality sector as people are told to stay away from social spaces.
On Monday the UK government advised people not to go to bars and restaurants or other social spaces in a bid to try to limit the spread of COVID-19. Although, unlike many other European countries, it has not yet issued strict quarantine measures such as ordering hospitality industry businesses to close their doors and citizens to work at home where possible.
On-demand food delivery remains one of the services that continues to operate even in locked down EU Member States. However with gig economy business models not typically offering platform workers an employment safety net of benefits such as sick pay the entire sector has come under fresh scrutiny for the legal status it assigns to delivery couriers, given the heightened risks posed to them by the novel coronavirus. In a nutshell it they need to self isolate they won’t be able to earn. 
In its press release today Just Eat said it’s working on other unspecified support initiatives for couriers, as well as for groups including the vulnerable and isolated, and frontline workers.
These will be announced in due course, it added. 
Although it also notes that the vast majority of orders placed through its network are delivered by restaurants with their own delivery capability. Its commission for such orders is a maximum of 14%, it added.
Some on-demand food delivery startups operating in Europe which do rely on gig workers to make deliveries have already announced emergency support funds to help platform workers who fall ill or need to self isolate during the COVID-19 crisis — including UK-based Deliveroo and Spain’s Glovo.
Although there has also been some criticism of how easy it is for couriers to access claimed support.

Deliveroo riders can’t access coronavirus hardship fund, warns union

UK on-demand food delivery startup Deliveroo has been accused of setting up an inaccessible hardship fund for couriers in the midst of the coronavirus crisis that leaves gig economy workers on its platform unable to access claimed financial support if they become ill or are self isolating.
Gig economy delivery workers are one of the groups who face increased exposure to the coronavirus on account of the work bringing them into contact with many people, even as demand for meal delivery is likely to increase with people being encouraged or required to stay at home.
At the same time gig workers don’t have standard benefits and protections afforded to people who are legally classed as workers — such as sick pay. So, as we reported earlier this week, the coronavirus crisis has shone a lurid spotlight on ‘sharing economy’ business models that offer little or no safety net for platform workers who fall ill or otherwise cannot work.
Some of these companies have responded by announcing support measures for the core workers they define as independent contractors — people who are now on the front line, delivering food to others who may not be able to leave their house and/or may be infected with the highly contagious virus.
In the majority of cases this sums to switching on a contactless delivery option in a bid to reduce human contact between couriers and customers. Although so far it tends to rely on the paying customer being proactive about locating and activating the feature.
A few — including Deliveroo, Glovo and Uber — have also offered some financial support to plug lost earnings for gig workers who can’t work because they’re infected with COVID-19 or have been placed in quarantine.
UK-based Deliveroo was fast out of the gate with an announcement of a “multi-million” pound hardship fund it said it would use to support gig workers who fell ill or needed to go into quarantine — claiming it would pay impacted riders in excess of the equivalent statutory sick pay for 14-days. (Meanwhile UK government support for gig workers needing to self-isolate during the coronavirus crisis has been limited to telling them to claim an unemployment benefit that can take weeks to come through and offers a very low level of earnings compensation; the government has so far rejected calls to extend sick pay to gig workers.)
When we asked about this last week Deliveroo stipulated the fund will only pay impacted riders who are diagnosed with coronavirus or told to isolate themselves by a medical authority.
It’s those conditions that a UK union is objecting to. Today the IWGB, a union that represents gig workers, accused Deliveroo of operating an unworkable fund — saying riders have told it they’re unable to access the claimed support because it requires a doctor’s note. (Including in cases where Deliveroo has deactivated a rider’s account because it suspects they have contracted COVID-19.) 
With many GPs surgeries in the UK switching to telephone-only triage as they scramble to cope with the coronavirus crisis, telling people who are sick with flu-like symptoms not to come to the surgery and instead self isolate to avoid the risk of spreading potential contagion — it’s unclear how couriers would be able to obtain the required documentation to access any financial help from the gig economy giant.
Access to coronavirus testing in the UK is also severely limited at this point of high demand.  
The union also points out that Deliveroo has provided no information on how much the hardship fund will pay out — even in cases where a rider has been able to procure a doctor’s note.
It’s called for Deliveroo to implement full sick pay without preconditions, as well as for a guaranteed floor in earnings for riders (of the living wage plus costs) to protect them through any periods of low demand during the public health crisis, as well as safety equipment (such as hand sanitizer and face masks); regular testing for COVID-19; and enhanced pay for those who do put themselves at risk by continuing to work.
Commenting in a statement, IWGB couriers and logistics branch chair Alex Marshall said: “Once we pull the curtains on Deliveroo’s announcement on assistance for workers that are sick or self-isolating, it is obvious that behind the PR spin it is more of the same old deceitful tactics. Deliveroo and other so-called gig economy employers have to stop blocking their workers’ access to these funds and immediately introduce full contractual sick pay, without pre-conditions. Increasingly, these workers are being expected to play a huge role in feeding people during this time of crisis, so it is time for their employers and the government to give them the basic rights we expect in any decent and just society.”
We reached out to Deliveroo for a response to the criticism of its requirement that riders produce a doctor’s note to access he hardship fund. We also asked whether it has paid anything out so far — and if so how much it’s paying individual riders. At the time of writing the company had not responded to our questions.
Last May the company closed a $575M Series G, with ecommerce giant Amazon leading a funding injection that brought its total investment raised to in excess of $1.5BN.

Israel passes emergency law to use mobile data for COVID-19 contact tracing

Israel has passed an emergency law to use mobile phone data for tracking people infected with COVID-19 including to identify and quarantine others they have come into contact with and may have infected.
The BBC reports that the emergency law was passed during an overnight sitting of the cabinet, bypassing parliamentary approval.
Israel also said it will step up testing substantially as part of its respond to the pandemic crisis.
In a statement posted to Facebook, prime minister Benjamin Netanyahu wrote: “We will dramatically increase the ability to locate and quarantine those who have been infected. Today, we started using digital technology to locate people who have been in contact with those stricken by the Corona. We will inform these people that they must go into quarantine for 14 days. These are expected to be large – even very large – numbers and we will announce this in the coming days. Going into quarantine will not be a recommendation but a requirement and we will enforce it without compromise. This is a critical step in slowing the spread of the epidemic.”
“I have instructed the Health Ministry to significantly increase the number of tests to 3,000 a day at least,” he added. “It is very likely that we will reach a higher figure, even up to 5,000 a day. To the best of my knowledge, relative to population, this is the highest number of tests in the world, even higher than South Korea. In South Korea, there are around 15,000 tests a day for a population five or six times larger than ours.”
On Monday an Israeli parliamentary subcommittee on intelligence and secret services discussed a government request to authorize Israel’s Shin Bet security service to assist in a national campaign to stop the spread of the novel coronavirus — but declined to vote on the request, arguing more time is needed to assess it.
Civil liberties campaigners have warned the move to monitor citizens’ movements sets a dangerous precedent.

Netanyahu’s announcement that he intends to bypass parliamentary oversight and implement emergency regulations that authorize the Shin Bet to locate Corona patients actualizes this danger.
— ACRI (@acri_online) March 16, 2020

According to WHO data, Israel had 200 confirmed cases of the coronavirus as of yesterday morning. Today the country’s health ministry reported cases had risen to 427.
Details of exactly how the tracking will work have not been released — but, per the BBC, the location data of people’s mobile devices will be collected from telcos by Israel’s domestic security agency and shared with health officials.
It also reports the health ministry will be involved in monitoring the location of infected people to ensure they are complying with quarantine rules — saying it can also send text messages to people who have come into contact with someone with COVID-19 to instruct them to self isolate.
In recent days Netanyahu has expressed frustration that Israel citizens have not been paying enough mind to calls to combat the spread of the virus via voluntary social distancing.
“This is not child’s play. This is not a vacation. This is a matter of life and death,” he wrote on Facebook. “There are many among you who still do not understand the magnitude of the danger. I see the crowds on the beaches, people having fun. They think this is a vacation.”
“According to the instructions that we issued yesterday, I ask you not leave your homes and stay inside as much as possible. At the moment, I say this as a recommendation. It is still not a directive but that can change,” he added.
Since the Israeli government’s intent behind the emergency mobile tracking powers is to combat the spread of COVID-19 by enabling state agencies to identify people whose movements need to be restricted to avoid them passing the virus to others, it seems likely law enforcement agencies will also be involved in enacting the measures.
That will mean citizens’ smartphones being not just a tool of mass surveillance but also a conduit for targeted containment — raising questions about the impact such intrusive measures might have on people’s willingness to carry mobile devices everywhere they go, even during a pandemic.
Yesterday the Wall Street Journal reported that the US government is considering similar location-tracking technology measures in a bid to check the spread of COVID-19 — with discussions ongoing between tech giants, startups and White House officials on measures that could be taken to monitor the disease.
Last week the UK government also held a meeting with tech companies to ask for their help in combating the coronavirus. Per Wired some tech firms offered to share data with the state to help with contact tracing — although, at the time, the government was not pursuing a strategy of mass restrictions on public movement. It has since shifted position.

CcHub funds tech to curb COVID-19 on concerns of an Africa outbreak

Africa’s largest innovation incubator, CcHub, will offer funding and engineering support to tech projects aimed at curbing COVID-19 and its social and economic impact.
The Lagos and Nairobi based organization posted an open application on its website this week, CcHub CEO Bosun Tijani told TechCrunch on a call.
CcHub will provide $5000 to $100,000 funding blocks to companies with COVID-19 related projects covering last mile communication, support for the infected and the most vulnerable, production of essential medical supplies and support for disrupted food supply-chains.
The organization, and its iHub affiliate, will also open up engineering support and resources from its CcHub Design Lab to funded companies, according to Tijani.
He noted that established startups who want to create COVID-19 related projects on the side of their core-business can apply.
The initiative stems from concerns Africa could be less prepared than other regions in dealing with an outbreak of the virus that has spread in China, Europe and the U.S. and is wreaking economic havoc globally.
Tijani hopes CcHub can employ its network and resources to limit the spread and damage of COVID-19 in Africa.
The Lagos based innovation-space acquired Kenya’s iHub in 2019, bringing together two of Africa’s most powerful tech hubs by membership networks, VC, volume of programs, startups incubated and global visibility.
“Quite a number of African countries, if they get to the level of Italy or the UK, I don’t think the system…is resilient enough to provide support to something like that,” Tijani said.

Reported cases in major population countries, such as Kenya and Nigeria, were in single-digits as late as last week, but those numbers are spiking. By the World Health Organization’s latest stats Wednesday there were 463 COVID-19 cases in Africa and 10 confirmed deaths related to the virus.
Governments are taking action. South Africa, which has the second-largest reported coranvirus outbreak on the continent, declared a national disaster this week, banned public gatherings and announced travel restrictions on the U.S. and UK. Kenya has also imposed its own travel and crowd restrictions.
Only two cases have been recorded in Nigeria, but CcHub’s Tijani fears the actual scenario for the West African country and Kenya could be much worse.

“I think Lagos and Nigeria are in denial. Some governments in Africa are taking action, but the focus in Africa has been relying on port of entry [measures], which isn’t reliable because…I suspect its already here…people may not have symptoms yet,” said Tijani.
If there is a rapid outbreak, he fears it will overwhelm a number of systems in countries such as Nigeria and Kenya.
“We don’t have the health systems to contain it. We don’t have the the welfare system that can work for the most vulnerable, such as elderly…we don’t manufacture most of these medical supplies and our food [supply-chain] is not reliable,” Tijani added.
Addressing these pending challenges related to COVID-19 in Africa is what CcHub hopes to support in its latest open call to fund projects.
The innovation incubator isn’t the only tech player on the continent shifting to respond to a possible coronavirus crises.

Kenya turns to M-Pesa mobile-money to stem the spread of COVID-19

Pan-African on-demand trucking logistics company Kobo360 has asked employees who can work remotely to do so in Ghana and Nigeria, according to the Chief Strategy Officer Kagure Wamunyu. The Goldman Sachs backed startup is also planning contingencies to ensure supply-chain continuity, should COVID-19 disrupt business and mobility in its markets.
In Kenya, the country is turning to its leading mobile-money product, M-Pesa, to reduce the the chances of an outbreak. Safaricom waived transaction fees on the app this week to increase digital-payments use and lower the risk of spreading the COVID-19 through physical handling of cash.

WHO calls for rapid escalation in global COVID-19 response, including testing and isolation

The World Health Organization (WHO) held a briefing today for media to update them on the current status of the global pandemic of the COVID-19 coronavirus, and called out worldwide efforts on what the agency’s Director-General Tedros Adhanom described as not an “urgent enough”  response in terms of fielding a truly comprehensive approach.
In prepared remarks to kick-off the media Q&A, Adhanom said that while to date we have “seen a rapid escalation in social distancing measures, like closing schools and cancelling spring events,” there still hasn’t been enough done on a global level in terms of “testing, isolation and contact tracing,” which he said formed the “backbone of the response.”
“You cannot fight a fire blindfolded,” Adhnom said. “And we cannot stop this pandemic if we don’t know who is infected. We have a simple message for all countries: test, test, test. Test every suspected case. If they test positive, isolate them and find out who they have been in close contact with up to 2 days before they developed symptoms, and test those people too.”
The agency noted that it has shipped a total of 1.5 million tests to 120 countries thus far. The U.S. in particular has lagged behind its global peers when it comes to testing, with the country refusing the WHO tests offered and opting instead to develop its own CDC-developed tests, whose initial rollout met with mirrors. Based on data from last week, the U.S., even now that private lab tests are coming online to attempt to supplement the CDC-issued ones, the country is still far behind Japan, the UK, Italy, China, South Korea and many others when it comes to testing on a per capita basis compared to its population.
Adhanom went on to advise that all confirmed cases be isolated once identified, in health facilities if possible, but in either makeshift facilities set up for the purpose if that’s not an option, or for those with very mild symptoms, at home. He clarified this meant that care-givers treating people at home should wear a medical mask when they occupy shared space, and that the patient should both sleep separately and use a different bathroom.
“Once again, our key message is: test, test, test,” Adhanom said. “This is a serious disease. Although the evidence we have suggests that those over 60 are at highest risk, young people, including children, have died.”
He also pointed out that while we’re now seeing epidemics even in developed countries with advanced health care systems and institutions in place, facing significant challenges, there’s an even greater pending global threat as the pandemic spreads to low-income nations. Adhanom said that limiting impact among those vulnerable populations requires “every country and every individual to do everything they can to stop transmission.”
During the Q&A, Adhanom went further, noting that while the immediate threat still needs to be addressed, and addressed promptly, the COVID-19 pandemic has also revealed fundamental issues with our global approach to pandemic preparedness that we’ll need to address longer-term.
“Globally we have a very, very serious weakness in terms of preparedness,” he said. “While doing our best to suppress this pandemic, at the same time we have to think about planning for the future, for the long-term. Improving our preparedness, making sure that the world is better prepared.”
“It’s time to commit to invest in our weaknesses, and minimize our risk as a global community,” Adhanom continued. “No country can develop or strengthen its system and protect itself from outbreaks, epidemics or pandemics. The world is more intertwined than ever before – globalization cannot be reversed […] we need to make sure that we act in unison to build the global preparedness and the global resistance.”
WHO also reiterated and clarified the best actions that individuals can take to help contribute to the global effort to combat the spread of the virus. The organization’s COVID-19 Technical Lead Dr. Maria Van Kerkhove, an infection disease epidemiologist, acknowledged that people are feeling afraid, and stressed the importance of hand-washing as one action that everyone can take to make a difference.
“Being scared is normal, what we need to do is channel that energy into something positive, and making sure that you know what you can do to protect yourself,” she said. What we do know that works in terms of your hands, and in terms of what you need to do, is washing your hands. We say this all the time. And it may not be the most exciting thing, but it’s the most important thing that you can do to protect yourselves.”
“Every single person who is washing their hands is helping themselves and others,” she continued, noting that everyone should “wash [their] hands as much as they possibly can.”

US slashes federal interest rates in response to the coronavirus outbreak

The Trump administration said it will slash federal interest rates as part of an effort to stabilize the economy following a rocky week on the financial markets.
The U.S. Federal Reserve cut interest rates to near-zero, the second time that the central bank has cut interest rates in as many weeks. The Federal Reserve also launched a $700 billion quantitative easing program to help prevent a further economic downturn sparked by the spread of the coronavirus.
A statement said the bank will maintain its interest rates “until it is confident that the economy has weathered recent events and is on track to achieve its maximum employment and price stability goals.”
There are more than 142,000 confirmed cases globally, according to the World Health Organization’s latest situation report on Saturday, with some 3,300 confirmed cases in the U.S., according to Vice President Mike Pence, who spoke from the White House on Sunday.
Earlier on Sunday, U.K. authorities advised all British nationals and residents against all but essential travel to the United States.
News of the travel advisory came shortly before new U.S. travel restrictions are set to take effect on Monday night, effectively banning all travelers from Europe for 30 days — sparing only U.S. citizens and lawful permanent residents. The Trump administration later extended the ban to the U.K. and Ireland following a spike in confirmed infections.

UK is advising against all travel to the US amid the coronavirus pandemic

American Airlines cuts long-haul international flights by 75%

American Airlines said it will suspend 75% of its long-haul international flights from the U.S., beginning March 16 in response to decreased demand and government travel restrictions put in place to lessen the spread of COVID-19.
American Airlines had already reduced its capacity. This latest move, which was announced Saturday evening, will slash international capacity 75% year-over-year. The suspended service will last through May 6, the airline said, adding that it will cut back on flights gradually over the next seven days to re-accommodate passengers and crew.
American Airlines said it will continue to operate one flight daily from Dallas-Fort Worth to London, one flight daily from Miami to London. It will also continue to fly three times a week from Dallas to Tokyo . American Airlines will also continue short-haul international flying, which includes flights to Canada, Mexico, Caribbean, Central America and certain markets in the northern part of South America. American Airlines said it anticipates its domestic capacity in April will be reduced by 20% compared to last year and May’s domestic capacity will be reduced by 30% on a year-over-year basis.
Other airlines have reduced capacity, including Delta, Lufthansa and United. However, American Airlines’ actions surpass other reductions in service.
The reductions follow an executive order by President Donald Trump last week to ban non-U.S. citizens who are from or have recently been in China, Iran or 26 European countries from traveling to the United States for the next 30 days. The ban was extended on Friday to Ireland and the UK.

The Department of Homeland Security has also issued a Notice of Arrival Restrictions that requires American citizens, legal permanent residents and their immediate families who are returning home to the U.S. to travel through one of 13 airports upon arrival to the U.S., and then submit to an enhanced entry screening. They must then self-quarantine for 14 days once they reach their final destination, according to Homeland Security.
The 30-day travel ban does not apply to U.S. citizens or cargo.

UK is advising against all travel to the US amid the coronavirus pandemic

The U.K. government is advising citizens and residents against all travel to the U.S. in response to the coronavirus pandemic.
In a brief statement, the U.K. Foreign Office said it is “advising against all but essential travel to the USA,” a day after the U.S. government expanded its list of countries whose nationals are effectively banned from entering the U.S. to include the United Kingdom and Ireland.
The announcement by the U.K. authorities follows a move by the Trump administration to impose restrictions on foreign travelers entering the U.S. in an effort to help stem the number of infections of the coronavirus strain, COVID-19, which last week was declared a pandemic by the World Health Organization.
The Trump administration initially initially spared the U.K. and Ireland from its 30-day European travel ban, which included France, Spain, and Italy — all of which this week saw massive increases in the number of citizens infected with the virus. But a day later, the U.K. and Ireland was also added to the list, with an effective ban on all U.K. and Irish travelers entering the U.S. beginning Monday night.
The Foreign Office said the restrictions go into effect immediately as of Sunday.
U.S. citizens — including dual citizens — and lawful permanent residents are exempt from the ban, but may be asked to self-isolate upon arrival for 14 days out of caution.
A Foreign Office spokesperson told TechCrunch by phone that despite one report, U.S. travelers will not be banned from entering the U.K. in response to the coronavirus outbreak.

UK and Ireland added to US travel ban amid COVID-19 concerns

Europe’s Deliveroo and Glovo switch on contactless delivery during COVID-19 pandemic

European on-demand food delivery startups are starting to add ‘contactless’ deliveries in response to the SARS-CoV-2 pandemic.
Earlier this month U.S. startups including Postmates and Instacart added an option for customers to choose not to have their meal handed to them by the courier — and instead have it dropped off at their door without the need for human contact. In China similar services began adding contactless deliveries last month.
Today UK-based Deliveroo said it will launch a no-contact drop-off option early next week.
“At Deliveroo we are taking action to keep our customers, riders and restaurants safe. To make our delivery service even safer we are introducing a no-contact, drop-off service,” it told us.
Currently, Deliveroo customers not wanting to expose themselves — or, indeed, the courier delivering their food — to unnecessary human contact can add a note to an order to request a no-contact drop off.
According to the latest World Health Organization (WHO) situation report on Covid-19 the UK had 373 confirmed cases and six deaths as of yesterday.
Deliveroo told us it has plans in place to respond should a rider be diagnosed with the virus or be told to isolate themselves by a medical authority. This includes a multi-million pound fund that it said will be used to support affected riders by paying in excess of the equivalent of UK statutory sick pay for 14-days.
Other steps it’s taking include ordering hand sanitizer for riders and setting up a dedicated support team in each market to answer any queries or questions riders have.
“Riders’ safety is a priority and we want to make sure those who are impacted by this unprecedented virus and cannot work are supported. Deliveroo will provide support for riders who are diagnosed with the virus or who are told to isolate themselves by a medical authority,” the company added.
In yesterday’s budget the UK chancellor set out measures intended to support gig workers during the Covid-19 crisis, announcing a £500M boost to the benefits system and steps to make it quicker and easier for self employed people to access social security — a move unions were quick to characterize as a sticking plaster atop the systemic problem of precarious gig work. 
“It is unfortunate that it takes a global health pandemic for this government to recognise that precarious workers need some form of sick pay,” said the Independent Workers Union of Great Britain’s general secretary, Jason Moyer-Lee, in a statement. “Rather than half-baked proposals on benefits, the government should be ensuring that all workers have properly enforced worker rights, including full sick pay from day one. The unaffordability of becoming ill or injured is something precarious workers face on a daily basis, and it needs a permanent solution.”
Over in the European Union, Spain’s Glovo also told us it’s implementing new measures globally from today — including recommending ‘no contact’ deliveries and removing the requirement for couriers to obtain a mobile signature from the customer.
Italy, the European country most severely affected by the novel coronavirus outbreak thus far, is one of Glovo’s biggest markets.
This month the government announced a nationwide lockdown to try to contain the spread of the virus.  Per the WHO, Italy had 10,149 confirmed cases of Covid-19 as of yesterday morning and 631 people had died.
Yesterday the Italian prime minister announced a further tightening of quarantine rules, closing all bars and restaurants to the general public but allowing for home delivery — leaving the door open for meal delivery startups to continue operating. Food stores in Italy have also not been shut.
A report by UBS today looking at the impact of Covid-19 on online food delivery across multiple markets suggests there is a general uptick in meal delivery demand in most markets, including Italy. Though the investment bank cautions this could change — highlighting the risk of supply disruption and the consumer safety concerns related to eating pre-prepared meals during a health crisis, as it says has been the case in China (with grocery delivery growing as meal delivery orders slumped).   
It’s not clear how Glovo’s on-demand business is weathering the coronavirus storm. A spokesman told us it’s unable to share any data regarding the rise/fall of orders in Italy during the quarantine.
It’s worth noting the startup has never been solely focused on meal delivery — with the app supporting requests for anything (practicable) to be delivered by bike courier in the urban centers where it operates.
Groceries have also been a growing area of focus for Glovo which has been building out a network of dark supermarkets to support fast delivery of convenience shop groceries.
When we asked it about support for riders, Glovo told us it will be covering courier incomes for 2-4 weeks during the Covid-19 outbreak if they report being sick.
“The health and wellbeing of our couriers and customers is our top priority and we think these practices will help give some peace-of-mind to our fleet, while also decreasing the interaction and contact between both parties,” said the spokesman.
We also asked Uber Eats — which operates a meal delivery service in multiple markets across Europe — what measures it’s taking to respond to the Covid-19 pandemic.
A spokeswoman told us it’s currently working to inform customers of an existing ability to communicate with delivery people via the app to give them specific guidance on where and how they’d like deliveries made — such as leaving a note to say ‘leave at door’ or ‘leave in lobby/reception’.
“Safety is essential to Uber and it’s at the heart of everything we do. In response to the ongoing spread of coronavirus, we’ve reminded Uber users that they can request deliveries be left on their doorsteps,” Uber Eats said in a statement.
“We’re simultaneously at work on new product features to make this process even smoother, which we hope will be helpful to everyone on the platform in the coming weeks,” it added.
Uber also confirmed it will compensate drivers and delivery people who have to go into quarantine for up to 14 days — provided they are able to show documentation confirming the diagnosis; or if they have to self isolate or get removed from the app at the direction of a public health authority.
The company added that it has a dedicated global team, led by SVP Andrew Macdonald and advised by a consulting public health expert and public health organizations, working on its Covid-19 response.

European Parliament moves to majority teleworking in response to COVID-19

The European Parliament is instructing managers to prepare for all but a minority of staff to work remotely for 70% of the week as of next Monday — dialling up its response to Covid-19, the disease caused by the SARS-CoV-2 virus.
Full-time remote working may follow, it has also said.
In an email sent today European Parliament staff have been instructed that teleworking will be introduced on March 16 — for “all colleagues whose physical presences in Parliament is not absolutely indispensable”.
“At this stage it will be 70% teleworking. That means presence in the office will be limited to 1½ days a week,” the email continues, adding: “Later on teleworking could be increased to 100% of working time dependent on the further developments.”
Earlier this week the parliament instructed “vulnerable” staff with pre-existing health conditions to telework to shrink their risk of exposure to the virus. The move followed the European Commission confirming its first cases of the disease.

European Parliament tells vulnerable staff to telework to shrink COVID-19 risk

The European Parliament is based in three locations in the EU, with the administrative offices in Luxembourg and plenary sessions of the parliament taking place in Brussels, Belgium, and Strasbourg in France.
We understand the teleworking shift applies across all locations.
The World Health Organization’s most recent Covid-19 situation report, for 10am CET March 10, lists a total of 1,402 confirmed cases in France; 239 in Belgium; and four in Luxembourg.
In recent days members of parliaments in several EU countries have also been reported to have contracted the virus — including politicians in Italy, Spain and the UK.
Another EU institution, the European Commission — which is primarily based in Brussels — is also allowing some staff to work remotely in response to the threat posed by the coronavirus, including staff with a pre-existing health condition and those who have recently traveled to regions it defines as high risk. It has also urged staff to take precautions, such as regular hand washing and social distancing.
It seems likely the Commission will follow the parliament’s lead and expand remote working further as confirmed cases of Covid-19 continue to increase. Local press in Belgium has reported 47 new cases today, including seven in Brussels.
The Belgian Federal Public Health service is also recommending businesses offer employees the option to work from home, postpone meetings and/or make use of video conferencing and avoid gathering large numbers of people in one place.

XYZ Reality secures £5M to bring a hologram headset to the construction industry

Augmented Reality technology did not, it turned out, light the touch paper on a booming new industry. What we got instead was a few cute applications on smartphones and devices like Microsoft’s Hololens, which has seen pretty limited success.
Where AR has proved that it may have a future is in industry, allowing workers to look at plans whilst they assemble something, for instance.
A new UK startup hopes to nudge that future on further with a radical new technology which, although it resembles the Hololens, is in fact a highly accurate helmet-mounted screen which enables construction workers to place beams or bricks in exactly the right locations, thus introducing significant savings in time normally lost due to mistakes.
To further boost its efforts, XYZ Reality has closed a £5 million Series A funding round, led by Amadeus Capital Partners and Hoxton Ventures, with participation from Adara Ventures and J Coffey Construction. The company will build out its AR cloud and software platform and build its team to serve the EU market and expand to US and Asia.
The idea behind it is highly innovative. A dedicated helmet with an attached visor projects a highly accurate hologram — based on laser positioning — in front of the wearer’s face, allowing them to place objects precisely according to plans projected in front of their eyes.
The company claims its HoloSite headset is the “world’s first engineering-grade Augmented Reality device,” that allows construction workers to view Building Information Models on-site to a 5-millimeter accuracy.
The problem it’s solving is an age-old one. In today’s construction industry buildings are designed in 3D and then converted into 2D drawings. But tradespeople are asked to interpret those 2D drawings and turn them into 3D buildings within construction “tolerances”. This process creates inefficiencies that mean up to 80% of the construction being “out-of-tolerance”. It’s estimated that 7-11% of project costs are wasted this way and, of course, in mega-projects like huge bridges, this amounts to an average of over $100 million.
Founder, CEO and builder David Mitchell, who has spent his career in the construction industry, says: “Works are currently validated after the fact through laser scanning. But 80% of the time the construction fails to meet acceptable tolerances. With HoloSite, we can prevent errors happening in the first place.”
Mitchell came up with the idea of eliminating 2D designs after the 2008 recession devastated the industry.
I tried out the headset for myself and found that I could complete a basic assembly of bricks according to the plans projected in front of my eyes with a reasonable degree of accuracy, from scratch.

XYZ says it was possible to build a bathroom in two hours using the headset, versus a day without it, using the technology.
The hope is that that as this technology improves, any tradesperson would be able to work on a construction site with less need for training in 2D plans, but still with a high degree of accuracy.
The project is not without risk. Daqri, which built enterprise-grade AR headsets for construction, shuttered its HQ last year. Earlier, Osterhout Design Group unloaded its AR glasses patents after acquisition talks with Magic Leap, Facebook and others stalled. Meta, an AR headset startup that raised $73 million from VCs, including Tencent, also sold its assets earlier this year after the company ran out of cash.
But Amadeus is bullish. Nick Kingsbury, Partner, Amadeus Capital Partners said: “Construction is a sector that’s ripe for radical innovation. This technology has the potential to revolutionize how the construction industry sets out and validates its work, reducing costs and the chance of project slippage from mistakes.”

Insurance AI startup Synthesized raises $2.8M from IQ Capital and Mundi Ventures

The insurance industry depends on data to support a number of functions the average person in the street is usually completely unaware of such as “informed risk selection”, underwriting and claims management. Like many industries, it would like to automate much of this but it’s just not that simple.
Synthesized is a UK startup that tries to reduce friction on preparing all the data that’s needed, to enable insurers to share data safely, complying with regulations. The more that happens, the more innovation can happen, such as insuring for a low-carbon economy, something which will become increasingly important.
It’s now raised $2.8m in a new round of funding co-led by Cambridge-based IQ Capital and Mundi Ventures, with participation from Seedcamp, Pretiosum Ventures, and a number of finance and technology executives in the UK. Financing from the round will be used to double the number of its employees in London, and build out its sales and product teams.
Cofounder Nicolai Baldin said: “Synthesized substantially reduces the time to develop and comprehensively test data-driven projects and as a result empowers engineers to build better products and services for end-users. With the new funding from IQ Capital and Mundi Ventures, Synthesized is well-positioned to facilitate its business operations to turbocharge development processes across many sectors, such as finance, insurance and healthcare.”
Ed Stacey, managing partner at IQ Capital said: “Responsible organizations are waking up to the need to ensure that their deployed machine learning systems are fair and unbiased, as well as being robust and accurate. Synthesized’s ability to create multiple, balanced data sets in a flexible way gives organizations and their customers the confidence they need in deployed production systems, while also greatly speeding up the development process. Javier Santiso, CEO and Founder of Alma Mundi Ventures, said that “The prospects for Synthesized are bright and we see the impact of synthetic data permeating almost every industry.”
Synthesized competes in various ways with product from Gretel AI, Snorkel, Tonic AI, Hazy and Mostly AI.

Adtech giant Criteo is being investigated by France’s data watchdog

Adtech giant Criteo is under investigation by the French data protection watchdog, the CNIL, following a complaint filed by privacy rights campaign group Privacy International.
“I can confirm that the CNIL has opened up an investigation into Criteo . We are in the trial phase, so we can’t communicate at this stage,” a CNIL spokesperson told us.
Privacy International has been campaigning for more than a year for European data protection agencies to investigate several adtech players and data brokers involved in programmatic advertising.
Yesterday it said the French regulator has finally opened a probe of Criteo.
“CNIL’s confirmation that they are investigating Criteo is important and we warmly welcome it,” it said in the  statement. “The AdTech ecosystem is based on vast privacy infringements, exploiting people’s data on a daily basis. Whether its through deceptive consent banners or by infesting mental health websites these companies enable a surveillance environment where all you moves online are tracked to profile and target you, with little space to contest.”
We’ve reached out to Criteo for comment.
Back in November 2018, a few months after Europe’s updated data protection framework (GDPR) came into force, Privacy International filed complaints against a number of companies operating in the space — including Criteo.
A subsequent investigation by the rights group last year also found adtech trackers on mental health websites sharing sensitive user data for ad targeting purposes.
Last May Ireland’s Data Protection Commission also opened a formal investigation into Quantcast, following Privacy International’s complaint and a swathe of separate GDPR complaints targeting the real-time bidding (RTB) process involved in programmatic advertising.
The crux of the RTB complaints is that the process is inherently insecure since it entails the leaky broadcasting of people’s personal data with no way for it to be controlled once it’s out there vs GDPR’s requirement for personal data to be processed securely.
In June the UK’s Information Commission’s Office also fired a warning shot at the behavioral ad industry — saying it had “systemic concerns” about the compliance of RTB. Although the regulator has so far failed to take any enforcement action, despite issuing another blog post last December in which it discussed the “industry problem” with lawfulness — preferring instead to encourage adtech to reform itself. (Relevant: Google announcing it will phase out support for third party cookies.)
In its 2018 adtech complaint, Privacy International called for France’s CNIL, the UK’s ICO and Ireland’s DPC to investigate Criteo, Quantcast and a third company called Tapad — arguing their processing of Internet users’ data (including special category personal data) has no lawful basis, neither fulfilling GDPR’s requirements for consent nor legitimate interest.
Privacy International’s complaint argued that additional GDPR principles — including transparency, fairness, purpose limitation, data minimisation, accuracy and integrity and confidently — were also not being fulfilled; and called for further investigation to ascertain compliance with other legal rights and safeguards GDPR gives Europeans over their personal data, including the right to information; access; rights related to automated decision making and profiling; data protection and by design and default; and data protection impact assessments.
In specific complaints against Criteo, Privacy International raised concerns about its Shopper Graph tool, which is used to predict real-time product interest, and which Criteo has touted as having data on nearly three-quarters of the worlds’ shoppers, fed by cross-device online tracking of people’s digital activity which is not limited to cookies and gets supplemented by offline data; and its Dynamic Retargeting tool, which enables the retargeting of tracked shoppers with behaviorally targeted ads via Criteo sharing data with scores of ‘partners’ including publishers and ad exchanges involved in the RTB process to auction online ad slots.
At the time of the original complaint Privacy International said Criteo told it it was relying on consent to track individuals obtained via its advertising (and publisher) partners — who, per GDPR, would need to obtain informed, specific and freely given consent up-front before dropping any tracking cookies (or other tracer technologies) — as well as claiming a legal base known as legitimate interest, saying it believed this was a valid ground so that it could comply with its contractual obligations toward its clients and partners.
However legitimate interests requires a balancing test to be carried out to consider impacts on the individual’s interests, as part of a wider assessment process to determine whether it can be applied.
It’s Privacy International’s contention that legitimate interest is not a valid legal basis in this case.
Now the CNIL will look in detail at Criteo’s data processing to determine whether or not there are GDPR violations. If it finds breaches of the law, the regulation allows for monetary penalties to be issued that can scale as high as 4% of a company’s global turnover. EU data protection agencies can also order changes to how data is processed.
Commenting on the CNIL’s investigation of Criteo’s business, Dr Lukasz Olejnik, an independent privacy researcher and consultant whose research on the privacy implications of RTB predates all the aforementioned complaints told us: “I am not surprised with the investigation as in Real-Time Bidding transparency and consent were always very problematic and at best non-obvious. I don’t know how retrospective consent could be reconciled.”
“It is rather beyond doubt that a thorough privacy impact assessment (data protection impact assessment) had to be conducted for many aspects of such systems or its uses, so this particular angle of the complaint should not controversial,” Olejnik added.
“My long views on Real-Time Bidding is that it was not a technology created with particular focus on security and privacy. As a transformative technology in the long-term it also contributed to broader issues like the dissemination of harmful content like political disinformation.”
The CNIL probe certainly adds to Criteo’s business woes, with the company reporting declining revenue last year and predicting more to come in 2020. More aggressive moves by browser makers to bake in tracker blocking is clearly having an impact on its core business.
In a recent interview with Digiday CEO Megan Clarken talked about wanting to broaden the range of services it offers to advertisers and reduce its reliance on its traditional retargeting.
Criteo has also been investing heavily in artificial intelligence in recent years — ploughing in $23M in 2018 to open an AI lab in Paris.

Google’s Vint Cerf voices support for common criteria for political ad targeting

Google VP Vint Cerf has voiced support for a single set of standards for Internet platforms to apply around political advertising.
Speaking to the UK parliament’s Democracy and Digital Technologies Committee today, the long time Googler — who has been chief Internet evangelist at the tech giant since 2005 — was asked about the targeting criteria it allows for political ads and whether he thinks there should be a common definition all platforms should apply.
“Your idea that there might be common criteria for political advertising I think has a certain merit to it,” he told the committee. “Because then we would see consistency of treatment — and that’s important because there are so many different platforms available for purposes of — not just advertising but political speech.”
“In the US we’ve already experienced the serious side effects of some of the abuse of these platforms and the ability to target specific audiences for purposes of inciting disagreement,” he added. “We should make it difficult for our platforms to be abused in that way.”
The committee had raised the point that Google and Facebook currently apply different criteria around political ads — also asking whether advertisers could use Google’s tools to target political issue ads at a particular geographical region, such as South Bend in Northern Indiana.
“I don’t think that criterion is allowed in our advertising system,” Cerf responded on that specific example. “I don’t think that we’re that refined, particularly in the political space… We have a small number of criteria that are permitted for targeting political ads.”
Last November Google announced limits on political microtargeting — saying it would limit the ability for advertisers to target political demographics, and also committing itself to take action against “demonstrably false claims.”
The move remains in stark contrast to Facebook which dug in at the start of this year — refusing to limit targeting criteria for political ads. Instead it trumpeted a few settings tweaks that it claimed would afford users more controls over ads. As we (and many others) warned at the time, such tweaks offer no meaningful way for Facebook users to prevent the company’s pervasive background profiling of their Internet activity from being repurposed as an attack surface to erode democracy.
Last year some of Facebook’s own staff also critcized its decision not to restrict politicians from lying in ads and called for it to limit the use of Custom Audiences — arguing microtargeting works against the public scrutiny that Facebook claims keeps politicians honest. However the company has held the line on refusing to apply limits to political ads — with the occasional exception.
The committee also asked Cerf if he has any concerns about online misinformation and disinformation emerging on platforms related to the novel coronavirus outbreak.
Cerf responded by saying he’s “very concerned about the abuse of the system and looking for ways to counter that”.
“I use our tools every single day. I don’t think I would survive without having the ability to search through the world wide web — get information — get answers. I exercise critical thinking as much as I can about the sources and the content. I am a very optimistic person with regard to the value of what’s been done so far. I am very concerned about the abuse of the system and looking for ways to counter that — and those ways may be mechanical but they also involve the ‘wet ware’ up here,” he said, gesturing at his head.
“So my position is this is all positive stuff but how do we preserve the value of what we defend against the abuse? … We’re human beings and we should try very hard to make our tools serve us and our society in a positive way.”

Australia sues Facebook over Cambridge Analytica, fine could scale to $529BN

Australia’s privacy watchdog is suing Facebook over the Cambridge Analytica data breach — which, back in 2018, became a global scandal that wiped billions off the tech giant’s share price yet only led to Facebook picking up a $5BN FTC fine.
Should Australia prevail in its suit against the tech giant the monetary penalty could be exponentially larger.
Australia’s Privacy Act sets out a provision for a civil penalty of up to $1,700,000 to be levied per contravention — and the national watchdog believes there were 311,074 local Facebook users in the cache of ~86M profiles lifted by Cambridge Analytica . So the potential fine here is circa $529BN. (A very far cry from the £500k Facebook paid in the UK over the same data misuse scandal.)
In a statement published on its website today the Office of the Australian Information Commissioner (OAIC) says it has lodged proceedings against Facebook in a federal court alleging the company committed serious and/or repeated interferences with privacy.
The suit alleges the personal data of Australian Facebook users was disclosed to the This is Your Digital Life app for a purpose other than that for which it was collected — thereby breaching Australia’s Privacy Act 1988. It further claims the data was exposed to the risk of being disclosed to Cambridge Analytica and used for political profiling purposes, and passed to other third parties.
This is Your Digital Life was an app built by an app developer called GSR that was hired by Cambridge Analytica to obtain and process Facebook users’ data for political ad targeting purposes.
The events from which the suit stems took place on Facebook’s platform between March 2014 and May 2015 when user data was being siphoned off by GSR, under contract with Cambridge Analytica — which worked with US political campaigns, including Ted Cruz’s presidential campaign and later (the now) president Donald Trump.
GSR was co-founded by two psychology researchers, Aleksandr Kogan and Joseph Chancellor. And in a still unexplained twist in the saga, Facebook hired Chancellor, in about November 2015, which was soon after some of its own staffers had warned internally about the “sketchy” business Cambridge Analytica was conducting on its ad platform. Chancellor has never spoken to the press and subsequently departed Facebook as quietly and serendipitously as he arrived.
In a concise statement summing up its legal action against Facebook the OIAC writes:
Facebook disclosed personal information of the Affected Australian Individuals. Most of those individuals did not install the “This is Your Digital Life” App; their Facebook friends did. Unless those individuals undertook a complex process of modifying their settings on Facebook, their personal information was disclosed by Facebook to the “This is Your Digital Life” App by default. Facebook did not adequately inform the Affected Australian Individuals of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.
Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure. Facebook did not know the precise nature or extent of the personal information it disclosed to the “This is Your Digital Life” App. Nor did it prevent the app from disclosing to third parties the personal information obtained. The full extent of the information disclosed, and to whom it was disclosed, accordingly cannot be known. What is known, is that Facebook disclosed the Affected Australian Individuals’ personal information to the “This is Your Digital Life” App, whose developers sold personal information obtained using the app to the political consulting firm Cambridge Analytica, in breach of Facebook’s policies.
As a result, the Affected Australian Individuals’ personal information was exposed to the risk of disclosure, monetisation and use for political profiling purposes.
Commenting in a statement, Australia’s information commissioner and privacy commissioner, Angelene Falk, added: “All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law. We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy. We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”
Reached for comment, a Facebook spokesperson sent this statement:
We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.

US threatens to pull big tech’s immunities if child abuse isn’t curbed

The Department of Justice is proposing a set of voluntary principles that take aim at tech giants in an effort to combat online sexual abuse.
The principles are part of a fresh effort by the government to hold the tech companies accountable for the harm and abuse that happens on their platforms, amid the past two years of brewing hostilities between the government and Silicon Valley. But critics also see it as a renewed push to compel tech companies to weaken or undo their “warrant-proof” encryption efforts under the guise of preventing crime and terrorism.
U.S. Attorney General William Barr announced the proposals at the Justice Department on Thursday with international partners from the U.K., Canada, Australia, and New Zealand.
The principles, built by the five countries and tech leaders — including Facebook, Google, Microsoft, and Twitter — aim to incentivize internet companies and social media giants to do more to prevent child sexual abuse on their platforms.
Barr said he hopes that the principles “set new norms” across the tech industry to “make sure there’s no safe space on the internet for offenders to operate.”
The principles come ahead of anticipated bipartisan legislation to Congress — the so-called Earn-It Act, which reports say could effectively force the tech companies’ hands by threatening to pull their legal immunities for what their users post if the companies fail to aggressively clamp down on online child sexual abuse.
Sens. Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) are expected to announce the legislation on Wednesday.
Justice takes aim at big tech’s immunities
Barr warned that the government is “analyzing the impact” of Section 230 of the Communications Decency Act, which protects tech platforms from legal liability for content created by their users.
Under Barr, the Justice Department has taken a particular interest in dismantling Section 230. Last month, the Justice Department hosted a “workshop” on Section 230, arguing that the immunity it provides interferes with law enforcement and needs to be reexamined.
“We must also recognize the benefits that Section 230 and technology have brought to our society, and ensure that the proposed cure is not worse than the disease,” Barr said last month.
Any change to Section 230, widely regarded as the legal underpinning of all online platforms, could radically alter the landscape of the modern internet and give the government more power to control online speech. Privacy advocates view the government’s interest in wielding Section 230 as a cudgel as an existential threat to the internet as we know it.
Last month, Oregon Senator Ron Wyden, one of Section 230’s co-authors, condemned the Trump administration’s scrutiny of the law and argued that repealing the law would not be a successful punishment for large tech companies. “… The biggest tech companies have enough lawyers and lobbyists to survive virtually any regulation Congress can concoct,” Wyden wrote. “It’s the start-ups seeking to displace Big Tech that would be hammered by the constant threat of lawsuits.”
Encryption enters the limelight
UK Security Minister James Brokenshire lauded the initiative’s existing six tech partners, encouraging the rest of the industry to fall in line. “It’s critical that others follow them by endorsing and acting on these principles.” The minister claimed that plans to encrypt tech platforms are “sending predators back into the darkness” and away from “artificial intelligence advances that can expose them.”
Brokenshire admitted that encryption “remains the elephant in the room.”
But privacy groups remain wary of legislative action, fearing that any law could ultimately force the companies to weaken or break encryption, which government officials have for years claimed helps criminals and sexual predators evade prosecution.
End-to-end encryption has become largely the norm in the past few years since the Edward Snowden revelations into the vast surveillance efforts by the U.S. and its Five Eyes partners.
Apple, Google, and Facebook have made encryption as standard in its products and services, a frequent frustration for investigators and prosecutors.
But last year, the Five Eyes said it would contemplate forcing the matter of encryption if tech giants wouldn’t acquiesce to the pact’s demands.
The government has called for “responsible encryption,” a backdoor-like system that allows governments access to access encrypted communications and devices with a key that only it possesses. But security experts have universally panned the idea, arguing that there is no way to create a “secure backdoor” without it somehow being vulnerable to hackers.
The anticipated bill has already received heavy opposition. Facebook said that child safety is a “top priority,” but warned that the Earn-It Act would “roll back encryption, which protects everyone’s safety from hackers and criminals.”
The Electronic Frontier Foundation said the bill would “undermine the law that undergirds free speech on the internet.” Firefox browser maker Mozilla said the bill “creates problems rather than offering a solution.”
“The law enforcement community has made it clear this law is another attempt to weaken the encryption that is the bedrock of digital security,” said Heather West, Mozilla’s head of Americas policy. “Encryption ensures our information — from our sensitive financial and medical details to emails and text messages — is protected.”
“Without it, the world is a far more dangerous place,” said West.

‘Five Eyes’ governments call on tech giants to build encryption backdoors — or else

Frontline Ventures raises new $80M fund focused on bringing US firms into Europe

Frontline Ventures, based between Dublin and London, has announced a new $80 million fund designed to assist US tech companies expanding into Europe.
The new FrontlineX fund — which means the firm now has $200 million under management — focuses mainly on growth-stage B2B companies and invest up to $5 million per company alongside lead investors in later-stage rounds. FrontlineX will be led by partners Stephen McIntyre and Brennan O’Donnell.
The firm believes that flawed go-to-market strategies and weak local talent networks means that US companies tend to lose too much money in foregone revenue when they expand into Europe and the team is aiming to try and address this.
Ireland has been a crucial landing point, particularly for US tech companies expanding into Europe, in part because of its low tax regime. No doubt, Irish investors are now realizing that with the UK leaving the EU, both Dublin and Ireland will become an even more attractive proposition.
Frontline has backed a number of successful companies in Seed Funds I and II, including Britebill (acquired by Amdocs), Logentries (acquired by Rapid7), and Orchestrate (acquired by CenturyLink) . Most recently, Frontline was an early investor in Pointy, which was acquired by Google last month.
Prior to joining Frontline, McIntyre setup Twitter’s European headquarters as the Vice President of EMEA and built its EMEA business. Prior to that he ran a substantial part of Google’s ads business.
O’Donnell joins FrontlineX as a partner in San Francisco. He previously held multiple go-to-market leadership roles at Google in the US and Europe and executive roles at Yammerm SurveyMonkey, Euclid and Airtable.
In a statement McIntyre said: “We’ve benchmarked the best of B2B software and seen that, by the time a company goes public, 30% of its revenue should be coming from Europe. But even the biggest names in tech fail to get there because of avoidable mistakes when they land. We’ve learned about international expansion the hard way as operators. The good news is that most of these problems are known and solvable.”
FrontlineX already invested in the Series B of TripActions, a company that has gone on to raise from Andreessen Horowitz at a $4 billion valuation; People.ai’s $100 million Series C together with Lightspeed, Andreessen Horowitz and ICONIQ; and Clearbanc’s $50 million Series B with Emergence and Highland. The VC has also backed more than 60 companies with recent investments including TeachCloud, Siren, Cloudsmith and Sweepr.
Ariel Cohen, the CEO of TripActions, commented that Frontline was “a crucial source of go-to-market advice”.

Cathay Pacific fined £500k by UK’s ICO over data breach disclosed in 2018

Cathay Pacific has been issued with a £500,000 penalty by the UK’s data watchdog for security lapses which exposed the personal details of some 9.4 million customers globally — 111,578 of whom were from the UK.
The penalty, which is the maximum fine possible under relevant UK law, was announced today by the Information Commissioner’s Office (ICO), following a multi-month investigation. It pertains to a breach disclosed by the airline in fall 2018.
At the time Cathay Pacific said it had first identified unauthorized access to its systems in March, though it did not explain why it took more than six months to make a public disclosure of the breach.
The failure to secure its systems resulted in unauthorised access to passengers’ personal details, including names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.
Today the ICO said the earliest date of unauthorised access to Cathay Pacific’s systems was October 14, 2014. While the earliest known date of unauthorised access to personal data was February 7, 2015.
“The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data,” the regulator writes in a press release, adding that it found “a catalogue of errors” during the investigation, including back-up files that were not password protected; unpatched Internet-facing servers; use of operating systems that were no longer supported by the developer; and inadequate antivirus protection.
Since Cathay’s systems were compromised in this breach the UK has transposed an update to the European Union’s data protection’s framework into its national law which bakes in strict disclosure requirements for breaches involving personal data — requiring data controllers inform national regulators within 72 hours of becoming aware of a breach.
The General Data Protection Regulation (GDPR) also includes a much more substantial penalties regime — with fines that can scale as high as 4% of global annual turnover.
However owing to the timing of the unauthorized access the ICO has treated this breach as falling under previous UK data protection legislation.
Under GDPR the airline would likely have faced a substantially larger fine.
Commenting on Cathay Pacific’s penalty in a statement, Steve Eckersley, the ICO’s director of investigations, said:
People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here.
This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.
Under data protection law organisations must have appropriate security measures and robust procedures in place to ensure that any attempt to infiltrate computer systems is made as difficult as possible.
Reached for comment the airline reiterated its regret over the data breach and said it has taken steps to enhance its security “in the areas of data governance, network security and access control, education and employee awareness, and incident response agility”.
“Substantial amounts have been spent on IT infrastructure and security over the past three years and investment in these areas will continue,” Cathay Pacific said in the statement. “We have co-operated closely with the ICO and other relevant authorities in their investigations. Our investigation reveals that there is no evidence of any personal data being misused to date. However, we are aware that in today’s world, as the sophistication of cyber attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.”
“We will continue to co-operate with relevant authorities to demonstrate our compliance and our ongoing commitment to protecting personal data,” it added.
Last summer the ICO slapped another airline, British Airways, with a far more substantial fine for a breach that leaked data on 500,000 customers, also as a result of security lapses.
In that case the airline faced a record £183.39M penalty — totalling 1.5% of its total revenues for 2018 — as the timing of the breach occurred when the GDPR applied.

Africa Roundup: TLcom closes $71M fund, Jumo raises $55M, AWS partners with Safaricom

VC firm TLcom Capital closed its Tide Africa Fund at $71 million in February, and announced plans to invest in 12 startup over the next 18 months.
The group —  with offices in London, Lagos, and Nairobi — is looking for tech-enabled, revenue-driven ventures in Africa from seed-stage to Series B, according to TLcom Managing Partner Maurizio Caio.
He told TechCrunch the fund was somewhat agnostic on startup sectors, but was leaning toward infrastructure, logistics ventures vs. consumer finance companies.
On geographic scope, TLcom Capital will focus primarily on startups in Africa’s big-three tech hubs — Nigeria, Kenya,  South Africa — but is also eyeing rising markets, such as Ethiopia.
TLcom’s current Africa portfolio includes Nigerian trucking logistics venture Kobo360, Kenya’s Twiga Foods,  a B2B food supply-chain company and tech-talent accelerator Andela.
Both of these companies have gone on to expand in Africa and receive subsequent investment by U.S. investment bank, Goldman Sachs .
For those startups who wish to pitch to TLcom Capital, Caio encouraged founders to contact one of the fund’s partners and share a value proposition. “If it’s something we find vaguely interesting, we’ll make a decision,” he said.

TLcom Capital closes $71M Africa fund with plans to back 12 startups

One $50 million round wasn’t enough for South Africa’s Jumo, so the fintech firm raised another — $55 million — in February, backed by
Goldman Sachs led the Cape Town based company’s $52 million round back in 2018.
“This fresh investment comes from new and existing…investors including Goldman Sachs,  Odey Asset Management and LeapFrog Investments,” Jumo said in a statement —  though Goldman told TechCrunch its participation in this week’s round isn’t confirmed.
After the latest haul, Jumo has raised $146 million in capital, according to Crunchbase.
Founded in 2015, the venture offers a full tech stack for partners to build savings, lending, and insurance products for customers in emerging markets.

Jumo is active in six markets and plans to expand to two new countries in Africa (Nigeria and Ivory Coast) and two in Asia (Bangladesh and India).
The company’s products have disbursed over $1 billion loans and served over 15 million people and small businesses, according to Jumo data.
Jumo joins a growing list of African digital-finance startups raising big money from outside investors and expanding abroad. A $200 million investment by Visa in 2019 catapulted Nigerian payments firm Interswitch  to unicorn status, the same year the company launched its Verge card product on Discover’s global network.

South African fintech startup Jumo raises second $50M+ VC round

Amazon Web Services  has entered a partnership with Safaricom — Kenya’s largest telco, ISP and mobile payment provider — in a collaboration that could spell competition between American cloud providers in Africa.
In a statement to TechCrunch,  the East African company framed the arrangement as a “strategic agreement” whereby Safaricom  will sell AWS services (primarily cloud) to its East Africa customer network.
Safaricom — whose products include the famed M-Pesa  mobile money product — will also become the first Advanced Consulting Partner for the AWS partner network in East Africa.
Partnering with Safaricom plugs AWS into the network of one East Africa’s most prominent digital companies.
Safaricom, led primarily by its M-Pesa mobile money product, holds remarkable dominance in Kenya, Africa’s 6th largest economy. M-Pesa has 20.5 million customers across a network of 176,000 agents and generates around one-fourth of Safaricom’s ≈ $2.2 billion annual revenues (2018).
M-Pesa has 80% of Kenya’s mobile money agent network, 82% of the country’s active mobile-money subscribers and transfers 80% of Kenya’s mobile-money transactions, per the latest sector statistics.
A number of Safaricom’s clients (including those it provides payments and internet services to) are companies, SMEs and startups.
The Safaricom-AWS partnership points to an emerging competition between American cloud service providers to scale in Africa by leveraging networks of local partners.
The most obvious rival to the AWS-Safaricom strategic agreement is the Microsoft -Liquid Telecom collaboration. Since 2017, MS has partnered with the Southern African digital infrastructure company to grow Microsoft’s AWS competitor product — Azure — and offer cloud services to the continent’s startups and established businesses.
More Africa-related stories @TechCrunch
These specialized Africa VC funds are welcoming co-investors
After VCs spend millions Nigeria restricts ride-hail motorbike taxis
Africa e-tailer Jumia reports first full-year results post NYSE IPO
Sokowatch raises $14M to digitize Africa’s informal B2B supply-chain
African crowdsolving startup Zindi scales 10,000 data scientists
African tech around the ‘net
Ethiopian ed-tech company Gebeya raises $2m funding round
Nigerian crypto platform Bitfxt lands $15m from UK investors, Payitup parent company

Could lessons from the challenger bank revolution kick-start innovation on the climate crisis?

Now that the world is swimming in data we may be able to address the climate and environmental risks to the planet. But while there is plenty of capital to invest in things like ClimateTech, a lot of the data that’s needed to tackle this big issue is badly applied, leading to a big misallocation of resources. So to deal with the climate we have to get the data right. A big part of the solution is open standards and interoperability.
The story of how the Open Banking Standard developed might show a way forward. Its development out of the UK led to regulated sector-wide interoperability (covering a broad range of areas including IP, legal, liability and licensing, and technology to enable data sharing). It’s meant over 300 fintech companies now use the Standard, which has helped to catalyze similar initiatives.
Open Banking has lead to the explosion in tech startups that we see today. Revolut, Monzo, Starling bank – none of them would have existed without Open Banking.
What if someone created something like the Open Banking Standard, but this time to stimulate climate-friendly innovation around financial products. Afterall, it’s more likely we’ll save the planet is we incentivize firms with financial models to make it work.
Well, it just so happens that one of the key players that developed the Open Banking Standard plans to do the same for data about the climate to allow the insurance industry to engage in the solutions to the climate crisis.

Gavin Starks co-chaired the development of the Open Banking Standard, laying the foundations for regulation and catalyzing international innovation.
But Starks has form in this arena. Prior to co-creating Open Banking, he was the Open Data Institute’s founding CEO, working with Sir Tim Berners-Lee. The ODI may not be well known in Silicon Valley, but it’s launched franchises across 20 countries and trained 10,000 people.
Starks’ previous venture was a pioneer in the climate space: AMEE (Avoidance of Mass Extinctions Engine) organized the world’s environmental data and standards into an open web-service, raising $10M and selling in 2015 PredictX.
Starks also chaired the development of the first Gold Standard Carbon Offset.
But what Starks has set himself is a task different to Open Banking.
His new project is Icebreaker One, a new non-profit which last month raised £1m+ investment, largely funded by the UK’s government-backed body UK Research and Innovation. It’s also supported by a consortium of financial and regulatory institutions.
So what’s the big idea this time?
The idea is to develop an open standard for data sharing that will stimulate climate-friendly financial product innovation and deliver new products.
Just like the Open Banking Standard, Icebreaker One will steer the development of the SERI standard. This is the Standard for Environment, Risk and Insurance (SERI) which has been created to design, test and develop financial products with Icebreaker One members ahead of the COP26 conference in Glasgow later this year.
SERI could provide a framework for an addressable, open marketplace, built around the needs of both the market and the new reality of climate change. If it works, this would enable insurers to share data robustly, legally and securely, driving the use and adoption of artificial intelligence tools within the insurance sector.
It would mean insurers being able to invest in demonstrably low-carbon financial products and services, based on real, hard data.
The current SERI launch partners are Aon, Arup, Agvesto, Bird & Bird, Brit Insurance, Dais LLP, Lloyd’s Register Group and the University of Cambridge.
The thinking behind the initiative is that as large catastrophic climate events occur with higher frequency, the UK’s insurance market is under pressure to evolve.
By creating the data platform, insurers can invest in low-carbon financial products, rather than ignore them because they can’t be priced right.
Starks says: “The time for theory is over—we need rapid and meaningful action. The threat of climate change to the global economy is tangible, and the increase in catastrophic climate events is capable of bankrupting markets and even nation-states. We are already witnessing insurance in some areas becoming untenable – which is a genuine threat to communities and wider society.”
He adds: “We are working with some of the most influential organizations in the world to plan policies and regulation to protect citizens, our environment and our economy; to unlock the power of unused and underutilized data to enable governments and business to respond effectively, responsibly and sustainably to the threats posed by the climate emergency.”
Arup, the multinational professional services firm best known for large engineering projects, is one of those in the SERI consortium.
Volker Buscher, Chief Data Officer at Arup, says: “Responding to climate change and futureproofing the market is vital – and working with Gavin and senior industry figures is a big opportunity to make real-world data work harder, to evolve investment strategies, shine a light on inefficiencies and better understand risk. It’s of benefit to everyone that we create the working blueprint for the freer sharing and licensing of data-at-scale that can be a shot in the arm to climate-affected financial products and services.”
Icebreaker One plans to overcome the locked, legacy culture of the insurance industry.
The task ahead is a big one. Currently, the valuable data needed to unlock this potential is in lately closed-off “data lakes”. The goal is to influence $3.6 trillion of investment.
If the insurance industry can innovate around climate change and the new kinds of risk it creates, then the financial world industry can create the kind of boom Open Banking did.
And that would mean not just brand new insurance products but also new startups in what’s been described as “InsureTech”.
But the greater prize, is of course the planet itself.

Tractable claims $25M to sell damage-assessing AIs to more insurance giants

London-based insurtech AI startup Tractable, which is applying artificial intelligence to speed up accident and disaster recovery by using computer vision to perform visual damage appraisal instead of getting humans to do the job, has closed a $25 million Series C, led by Canadian investment fund Georgian Partners.
Existing investors also participated, including Insight Partners and Ignition Partners. The round nearly doubles the 2014-founded startup’s total funding, taking it to $55M raised to date.
When TechCrunch spoke to Tractable’s co-founder and CEO Alexandre Dalyac, back in 2018, he said the company’s aim is to speed up insurance-related response times around events like car accidents and natural disasters by as much as 10x.

Tractable is applying AI to accident and disaster appraisal

Two years on the startup isn’t breaking out any hard metrics — but says its product is used by a number of multinational insurance firms, including Ageas in the UK, France’s Covéa, Japan’s Tokio Marine and Polish insurer Talanx-Warta — to analyse vehicle damage “effectively and efficiently”.
It also says the technology has been involved in accelerating insurance-related assessments for “hundreds of thousands of people worldwide”.
Tractable’s pitch is that AI appraisals of damage to vehicles/property can take place via its platform “in minutes”, thereby allowing for repairs to begin sooner and people’s livelihoods to be restored more quickly.
Though of course if the AI algorithm denies a person’s claim the opposite would happen.
The startup said its new funding will go on expanding its market footprint. It has customers across nine markets, globally, at this point. And in addition to its first offices in the UK and US recently opened a permanent office in Japan — with the stated aim of serving new clients in the Asia region.
It also said the Series C will be used for continued product development by further enhancing its AI.
Its current product line up includes AI for assessing damage to vehicles and another focused on the appraisal of damage caused by natural disasters, such as to buildings by hurricanes.
“Our AI solutions capture and process photos and damage and predict repair costs — at scale,” Tractable claims on its website, noting its proprietary algorithms can be fed by “satellite, drone or smartphone imagery”.
Commenting on the funding in a statement Lonne Jaffe, MD at Insight Partners and also Tractable board director, said: “Tractable has achieved tremendous scale in the past year with a customer base across nine countries, a differentiated data asset, and the expansion of their team to over 100 employees across London, New York, and now Tokyo. We are excited to continue to invest in Tractable as the team brings its powerful AI technology to many more countries.”
Emily Walsh, principal at Georgian Partners, added that the startup’s “sophisticated approach to computer vision applied to accident recovery is resonating with the largest players globally, who are using the platform to make real-time, data-driven decisions while dramatically improving the customer experience”.
“We’re incredibly excited to partner with the Tractable team to help them move even faster on bringing the next wave of technological innovation to accident and disaster recovery across the world,” she added.
It’s worth noting that in the EU citizens have a right, under data protection law, to (human) review of algorithmic decisions if they a legal or similarly significant impact — and insurance would likely fall into that category.
EU policymakers also recently laid out a proposal to regulate certain “high risk” AI systems and said they intend to expand the bloc’s consumer protection rules by bringing in a testing and certification program for the data-sets that feed algorithms powering AI-driven services to support product safety.

Insurance platform Collective Benefits raises £3.3M to give gig economy workers a safety net

The famous phrase “software eats the world” was originally coined to describe how technology gradually replaces the old industrial norms of production. But few realized that when Uber started to ‘eat’ the taxi industry it would also be among the first harbingers of a new wave of what it meant to be ‘employed’. As similar ‘gig economy’ platforms start to eat the old relationship between employer and employee — where some semblance of ‘duty of care’ had developed — the gig platforms have yet to develop much caring for the gig-worker. And as these platforms gain power, do they really want this to look like the re-emergence of serfdom? Gig work is coming to an industry near you, whether we like it or not.
Ideally, we need a new model that can deal with income minimums, benefits, insurance, pensions, etc. which responds to the dynamic way the world of work is evolving.
Collective Benefits is a startup aimed at tackling this growing ‘protection gap’ created by the gig economy where so-called ‘self-employed’ workers must often go without basic benefits such as family leave and sick pay, not to mention mental health support and critical injury pay. 
The startup has today announced the closing of £3.3 million in Seed led by UK-based Stride.VC, alongside existing investors Delin Ventures, Insurtech Gateway and several angels from executives in Uber, Deliveroo, and Urban.
 
Collective Benefits has set out to build a tech platform that gives gig workers access to a full range of affordable, portable protections and benefits which they can carry around with them between the platforms they work on.
So instead of your benefits being tied to one employer, as is the current case, they can apply to any gig economy ‘employer’ someone works for.
It’s also working with a number of on-demand service platforms who are giving their workforces access to these benefits. The startup will use the funding to further its growth and offering for gig platforms. A consumer service aimed at freelancers will follow later this year.
Anthony Beilin, CEO and Co-Founder of Collective Benefits said in a statement: “There are six million self-employed workers in the UK, which includes both higher-paid freelancers and gig economy platform workers. Yet, neither group typically has a safety net – no holiday pay, no family leave, no mental health support, not even paid sick days. We are building Collective Benefits so that the gig economy workers are covered by the same protections typically reserved for full-time employees.”
The company provides a benefits platform for both gig economy platforms and self-employed freelancers (such as sick pay, family leave, and mental health support), but the platform is also designed to boost loyalty to the gig platforms amongst the workers, as well as reduce churn and talent acquisition costs.
Fred Destin, partner at Stride.VC Said: “We’re seeing services platforms gain unstoppable momentum in every segment of our lives, from rides to food delivery to freelancing. We need a new playbook. Collective Benefits addresses one of the core challenges in this brave new world of work, using technology to design and deliver a new type of safety net to all the participants in this fast-growing part of our economy.”
Robert Lumley, Director and Co-founder of Insurtech Gateway, said: “The insurance industry faces a massive challenge in keeping up with the extraordinary growth in self-employment. Collective Benefits has created entirely new insurance products for the self-employed not addressed by traditional insurers and accessible through a flexible tech platform that allows them to get the cover they need.”
The fact this startup has appeared just goes to show the market failure today due to the on-rush of new technology sprinting ahead of regulation. Some 96% of UK self-employed have no income protection, while 93% of UK self-employed have no health or critical illness cover. PWC estimates that self-employed will account for 20% of labour force by 2025.

VC firm Oxx says SaaS startups should avoid high-risk growth models

Oxx, a European venture capital firm co-founded by Richard Anton and Mikael Johnsson, this month announced the closing of its debut fund of $133 million to back “Europe’s most promising SaaS companies” at Series A and beyond.
Launched in 2017 and headquartered in London and Stockholm, Oxx pitches itself as one of only a few European funds focused solely on SaaS, and says it will invest broadly across software applications and infrastructure, highlighting five key themes: “data convergence & refinery,” “future of work,” “financial services infrastructure,” “user empowerment” and “sustainable business.”
However, its standout USP is that the firm says it wants to be a more patient form of capital than investors who have a rigid Silicon Valley SaaS mindset, which, it says, often places growth ahead of building long-lasting businesses.
I caught up with Oxx’s co-founders to dig deeper into their thinking, both with regards to the firm’s remit and investment thesis, and to learn more about the pair’s criticism of the prevailing venture capital model they say often pushes SaaS companies to prioritize “grow at all costs.”
TechCrunch: Oxx is described as a B2B software investor investing in SaaS companies across Europe from Series A and beyond. Can you be more specific regarding the size of check you write and the types of companies, geographies, technologies and business models you are focusing on?
Richard Anton: We will lead funding rounds anywhere in the range $5-20 million in SaaS companies. Some themes we’re especially excited about include data convergence and the refining and usage of data (think applications of machine learning, for example), the future of work, financial services infrastructure, end-user empowerment and sustainable business.

Google’s new T&Cs include a Brexit ‘easter egg’ for UK users

Google has buried a major change in legal jurisdiction for its UK users as part of a wider update to its terms and conditions that’s been announced today and which it says is intended to make its conditions of use clearer for all users.
It says the update to its T&Cs is the first major revision since 2012 — with Google saying it wanted to ensure the policy reflects its current products and applicable laws.
Google says it undertook a major review of the terms, similar to the revision of its privacy policy in 2018, when the EU’s General Data Protection Regulation started being applied. But while it claims the new T&Cs are easier for users to understand — rewritten using simpler language and a clearer structure — there are no other changes involved, such as to how it handles people’s data.
“We’ve updated our Terms of Service to make them easier for people around the world to read and understand — with clearer language, improved organization, and greater transparency about changes we make to our services and products. We’re not changing the way our products work, or how we collect or process data,” Google spokesperson Shannon Newberry said in a statement.
Users of Google products are being asked to review and accept the new terms before March 31 when they are due to take effect.
Reuters reported on the move late yesterday — citing sources familiar with the update who suggested the change of jurisdiction for UK users will weaken legal protections around their data.
However Google disputes there will be any change in privacy standards for UK users as a result of the shift. it told us there will be no change to how it process UK users’ data; no change to their privacy settings; and no change to the way it treats their information as a result of the move.
We asked the company for further comment on this — including why it chose not to make a UK subsidiary the legal base for UK users — and a spokesperson told us it is making the change as part of its preparations for the UK to leave the European Union (aka Brexit).
“Like many companies, we have to prepare for Brexit,” Google said. “Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”
Heather Burns, a tech policy specialist based in Glasgow, Scotland — who runs a website dedicated to tracking UK policy shifts around the Brexit process — also believes Google has essentially been forced to make the move because the UK government has recently signalled its intent to diverge from European Union standards in future, including on data protection.
“What has changed since January 31 has been [UK prime minister] Boris Johnson making a unilateral statement that the UK will go its own way on data protection, in direct contrast to everything the UK’s data protection regulator and government has said since the referendum,” she told us. “These bombastic, off-the-cuff statements play to his anti-EU base but businesses act on them. They have to.”
“Google’s transfer of UK accounts from the EU to the US is an indication that they do not believe the UK will either seek or receive a data protection adequacy agreement at the end of the transition period. They are choosing to deal with that headache now rather than later. We shouldn’t underestimate how strong a statement this is from the tech sector regarding its confidence in the Johnson premiership,” she added.
Asked whether she believes there will be a reduction in protections for UK users in future as a result of the shift Burns suggested that will largely depend on Google.
So — in other words — Brexit means, er, trust Google to look after your data.
“The European data protection framework is based around a set of fundamental user rights and controls over the uses of personal data — the everyday data flows to and from all of our accounts. Those fundamental rights have been transposed into UK domestic law through the Data Protection Act 2018, and they will stay, for now. But with the Johnson premiership clearly ready to jettison the European-derived system of user rights for the US-style anything goes model,” Burns suggested.
“Google saying there is no change to the way we process users’ data, no change to their privacy settings and no change to the way we treat their information can be taken as an indication that they stand willing to continue providing UK users with European-style rights over their data — albeit from a different jurisdiction — regardless of any government intention to erode the domestic legal basis for those rights.”
Reuters’ report also raises concerns about the impact of the Cloud Act agreement between the UK and the US — which is due to come into effect this summer — suggesting it will pose a threat to the safety of UK Google users’ data once it’s moved out of an EU jurisdiction (in this case Ireland) to the US where the Act will apply.
The Cloud Act is intended to make it quicker and easier for law enforcement to obtain data stored in the cloud by companies based in the other legal jurisdiction.
So in future, it might be easier for UK authorities to obtain UK Google users’ data using this legal instrument applied to Google US.
It certainly seems clear that as the UK moves away from EU standards as a result of Brexit it is opening up the possibility of the country replacing long-standing data protection rights for citizens with a regime of supercharged mass surveillance. (The UK government has already legislated to give its intelligence agencies unprecedented powers to snoop on ordinary citizens’ digital comms — so it has a proven appetite for bulk data.)
Again, Google told us the shift of legal base for its UK users will make no difference to how it handles law enforcement requests — a process it talks about here — and further claimed this will be true even when the Cloud Act applies. Which is a weasely way of saying it will do exactly what the law requires.
Google confirmed that GDPR will continue to apply for UK users during the transition period between the old and new terms. After that it said UK data protection law will continue to apply — emphasizing that this is modelled after the GDPR. But of course in the post-Brexit future the UK government might choose to model it after something very different.
Asked to confirm whether it’s committing to maintain current data standards for UK users in perpetuity, the company told us it cannot speculate as to what privacy laws the UK will adopt in the future…
We also asked why it hasn’t chosen to elect a UK subsidiary as the legal base for UK users. To which it gave a nonsensical response — saying this is because the UK is no longer in the EU. Which begs the question when did the UK suddenly become the 51st American State?
Returning to the wider T&Cs revision, Google said it’s making the changes in a response to litigation in the European Union targeted at its terms.
This includes a case in Germany where consumer rights groups successfully sued the tech giant over its use of overly broad terms which the court agreed last year were largely illegal.
In another case a year ago in France a court ordered Google to pay €30,000 for unfair terms — and ordered it to obtain valid consent from users for tracking their location and online activity.
Since at least 2016 the European Commission has also been pressuring tech giants, including Google, to fix consumer rights issues buried in their T&Cs — including unfair terms. A variety of EU laws apply in this area.
In another change being bundled with the new T&Cs Google has added a description about how its business works to the About Google page — where it explains its business model and how it makes money.
Here, among the usual ‘dead cat’ claims about not ‘selling your information’ (tl;dr adtech giants rent attention; they don’t need to sell actual surveillance dossiers), Google writes that it doesn’t use “your emails, documents, photos or confidential information (such as race, religion or sexual orientation) to personalize the ads we show you”.
Though it could be using all that personal stuff to help it build new products it can serve ads alongside.
Even further towards the end of its business model screed it includes the claim that “if you don’t want to see personalized ads of any kind, you can deactivate them at any time”. So, yes, buried somewhere in Google’s labyrinthine setting exists an opt out.
The change in how Google articulates its business model comes in response to growing political and regulatory scrutiny of adtech business models such as Google’s — including on data protection and antitrust grounds.

HungryPanda, a food delivery app for Chinese communities, raises $20 million

HungryPanda, a food delivery service for Chinese communities in cities around the world, announced today it has raised $20 million in funding. The round was led by investors 83North and Felix Capital and will be used on hiring, product development and global expansion, particularly in the United States. The startup, which did not disclose its current valuation, said its goal is to reach an annual run rate of $200 million by May.
Founded in the United Kingdom, where its service first launched in Nottingham, HungryPanda is now available in 31 cities in the U.K., Italy, France, Australia, New Zealand and the U.S.
Food delivery is a competitive space with tight margins, but HungryPanda is carving out its own niche, and differentiating from competitors like UberEats, Deliveroo and FoodPanda, by tailoring its platform for Chinese-language users, including business owners, and focusing on Chinese food and grocery deliveries. It also accepts payment services like Alipay and WeChat Pay, and uses WeChat for marketing.
Chinese communities around the world present a major market opportunity and HungryPanda says its operations in the United Kingdom and New York City are already profitable. According to a U.S. Census Bureau report published last year, the Chinese diaspora around the world ranges from about 10 million, when counting people born in China, to about 45 million under a wider definition that also includes second-generation immigrants and other groups.
In a press statement, HungryPanda CEO Eric Liu said “we are delighted to secure the backing of 83North and Felix Capital to bring our unique service to more people in more places. Their unrivaled industry investment experience, coupled with our ability to focus on the precise needs of our customers and launch in every new city within a two-week window, means we are in an ideal position to significantly scale to the business to meet the huge level of demand created by Chinese cuisine.”
Both 83North and Felix Capital already have other food delivery startups in their portfolios. 83North is an investor and Just Eat and Helsinki-based Wolt, while Felix Capital has backed Deliveroo and Frichti, a French startup that makes all its meals in-house.

Lack of big tech GDPR decisions looms large in EU watchdog’s annual report

The lead European Union privacy regulator for most of big tech has put out its annual report which shows another major bump in complaints filed under the bloc’s updated data protection framework, underlining the ongoing appetite EU citizens have for applying their rights.
But what the report doesn’t show is any firm enforcement of EU data protection rules vis-a-vis big tech.
The report leans heavily on stats to illustrate the volume of work piling up on desks in Dublin. But it’s light on decisions on highly anticipated cross-border cases involving tech giants including Apple, Facebook, Google, LinkedIn and Twitter.
The General Data Protection Regulation (GDPR) began being applied across the EU in May 2018 — so is fast approaching its second birthday. Yet its file of enforcements where tech giants are concerned remains very light — even for companies with a global reputation for ripping away people’s privacy.
This despite Ireland having a large number of open cross-border investigations into the data practices of platform and adtech giants — some of which originated from complaints filed right at the moment GDPR came into force.
In the report the Irish Data Protection Commission (DPC) notes it opened a further six statutory inquiries in relation to “multinational technology companies’ compliance with the GDPR” — bringing the total number of major probes to 21. So its ‘big case’ file continues to stack up. (It’s added at least two more since then, with a probe of Tinder and another into Google’s location tracking opened just this month.)
The report is a lot less keen to trumpet the fact that decisions on cross-border cases to date remains a big fat zero.
Though, just last week, the DPC made a point of publicly raising “concerns” about Facebook’s approach to assessing the data protection impacts of a forthcoming product in light of GDPR requirements to do so — an intervention that resulted in a delay to the regional launch of Facebook’s Dating product.
This discrepancy (cross-border cases: 21 – Irish DPC decisions: 0), plus rising anger from civil rights groups, privacy experts, consumer protection organizations and ordinary EU citizens over the paucity of flagship enforcement around key privacy complaints is clearly piling pressure on the regulator. (Other examples of big tech GDPR enforcement do exist. Well, France’s CNIL is one.)
In its defence the DPC does have a horrifying case load. As illustrated by other stats its keen to spotlight — such as saying it received a total of 7,215 complaints in 2019; a 75% increase on the total number (4,113) received in 2018. A full 6,904 of which were dealt with under the GDPR (while 311 complaints were filed under the Data Protection Acts 1988 and 2003).
There were also 6,069 data security breaches notified to it, per the report — representing a 71% increase on the total number (3,542) recorded last year.
While a full 457 cross-border processing complaints were received in Dublin via the GDPR’s One-Stop-Shop mechanism. (This is the device the Commission came up with for the ‘lead regulator’ approach that’s baked into GDPR and which has landed Ireland in the regulatory hot seat. tl;dr other data protection agencies are passing Dublin A LOT of paperwork.)
The DPC necessarily has to do back and forth on cross border cases, as it liaises with other interested regulators. All of which, you can imagine, creates a rich opportunity for lawyered up tech giants to inject extra friction into the oversight process — by asking to review and query everything. [Insert the sound of a can being hoofed down the road]
Meanwhile the agency that’s supposed to regulate most of big tech (and plenty else) — which writes in the annual report that it increased its full time staff from 110 to 140 last year — did not get all the funding it asked for from the Irish government.
So it also has the hard cap of its own budget to reckon with (just €15.3M in 2019) vs — for example — Google’s parent Alphabet’s $46.1BN in full year 2019 revenue. So, er, do the math.
Nonetheless the pressure is firmly now on Ireland for major GDPR enforcements to flow.
One year of major enforcement inaction could be filed under ‘bedding in’; but two years in without any major decisions would not be a good look. (It has previously said the first decisions will come early this year — so seems to be hoping to have something to show for GDPR’s 2nd birthday.)
Some of the high profile complaints crying out for regulatory action include behavioral ads serviced via real-time bidding programmatic advertising (which the UK data watchdog has admitted for half a year is rampantly unlawful); cookie consent banners (which remain a Swiss Cheese of non-compliance); and adtech platforms cynically forcing consent from users by requiring they agree to being microtargeted with ads to access the (‘free’) service. (Thing is GDPR stipulates that consent as a legal basis must be freely given and can’t be bundled with other stuff, so… )
Full disclosure: TechCrunch’s parent company, Verizon Media (née Oath), is also under ongoing investigation by the DPC — which is looking at whether it meets GDPR’s transparency requirements under Articles 12-14 of the regulation.
Seeking to put a positive spin on 2019’s total lack of a big tech privacy reckoning, commissioner Helen Dixon writes in the report: “2020 is going to be an important year. We await the judgment of the CJEU in the SCCs data transfer case; the first draft decisions on big tech investigations will be brought by the DPC through the consultation process with other EU data protection authorities, and academics and the media will continue the outstanding work they are doing in shining a spotlight on poor personal data practices.”
In further remarks to the media Dixon said: “At the Data Protection Commission, we have been busy during 2019 issuing guidance to organisations, resolving individuals’ complaints, progressing larger-scale investigations, reviewing data breaches, exercising our corrective powers, cooperating with our EU and global counterparts and engaging in litigation to ensure a definitive approach to the application of the law in certain areas.
“Much more remains to be done in terms of both guiding on proportionate and correct application of this principles-based law and enforcing the law as appropriate. But a good start is half the battle and the DPC is pleased at the foundations that have been laid in 2019. We are already expanding our team of 140 to meet the demands of 2020 and beyond.”
One notable date this year also falls when GDPR turns two — because a Commission review of how the regulation is functioning is looming in May.
That’s one deadline that may help to concentrate minds on issuing decisions.
Per the DPC report, the largest category of complaints it received last year fell under ‘access request’ issues — whereby data controllers are failing to give up (all) people’s data when asked — which amounted to 29% of the total; followed by disclosure (19%); fair processing (16%); e-marketing complaints (8%); and right to erasure (5%).

On the security front, the vast bulk of notifications received by the DPC related to unauthorised disclosure of data (aka breaches) — with a total across the private and public sector of 5,188 vs just 108 for hacking (though the second largest category was actually lost or stolen paper, with 345).
There were also 161 notification of phishing; 131 notification of unauthorized access; 24 notifications of malware; and 17 of ransomeware.

Noom competitor OurPath rebrands as Second Nature, raises $10M Series A

Back in 2018 OurPath emerged as a startup in the UK tackling the problem of diabetes. The company helped customers tackle the disease, and raised a $3m round of funding by combining advice from health experts with tracking technology via a smartphone app to help people build healthy habits and lose weight.
Now rebranded as Second Nature, it’s raised a fresh $10m in Series A funding.
New investors include Uniqa Ventures, the venture capital fund of Uniqa, a European insurance group, and the founders of mySugr, the digital diabetes management platform which was acquired by health giant Roche .
The round also secured the backing of existing investors including Connect and Speedinvest, two European seed funds, and Bethnal Green Ventures, the early-stage Impact investor, as well as angels including Taavet Hinrikus, founder of Transferwise.
This new injection takes the total investment in the company to $13m.
Competitors to the company include Weight Watchers and Noom, which provides a similar program and has raised $114.7M.
Second Nature claims to have a different, more intensive and personalized, approach to create habit change. The startup claims 10,000 of its participants revealed an average weight loss of 5.9kg at the 12-week mark. Separate peer-reviewed scientific data published by the company showed that much of this weight-loss is sustained at the 6-month and 12-month mark
Under its former guise as OurPath, the startup was the first ‘lifestyle change program’ to be commissioned by the NHS for diabetes management.
Second Nature was founded in 2015 by Chris Edson and Mike Gibbs, former healthcare strategy consultants, who designed the program to provide people with personalized support in order to make lifestyle changes.
Participants receive a set of ‘smart’ scales and an activity tracker that links with the app, allowing them to track their weight loss progress and daily step count. They are placed in a peer support group of 15 people starting simultaneously. Each group is coached by a qualified dietitian or nutritionist, who provides participants with daily 1:1 advice, support and motivation to via the app. Throughout the 12-week program, people have access to healthy recipes and daily articles covering topics like meal planning, how to sleep better, and overcoming emotional eating.
Gibbs said: “Our goal as Second Nature is to solve obesity. We need to rise above the confusing health misinformation to provide clarity about what’s really important: changing habits. Our new brand and investment will help us realize that.”
Philip Edmondson-Jones, Investment Manager at Beringea, who led the investment and joins the Board of Directors of Second Nature said: “Healthcare systems are struggling to cope with spiraling rates of obesity and associated illnesses, which are projected to cost the global economy $1.2tn annually by 2025. Second Nature’s pioneering approach to lifestyle change empowers people to address these conditions.”

UK names its pick for social media ‘harms’ watchdog

The UK government has taken the next step in its grand policymaking challenge to tame the worst excesses of social media by regulating a broad range of online harms — naming the existing communications watchdog, Ofcom, as its preferred pick for enforcing rules around ‘harmful speech’ on platforms such as Facebook, Snapchat and TikTok in future.
Last April the previous Conservative-led government laid out populist but controversial proposals to legislate to lay a duty of care on Internet platforms — responding to growing public concern about the types of content kids are being exposed to online.
Its white paper covers a broad range of online content — from terrorism, violence and hate speech, to child exploitation, self-harm/suicide, cyber bullying, disinformation and age-inappropriate material — with the government setting out a plan to require platforms to take “reasonable” steps to protect their users from a range of harms.
However digital and civil rights campaigners warn the plan will have a huge impact on online speech and privacy, arguing it will put a legal requirement on platforms to closely monitor all users and apply speech-chilling filtering technologies on uploads in order to comply with very broadly defined concepts of harm — dubbing it state censorship. Legal experts are also critical.

Further, it requires social media companies to *prevent* ‘harmful’ (undefined) speech going online in the first place; & prevent ‘inappropriate’ (undefined) content recommendations.
So expect state-sponsored upload filters, recommendation systems & mass surveillance.
— Big Brother Watch (@BigBrotherWatch) February 12, 2020

The (now) Conservative majority government has nonetheless said it remains committed to the legislation.
Today it responded to some of the concerns being raised about the plan’s impact on freedom of expression, publishing a partial response to the public consultation on the Online Harms White Paper, although a draft bill remains pending, with no timeline confirmed.
“Safeguards for freedom of expression have been built in throughout the framework,” the government writes in an executive summary. “Rather than requiring the removal of specific pieces of legal content, regulation will focus on the wider systems and processes that platforms have in place to deal with online harms, while maintaining a proportionate and risk-based approach.”
It says it’s planning to set a different bar for content deemed illegal vs content that has “potential to cause harm”, with the heaviest content removal requirements being planned for terrorist and child sexual exploitation content. Whereas companies will not be forced to remove “specific pieces of legal content”, as the government puts it.
Ofcom, as the online harms regulator, will also not be investigating or adjudicating on “individual complaints”.
“The new regulatory framework will instead require companies, where relevant, to explicitly state what content and behaviour they deem to be acceptable on their sites and enforce this consistently and transparently. All companies in scope will need to ensure a higher level of protection for children, and take reasonable steps to protect them from inappropriate or harmful content,” it writes.
“Companies will be able to decide what type of legal content or behaviour is acceptable on their services, but must take reasonable steps to protect children from harm. They will need to set this out in clear and accessible terms and conditions and enforce these effectively, consistently and transparently. The proposed approach will improve transparency for users about which content is and is not acceptable on different platforms, and will enhance users’ ability to challenge removal of content where this occurs.”
Another requirement will be that companies have “effective and proportionate user redress mechanisms” — enabling users to report harmful content and challenge content takedown “where necessary”.
“This will give users clearer, more effective and more accessible avenues to question content takedown, which is an important safeguard for the right to freedom of expression,” the government suggests, adding that: “These processes will need to be transparent, in line with terms and conditions, and consistently applied.”
Ministers say they have not yet made a decision on what kind of liability senior management of covered businesses may face under the planned law, nor on additional business disruption measures — with the government saying it will set out its final policy position in the Spring.
“We recognise the importance of the regulator having a range of enforcement powers that it uses in a fair, proportionate and transparent way. It is equally essential that company executives are sufficiently incentivised to take online safety seriously and that the regulator can take action when they fail to do so,” it writes.
It’s also not clear how businesses will be assessed as being in (or out of) scope of the regulation.
“Just because a business has a social media page that does not bring it in scope of regulation,” the government response notes. “To be in scope, a business would have to operate its own website with the functionality to enable sharing of user-generated content, or user interactions. We will introduce this legislation proportionately, minimising the regulatory burden on small businesses. Most small businesses where there is a lower risk of harm occurring will not have to make disproportionately burdensome changes to their service to be compliant with the proposed regulation.”
The government is clear in the response that Online harms remains “a key legislative priority”.
“We have a comprehensive programme of work planned to ensure that we keep momentum until legislation is introduced as soon as parliamentary time allows,” it writes, describing today’s response report “an iterative step as we consider how best to approach this complex and important issue” — and adding: “We will continue to engage closely with industry and civil society as we finalise the remaining policy.”
Incoming in the meanwhile the government says it’s working on a package of measures “to ensure progress now on online safety” — including interim codes of practice, including guidance for companies on tackling terrorist and child sexual abuse and exploitation content online; an annual government transparency report, which it says it will publish “in the next few months”; and a media literacy strategy, to support public awareness of online security and privacy.
It adds that it expects social media platforms to “take action now to tackle harmful content or activity on their services” — ahead of the more formal requirements coming in.
Facebook-owned Instagram has come in for high level pressure from ministers over how it handles content promoting self-harm and suicide after the media picked up on a campaign by the family of a schoolgirl who killed herself after been exposed to Instagram content encouraging self-harm.
Instagram subsequently announced changes to its policies for handling content that encourages or depicts self harm/suicide — saying it would limit how it could be accessed. This later morphed into a ban on some of this content.
The government said today that companies offering online services that involve user generated content or user interactions are expected to make use of what it dubs “a proportionate range of tools” — including age assurance, and age verification technologies — to prevent kids from accessing age-inappropriate content and “protect them from other harms”.
This is also the piece of the planned legislation intended to pick up the baton of the Digital Economy Act’s porn block proposals — which the government dropped last year, saying it would bake equivalent measures into the forthcoming Online Harms legislation.
The Home Office has been consulting with social media companies on devising robust age verification technologies for many months.
In its own response statement today, Ofcom — which would be responsible for policy detail under the current proposals — said it will work with the government to ensure “any regulation provides effective protection for people online”, and, pending appointment, “consider what we can do before legislation is passed”.

Ofcom responds to the Government’s announcement on online harms regulation: https://t.co/DTfMJkgIVU pic.twitter.com/Qgop0xcIcw
— Ofcom (@Ofcom) February 12, 2020

The Online Harms plan is not the online Internet-related work ongoing in Whitehall, with ministers noting that: “Work on electoral integrity and related online transparency issues is being taken forward as part of the Defending Democracy programme together with the Cabinet Office.”
Back in 2018 a UK parliamentary committee called for a levy on social media platforms to fund digital literacy programs to combat online disinformation and defend democratic processes, during an enquiry into the use of social media for digital campaigning. However the UK government has been slower to act on this front.
The former chair of the DCMS committee, Damian Collins, called today for any future social media regulator to have “real powers in law” — including the ability to “investigate and apply sanctions to companies which fail to meet their obligations”.
In the DCMS committee’s final report parliamentarians called for Facebook’s business to be investigated, raising competition and privacy concerns.

Hyundai taps EV startup Canoo to develop electric vehicles

Hyundai Motor Group said it will jointly develop an electric vehicle platform with Los Angeles-based startup Canoo, the latest startup tapped by the automaker as part of an $87 billion push to invest in electrification and other future technologies.
The electric vehicle platform will be based on Canoo’s proprietary skateboard design, according to the agreement that was announced Tuesday. The platform will be used for future Hyundai and Kia electric vehicles as well as the automaker group’s so-called “purpose built vehicles.” The PBV, which Hyundai showcased last month at CES 2020, is a pod-like vehicle that the company says can be used for various functions in transit, such as a restaurant or clinic. The concept is similar to Toyota’s e-Palette vehicle, which can theoretically be customized to serve as a retail shop, restaurant or shuttle for people.
The partnership with Canoo is the latest example of Hyundai Motor ramping up efforts and investments into electrification, autonomous technology and other futuristic mobility trends, including flying cars. Earlier this month, Hyundai said it would invest $110 million in UK startup Arrival and jointly develop electric commercial vehicles.
Hyundai Motor Group has committed to invest $87 billion over the next five years. Of this total group commitment, Hyundai will invest $52 billion into “future technologies” and Kia will put $25 billion towards electrification and future mobility technologies. The company says its goal is for “eco-friendly vehicles” to comprise 25% of its total sales by 2025.
Canoo said it will provide engineering services to develop the electric platform.

Canoo started as Evelozcity in 2017 by two former Faraday Future executives Stefan Krause and Ulrich Kranz. The company rebranded as Canoo in spring 2019 and debuted its first vehicle last September. The first Canoo vehicles are expected to appear on the road by 2021 and will be offered only as a subscription. Canoo company recently opened the waitlist for its first vehicle.
The heart of Canoo’s first vehicle, which looks more like a microbus than a traditional electric SUV, is the “skateboard” architecture that houses the batteries and the electric drivetrain in a chassis underneath the vehicle’s cabin. It’s this Canoo architecture that Hyundai Motor Group is interested.
Hyundai Motor Group is counting on this underlying architecture to help the company reduce the cost and complexity of production and allow for it to respond quickly to changing market demands and customer preferences.
“We were highly impressed by the speed and efficiency in which Canoo developed their innovative EV architecture, making them the perfect engineering partner for us as we transition to become a frontrunner in the future mobility industry,” Albert Biermann, head of R&D at Hyundai Motor Group, said in a statement. “We will collaborate with Canoo engineers to develop a cost-effective Hyundai platform concept that is autonomous ready and suitable for mass adoption.”

UK public sector failing to be open about its use of AI, review finds

A report into the use of artificial intelligence by the UK’s public sector has warned that the government is failing to be open about automated decision-making technologies which have the potential to significantly impact citizens’ lives.
Ministers have been especially bullish on injecting new technologies into the delivery of taxpayer funded healthcare — with health minister Matt Hancock setting out a tech-fuelled vision of “preventative, predictive and personalised care” in 2018, calling for a root and branch digital transformation of the National Health Service (NHS) to support piping patient data to a new generation of “healthtech” apps and services.
He has also personally championed a chatbot startup, Babylon Health, that’s using AI for healthcare triage — and which is now selling a service in to the NHS.
Policing is another area where AI is being accelerated into UK public service delivery, with a number of police forces trialing facial recognition technology — and London’s Met Police switching over to a live deployment of the AI technology just last month.
However the rush by cash-strapped public services to tap AI ‘efficiencies’ risks glossing over a range of ethical concerns about the design and implementation of such automated systems, from fears about embedding bias and discrimination into service delivery and scaling harmful outcomes to questions of consent around access to the data-sets being used to build AI models and human agency over automated outcomes, to name a few of the associated concerns — all of which require transparency into AIs if there’s to be accountability over automated outcomes.
The role of commercial companies in providing AI services to the public sector also raises additional ethical and legal questions.
Only last week, a court in the Netherlands highlighted the risks for governments of rushing to bake AI into legislation after it ruled an algorithmic risk-scoring system implemented by the Dutch government to assess the likelihood that social security claimants will commit benefits or tax fraud breached their human rights.
The court objected to a lack of transparency about how the system functions, as well as the associated lack of controllability — ordering an immediate halt to its use.
The UK parliamentary committee which reviews standards in public life has today sounded a similar warning — publishing a series of recommendations for public sector use of AI and warning that the technology challenges three key principles of service delivery: Openness, accountability, and objectivity.
“Under the principle of openness, a current lack of information about government use of AI risks undermining transparency,” it writes in an executive summary.
“Under the principle of accountability, there are three risks: AI may obscure the chain of organisational accountability; undermine the attribution of responsibility for key decisions made by public officials; and inhibit public officials from providing meaningful explanations for decisions reached by AI. Under the principle of objectivity, the prevalence of data bias risks embedding and amplifying discrimination in everyday public sector practice.”
“This review found that the government is failing on openness,” it goes on, asserting that: “Public sector organisations are not sufficiently transparent about their use of AI and it is too difficult to find out where machine learning is currently being used in government.”
In 2018 the UN’s special rapporteur on extreme poverty and human rights raised concerns about the UK’s rush to apply digital technologies and data tools to socially re-engineer the delivery of public services at scale — warning then that the impact of a digital welfare state on vulnerable people would be “immense”, and calling for stronger laws and enforcement of a rights-based legal framework to ensure the use of technologies like AI for public service provision does not end up harming people.
Per the committee’s assessment it is “too early to judge if public sector bodies are successfully upholding accountability”.
Parliamentarians also suggest that “fears over ‘black box’ AI… may be overstated” — and rather dub “explainable AI” a “realistic goal for the public sector”.
On objectivity, they write that data bias is “an issue of serious concern, and further work is needed on measuring and mitigating the impact of bias”.
The use of AI in the UK public sector remains limited at this stage, according to the committee’s review, with healthcare and policing currently having the most developed AI programmes — where the tech is being used to identify eye disease and predict reoffending rates, for example.
“Most examples the Committee saw of AI in the public sector were still under development or at a proof-of-concept stage,” the committee writes, further noting that the Judiciary, the Department for Transport and the Home Office are “examining how AI can increase efficiency in service delivery”.
It also heard evidence that local government is working on incorporating AI systems in areas such as education, welfare and social care — noting the example of Hampshire County Council trialling the use of Amazon Echo smart speakers in the homes of adults receiving social care as a tool to bridge the gap between visits from professional carers. And points to a Guardian article which reported that one-third of UK councils use algorithmic systems to make welfare decisions.
But the committee suggests there are still “significant” obstacles to what they describe as “widespread and successful” adoption of AI systems by the UK public sector.
“Public policy experts frequently told this review that access to the right quantity of clean, good-quality data is limited, and that trial systems are not yet ready to be put into operation,” it writes. “It is our impression that many public bodies are still focusing on early-stage digitalisation of services, rather than more ambitious AI projects.”
The report also suggests that the lack of a clear standards framework means many organisations may not feel confident in deploying AI yet.
“While standards and regulation are often seen as barriers to innovation, the Committee believes that implementing clear ethical standards around AI may accelerate rather than delay adoption, by building trust in new technologies among public officials and service users,” it suggests.
Among 15 recommendations set out in the report is a call for a clear legal basis to be articulated for the use of AI by the public sector. “All public sector organisations should publish a statement on how their use of AI complies with relevant laws and regulations before they are deployed in public service delivery,” the committee writes.
Another recommendation is for clarity over which ethical principles and guidance applies to public sector use of AI — with the committee noting there are three sets of principles that could apply to the public sector which is generating confusion.
“The public needs to understand the high level ethical principles that govern the use of AI in the public sector. The government should identify, endorse and promote these principles and outline the purpose, scope of application and respective standing of each of the three sets currently in use,” it recommends.
It also wants the Equality and Human Rights Commission to develop guidance on data bias and anti-discrimination to ensure public sector bodies’ use of AI complies with the UK Equality Act 2010.
The committee is not recommending a new regulator should be created to oversee AI — but does call on existing oversight bodies to act swiftly to keep up with the pace of change being driven by automation.
It also advocates for a regulatory assurance body to identify gaps in the regulatory landscape and provide advice to individual regulators and government on the issues associated with AI — supporting the government’s intention for the Centre for Data Ethics and Innovation (CDEI), which was announced in 2017, to perform this role. (A recent report by the CDEI recommended tighter controls on how platform giants can use ad targeting and content personalization.)
Another recommendation is around procurement, with the committee urging the government to use its purchasing power to set requirements that “ensure that private companies developing AI solutions for the public sector appropriately address public standards”.
“This should be achieved by ensuring provisions for ethical standards are considered early in the procurement process and explicitly written into tenders and contractual arrangements,” it suggests.
Responding to the report in a statement, shadow digital minister Chi Onwurah MP accused the government of “driving blind, with no control over who is in the AI driving seat”.
“This serious report sadly confirms what we know to be the case — that the Conservative Government is failing on openness and transparency when it comes to the use of AI in the public sector,” she said. “The Government is driving blind, with no control over who is in the AI driving seat. The Government urgently needs to get a grip before the potential for unintended consequences gets out of control.
“Last year, I argued in parliament that Government should not accept further AI algorithms in decision making processes without introducing further regulation. I will continue to push the Government to go further in sharing information on how AI is currently being used at all level of Government. As this report shows, there is an urgent need for practical guidance and enforceable regulation that works. It’s time for action.”

Index Fund’s portfolio is driving long-overdue innovation in femcare

U.K. startup Daye is rethinking female intimate care from a woman’s perspective, starting with a tampon infused with cannabidiol that tackles period pain.
It’s also quietly demolishing the retrograde approach to product design that women are still subjected to in the mass market “femcare” space — an anti-philosophy that not only peddles stale and sexist stereotypes, but also can harm women’s bodies.
Those perfumed sanitary pads stinking out the supermarket shelf? Whomever came up with that idea has obviously never experienced thrush or bacterial vaginosis. Nor spoken to a health professional who could have told them vaginal infections can be triggered by perfumed products.
The missing link: There are few people with a vagina in positions leading product strategy. And that’s the disruptive opportunity female-led femcare businesses like Daye are closing in on.
The Index Ventures-backed startup is shaking up a tired category by selling the flip-side: thoughtfully designed products for period care that first do no harm and second take aim at actual problems women have — starting with dysmenorrhea. The overarching strand is building community — to help women better understand what’s going on with their bodies and reinforce shifting product expectations in the process.
We chatted with Index principal Hannah Seal about the fund’s investment in Daye, and to get her thoughts more broadly on a new generation of female-focused startups that are driving long-overdue innovation.
The interview has been edited for length and clarity.

Facebook’s use of Onavo spyware faces questions in EU antitrust probe — report

Facebook’s use of the Onavo spyware VPN app it acquired in 2013 — and used to inform its 2014 purchase of the then rival WhatsApp messaging platform — is on the radar of Europe’s antitrust regulator, per a report in the Wall Street Journal.
The newspaper reports that the Commission has requested a large volume of internal documents as part of a preliminary investigation into Facebook’s data practices which was announced in December.
The WSJ cites people familiar with the matter who told it the regulator’s enquiry is focused on allegations Facebook sought to identify and crush potential rivals and thereby stifle competition by leveraging its access to user data.
Facebook announced it was shutting down Onavo a year ago — in the face of rising controversial about its use of the VPN tool as a data-gathering business intelligence dragnet that’s both hostile to user privacy and raises major questions about anti-competitive practices.
As recently as 2018 Facebook was still actively pushing Onavo at users of its main social networking app — marketing it under a ‘Protect’ banner intended to convince users that the tool would help them protect their information.
In fact the VPN allowed Facebook to monitor their activity across third party apps — enabling the tech giant to spot emerging trends across the larger mobile ecosystem. (So, as we’ve said before, ‘Protect Facebook’s business’ would have been a more accurate label for the tool.)
By the end of 2018 further details about how Facebook had used Onavo as a key intelligence lever in major acquisitions emerged when a UK parliamentary committee obtained a cache of internal documents related to a US court case brought by a third party developer which filed suit alleging unfair treatment on its app platform.
UK parliamentarians concluded that Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, apparently without their knowledge — using the intel to assess not just how many people had downloaded apps but how often they used them, which in turn helped the tech giant to decide which companies to acquire and which to treat as a threat.
The parliamentary committee went on to call for competition and data protection authorities to investigate Facebook’s business practices.
So it’s not surprising that Europe’s competition commission should also be digging into how Facebook used Onavo. The Commission also been reviewing changes Facebook made to its developer APIs which affected what information it made available, per the WSJ’s sources.
Internal documents published by the UK parliament also highlighted developer access issues — such as Facebook’s practice of whitelisting certain favored developers’ access to user data, raising questions about user consent to the sharing of their data — as well as fairness vis-a-vis non-whitelisted developers.
According to the newspaper’s report the regulator has requested a wide array of internal Facebook documents as part of its preliminary investigation, including emails, chat logs and presentations. It says Facebook’s lawyers have pushed back — seeking to narrow the discovery process by arguing that the request for info is so broad it would produce millions of documents and could reveal Facebook employees’ personal data.
Some of the WSJ’s sources also told it the Commission has withdrawn the original order and intends to issue a narrower request.
We’ve reached out to Facebook and the competition regulator for comment.
Back in 2017 the European Commission fined Facebook $122M for providing incorrect or misleading information at the time of the WhatsApp acquisition. Facebook had given regulator assurances that user accounts could not be linked across the two services — which cleared the way for it to be allowed to acquire WhatsApp — only for the company to u-turn in 2016 by saying it would be linking user data.
In addition to investigating Facebook’s data practices over potential antitrust concerns, the EU’s competition regulator is also looking into Google’s data practices — announcing a preliminary probe in December.

Blackbox welfare fraud detection system breaches human rights, Dutch court rules

An algorithmic risk scoring system deployed by the Dutch state to try to predict the likelihood that social security claimants will commit benefits or tax fraud breaches human rights law, a court in the Netherlands has ruled.
The Dutch government’s System Risk Indication (SyRI) legislation uses a non-disclosed algorithmic risk model to profile citizens and has been exclusively targeted at neighborhoods with mostly low-income and minority residents. Human rights campaigners have dubbed it a ‘welfare surveillance state’.
A number of civil society organizations in the Netherlands and two citizens instigated the legal action against SyRI — seeking to block its use. The court has today ordered an immediate halt to the use of the system.
The ruling is being hailed as a landmark judgement by human rights campaigners, with the court basing its reasoning on European human rights law — specifically the right to a private life that’s set out by Article 8 of the European Convention on Human Rights (ECHR) — rather than a dedicated provision in the EU’s data protection framework (GDPR) which relates to automated processing.
GDPR’s Article 22 includes the right for individuals not to be subject to solely automated individual decision-making where they can produce significant legal effects. But there can be some fuzziness around whether this applies if there’s a human somewhere in the loop, such as to review a decision on objection.
In this instance the court has sidestepped such questions by finding SyRI directly interferes with rights set out in the ECHR.
Specifically, the court found that the SyRI legislation fails a balancing test in Article 8 of the ECHR which requires that any social interest to be weighed against the violation of individuals’ private life — with a fair and reasonable balance being required.
In its current form the automated risk assessment system failed this test, in the court’s view.
Legal experts suggest the decision sets some clear limits on how the public sector in the UK can make use of AI tools — with the court objecting in particular to the lack of transparency about how the algorithmic risk scoring system functioned.
In a press release about the judgement (translated to English using Google Translate) the court writes that the use of SyRI is “insufficiently clear and controllable”. While, per Human Rights Watch, the Dutch government refused during the hearing to disclose “meaningful information” about how SyRI uses personal data to draw inferences about possible fraud.
The court clearly took a dim view of the state trying to circumvent scrutiny of human rights risk by pointing to an algorithmic ‘blackbox’ and shrugging.

The Court’s reasoning doesn’t imply there should be full disclosure, but it clearly expects much more robust information on the way (objective criteria) that the model and scores were developed and the way in which particular risks for individuals were addressed.
— Joris van Hoboken (@jorisvanhoboken) February 6, 2020

The UN special rapporteur on extreme poverty and human rights, Philip Alston — who intervened in the case by providing the court with a human rights analysis — welcomed the judgement, describing it as “a clear victory for all those who are justifiably concerned about the serious threats digital welfare systems pose for human rights”.
“This decision sets a strong legal precedent for other courts to follow. This is one of the first times a court anywhere has stopped the use of digital technologies and abundant digital information by welfare authorities on human rights grounds,” he added in a press statement.
Back in 2018 Alston warned that the UK government’s rush to apply digital technologies and data tools to socially re-engineer the delivery of public services at scale risked having an immense impact on the human rights of the most vulnerable.
So the decision by the Dutch court could have some near-term implications for UK policy in this area.
The judgement does not shut the door on the use by states of automated profiling systems entirely — but does make it clear that in Europe human rights law must be central to the design and implementation of rights risking tools.
It also comes at a key time when EU policymakers are working on a framework to regulate artificial intelligence — with the Commission pledging to devise rules that ensure AI technologies are applied ethically and in a human-centric way.
It remains to be seen whether the Commission will push for pan-EU limits on specific public sector uses of AI — such as for social security assessments. A recent leaked draft of a white paper on AI regulation suggests it’s leaning towards risk-assessments and a patchwork of risk-based rules. 

UK Council websites are letting citizens be profiled for ads, study shows

On the same day that a data ethics advisor to the UK government has urged action to regulate online targeting a study conducted by pro-privacy browser Brave has highlighted how Brits are being profiled by the behavioral ad industry when they visit their local Council’s website — perhaps seeking info on local services or guidance about benefits including potentially sensitive information related to addiction services or disabilities.
Brave found that nearly all UK Councils permit at least one company to learn about the behavior of people visiting their sites, finding that a full 409 Councils exposed some visitor data to private companies.
While many large councils (serving 300,000+ people) were found exposing site visitors to what Brave describes as “extensive tracking and data collection by private companies” — with the worst offenders, London’s Enfield and Sheffield City Councils, exposing visitors to 25 data collectors apiece.
Brave argues the findings represent a conservative illustration of how much commercial tracking and profiling of visitors is going on on public sector websites — a floor, rather than a ceiling — given it was only studying landing pages of Council sites without any user interaction, and could only pick up known trackers (nor could the study look at how data is passed between tracking and data brokering companies).
Nor is the first such study to warn that public sector websites are infested with for-profit adtech. A report last year by Cookiebot found users of public sector and government websites in the EU being tracked when they performed health-related searches — including queries related to HIV, mental health, pregnancy, alcoholism and cancer.
Brave’s study — which was carried out using the webxray tool — found that almost all (98%) of the Councils used Google systems, with the report noting that the tech giant owns all five of the top embedded elements loaded by Council websites, which it suggests gives the company a god-like view of how UK citizens are interacting with their local authorities online.
The analysis also found 198 of the Council websites use the real-time bidding (RTB) form of programmatic online advertising. This is notable because RTB is the subject of a number of data protection complaints across the European Union — including in the UK, where the Information Commissioner’s Office (ICO) itself has been warning the adtech industry for more than half a year that its current processes are in breach of data protection laws.
However the UK watchdog has preferred to bark softly in the industry’s general direction over its RTB problem, instead of taking any enforcement action — a response that’s been dubbed “disastrous” by privacy campaigners.
One of the smaller RTB players the report highlights — which calls itself the Council Advertising Network (CAN) — was found sharing people’s data from 34 Council websites with 22 companies, which could then be insecurely broadcasting it on to hundreds or more entities in the bid chain.
Slides from a CAN media pack refer to “budget conscious” direct marketing opportunities via the ability to target visitors to Council websites accessing pages about benefits, child care and free local activities; “disability” marketing opportunities via the ability to target visitors to Council websites accessing pages such as home care, blue badges and community and social services; and “key life stages” marketing  opportunities via the ability to target visitors to Council websites accessing pages related to moving home, having a baby, getting married or losing a loved one.

This is from the Council Advertising Network’s media pack. CAN is a small operation. They are just trying to take a small slide of the Google and IAB “real-time bidding” cake. But this gives an insight in to how insidious this RTB stuff is. pic.twitter.com/b1tiZi1p4P
— Johnny Ryan (@johnnyryan) February 4, 2020

Brave’s report — while a clearly stated promotion for its own anti-tracking browser (given it’s a commercial player too) — should be seen in the context of the ICO’s ongoing failure to take enforcement action against RTB abuses. It’s therefore an attempt to increase pressure on the regulator to act by further illuminating a complex industry which has used a lack of transparency to shield massive rights abuses and continues to benefit from a lack of enforcement of Europe’s General Data Protection Regulation.
And a low level of public understanding of how all the pieces in the adtech chain fit together and sum to a dysfunctional whole, where public services are turned against the citizens whose taxes fund them to track and target people for exploitative ads, likely contributes to discouraging sharper regulatory action.
But, as the saying goes, sunlight disinfects.
Asked what steps he would like the regulator to take, Brave’s chief policy officer, Dr Johnny Ryan, told TechCrunch: “I want the ICO to use its powers of enforcement to end the UK’s largest data breach. That data breach continues, and two years to the day after I first blew the whistle about RTB, Simon McDougall wrote a blog post accepting Google and the IAB’s empty gestures as acts of substance. It is time for the ICO to move this over to its enforcement team, and stop wasting time.”
We’re reached out to the ICO for a response to the report’s findings.

Skymind Global Ventures launches $800M fund and London office to back AI startups

Skymind Global Ventures (SGV) appeared last year in Asia/US as a vehicle for the previous founders of a YC-backed open-source AI platform to invest in companies that used the platform.
Today it announces the launch of an $800 million fund to back promising new AI companies and academic research. It will consequently be opening a London office as an extension to its original Hong Kong base.
SGV Founder and CEO Shawn Tan said in a statement: “Having our operations in the UK capital is a strategic move for us. London has all the key factors to help us grow our business, such as access to diverse talent and investment, favorable regulation, and a strong and well-established technology hub. The city is also the AI growth capital of Europe with the added competitive advantage of boasting a global friendly time zone that overlaps with business hours in Asia, Europe and the rest of the world.”
SGV will use its London base to back research and development and generate business opportunities across Europe and Asia.
The company helps companies and organizations to launch their AI applications by providing them supported access to “Eclipse Deeplearning4j”, an open-source AI tool.
The background is that the Deeplearning4j tool was originally published by Adam Gibson in late 2013 and later became a YC-backed startup, called Pathmind, which was cofounded to commercialize Deeplearning4j. It later changed its name to Skymind.
SGV is a wholly separate investment company that Adam Gibson joined as VP to run its AI division, called Konduit. Konduit now commercializes the Deeplearning4j open source tools.
Adam Gibson now joins SGV as Vice President, to run its software division, Konduit, which delivers and supports Eclipse Deeplearning4j to clients, as well as offering training development.
SGV firm says it plans to train up to 200 AI professionals for its operations in London and Europe.
In December last year “Skymind AI Berhad”, the Southeast Asia arm of Skymind and Huawei Technologies signed a Memorandum of Understanding to develop a Cloud and Artificial Intelligence Innovation Hub, commencing with Malaysia and Indonesia in 2020.

Medloop secures €6M from Kamet Ventures and AXA for self-service patient app

Medloop, which allows patients to manage healthcare needs and providers, has secured €6 million from Kamet Ventures and AXA.
The cash will be used to enhance its product offering and continue expansion across Germany and the UK. Medloop is also developing an evidence-based medical rule engine embedded on the Electronic Medical Record (EMR) of patients.
Medloop offers patients what it calls “intuitive” self-service features in an app that enables them to navigate their own healthcare including online appointment bookings, electronic medical results, prescription refills, as well as chatting in-app with healthcare providers.
Founded in 2018 by Berlin-based entrepreneur Shishir Singhee, some medical practices in Germany use the Medloop doctor system to run their entire practice, using it to give an overview of their patient population.
Singhee, said: “Healthcare today has become increasingly impersonalized as ever-growing patient registers have made it challenging for doctors to treat patients in a bespoke way. Medloop strives to bridge this critical gap, by employing technology to empower patients and help doctors deliver proactive and holistic care.“
Stephane Guinet, CEO of Kamet Ventures, said: “It is no secret how overstretched doctors are in terms of the time and care they can offer each patient. Medloop’s offering is a novel solution to this challenge and we are very excited to be part of Medloop’s growth story given how critical its offering is to the UK market and beyond.”
Medloop achieved compatibility with EMIS last summer, enabling its entry into the UK market.
In Germany, its main competitors are the incumbents that were built in the early 90s such as Medatix and Medistar. In the UK it is up against patient management tools such as QMasters.

No pan-EU Huawei ban as Commission endorses 5G risk mitigation plan

The European Commission has endorsed a risk mitigation approach to managing 5G rollouts across the bloc — meaning there will be no pan-EU ban on Huawei. Rather it’s calling for Member States to coordinate and implement a package of “mitigating measures” in a 5G toolbox it announced last October and has endorsed today.
“Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures,” it writes in a press release.
It adds that Member States have agreed to “strengthen security requirements, to assess the risk profiles of suppliers, to apply relevant restrictions for suppliers considered to be high risk including necessary exclusions for key assets considered as critical and sensitive (such as the core network functions), and to have strategies in place to ensure the diversification of vendors”.
The move is another blow for the Trump administration — after the UK government announced yesterday that it would not be banning so-called “high risk” providers from supplying 5G networks.
Instead the UK said it will place restrictions on such suppliers — barring their kit from the “sensitive” ‘core’ of 5G networks, as well as from certain strategic sites (such as military locations), and placing a 35% cap on such kit supplying the access network.
However the US has been amping up pressure on the international community to shut the door entirely on the Chinese tech giant, claiming there’s inherent strategic risk in allowing Huawei to be involved in supplying such critical infrastructure — with the Trump administration seeking to demolish trust in Chinese-made technology.
Next-gen 5G is expected to support a new breed of responsive applications — such as self-driving cars and personalized telemedicine — where risks, should there be any network failure, are likely to scale too.
But the Commission take the view that such risks can be collectively managed.
The approach to 5G security continues to leave decisions on “specific security” measures as the responsibility of Member States. So there’s a possibility of individual countries making their own decisions to shut out Huawei. But in Europe the momentum appears to be against such moves.
“The collective work on the toolbox demonstrates a strong determination to jointly respond to the security challenges of 5G networks,” the EU writes. “This is essential for a successful and credible EU approach to 5G security and to ensure the continued openness of the internal market provided risk-based EU security requirements are respected.”
The next deadline for the 5G toolbox is April 2020, when the Commission expects Member States to have implemented the recommended measures. A joint report on their implementation will follow later this year.
Key actions being endorsed in the toolbox include:
    Strengthen security requirements for mobile network operators (e.g. strict access controls, rules on secure operation and monitoring, limitations on outsourcing of specific functions, etc.);
    Assess the risk profile of suppliers; as a consequence,  apply relevant restrictions for suppliers considered to be high risk – including necessary exclusions to effectively mitigate risks – for key assets defined as critical and sensitive in the EU-wide coordinated risk assessment (e.g. core network functions, network management and orchestration functions, and access network functions);
    Ensure that each operator has an appropriate multi-vendor strategy to avoid or limit any major dependency on a single supplier (or suppliers with a similar risk profile), ensure an adequate balance of suppliers at national level and avoid dependency on suppliers considered to be high risk; this also requires avoiding any situations of lock-in with a single supplier, including by promoting greater interoperability of equipment;
The Commission also recommends that Member States should contribute towards increasing diversification and sustainability in the 5G supply chain and co-ordinate on standardization around security objectives and on developing EU-wide certification schemes.

Silicon Valley VC 7BC Capital expands in Europe, recruits first venture partner

Silicon Valley VC 7BC Venture Capital has decided to make an incursion into Europe, recruiting its first venture partner in the UK.
Monty Munford was previously a freelance journalist, conference speaker and columnist contributing to Forbes, The Telegraph, The Economist, BBC Newsweek and Wired, among others.
7BC VC focuses primarily on AI, FinTech, blockchain and related startups. It recently invested in Kyndi at a Series B with a valuation of $20M.
Munford says he caught the venture bug by brokering a deal between Qriously — a mobile data company that had predicted correctly the Trump win, Brexit referendum and the French/Dutch — And UK/NYC company Brandwatch . The deal was covered by TechCrunch here.
“It was one of the most gratifying things I’d ever done… I see joining 7BC as a chance to change things from another angle,” he told TechCrunch .
“There really is a correlation there between tech journalism and investing. There is much in common between looking at horrendous press releases and commensurate startups pitches and their decks,” he added.
Brandwatch CEO Giles Palmer commented: “Monty has watched us build for the past decade and has always openly shared connections and possibilities for our growth. When he, almost hysterically, told me that ‘we had to buy the company’, we had to take a second look and he was right. He has the creativity to see connections where they don’t exist and a nose for when people are likely to click. It’s a powerful combo.”
7BC Venture Capital co-founder and CEO Andrew Romans said in a statement: “Part of the success of a startup with or without VC funding is their ability to generate positive PR for the company and be noticed by multiple relevant audiences, but also tell a story, do something novel, and innovate.”
He said a journalist can bring special skills to the investing role: “This results in a unique understanding of specific ecosystems and categories of startups and corporate players, not to mention relationships with all of these individuals and the key news outlets. On the treasure map of PR, media, tech, and creativity we place an X on Monty Munford.”
Romans is based in Silicon Valley and was previously an investor in Player X, where Munford had been an executive.

UK will allow Huawei to supply 5G — with ‘tight restrictions’

The UK government will allow Chinese tech giant Huawei to play a limited role in supplying the country’s 5G networks, it has been announced today.
The government said the package of restrictions being announced on “high risk” 5G vendors will allow it to “mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals, or state sponsored attacks”.
The plan for managing risks related to the next generation of cellular network technology ends months of uncertainty over the issue — which has seen warnings that the delay is harming the UK’s competitiveness and its relations abroad.
Commenting on the decision in a statement, digital secretary Baroness Morgan said: “The government has reviewed the supply chain for telecoms networks and concluded today it is necessary to have tight restrictions on the presence of high risk vendors.
“This is a UK-specific solution for UK-specific reasons and the decision deals with the challenges we face right now. It not only paves the way for secure and resilient networks, with our sovereignty over data protected, but it also builds on our strategy to develop a diversity of suppliers.”
The decision not to bar Huawei from upgrades to domestic networks signals a failure of U.S. diplomacy at the highest level.
In recent days American has been applying top-level pressure to its European ally — with secretary of state, Mike Pompeo, tweeting Sunday night that the country faced a “momentus” decision. “The truth is that only nations able to protect their data will be sovereign,” he wrote.
President Trump has also made his preference for US allies to ban Huawei amply clear in public.
While the decision by UK prime minister, Boris Johnson, not to bow to US pressure is likely to cause shockwaves of displeasure in Washington, the move had nonetheless looked likely for months.
Last summer a UK parliamentary committee concluded there was no technical reason for excluding Huawei — though it suggested “there may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.
And while a report last March by a UK oversight body set up to evaluation the Chinese networking giant’s approach to security was withering in its assessment of its approach to security it did not call for an outright ban.
Then in April a leak from the National Security Council indicated that the prior Conservative administration was preparing to provide a level of access to Huawei.
Since then the government had said it was waiting for a Telecoms Supply Chain review to be completed. (A UK General Election also intervened, as well as the ongoing national preoccupation of Brexit.)
Today marks the conclusion of the review, and with it the announcement of new restrictions to manage 5G risks.
The government says vendors such as Huawei will be allowed a limited role in UK 5G networks — with exclusion from “sensitive ‘core’” parts of networks.
There will also be a 35 per cent cap on high risk vendor access to non-sensitive parts of the network (aka the access network, or periphery, where devices connect to mobile phone masts).
This cap will be kept under review — and could shrink further “as the market diversifies”.
More generally, the government says it intends to work to support market diversification — saying it’s developing “an ambitious strategy to help diversify the supply chain”.
“This will seek to attract established vendors who are not present in the UK, supporting the emergence of new, disruptive entrants to the supply chain, and promoting the adoption of open, interoperable standards that will reduce barriers to entry,” it adds.
A key issue related to the decision is that Huawei is the leading global vendor in 5G, with relatively few alternative providers — none of whom are considered to offer a like-for-like option at this stage.
So a full ban on Huawei at this stage risks delays to rolling out national 5G networks which could hamper national competitiveness on an international stage.
“We want world-class connectivity as soon as possible but this must not be at the expense of our national security. High risk vendors never have been and never will be in our most sensitive networks,” Morgan also said in her statement, adding: “We can now move forward and seize the huge opportunities of 21st century technology.”
The UK’s National Cyber Security Centre (NCSC) will issue guidance to UK telecoms operators regarding the limits on high risk vendors — which also include that such providers should be:
Excluded from all safety related and safety critical networks in Critical National Infrastructure
Excluded from sensitive geographic locations, such as nuclear sites and military bases
Questions remain over how the ‘core’ of a 5G network is being defined; and even whether “sensitive” parts of the network can be isolated in 5G network topology, given the extensive role software plays across such next-gen networks.
But the government has ignored critical voices claiming there’s no way to securely isolate a 5G core — such as former Australian prime minister, Malcolm Turnbull, who has said there isn’t “a satisfactory mitigation of the risk” where 5G networks are concerned — and is spinning the restrictions as “the most stringent set of controls ever”.
It further claims they will “substantially improve the security and resilience of our critical telecoms networks” — and it’s doing so with the public blessing of the security services (which have previously signalled confidence that any risk associated with Huawei can be managed).
In a supporting statement today, Ciaran Martin, CEO of the NCSC — the public facing arm of GCHQ — said: “This package will ensure that the UK has a very strong, practical and technically sound framework for digital security in the years ahead.”
“High risk vendors have never been – and never will be – in our most sensitive networks,” he added. “Taken together these measures add up to a very strong framework for digital security.”
Martin said the agency has already issued advice to telcos “to help with the industry rollout of 5G and full fibre networks in line with the government’s objectives” — suggesting telcos are being encouraged to get on with rollouts and avoid any further delays by waiting for formal legislation.
The government says it will seek to legislate “at the earliest opportunity” to put in place the necessary powers for implementing the new telecoms security framework. But the signal to get on with 5G in the meanwhile looks clear.
Unsurprisingly Huawei has welcomed the decision.
In a statement, Huawei VP Victor Zhang said:
Huawei is reassured by the UK government’s confirmation that we can continue working with our customers to keep the 5G roll-out on track. This evidence-based decision will result in a more advanced, more secure and more cost-effective telecoms infrastructure that is fit for the future. It gives the UK access to world-leading technology and ensures a competitive market.
We have supplied cutting-edge technology to telecoms operators in the UK for more than 15 years. We will build on this strong track record, supporting our customers as they invest in their 5G networks, boosting economic growth and helping the UK continue to compete globally.
We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology.

WholyMe, which makes natural products for chronic pain, closes Seed round

WholyMe, a London startup that makes and markets ‘natural relief’ products to manage chronic pain, has closed a £500,000 Seed round from investors Financière Saint James, V1 Capital, Guibor and business angels. The round also includes Joyance Partners, a New York-based VC concentrating on the new science emerging around ‘health and happiness’ which recently expanded to the UK and Europe.
The funding will be used to manufacture WholyMe’s first range of 100% organic supplements and topicals for muscle and joint health, starting with a cannabis-based ointment slated to launch Spring 2020. Formulated in-house and manufactured in Europe, WholyMe products will be sold online and the start-up also has plans to partner with gym clubs to support athletic millennials by preventing injuries.
Its direct competitors include natural health brands like Tiger Balm, BetterYou, Weleda but also adjacent competitors such as Voltarol and Deep Heat.
They say their differentiating factors are that, at the product level, their products “have no adverse effects as opposed to conventional pain killers”, while they say the ingredients are organic and contain no synthetics, petroleum, GMOs etc.
The market they are aiming at is certainly large. The natural medicine products market is now worth €16bn in Europe and has grown +7% CAGR from 2017-2023, according to the latest figures.
Co-Founders Celine Ivari and Quitterie de Rivoyre researched and developed of WholyMe’s first products while trying to solve chronic inflammation problems plaguing family members.
Ivari says: “When my mother suffered from severe inflammation, she was overloaded with painkillers and prescription drugs, which had terrible side effects. Having studied the genetics of human disease, I knew there were alternative solutions to manage her pain. I helped her improve her wellbeing through natural remedies.”
Paolo Pio, European managing director for Joyance Partners, said in a statement: “We’re thrilled to support WholyMe as they push the boundaries of health & pain management to bring greater happiness to the world.”

An adult sexting site exposed thousands of models’ passports and driver’s licenses

A popular sexting website has exposed thousands of photo IDs belonging to models and sex workers who earn commissions from the site.
SextPanther, an Arizona-based adult site, stored over 11,000 identity documents on an exposed Amazon Web Services (AWS) storage bucket, including passports, driver’s licenses, and Social Security numbers, without a password. The company says on its website that it uses to verify the ages of models who users communicate with.
Most of the exposed identity documents contain personal information, such as names, home addresses, dates of birth, biometrics, and their photos.
Although most of the data came from models in the U.S., some of the documents were supplied by workers in Canada, India, and the United Kingdom.
The site allows models and sex workers to earn money by exchanging text messages, photos, and videos with paying users, including explicit and nude content. The exposed storage bucket also contained over a hundred thousand photos and videos sent and received by the workers.
It was not immediately clear who owned the storage bucket. TechCrunch asked U.K.-based penetration testing company Fidus Information Security, which has experience in discovering and identifying exposed data, to help.
Researchers at Fidus quickly found evidence suggesting the exposed data could belong to SextPanther.
An hour after we alerted the site’s owner, Alexander Guizzetti, to the exposed data, the storage bucket was pulled offline.
“We have passed this on to our security and legal teams to investigate further. We take accusations like this very seriously,” Guizzetti said in an email, who did not explicitly confirm the bucket belonged to his company.
Using information from identity documents matched against public records, we contacted several models whose information was exposed by the security lapse.
“I’m sure I sent it to them,” said one model, referring to her driver’s license which was exposed. (We agreed to withhold her name given the sensitivity of the data.) We passed along a photo of her license as it found in the exposed bucket. She confirmed it was her license, but said that the information on her license is no longer current.
“I truly feel awful for others whom have signed up with their legit information,” she said.
The security lapse comes a week after researchers found a similar cache of highly sensitive personal information of sex workers on adult webcam streaming site, PussyCash.
More than 850,000 documents were insecurely stored in another unprotected storage bucket.
Read more:
GPS trackers leak real-time locations and can remotely activate its microphone
A Sprint contractor left thousands of US cell phone bills on the internet by mistake
Over 750,000 applications for US birth certificate copies exposed online
Tuft & Needle exposed thousands of customer shipping labels
‘Magic: The Gathering’ game maker exposed 452,000 players’ account data
Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.

London’s Met Police switches on live facial recognition, flying in face of human rights concerns

While EU lawmakers are mulling a temporary ban on the use of facial recognition to safeguard individuals’ rights, as part of risk-focused plan to regulate AI, London’s Met Police has today forged ahead with deploying the privacy hostile technology — flipping the switch on operational use of live facial recognition in the UK capital.
The deployment comes after a multi-year period of trials by the Met and police in South Wales.
The Met says its use of the controversial technology will be targeted to “specific locations… where intelligence suggests we are most likely to locate serious offenders”.
“Each deployment will have a bespoke ‘watch list’, made up of images of wanted individuals, predominantly those wanted for serious and violent offences,” it adds.
It also claims cameras will be “clearly signposted”, adding that officers will be “deployed to the operation will hand out leaflets about the activity”.
“At a deployment, cameras will be focused on a small, targeted area to scan passers-by,” it writes. “The technology, which is a standalone system, is not linked to any other imaging system, such as CCTV, body worn video or ANPR.”
The biometric system is being provided to the Met by Japanese IT and electronics giant, NEC.
In a press statement, assistant commissioner Nick Ephgrave claimed the force is taking a balanced approach to using the controversial tech.
“We all want to live and work in a city which is safe: the public rightly expect us to use widely available technology to stop criminals. Equally I have to be sure that we have the right safeguards and transparency in place to ensure that we protect people’s privacy and human rights. I believe our careful and considered deployment of live facial recognition strikes that balance,” he said.
London has seen a rise in violent crime in recent years, with murder rates hitting a ten-year peak last year.
The surge in violent crime has been linked to cuts to policing services — although the new Conservative government has pledged to reverse cuts enacted by earlier Tory administrations.
The Met says its hope for the AI-powered tech is will help it tackle serious crime, including serious violence, gun and knife crime, child sexual exploitation and “help protect the vulnerable”.
However its phrasing is not a little ironic, given that facial recognition systems can be prone to racial bias, for example, owing to factors such as bias in data-sets used to train AI algorithms.
So in fact there’s a risk that police-use of facial recognition could further harm vulnerable groups who already face a disproportionate risk of inequality and discrimination.
Yet the Met’s PR doesn’t mention the risk of the AI tech automating bias.
Instead it makes pains to couch the technology as “additional tool” to assist its officers.
“This is not a case of technology taking over from traditional policing; this is a system which simply gives police officers a ‘prompt’, suggesting “that person over there may be the person you’re looking for”, it is always the decision of an officer whether or not to engage with someone,” it adds.
While the use of a new tech tool may start with small deployments, as is being touting here, the history of software development underlines how potential to scale is readily baked in.
A ‘targeted’ small-scale launch also prepares the ground for London’s police force to push for wider public acceptance of a highly controversial and rights-hostile technology via a gradual building out process. Aka surveillance creep.
On the flip side, the text of the draft of an EU proposal for regulating AI which leaked last week — floating the idea of a temporary ban on facial recognition in public places — noted that a ban would “safeguard the rights of individuals”. Although it’s not yet clear whether the Commission will favor such a blanket measure, even temporarily.
UK rights groups have reacted with alarm to the Met’s decision to ignore concerns about facial recognition.
Liberty accused the force of ignoring the conclusion of a report it commissioned during an earlier trial of the tech — which it says concluded the Met had failed to consider human rights impacts.
It also suggested such use would not meet key legal requirements.
“Human rights law requires that any interference with individuals’ rights be in accordance with the law, pursue a legitimate aim, and be ‘necessary in a democratic society’,” the report notes, suggesting the Met earlier trials of facial recognition tech “would be held unlawful if challenged before the courts”.

When the Met trialled #FacialRecognition tech, it commissioned an independent review of its use.
Its conclusions:
The Met failed to consider the human rights impact of the techIts use was unlikely to pass the key legal test of being “necessary in a democratic society”
— Liberty (@libertyhq) January 24, 2020

A petition set up by Liberty to demand a stop to facial recognition in public places has passed 21,000 signatures.
Discussing the legal framework around facial recognition and law enforcement last week, Dr Michael Veale, a lecturer in digital rights and regulation at UCL, told us that in his view the EU’s data protection framework, GDPR, forbids facial recognition by private companies “in a surveillance context without member states actively legislating an exemption into the law using their powers to derogate”.
A UK man who challenged a Welsh police force’s trial of facial recognition has a pending appeal after losing the first round of a human rights challenge. Although in that case the challenge pertains to police use of the tech — rather than, as in the Met’s case, a private company (NEC) providing the service to the police.

UK watchdog sets out “age appropriate” design code for online services to keep kids’ privacy safe

The UK’s data protection watchdog has today published a set of design standards for Internet services which are intended to help protect the privacy of children online.
The Information Commissioner’s Office (ICO) has been working on the Age Appropriate Design Code since the 2018 update of domestic data protection law — as part of a government push to create ‘world-leading’ standards for children when they’re online.
UK lawmakers have grown increasingly concerned about the ‘datafication’ of children when they go online and may be too young to legally consent to being tracked and profiled under existing European data protection law.
The ICO’s code is comprised of 15 standards of what it calls “age appropriate design” — which the regulator says reflects a “risk-based approach”, including stipulating that setting should be set by default to ‘high privacy’; that only the minimum amount of data needed to provide the service should be collected and retained; and that children’s data should not be shared unless there’s a reason to do so that’s in their best interests.
Profiling should also be off by default. While the code also takes aim at dark pattern UI designs that seek to manipulate user actions against their own interests, saying “nudge techniques” should not be used to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.
“The focus is on providing default settings which ensures that children have the best possible access to online services whilst minimising data collection and use, by default,” the regulator writes in an executive summary.
While the age appropriate design code is focused on protecting children it is applies to a very broad range of online services — with the regulator noting that “the majority of online services that children use are covered” and also stipulating “this code applies if children are likely to use your service” [emphasis ours].
This means it could be applied to anything from games, to social media platforms to fitness apps to educational websites and on-demand streaming services — if they’re available to UK users.
“We consider that for a service to be ‘likely’ to be accessed [by children], the possibility of this happening needs to be more probable than not. This recognises the intention of Parliament to cover services that children use in reality, but does not extend the definition to cover all services that children could possibly access,” the ICO adds.
Here are the 15 standards in full as the regulator describes them:
Best interests of the child: The best interests of the child should be a primary consideration when you design and develop online services likely to be accessed by a child.
Data protection impact assessments: Undertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access your service, which arise from your data processing. Take into account differing ages, capacities and development needs and ensure that your DPIA builds in compliance
with this code.
Age appropriate application: Take a risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Either establish age with a level of certainty that is appropriate to the risks to the rights and freedoms of children that arise from your data processing, or apply the standards in this code to all your users instead.
Transparency: The privacy information you provide to users, and other published terms, policies and community standards, must be concise, prominent and in clear language suited to the age of the child. Provide additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.
Detrimental use of data: Do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.
Policies and community standards: Uphold your own published terms, policies and community standards (including but not limited to privacy policies, age restriction, behaviour rules and content policies).
Default settings: Settings must be ‘high privacy’ by default (unless you can demonstrate a compelling reason for a different default setting, taking account of the best interests of the child).
Data minimisation: Collect and retain only the minimum amount of personal data you need to provide the elements of your service in which a child is actively and knowingly engaged. Give children separate choices over which elements they wish to activate.
Data sharing: Do not disclose children’s data unless you can demonstrate a compelling reason to do so, taking account of the best interests of the child.
Geolocation: Switch geolocation options off by default (unless you can demonstrate a compelling reason for geolocation to be switched on by default, taking account of the best interests of the child). Provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others must default back to ‘off’ at the end of each session.
Parental controls: If you provide parental controls, give the child age appropriate information about this. If your online service allows a parent or carer to monitor their child’s online activity or track their location, provide an obvious sign to the child when they are being monitored.
Profiling: Switch options which use profiling ‘off’ by default (unless you can demonstrate a compelling reason for profiling to be on by default, taking account of the best interests of the child). Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (in particular, being fed content that is detrimental to their health or wellbeing).
Nudge techniques: Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections.
Connected toys and devices: If you provide a connected toy or device ensure you include effective tools to enable conformance to this code.
Online tools: Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.
The Age Appropriate Design Code also defines children as under the age of 18 — which offers a higher bar than current UK data protection law which, for example, puts only a 13-year-age limit for children to be legally able to give their consent to being tracked online.
So — assuming (very wildly) — that Internet services were to suddenly decide to follow the code to the letter, setting trackers off by default and not nudging users to weaken privacy-protecting defaults by manipulating them to give up more data, the code could — in theory — raise the level of privacy both children and adults typically get online.
However it’s not legally binding — so there’s a pretty fat chance of that.
Although the regulator does make a point of noting that the standards in the code are backed by existing data protection laws, which it does regulate and can legally enforceable — pointing out that it has powers to take action against law breakers including “tough sanctions” such as orders to stop processing data and fines of up to 4% of a company’s global turnover.
So, in a way, the regulator appears to be saying: ‘Are you feeling lucky data punk?’
Last April the UK government published a white paper setting out its proposals for regulating a range of online harms — including seeking to address concern about inappropriate material that’s available on the Internet being accessed by children.
The ICO’s Age Appropriate Design Code is intended to support that effort. So there’s also a chance that some of the same sorts of stipulations could be baked into the planned online harms bill.
“This is not, and will not be, ‘law’. It is just a code of practice,” said Neil Brown, an Internet, telecoms and tech lawyer at Decoded Legal, discussing the likely impact of the suggested standards. “It shows the direction of the ICO’s thinking, and its expectations, and the ICO has to have regard to it when it takes enforcement action but it’s not something with which an organisation needs to comply as such. They need to comply with the law, which is the GDPR [General Data Protection Regulation] and the DPA [Data Protection Act] 2018.
“The code of practice sits under the DPA 2018, so companies which are within the scope of that are likely to want to understand what it says. The DPA 2018 and the UK GDPR (the version of the GDPR which will be in place after Brexit) covers controllers established in the UK, as well as overseas controllers which target services to people in the UK or monitor the behaviour of people in the UK. Merely making a service available to people in the UK should not be sufficient.”
“Overall, this is consistent with the general direction of travel for online services, and the perception that more needs to be done to protect children online,” Brown also told us.
“Right now, online services should be working out how to comply with the GDPR, the ePrivacy rules, and any other applicable laws. The obligation to comply with those laws does not change because of today’s code of practice. Rather, the code of practice shows the ICO’s thinking on what compliance might look like (and, possibly, goldplates some of the requirements of the law too).”
Organizations that choose to take note of the code — and are in a position to be able to demonstrate they’ve followed its standards — stand a better chance of persuading the regulator they’ve complied with relevant privacy laws, per Brown.
“Conversely, if they want to say that they comply with the law but not with the code, that is (legally) possible, but might be more of a struggle in terms of engagement with the ICO,” he added.
Zooming back out, the government said last fall that it’s committed to publishing draft online harms legislation for pre-legislative scrutiny “at pace”.
But at the same time it dropped a controversial plan included in a 2017 piece of digital legislation which would have made age checks for accessing online pornography mandatory — saying it wanted to focus on a developing “the most comprehensive approach possible to protecting children”, i.e. via the online harms bill.

UK quietly ditches porn age checks in favor of wider online harms rules

How comprehensive the touted ‘child protections’ will end up being remains to be seen.
Brown suggested age verification could come through as a “general requirement”, given the age verification component of the Digital Economy Act 2017 was dropped — and “the government has said that these will be swept up in the broader online harms piece”.
It has also been consulting with tech companies on possible ways to implement age verification online.
The difficulties of regulating perpetually iterating Internet services — many of which are also operated by companies based outside the UK — have been writ large for years. (And are mired in geopolitics.)
While the enforcement of existing European digital privacy laws remains, to put it politely, a work in progress…

Privacy experts slam UK’s ‘disastrous’ failure to tackle unlawful adtech

African fintech firm Flutterwave raises $35M, partners with Worldpay

San Francisco and Lagos-based fintech startup Flutterwave has raised a $35 million Series B round and announced a partnership with Worldpay FIS for payments in Africa.
With the funding, Flutterwave will invest in technology and business development to grow market share in existing operating countries, CEO Olugbenga Agboola — aka GB — told TechCrunch.
The company will also expand capabilities to offer more services around its payment products.
More than payments
“We don’t just want to be a payment technology company, we have sector expertise around education, travel, gaming, e-commerce, fintech companies. They all use our expertise,” said GB.
That means Flutterwave will provide more solutions around the broader needs of its clients.
The Nigerian-founded startup’s main business is providing B2B payments services for companies operating in Africa to pay other companies on the continent and abroad.
Launched in 2016, Flutterwave allows clients to tap its APIs and work with Flutterwave developers to customize payments applications. Existing customers include Uber, Booking.com and e-commerce company Jumia.
In 2019, Flutterwave processed 107 million transactions worth $5.4 billion, according to company data.
Flutterwave did the payment integration for U.S. pop-star Cardi B’s 2019 performances in Nigeria and Ghana. Those are two of the countries in which the startup operates, in addition to South Africa, Uganda, Kenya, Tanzania, Zambia, the U.K. and Rwanda.
“We want to scale in all those markets and be the payment processor of choice,” GB said.
The company will hire more business development staff and expand its developer team to create more sector expertise, according to GB.
“Our business goes beyond payments. People don’t want to just make payments, they want to do something,” he said. And Fluterwave aims to offer more capabilities toward what those clients want to do in Africa.
Olugbenga Agboola, aka GB
“If you are a charity that wants to raise money for cancer research in Ghana, or you want to sell online, or you’re Cardi B…who wants to do concerts in Africa…we want to be able to set up payments, write the code and create the platform for those needs,” GB explained.
That also means Flutterwave, which built its early client base across global companies, aims to serve smaller African businesses, including startups. Current customers include African-founded tech companies, such as moto ride-hail venture Max.ng.
Worldpay partnership
The new round makes Flutterwave the payment provider for Worldpay in Africa.
“With this partnership, any Worldpay merchant in Europe or the U.S. can accept any African payment. If someone goes to pay Netflix with an African card, it just works,” GB said.
In 2019, Worldpay was acquired for a reported $35 billion by FIS, a U.S. financial services provider. At the time of the purchase, it was projected the two companies would generate revenues of $12 billion annually, yet neither has notable presence in Africa.
Therein lies the benefit of collaborating with Flutterwave.
FIS’s Head of Ventures Joon Cho confirmed the partnership with TechCrunch. FIS also backed Flutterwave’s $35 million Series B. US VC firms Greycroft and eVentures led the round, with participation of Visa, Green Visor and African fund CRE Venture Capital.
Flutterwave’s latest funding brings the company’s total investment to $55 million and follows a year in which the fintech company announced a series of weighty partnerships.

Flutterwave and Alipay partner on payments between Africa and China

In July 2019, the startup joined forces with Chinese e-commerce company Alibaba’s Alipay to offer digital payments between Africa and China.
The Alipay collaboration followed one between Flutterwave and Visa to launch a consumer payment product for Africa, called GetBarter.
Flutterwave and African fintech
Flutterwave’s $35 million round and latest partnership are among the reasons the startup has become a standout in Africa’s digital-finance landscape.
As a sector, fintech gains the bulk of dealflow and the majority of startup capital flowing to African startups annually. VC to Africa totaled $1.35 billion in 2019, according to WeeTracker’s latest stats.
While a number of payment startups and products have scaled — see Paga in Nigeria and M-Pesa in Kenya — the majority of the continent’s fintech companies are P2P in focus and segregated to one or two markets.
Flutterwave’s platform has served the increased B2B business payment needs spurred by the decade of growth and reform that has occurred in Africa’s core economies.
The value the startup has created is underscored not just by transactional volume the company generates, but the partnerships it has attracted.
A growing list of the masters of the payment universe — Visa, Alipay, Worldpay — have shown they need Flutterwave to be relevant in Africa.

Catalyst Fund gets $15M from JP Morgan, UK Aid to back 30 EM fintech startups

Privacy experts slam UK’s “disastrous” failure to tackle unlawful adtech

The UK’s data protection regulator has been slammed by privacy experts for once again failing to take enforcement action over systematic breaches of the law linked to behaviorally targeted ads — despite warning last summer that the adtech industry is out of control.
The Information Commissioner’s Office (ICO) has also previously admitted it suspects the real-time bidding (RTB) system involved in some programmatic online advertising to be unlawfully processing people’s sensitive information. But rather than take any enforcement against companies it suspects of law breaches it has today issued another mildly worded blog post — in which it frames what it admits is a “systemic problem” as fixable via (yet more) industry-led “reform”.
Yet it’s exactly such industry-led self-regulation that’s created the unlawful adtech mess in the first place, data protection experts warn.
The pervasive profiling of Internet users by the adtech ‘data industrial complex’ has been coming under wider scrutiny by lawmakers and civic society in recent years — with sweeping concerns being raised in parliaments around the world that individually targeted ads provide a conduit for discrimination, exploit the vulnerable, accelerate misinformation and undermine democratic processes as a consequence of platform asymmetries and the lack of transparency around how ads are targeted.
In Europe, which has a comprehensive framework of data protection rights, the core privacy complaint is that these creepy individually targeted ads rely on a systemic violation of people’s privacy from what amounts to industry-wide, Internet-enabled mass surveillance — which also risks the security of people’s data at vast scale.
It’s now almost a year and a half since the ICO was the recipient of a major complaint into RTB — filed by Dr Johnny Ryan of private browser Brave; Jim Killock, director of the Open Rights Group; and Dr Michael Veale, a data and policy lecturer at University College London — laying out what the complainants described then as “wide-scale and systemic” breaches of Europe’s data protection regime.
The complaint — which has also been filed with other EU data protection agencies — agues that the systematic broadcasting of people’s personal data to bidders in the adtech chain is inherently insecure and thereby contravenes Europe’s General Data Protection Regulation (GDPR), which stipulates that personal data be processed “in a manner that ensures appropriate security of the personal data”.
The regulation also requires data processors to have a valid legal basis for processing people’s information in the first place — and RTB fails that test, per privacy experts — either if ‘consent’ is claimed (given the sheer number of entities and volumes of data being passed around, which means it’s not credible to achieve GDPR’s ‘informed, specific and freely given’ threshold for consent to be valid); or ‘legitimate interests’ — which requires data processors carry out a number of balancing assessment tests to demonstrate it does actually apply.
“We have reviewed a number of justifications for the use of legitimate interests as the lawful basis for the processing of personal data in RTB. Our current view is that the justification offered by organisations is insufficient,” writes Simon McDougall, the ICO’s executive director of technology and innovation, developing a warning over the industry’s rampant misuse of legitimate interests to try to pass off RTB’s unlawful data processing as legit.
The ICO also isn’t exactly happy about what it’s found adtech doing on the Data Protection Impact Assessment front — saying, in so many words, that it’s come across widespread industry failure to actually, er, assess impacts.
“The Data Protection Impact Assessments we have seen have been generally immature, lack appropriate detail, and do not follow the ICO’s recommended steps to assess the risk to the rights and freedoms of the individual,” writes McDougall.
“We have also seen examples of basic data protection controls around security, data retention and data sharing being insufficient,” he adds.
Yet — again — despite fresh admissions of adtech’s lawfulness problem the regulator is choosing more stale inaction.
In the blog post McDougall does not rule out taking “formal” action at some point — but there’s only a vague suggestion of such activity being possible, and zero timeline for “develop[ing] an appropriate regulatory response”, as he puts it. (His preferred ‘E’ word in the blog is ‘engagement’; you’ll only find the word ‘enforcement’ in the footer link on the ICO’s website.)
“We will continue to investigate RTB. While it is too soon to speculate on the outcome of that investigation, given our understanding of the lack of maturity in some parts of this industry we anticipate it may be necessary to take formal regulatory action and will continue to progress our work on that basis,” he adds.
McDougall also trumpets some incremental industry fiddling — such as trade bodies agreeing to update their guidance — as somehow relevant to turning the tanker in a fundamentally broken system.
(Trade body, the Internet Advertising Bureau’s UK branch, has responded to developments with an upbeat note from its head of policy and regulatory affairs, Christie Dennehy-Neil, who lauds the ICO’s engagement as “a constructive process”, claiming: “We have made good progress” — before going on to urge its members and the wider industry to implement “the actions outlined in our response to the ICO” and “deliver meaningful change”. The statement climaxes with: “We look forward to continuing to engage with the ICO as this process develops.”)
McDougall also points to Google removing content categories from its RTB platform from next month (a move it announced months back, in November) as an important development; and seizes on the tech giant’s recent announcement of a proposal to phase out support for third party cookies within the next two years as ‘encouraging’.
Privacy experts have responded with facepalmed outrage to yet another can-kicking exercise by the UK regulator — warning that cosmetic tweaks to adtech won’t fix a system that’s designed to feast off unlawful and insecure high velocity background trading of Internet users’ personal data.
“When an industry is premised and profiting from clear and entrenched illegality that breach individuals’ fundamental rights, engagement is not a suitable remedy,” said UCL’s Veale. “The ICO cannot continue to look back at its past precedents for enforcement action, because it is exactly that timid approach that has led us to where we are now.”

ICO believes that cosmetic fixes can do the job when it comes to #adtech. But no matter how secure data flows are and how beautiful cookie notices are, can people really understand the consequences of their consent? I’m convinced that this consent will *never* be informed. 1/2 https://t.co/1avYt6lgV3
— Karolina Iwańska (@ka_iwanska) January 17, 2020

The trio behind the RTB complaints (which includes Veale) have also issued a scathing collective response to more “regulatory ambivalence” — denouncing the lack of any “substantive action to end the largest data breach ever recorded in the UK”.
“The ‘Real-Time Bidding’ data breach at the heart of RTB market exposes every person in the UK to mass profiling, and the attendant risks of manipulation and discrimination,” they warn. “Regulatory ambivalence cannot continue. The longer this data breach festers, the deeper the rot sets in and the further our data gets exploited. This must end. We are considering all options to put an end to the systemic breach, including direct challenges to the controllers and judicial oversight of the ICO.”
Wolfie Christl, a privacy researcher who focuses on adtech — including contributing to a recent study looking at how extensively popular apps are sharing user data with advertisers, dubbed the ICO’s response “disastrous”.
“Last summer the ICO stated in their report that millions of people were affected by thousands of companies’ GDPR violations. I was sceptical when they announced they would give the industry six more months without enforcing the law. My impression is they are trying to find a way to impose cosmetic changes and keep the data industry happy rather than acting on their own findings and putting an end to the ubiquitous data misuse in today’s digital marketing, which should have happened years ago. The ICO seems to prioritize appeasing the industry over the rights of data subjects, and this is disastrous,” he told us.
“The way data-driven online marketing currently works is illegal at scale and it needs to be stopped from happening,” Christl added. “Each day EU data protection authorities allow these practices to continue further violates people’s rights and freedoms and perpetuates a toxic digital economy.
“This undermines the GDPR and generally trust in tech, perpetuates legal uncertainty for businesses, and punishes companies who comply and create privacy-respecting services and business models. 20 months after the GDPR came into full force, it is still not enforced in major areas. We still see large-scale misuse of personal information all over the digital world. There is no GDPR enforcement against the tech giants and there is no enforcement against thousands of data companies beyond the large platforms. It seems that data protection authorities across the EU are either not able — or not willing — to stop many kinds of GDPR violations conducted for business purposes. We won’t see any change without massive fines and data processing bans. EU member states and the EU commission must act.”

Mozilla lays off 70 as it waits for subscription products to generate revenue

Mozilla laid off about 70 employees today, TechCrunch has learned.
In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization’s subscription products as the reason for why it needed to take this decision. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the UK and France.
“You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen,” Baker writes in her memo. “Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.”

Mozilla has decided to lay some folks off and restructure things. All the leads in QA got let go. I haven’t been let go (so far). No idea what I will be working on or who I will be reporting to. Some good work friends let go 🙁
— Chris Hartjes (@grmpyprogrammer) January 15, 2020

Baker says laid-off employees will receive “generous exit packages” and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products.
“As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission,” Baker writes. “Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.”
The organization last reported major layoffs in 2017.
We have reached out to Mozilla for comment and will update this post once we hear more.
Here is the full memo:
Office of the CEO <[email protected]>to all-moco-mofo
Hi all,
I have some difficult news to share. With the support of the entire Steering Committee and our Board, we have made an extremely tough decision: over the course of today, we plan to eliminate about 70 roles from across MoCo. This number may be slightly larger as we are still in a consultation process in the UK and France, as the law requires, on the exact roles that may be eliminated there. We are doing this with the utmost respect for each and every person who is impacted and will go to great lengths to take care of them by providing generous exit packages and outplacement support. Most will not join us in Berlin. I will send another note when we have been able to talk to the affected people wherever possible, so that you will know when the notifications/outreach are complete.
This news likely comes as a shock and I am sorry that we could not have been more transparent with you along the way. This is never my desire. Reducing our headcount was something the Steering Committee considered as part of our 2020 planning and budgeting exercise only after all other avenues were explored. The final decision was made just before the holiday break with the work to finalize the exact set of roles affected continuing into early January (there are exceptions in the UK and France where we are consulting on decisions.) I made the decision not to communicate about this until we had a near-final list of roles and individuals affected.
Even though I expect it will be difficult to digest right now, I would like to share more about what led to this decision. Perhaps you can come back to it later, if that’s easier.
You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen. Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.
This approach is prudent certainly, but challenging practically. In our case, it required difficult decisions with painful results. Regular annual pay increases, bonuses and other costs which increase from year-to-year as well as a continuing need to maintain a separate, substantial innovation fund, meant that we had to look for considerable savings across Mozilla as part of our 2020 planning and budgeting process. This process ultimately led us to the decision to reduce our workforce.
At this point, you might ask if we considered foregoing the separate innovation fund, continuing as we did in 2019. The answer is yes but we ultimately decided we could not, in good faith, adopt this. Mozilla’s future depends on us excelling at our current work and developing new offerings to expand our impact. And creating the new products we need to change the future requires us to do things differently, including allocating funds, $43M to be specific, for this purpose. We will discuss our plans for making innovation robust and successful in increasing detail as we head into, and then again at, the All Hands, rather than trying to do so here.
As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission. Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.
I ask that we all do what we can to support each other through this difficult period.
Mitchell

Mass surveillance for national security does conflict with EU privacy rights, court advisor suggests

Mass surveillance regimes in the UK, Belgium and France which require bulk collection of digital data for a national security purpose may be at least partially in breach of fundamental privacy rights of European Union citizens, per the opinion of an influential advisor to Europe’s top court issued today.
Advocate general Campos Sánchez-Bordona’s (non-legally binding) opinion, which pertains to four references to the Court of Justice of the European Union (CJEU), takes the view that EU law covering the privacy of electronic communications applies in principle when providers of digital services are required by national laws to retain subscriber data for national security purposes.
A number of cases related to EU states’ surveillance powers and citizens’ privacy rights are dealt with in the opinion, including legal challenges brought by rights advocacy group Privacy International to bulk collection powers enshrined in the UK’s Investigatory Powers Act; and a La Quadrature du Net (and others’) challenge to a 2015 French decree related to specialized intelligence services.
At stake is a now familiar argument: Privacy groups contend that states’ bulk data collection and retention regimes have overreached the law, becoming so indiscriminately intrusive as to breach fundamental EU privacy rights — while states counter-claim they must collect and retain citizens’ data in bulk in order to fight national security threats such as terrorism.
Hence, in recent years, we’ve seen attempts by certain EU Member States to create national frameworks which effectively rubberstamp swingeing surveillance powers — that then, in turn, invite legal challenge under EU law.
The AG opinion holds with previous case law from the CJEU — specifically the Tele2 Sverige and Watson judgments — that “general and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate”, as the press release puts it.
Instead the recommendation is for “limited and discriminate retention” — with also “limited access to that data”.
“The Advocate General maintains that the fight against terrorism must not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods should be compatible with the requirements of the rule of law, under which power and strength are subject to the limits of the law and, in particular, to a legal order that finds in the defence of fundamental rights the reason and purpose of its existence,” runs the PR in a particularly elegant passage summarizing the opinion.
The French legislation is deemed to fail on a number of fronts, including for imposing “general and indiscriminate” data retention obligations, and for failing to include provisions to notify data subjects that their information is being processed by a state authority where such notifications are possible without jeopardizing its action.
Belgian legislation also falls foul of EU law, per the opinion, for imposing a “general and indiscriminate” obligation on digital service providers to retain data — with the AG also flagging that its objectives are problematically broad (“not only the fight against terrorism and serious crime, but also defence of the territory, public security, the investigation, detection and prosecution of less serious offences”).
The UK’s bulk surveillance regime is similarly seen by the AG to fail the core “general and indiscriminate collection” test.
There’s a slight carve out for national legislation that’s incompatible with EU law being, in Sánchez-Bordona’s view, permitted to maintain its effects “on an exceptional and temporary basis”. But only if such a situation is justified by what is described as “overriding considerations relating to threats to public security or national security that cannot be addressed by other means or other alternatives, but only for as long as is strictly necessary to correct the incompatibility with EU law”.
If the court follows the opinion it’s possible states might seek to interpret such an exceptional provision as a degree of wiggle room to keep unlawful regimes running further past their legal sell-by-date.
Similarly, there could be questions over what exactly constitutes “limited” and “discriminate” data collection and retention — which could encourage states to push a ‘maximal’ interpretation of where the legal line lies.
Nonetheless, privacy advocates are viewing the opinion as a positive sign for the defence of fundamental rights.
In a statement welcoming the opinion, Privacy International dubbed it “a win for privacy”. “We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed,” said legal director, Caroline Wilson Palow. “If the Court agrees with the AG’s opinion, then unlawful bulk surveillance schemes, including one operated by the UK, will be reined in.”
The CJEU will issue its ruling at a later date — typically between three to six months after an AG opinion.
The opinion comes at a key time given European Commission lawmakers are set to rethink a plan to update the ePrivacy Directive, which deals with the privacy of electronic communications, after Member States failed to reach agreement last year over an earlier proposal for an ePrivacy Regulation — so the AG’s view will likely feed into that process.

This makes the revised e-Privacy Regulation a *huge* national security battleground for the MSes (they will miss the UK fighting for more surveillance) and is v relevant also to the ongoing debates on “bulk”/mass surveillance, and MI5’s latest requests… #ePR
— Ian Brown (@1Br0wn) January 15, 2020

The opinion may also have an impact on other legislative processes — such as the talks on the EU e-evidence package and negotiations on various international agreements on cross-border access to e-evidence — according to Luca Tosoni, a research fellow at the Norwegian Research Center for Computers and Law at the University of Oslo.
“It is worth noting that, under Article 4(2) of the Treaty on the European Union, “national security remains the sole responsibility of each Member State”. Yet, the advocate general’s opinion suggests that this provision does not exclude that EU data protection rules may have direct implications for national security,” Tosoni also pointed out. 
“Should the Court decide to follow the opinion… ‘metadata’ such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for national security purposes.  This would require several Member States — including Belgium, France, the UK and others — to amend their domestic legislation.”

Yes, the U.K. now has a law to log web users’ browsing behavior, hack devices and limit encryption

Orbex lands TriSept as a customer for rideshare rocket launch mission in 2022

Space launch startup Orbex has secured a customer for its forthcoming Prime space launch vehicle: TriSept, a provider of launch integration services for both commercial and government customers. TriSept has booked the full capacity of a rideshare mission aboard an Orbex Prime rocket to take off sometime in 2022, which should work schedule-wise provided Orbex meets its target of flying its initial missions starting next year.
Orbex is leaning on 3D-printing to expedite its launch vehicle production process, while also keeping costs low. The UK-based company is also in the process of working on final approvals and consecution of a new spaceport in Sutherland, located in the Scottish highlands, which, when complete, will be the first mainland space launch facility in Europe.
TriSept, which provides launch management and brokerage services in addition to integration for payloads loaded into the launch vehicle, has been operating gin the U.S. space market for years now, and it’ll also be setting up a full-time presence in the UK ahead of the Sutherland spaceport’s opening later this year, at Harwell Space Campus in Oxford.
Fro Orbex, this is a significant deal in part because it’s the European company’s first US-based customer. TriSept has also worked closely with SpaceX and Rocket Lab on launch services for past rideshare missions, so it’s a good partner for Orbex to be working with as it looks to replicate some of the success of those other two launch startups in spinning up its own operations.

Cookie consent tools are being used to undermine EU privacy rules, study suggests

Most cookie consent pop-ups served to Internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests.
“The results of our empirical survey of CMPs [consent management platforms] today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems,” the researchers argue, adding that: “Enforcement in this area is sorely lacking.”
Their findings, published in a paper entitled Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence, chime with another piece of research we covered back in August — which also concluded a majority of the current implementations of cookie notices offer no meaningful choice to Europe’s Internet users — even though EU law requires one.
When consent is being relied upon as the legal basis for processing web users’ personal data, the bar for valid (i.e. legal) consent that’s set by the EU’s General Data Protection Regulation (GDPR) is clear: It must be informed, specific and freely given.
Recent jurisprudence by the Court of Justice of the European Union also further crystalized the law around cookies, making it clear that consent must be actively signalled — meaning a digital service cannot infer consent to tracking by indirect actions (such as the pop-up being closed by the user without a response or ignored in favor of interacting with the service).
Many websites use a so-called CMP to solicit consent to tracking cookies. But if it’s configured to contain pre-ticked boxes that opt users into sharing data by default — requiring an affirmative user action to opt out — any gathered ‘consent’ also isn’t legal.
Consent to tracking must also be obtained prior to a digital service dropping or accessing a cookie; Only service-essential cookies can be deployed without asking first.
All of which means — per EU law — it should be equally easy for website visitors to choose not to be tracked as to agree to their personal data being processed.
However the Dark Patterns after the GDPR study found that’s very far from the case right now.
“We found that dark patterns and implied consent are ubiquitous,” the researchers write in summary, saying that only slightly more than one in ten (11.8%) of the CMPs they looked at “meet the minimal requirements that we set based on European law” — which they define as being “if it has no optional boxes pre-ticked, if rejection is as easy as acceptance, and if consent is explicit”.
For the study, the researchers scraped the top 10,000 UK websites, as ranked by Alexa, to gather data on the most prevalent CMPs in the market — which are made by five companies: QuantCast, OneTrust, TrustArc, Cookiebot, and Crownpeak — and analyzed how the design and configurations of these tools affected Internet users’ choices. (They obtained a data set of 680 CMP instances via their method — a sample they calculate is representative of at least 57% of the total population of the top 10k sites that run a CMP, given prior research found only around a fifth do so.)
Implicit consent — aka (illegally) inferring consent via non-affirmative user actions (such as the user visiting or scrolling on the website or a failure to respond to a consent pop-up or closing it without a response) — was found to be common (32.5%) among the studied sites.
“Popular CMP implementation wizards still allow their clients to choose implied consent, even when they have already indicated the CMP should check whether the visitor’s IP is within the geographical scope of the EU, which should be mutually exclusive,” they note, arguing that: “This raises significant questions over adherence with the concept of data protection by design in the GDPR.”
They also found that the vast majority of CMPs make rejecting all tracking “substantially more difficult than accepting it” — with a majority (50.1%) of studied sites not having a ‘reject all’ button. While only a tiny minority (12.6%) of sites had a ‘reject all’ button accessible with the same or fewer number of clicks as an ‘accept all’ button.
Or, to put it another way, ‘Ohhai dark pattern design‘…
“An ‘accept all’ button was never buried in a second layer,” the researchers go on to point out, also finding that “74.3% of reject all buttons were one layer deep, requiring two clicks to press; 0.9% of them were two layers away, requiring at minimum three.”
Pre-ticked boxes were found to be widely deployed in the studied CMPs as well — despite such a setting not being legally valid. (On this they found: “56.2% of sites pre-ticked optional vendors or purposes/categories, with 54.1% of sites pre-ticking optional purposes, 32.3% pre-ticking optional categories, and 30.3% pre-ticking both”.)
They also point out that the high number of third-party trackers routinely being used by sites poses a major problem for the EU consent model — given it requires a “prohibitively long time” for users to become clearly informed enough to be able to legally consent.
The exact number of third party trackers they found being packed like sardines into CMPs varied — with between tens and several hundreds in play depending on the site.
Fifty-eight was the lowest number they encountered. While the highest instance was 542 vendors — on an implementation of QuantCast’s CMP. (And, well, just imagine the ‘friction’ involved in manually unticking all those, assuming that was one of the sites that also lacked a ‘reject all’ button… )
Sites relied on a large number of third party trackers, which would take a prohibitively long time for users to inform themselves about clearly. Out of the 85.4% of sites that did list vendors (e.g. third party trackers) within the CMP, there was a median number of 315 vendors (low. quartile 58, upp. quartile 542). Different CMP vendors have different average numbers of vendors, with the highest being QuantCast at 542… 75% of sites had over 58 vendors. 76.47% of sites provide some descriptions of their vendors. The mean total length of these descriptions per site is 7,985 words: roughly 31.9 minutes of reading for the average 250 words-per-minute reader, not counting interaction time to e.g. unfold collapsed boxes or navigating to and reading specific privacy policies of a vendor.
A second part of the research involved a field experiment involving 40 participants to investigate how the eight most common CMP designs affect Internet users’ consent choices.
“We found that notification style (banner or barrier) has no effect [on consent choice]; removing the opt-out button from the first page increases consent by 22–23 percentage points; and providing more granular controls on the first page decreases consent by 8–20 percentage points,” they write in summary on that.
They argue this portion of the study supports the notion that two of the most common consent interface designs – “not showing a ‘reject all’ button on the first page; and showing bulk options before showing granular control” – make it more likely for users to provide consent, thereby “violating the [GDPR] principle of “freely given””.
They also make reference to “qualitative reflections” of the participants in the paper — which were obtained via  survey after individuals’ consent choices had been registered during the field study — suggesting these responses “put into question the entire notice-and-consent model not because of specific design decisions but merely because an action is required before the user can accomplish their main task and because they appear too frequently if they are shown on a website-by-website basis”.
So, in other words, just the fact of interrupting a web user to ask them to make a choice may itself apply substantial enough pressure that it might render any resulting ‘consent’ invalid.
The study’s finding of the prevalence of manipulative designs and configurations intended to nudge or even force consent suggests Internet users in Europe are not actually benefiting from a legal framework that’s supposed to protection their digital data from unwanted exploitation — and are rather being subject to a lot of noisy, distracting and disingenuous ‘consent theatre’.
Cookie notices not only generate friction and frustration for the average Internet user, as they try to go about their daily business online, but the current situation is creating a faux veneer of compliance — atop what is actually a massive trampling of rights via what amounts to digital daylight robbery of people’s data at scale.
The problem here is that EU regulators have for years looked the other way where online tracking is concerned, failing entirely to enforce the on-paper standard.
Enforcement is indeed sorely lacking, as the researchers note. (Industry lobbying/political pressure, limited resources, risk aversion and regulatory capture, and a legacy of inaction around digital rights are all likely to blame.)
And while the GDPR only started being applied in May 2018, Europe has had regulations on data-gathering mechanisms like cookies for approaching two decades — with the paper pointing out that an amendment to the ePrivacy Directive all the way back in 2002 made it a requirement that “storing or accessing information on a user’s device not ‘strictly necessary’ for providing an explicitly requested service requires both clear and comprehensive information and opt-in consent”.
Asked about the research findings, lead author, Midas Nouwens, questioned why CMP vendors are selling so called ‘compliance’ tools that allow for non-compliant configurations in the first place.
“It’s sad, but I don’t think anyone is surprised anymore by how few pop-ups comply with the GDPR,” he told TechCrunch. “What is shocking is how non-compliant interface designs are allowed by the companies that provide consent pop-ups. Why do they let their clients count scrolling as consent or bury the decline button somewhere on the third page?”
“Enforcement is really the next big challenge if we don’t want the GDPR to go down the same path as the ePrivacy directive,” he added. “Since enforcement agencies have limited resources, focusing on the popular consent pop-up providers could be a much more effective strategy than targeting individual websites.
“Unfortunately, while we wait for enforcement, the dark patterns in these pop-ups are still manipulating people into being tracked.”
Another of the researchers behind the paper, Michael Veale, a lecturer in digital rights and regulation at UCL, also expressed shock that CMP vendors are allowing their tools to be configured in ways which are clearly intended to manipulate Internet users — thereby flouting the law.
In the paper the researchers urge regulators to take a smarter approach to tackling such widespread violation, such as by making use of automated tools “to expedite discovery and enforcement” of non-compliant cookie notices, and suggest they work “further upstream” — such as by placing requirements on the vendors of CMPs “to only allow compliant designs to be placed on the market”.
“It’s shocking to see how many of the large providers of consent pop-ups allow their systems to be misconfigured, such as through implicit consent, in ways that clearly infringe data protection law,” Veale told us, adding: “I suspect data protection authorities see this widespread illegality and are not sure exactly where to start. Yet if they do not start enforcing these guidelines, it’s unclear when this widespread illegality will start to stop.”
“This study even overestimates compliance, as we don’t focus on what actually happens to the tracking when you click on these buttons, which other recent studies have emphasised in many cases mislead individuals and do nothing at all,” he also pointed out.
We reached out to the UK’s data protection watchdog, the ICO, for a response to the research — and a spokeswoman pointed us to this cookie advice blog post it published last year, saying the advice it contains “still stands”.
In the blog Ali Shah, the ICO’s head of technology policy, suggests there could be some (albeit limited) action from the regulator this year to clean up cookie consent, with Shah writing that: “Cookie compliance will be an increasing regulatory priority for the ICO in the future. However, as is the case with all our powers, any future action would be proportionate and risk-based.”
While European citizens wait for data protection regulators to take meaningful action over systematic breaches of the GDPR — including those attached to consent-less tracking of web users — there is one step European web users can take to shrink the pain of cookie consent pop-ups: The researchers behind the study have built an open source browser extension that can automatically answer pop-ups based on user-customizable preferences.
It’s called Consent-o-Matic — and there are versions available for Firefox and Chrome.

A holiday gift from us* at @AarhusUni: Consent-o-Matic! A browser extension that automatically answers consent pop-ups for you. Firefox: https://t.co/5PhAEN6eOdChrome: https://t.co/ob8xrLxhFWGithub: https://t.co/0Xe9xNwCEb
* @cklokmose; Janus Bager Kristensen; Rolf Bagge
1/8 pic.twitter.com/3ooV8ZFTH0
— Midas Nouwens (@MidasNouwens) December 24, 2019

At release the tool can automatically respond to cookie banners built by the five big CMP suppliers (QuantCast, OneTrust, TrustArc, Cookiebot, and Crownpeak).
But being as it’s open source, the hope is others will build on it to expand the types of pop-ups it’s able to auto-respond to. In the absence of a legally enforced ‘Do Not Track’ browser standard this is about as good as it gets for Internet users desperately seeking easier agency over the online tracking industry.
In a Twitter thread last month announcing the tool, Nouwens described the project as making use of “adversarial interoperability” as a pro-privacy tactic.
“Automating consent and privacy preferences is not new (DNT and P3P), but this project uses adversarial interoperability, rather than rely on industry self-regulation or buy-in from fundamentally opposed stakeholders (browsers, advertisers, publishers),” he observed.
However he added one caveat, reminding users to be on their guard for further non-compliance from the data suckers — pointing to the earlier research paper also flagged by Veale which found a small portion of sites (~7%) entirely ignore responses to cookie pop-ups and track users regardless of response.
So sometimes even a seamlessly automated ‘no’ to tracking might still sum to being tracked…

Adtech told to keep calm and fix its ‘lawfulness’ problem

Facebook and eBay pledge to do more to tackle trade in fake reviews after pressure from UK regulator

Facebook and eBay have made commitments to do more to stop fake reviews being sold on their platforms after coming under pressure from a UK markets regulator — even as fresh examples of the problem have been found on Facebook-owned Instagram.
Last June the Competition and Markets Authority (CMA) warned the two platform that they must do more to prevent the sale of fake reviews on their platforms, saying it had found “troubling evidence” of a “thriving marketplace for fake and misleading online reviews.”
The regulator estimates that more than three-quarters of UK shoppers are influenced by reviews when they shop online, with billions of pounds being spent every year based on write-ups of products or services — which in turn encourages an illegal trade in fake and misleading reviews.
A few months after the CMA’s warning UK consumer rights group Which? released the results of its own investigation of the problem — singling out Facebook for having failed to move the needle (while finding eBay had made progress).
Today the CMA says Facebook has removed a total of 188 groups and disabled 24 user accounts as a result of its investigation. While eBay has permanently banned 140 users after the intervention.
The regulator said both companies have now pledged to put measures in place to “better identify, investigate and respond to” the trade in fake reviews, and help prevent such content from appearing in the future — with Facebook agreeing to introduce “more robust systems” to detect and remove such content; and eBay saying it has improved its existing filters to “better identify and block listings” for the sale or trade of online reviews.
Commenting in a statement, CMA chief executive Andrea Coscelli said: “We’re pleased that Facebook and eBay are doing the right thing by committing to tackle this problem and helping to keep their sites free from posts selling fake reviews.”
“Fake reviews are really damaging to shoppers and businesses alike. Millions of people base their shopping decisions on reviews, and if these are misleading or untrue, then shoppers could end up being misled into buying something that isn’t right for them – leaving businesses who play by the rules missing out,” he added. 
The CMA’s press release does not contain any detail of the kinds of improvements the pair have agreed to but Facebook told us it’s looking into developing automated technology to help detect and remove the bogus content.
Commenting in a statement, a Facebook spokesperson said:
Fraudulent activity is not allowed on Facebook or Instagram, including offering or trading fake reviews. While we have invested heavily to prevent this kind of activity across our services, we know there is more work to do and are working with the CMA to address this issue. Since we were first contacted by the CMA, we have identified and removed over 180 groups and 24 accounts for violating our rules and have taken robust steps to prevent this type of fraudulent activity from re-appearing on our platforms. This includes exploring the use of automated technology to help us detect and remove this content quickly, before people see it and report it to us.
An eBay spokesperson also told us: “We maintain zero tolerance for fake or misleading reviews and will continue to take action against any seller that breaches our user polices. We welcome today’s CMA report, as well as their acknowledgement of our ongoing enforcement work on this issue.”
Despite the CMA chalking up the platforms’ pledge to ‘do more’ as a win for consumers, it also reveals it’s found fresh examples of fake reviews traded on Facebook-owned Instagram — suggesting the game of whack-a-fake goes on. And will go on, unless or until platforms face more robust regulation and enforcement vis-a-vis the content they spread and monetize.
The CMA notes that websites have a responsibility to ensure that unlawful and harmful content isn’t advertised or sold through their platforms. However, as it stands, there’s little real punishment for failing to tackle the trade in bogus reviews — beyond reputational damage (and the slow burn of user trust).
The UK government recently proposed legislation to tackle a range of online harms, setting out a safety-first plan to regulation Internet firms last year — which could mean more stringent controls on platform content in future. For now, though, regulators have only tough words in their toolbox to try to make tech giants clean up their act.
The CMA says it reported the instances of fake reviews that it found being traded on Instagram to Facebook, adding: “Facebook has committed to investigate the issue” — and saying it “will be seeking a commitment from Facebook to take action to tackle these further issues.”

Union Square Ventures leads legal tech startup Juro’s $5M Series A

Juro, a UK startup that’s using machine learning tech and user-centric design to do for contracts what Typeform does for online forms, has caught the eye of Union Square Ventures. The New York-based fund leads a $5 million Series A investment that’s being announced this morning.
Also participating in the Series A are existing investors Point Nine Capital, Taavet Hinrikus (co-founder of TransferWise) and Paul Forster (co-founder of Indeed). The round takes Juro’s total raised to-date to $8M, including a $2M seed which we covered back in 2018.
London is turning into a bit of a hub for legal tech, per Juro CEO and co-founder Richard Mabey — who cites “strong legal services industry” and “strong engineering talent” as explainers for that.
It was also, he reckons, “a bit of a draw” for Union Square Ventures — making what Juro couches as a “rare” US-to-Europe investment in legal tech in the city via the startup.
“Having brand name customers in the US certainly helped. But ultimately, they look for product-led companies with strong cross-functional teams wherever they find them,” he adds.
Juro’s business is focused on taking the tedium out of negotiating and drawing up contracts by making contract-building more interactive and trackable. It also handles e-signing, and follows on with contract management services, using machine learning tech to power features such as automatic contract tagging and for flagging up unusual language.
All of that sums to being a “contract collaboration platform”, as Juro’s marketing puts it. Think of it like Google Docs but with baked in legal smarts. There’s also support for visual garnish like animated GIFs to spice up offer letters and engage new hires.
“We have a data model underlying our editor that transforms every contract into actionable data,” says Mabey. “Juro contracts look like contracts, smell like contracts but ultimately they are written in code. And that code structures the data within them. This makes a contract manager’s life 10x easier than using an unstructured format like Word/pdf.”
“Still our main competitor is MS Word,” he adds. “Our challenge is to bring lawyers (and other users of contracts) out of Word, which is a significant task. Fortunately, Word was never designed for legal workflows, so we can add lots of value through our custom-built editor.”
Part of Juro’s Series A funds will be put towards beefing up its machine learning/data science capabilities, per Mabey — who says the overall plan at this point is to “double down on product”, including by tripling the size of the product team.
“That means hiring more designers, data scientists and engineers — building our engineering team in the Baltics,” he tells us. “There’s so much more we are excited to do, especially on the ML/data side and the funding unlocks our ability to do this. We will also be building our commercial team (marketing, sales, cs) in London to serve the EU market and expand further into the US, where we already have some customers on the ground.”
The 2016-founded startup still isn’t breaking out customer numbers but says it’s processed more than 50,000 contracts for its clients so far, noting too that those contracts have been agreed in 50+ countries. (“Everywhere from Estonia to Japan to Kazakhstan,” as Mabey puts it.)
In terms of who Juro users are, it’s still mostly “mid-market tech companies” — with Mabey citing the likes of marketplaces (Deliveroo), SaaS (Envoy) and fintechs (Luno), saying it’s especially companies processing “high volumes of contracts”.
Another vertical it’s recently expanded into is media, he notes.
“E-signature giants have grown massively in the last few years, and some are gradually encroaching into the contract lifecycle — but again, they deal with files (pdfs mostly) rather than dynamic, browser-based documentation,” he argues, adding: “In terms of new legal tech entrants — I’m excited by Kira Systems especially, who are working on unpicking pdf contracts post-signature.”
As part of the Series A, Union Square Ventures parter, John Buttrick, is joining Juro’s board.
Commenting in a supporting statement, Buttrick said: “We look for founders with products equipped to change an industry. While contract management might not be new, Juro’s transformative vision for it certainly is. There’s no greater proof of the product’s ease of use than the fact that we negotiated and closed the funding round in it. We’re delighted to support Juro’s team in making their vision a reality.”
Juro’s contract management platform — dashboard view

Travelex suspends services after malware attack

Travelex, a major international foreign currency exchange, has confirmed its suspended some services after it was hit by malware on December 31.
The London-based company, which operates more than 1,500 stores globally, said it took systems offline to “as a precautionary measure in order to protect data” and to stop the spread of the malware.
Its U.K. website is currently offline, displaying a “server error” page. Its corporate site said the site was offline while it makes “upgrades.”  According to a tweet, Travelex said staff are “unable to perform transactions on the website or through the app.” Some stores are said to be manually processing customer requests.
Other companies, like Tesco Bank, which rely on Travelex for some services, have also struggled during the outage.
Travelex’s U.K. website is currently offline. (Screenshot: TechCrunch)
The company said no customer data has been compromised “to date,” but did not elaborate or provide evidence for the claim.
It’s also unclear why the company took two days to disclose the security incident.
The company declined to identify the kind of malware used in the attack, citing an ongoing forensic investigation. In the past year, several high-profile companies have been increasingly targeted by ransomware, a data encrypting malware, which only unscrambles the data once a ransom has been paid. Aluminum manufacturing giant Norsk Hydro and the U.K. Police Federation were both hit in March, then Arizona Beverages and Aebi Schmidt in April, and shipping company Pitney Bowes in October.
Several local and state governments have also been attacked by ransomware. New Orleans declared a state of emergency last month after its systems were hit by ransomware.
A Travelex spokesperson would not comment beyond the statement.

The sinkhole that saved the internet

Adtech told to keep calm and fix its ‘lawfulness’ problem

Six months after warning that the real-time bidding (RTB) component of programmatic online advertising is wildly out of control — i.e. in a breaking the law sense — the UK’s data protection watchdog has marked half a year’s regulatory inaction with a blog post that entreats the adtech industry to come up with a solution to an “industry problem”. 
Casual readers of the ICO’s pre-Christmas message for European law-flouting adtech might be forgiven for thinking it looks a lot like the regulator telling the industry to ‘keep calm and carry on regulating yourselves’.
More informed readers, who understand that RTB is a process which (currently) entails systematic, privacy-eviscerating high velocity trading of people’s personal data for the purpose of targeting them with ads, might feel moved to point out that self-regulation is a core part of why adtech is in the abject mess it’s in.
Ergo, a data protection regulator calling for more of the same systemic failure does look rather, uh, uninspiring.
In the mildly worded blog post, Simon McDougall, the ICO’s executive director for technology and innovation — who does not appear to work anywhere near an enforcement department — includes such grand suggestions for adtech law-breakers as: “keep engaging with your trade associations”.
You’ll have to forgive us for not being overly convinced such a step will lead to any paradigm tilts to privacy — or “solutions that combine innovation and privacy”, as McDougall puts it — given episodes like this.
Another of the big ideas he has for the industry to get with the legal program is to suggest people working in adtech “challenge” senior management to “review their approach”.
Now we know employee activism is rather in vogue right now — at least at certain monopolistic tech giants who’ve scaled so big, and employ such large armies of lawyers, they’re essentially immune to moral and societal operational norms — but we’re not sure it’s the greatest look for the UK’s data watchdog to be encouraging adtech professionals to put their own jobs on the line instead of, y’know, doing its job and enforcing the law.
It’s possible that McDougall, a relatively recent recruit to the regulator, may not yet know it from his perch in the “technology and innovation” unit, but the ICO does have a powerful toolbox at its disposal these days. Including the ability, under the pan-EU General Data Protection Regulation framework, to levy fines of up to 4% of global turnover on entities it finds seriously violating the law.
It can also order a stop to law-violating data processing. And what better way to end the mass-scale privacy violations attached to programmatic advertising than by ordering personal data be stripped out of RTB requests, you might wonder?
It wouldn’t mean an end to being able to target ads online. Contextual targeting doesn’t require personal data — and has been used successfully by the likes of non-tracking search engine DuckDuckGo for years (and profitably so). It would just mean an end to the really creepy, stalkerish stuff. The stuff consumers hate — which also serves up horribly damaging societal effects, given that the mass profiling of Internet users enables push-button discrimination and exploitation of the vulnerable at vast scale.
Microtargeted ads are also, as we now know all too well, a pre-greased electronic conduit for attacks on democracy and society — enabling the spread of malicious disinformation.

Since folks with an eye on these topics are retweeting this, here are a few things I’ve written this year about the negative externalities of behavioral targeting. 1/3 https://t.co/n8i7QyCeR0 pic.twitter.com/g3a4X1bbpi
— Josh Braun (@josh_braun) December 20, 2019

The societal stakes couldn’t be higher. Yet the ICO appears content to keep calm and let the adtech industry carry on — no enforcement just biannual reminders of “concerns” about “lawfulness”.
To wit: “We have significant concerns about the lawfulness of the processing of special category data which we’ve seen in the industry, and the lack of explicit consent for that processing,” as McDougall admits in the post.
“We also have concerns about whether reliance on contractual clauses to justify onward data sharing is sufficient to comply with the law. We have not seen case studies that appear to adequately justify this.”
Set tone to: ‘Oopsy’.
The title of the ICO’s blog post — Adtech and the data protection debate – where next? — also incorporates contradictory framing as if to imply there is “debate” as to whether the industry needs to comply with data protection law. (Given the ICO’s own findings of “concern” that framing is itself concerning.)
So what can the adtech industry expect the ICO to actually do if it continues to fail to embed a “privacy by design approach in its use of RTB” (another of the blog post’s big suggestions) — and therefore keeps on, er, breaking the law?
Well, the ICO plans to make like a sponge over the “coming weeks”, per McDougall, who says it will spend time “absorbing all the information gathered and the rich conversations we’ve had throughout the year” and then shift into first gear — where it will be “evaluating all of the options available to us”.
No rush, eh.
A “further update” will then be put out in “early 2020” which will set out the ICO’s position — third time lucky perhaps?!
This update, we are informed, will also include “any action we’re taking”. So possibly still nothing, then.
“The future of RTB is both in the balance and in the hands of all the organisations involved,” McDougall writes — as if regulatory enforcement requires industry buy in.
UK taxpayers should be forgiven for wondering what exactly their data protection regulator is for at this point. Hopefully they’ll find out in a few months’ time.

Regulator confuses blogging with enforcement https://t.co/0QJxyDT10X Next up perhaps @iconew will hold an adtech roundtable where they don’t serve tea & biscuits
— Natasha (@riptari) December 20, 2019

GDPR adtech complaints keep stacking up in Europe

France slaps Google with $166M antitrust fine for opaque and inconsistent ad rules

France’s competition watchdog has slapped Google with a €150 million (~$166M) fine after finding the tech giant abused its dominant position in the online search advertising market.
In a decision announced today — following a lengthy investigation into the online ad sector — the competition authority sanctions Google for adopting what it describes as “opaque and difficult to understand” operating rules for its ad platform, Google Ads, and for applying them in “an unfair and random manner”.
The watchdog has ordered Google to clarify how it draws up rules for the operation of Google Ads and its procedures for suspending accounts. The tech giant will also have to put in place measures to prevent, detect and deal with violations of Google Ads rules.
A Google spokesman told TechCrunch the company will appeal the decision.
The decision — which comes hard on the heels of a market study report by the UK’s competition watchdog asking for views on whether Google should be broken up — relates to search ads which appear when a user of Google’s search engine searches for something and ads are served alongside organic search results.
More specifically it relates to the rules Google applies to its Ads platform which set conditions under which advertisers can broadcast ads — rules the watchdog found to be confusing and inconsistently applied.
It also found Google had changed its position on the interpretation of the rules over time, which it said generated instability for some advertisers who were kept in a situation of legal and economic insecurity.
In France, Google holds a dominant position in the online search market, with its search engine responsible for more than 90% of searches carried out and holds more than 80% of the online ad market linked to searches, per the watchdog which notes that that dominance puts requirements on it to define operating rules of its ad platform in an objective, transparent and non-discriminatory manner.
However it found Google’s wording of ad rules failed to live up to that standard — saying it is “not based on any precise and stable definition, which gives Google full latitude to interpret them according to situations”.
Explaining its decision in a press release the Autorité de la Concurrence writes [translated by Google Translate]:
[T]he French Competition Authority considers that the Google Ads operating rules imposed by Google on advertisers are established and applied under non-objective, non-transparent and discriminatory conditions. The opacity and lack of objectivity of these rules make it very difficult for advertisers to apply them, while Google has all the discretion to modify its interpretation of the rules in a way that is difficult to predict, and decide accordingly whether the sites comply with them or not. This allows Google to apply them in a discriminatory or inconsistent manner. This leads to damage both for advertisers and for search engine users.
The watchdog’s multi-year investigation of the online ad sector was instigated after a complaint by a company called Gibmedia — which raised an objection more than four years ago after Google closed its Google Ads account without notice.
At the time, Gibmedia requested provisional measures be taken. The watchdog rejected that request in a 2015 decision but elected to continue investigating “the merits of the case”. Today’s decision marks the culmination of the investigation.
In a response statement on the decision, a Google spokesperson said: “People expect to be protected from exploitative and abusive ads and this is what our advertising policies are for.”
Its statement also claims Gibmedia was “running ads for websites that deceived people into paying for services on unclear billing terms”. “We do not want these kinds of ads on our systems, so we suspended Gibmedia and gave up advertising revenue to protect consumers from harm,” the Google spokesperson added.
However the watchdog’s press release anticipates and unpicks this argument — pointing out that while having an objective of consumer protection is “perfectly legitimate” it does not justify Google treating advertisers in “a differentiated and random manner in comparable situations”.
“Google cannot suspend the account of an advertiser on the grounds that it would offer services that it considers contrary to the interests of the consumer, while agreeing to reference and accompany on its advertising platform sites that sell similar services,” it writes. 
While the watchdog does not state that it found evidence Google used ambiguous and inconsistently applied ad rules in a deliberate attempt to block competitors, it asserts the behavior displays “at best negligence, at worst opportunism”.
It also suggests that another element of Google ad rules could lead sites to favor a content policy aligned with its own ad-funded services — thereby pushing online publishers to adopt an economic model that feeds and benefits its own. 
During Google’s implementation of the now sanctioned practices the watchdog points out that the company has received regular warnings around EU competition rules — noting the string of European Commission antitrust decisions against Google products in recent years. (Most recently, in March, Google was fined ~$1.7BN for antitrust violations related to its search ad brokering business, AdSense.)
While, since 2010, it says it has issued a number of decisions related to the drafting and application of rules on the ad market which Google could also have taken note of.
In addition to being fined, being required to clarify its procedures and to set up a system of alerts to help advertisers avoid account suspensions, the decision requires Google to organize mandatory annual training for Google Ads support staff.
It must also submit an annual report to the watchdog specifying the number of complaints filed against it by French Internet users; the number of sites and accounts suspended; the nature of the Rules violated and the terms of the suspension.
Within two months of today’s decision Google must also present the watchdog with a report detailing the measures and procedures it will take to take to comply with the orders. A further report is due within six months detailing all the measures and procedures Google has actually put in place.
At the start of this year Google was also fined $57M by France’s data protection watchdog for violations of Europe’s General Data Protection Regulation.

Uber’s ride-hailing business hit with ban in Germany

Another legal blow for Uber in Europe: A regional court in Frankfurt has banned the company from sending ride-hailing requests to rental car companies via its app — with the court finding multiple competition violations.
The ruling, over Uber’s dispatching process, follows a legal challenge brought by a German taxi association.
In Germany Uber’s ride-hailing business works exclusively with professional and licensed private hire vehicle (PHV) companies — whose drivers and cars have the necessary licenses and permits to transport passengers. So the court ban essentially outlaws Uber’s current model in the country — unless it’s able to make changes to come into compliance.
Uber can appeal the Frankfurt court’s judgement but did not respond when asked whether it intends to do so.
The ban is enforceable immediately. It’s not clear whether Uber will temporarily pausing service in the market to come into compliance — it has not said it will do so, suggesting it intends to scramble to make changes while continuing to operate. But if it does that it risks fines if it’s caught breaching the law in the meanwhile.
Per Reuters, the plaintiff in the case, Taxi Deutschland, has said it will seek immediate provisional enforcement — with the threat of fines of €250 per ride, or up to €250,000 per ride for repeated offences if Uber fails to make the necessary changes.
“We will assess the court’s ruling and determine next steps to ensure our services in Germany continue,” an Uber spokesperson said in a statement. “Working with licensed PHV operators and their professional drivers, we are committed to being a true partner to German cities for the long term.”
Among the issues identified by the court as violations of German law are Uber’s lack of a rental licence; rental drivers it uses to supply the driving service accepting jobs via the Uber app without first returning to their company’s headquarters; and rental drivers accepting jobs directly in the app without the jobs being previously received by their company.
Uber’s p2p ride-hailing offering has been effectively outlawed across Europe since a 2017 decision by the region’s top court which judged it a transportation company, not merely a tech platform — which means its business is subject to PHV regulations in each EU Member State. Compliance costs have thus been piled onto its model in the region. 
Uber argues that reform of German transport law is needed to take account of digital business models and app-based dispatch. In the meanwhile its business demonstrably remains vulnerable to legal challenges around PHVs regulations.
The Frankfurt court ruling also comes hard on the heels of a decision by London’s transport regulator not to renew Uber’s license to operate in the UK capital.
The city regulator found a “pattern of failures” which it said put “passenger safety and security at risk” — including unauthorised drivers being able to pick up passengers as though they were the booked driver in at least 14,000 trips.
In that case Uber can continue to operate in London during the appeals process. The company submitted an appeal last week.

Mental health startup eQuoo joins UK’s NHS app library, closes in on seed round

UK-based mental health startup eQuoo has become the only game in the UK’s National Health Service App Library and is set to shortly close it’s seed funding round. The app is an emotional fitness game that aims to teach healthy psychological skills.
The NHS announcement means a UK doctor can now formally refer eQuoo to their patients to improve their mental health and wellbeing.
The app has also now achieved a top rating at ORCHA, the leading health app assessment platform and now has clients including Barmer, the largest insurance company in Germany.
Founder and CEO Silja Litvin says she created the startup because of the mental health crisis. “While working in an NHS Trust for eating and mood disorders I was dismayed about the fact that many of our young clients had to wait months to see us for a measly 6 sessions. Psychologists are not scalable, but apps are, so I decided to make an app. After developing PsycApps, an evidence-based anti-depression app I learned the hard way that mental health apps all struggle with drop off rates of up to 90% in week 1, so we pivoted towards gamification with the launch of eQuoo, as casual games can have a positive mental health effect and intrinsically get players to stick to them.”
Earlier this year the startup also gained scientific backing for its app, Going through a “three arm”, five-week-long, randomized control trial with over 350 participants, with Bosch UK. By contrast Woebot, a highly lauded mental health chatbot startup, went through only a two-week trial with 70 participants.
Results showed “statistically significant increases in wellbeing metrics” and a significant decrease in anxiety when using the app over a timeframe of five weeks.

UK’s competition regulator asks for views on breaking up Google

The UK’s competition regulator has raised concerns about the market power of digital ad platform giants Google and Facebook in an interim report published today, opening up a consultation on a range of potential inventions — from breaking up platform giants, to limiting their ability to set self-serving defaults, and enforcing data sharing and/or feature interoperability to help rivals compete.
Breaking up Google by forcing it to separate its ad server arm from the rest of the business is one of a number of possible interventions it’s eyeing, along with enforcing choice screens for search engines and browsers that use non-monetary criteria to allocate slots — vs Google’s plan for a pay-to-play offering for EU Android users (which rivals argue does not offer relief for the antitrust abuse the European Commission sanctioned last year).
The UK regulator is also considering whether to require Facebook to interoperate specific features of its current network so they can be accessed by competitors — as a fix for what it describes as “strong network effects” which work against “new entrant and challenger social media platforms”.
The Competition and Markets Authority (CMA) launched the market study in July — a couple of weeks after the UK’s data watchdog published its own damning report setting out major privacy and other concerns around programmatic advertising.
It is due to issue a final report next summer — which will set out conclusions and recommendations for interventions — and is now consulting on suggestions in its interim report, inviting contributions before February 12.
Since beginning the study the CMA says it has received several requests to open a full-blown market investigation, which means it has a statutory duty to consult on making such a reference.
Based on initial findings from the study it says there are “reasonable grounds” for suspecting serious impediments to competition in the online platforms and digital advertising market.
The report specifically flags three areas where it suspects harm — namely:
the open display advertising market — with a focus on “the conflicts of interest Google faces at several parts of its vertically integrated chain of intermediaries”;
general search and search advertising — with a focus on “Google’s market power and the barriers to expansion faced by rival search engines”;
social media and display advertising — with a focus on “Facebook’s market power and the lack of interoperability between Facebook and rival services”;
Other concerns raised in the report include problems flowing from a lack of transparency in the digital advertising market; and the difficulty or lack of choice for consumers to opt out of behavioral advertising.
However the regulator is not making a market investigation reference at this stage — a step which would open access to the order making powers which could be used to enforce the sorts of interventions discussed in the report. Instead, the CMA says it is favors making recommendations to government to feed into a planned “comprehensive regulatory framework” to govern the behaviour of online platforms.
Earlier this year the UK government set out a wide-ranging proposal to regulate a range of online harms. Although it remains to be seen how much of that program prime minister Boris Johnson’s newly elected Conservative government will now push ahead with.
“Although it is a finely balanced judgement, we remain of the view that a comprehensive suite of recommendations to government is currently the best way forward and are therefore consulting on not making a market investigation reference at this stage,” the CMA writes, saying it feels it has further investigation work to do and also does not wish to “cut across” the government’s plans around regulating platforms.
“The concerns we have identified regarding online platforms such as Google and Facebook are a truly global antitrust challenge facing governments and regulators. Therefore, in relation to some of the potential interventions we may consider in a market investigation, and in particular any significant structural remedies such as those involving ownership separation, we need to be pragmatic about what changes could efficiently be pursued unilaterally by the UK,” it adds, saying it will “continue to work as closely as we can with our international counterparts to develop a coordinated position on these issues in the second half of the study”.
Antitrust regulators in a number of countries have been turning their attention on platform giants in recent years — including Australia and the US.
The new European Commission has also talked tough on platform power, suggesting it will further dial up scrutiny of tech giants and seek to accelerate its own interventions where it finds competitive harms.
Responding to the CMA report in a statement, Ronan Harris, VP, Google UK and Ireland, told us:
The digital advertising industry helps British businesses of all sizes find customers in the UK and across the world, and supports the websites that people know and love with revenue and reach. We’ve built easy-to-use controls that enable people to manage their data in Google’s services — such as the ability to turn off personalised advertising and to automatically delete their search history.  We’ll continue to work constructively with the CMA and the government on these important areas so that everyone can make the most of the web.
A Facebook spokesperson also sent us this statement:
We are fully committed to engaging in the consultation process around the CMA’s preliminary report, and continuing to deliver the benefits of technology and relevant advertising to the millions of people and small businesses in the UK who use our services.
We agree with the CMA that people should have control over their data and transparency around how it is used. In fact, for every ad we show, we give people the option to find out why they are seeing that ad and an option to turn off ads from that advertiser entirely.  We also provide industry-leading tools to help people control their data, like “Off Facebook Activity”, and to transfer it to other services through our Data Transfer tools.  We look forward to further engagement with the CMA on these topics.

Snagging Pearson’s AR assets and $1 million in cash, GIGXR is ready for its close up

Meet GIGXR, the new owner of all of the assets of Pearson Immersive Learning Group, a subsidiary of the education and media publishing giant, Pearson.
Formed specifically to roll up Pearson’s virtual and augmented reality assets, GIGXR is helmed by David King Lassman, the founder of streaming media company Vyclone and the Southern Californian venture capital firm White Hart Ventures.
The serial entrepreneur had been in discussions with Pearson for the better part of a year to acquire the company’s VR and AR assets. Initially established as part of a collaboration with Microsoft back in 2014 when the company first began work on its Hololens, the media giant is spinning out the team as it explores the broader sale of certain assets.
The group has intellectual property for virtual and augmented reality training programs for hospitals, nursing schools and universities, according to a statement.
Based in Los Angeles, GIGXR now owns flagship products including HoloPatient and HoloHuman, mixed reality training programs for medical schools that operate on the new Hololens 2 headset.
“We’re thrilled to continue our partnership with GIGXR on the heels of our release of HoloLens 2, which has been incredibly well received,” said Dan Ayoub, General Manager for Mixed Reality Education at Microsoft, in a statement. “Our collaboration with the GIGXR suite of applications and team of technology entrepreneurs and thought leaders will dramatically impact the way the world uses mixed reality solutions for enhanced learning now and into the future.”
Operating at the intersection of the $252 billion education market and the $61 billion extended reality industries, GIGXR is actually mining one of the few veins where virtual reality has found a real customer painpoint. As a training tool in enterprises, virtual and augmented reality headsets find themselves following a similar trajectory as Google’s trailblazing (and much maligned) Glass technology.
If there’s one place where emerging technology can be embraced, it’s in businesses where there’s an actual use case for the tech. Whether on the assembly line or in human resources training, companies are turning to virtual and augmented reality in ways that consumer buyers haven’t.
Indeed, Pearson customers including Texas Tech University, University of Queensland, Bucks County Community College, University of Canberra, University of Leeds and other campuses across the U.S., Australia, and the United Kingdom, will continue to receive support from GIGXR for their augmented reality-influenced curriculum.
Lassman said the company had raised $1 million in seed financing and would be seeking to raise additional capital in the first half of 2020.

Waymo buys Latent Logic, drives deeper into simulation and Europe

Waymo has acquired Latent Logic, a UK company that spun out of Oxford University’s computer science department, as the autonomous vehicle company seeks to beef up its simulation technology.
The acquisition also marks the launch of Waymo’s first European engineering hub will be in Oxford, UK. This likely won’t be the end of Waymo’s expansion and investment in Europe and the UK. The former Google self-driving project that is now an Alphabet business said it will continue to look for opportunities to grow the team in the UK and Europe.
Earlier this year, Waymo locked in an exclusive partnership with Renault and Nissan to research how commercial autonomous vehicles might work for passengers and packages in France and Japan. In October, Waymo said that its working with Renault to study the possibility of establishing an autonomous transportation route in Paris.
Waymo has made simulation a one of the pillars of its autonomous vehicle development program. But Latent Logic could help Waymo make its simulation more realistic by using a form of machine learning called imitation learning.
Imitation learning models human behavior of motorists, cyclists and pedestrians. The idea is that by modeling the mistakes and imperfect driving of humans, the simulation will become more realistic and theoretically improve Waymo’s behavior prediction and planning.
Waymo isn’t sharing financial details of the acquistion. But it appears that the two founders Shimon Whiteson and João Messia, CEO Kirsty Lloyd-Jukes and key members of the engineering and technical team will join Waymo. The Latent Logic team will remain in Oxford.
“By joining Waymo, we are taking a big leap towards realizing our ambition of safe, self-driving vehicles,” said Latent Logic co-founder and chief scientist Shimon Whiteson. “In just two years, we have made significant progress in using imitation learning to simulate real human behaviors on the road. I’m excited by what we can now achieve in combining this expertise with the talent, resources and progress Waymo have already made in self-driving technology.”

Inovat modernizes tax reimbursement for streamlined international shopping

If you’ve ever traveled to Europe and purchased something, you’re either likely aware that you can get the Value-Added Tax (VAT) reimbursed once you depart since it’s actually only intended for taxpaying residents of the country wherein its charged. Whether or not you actually bother to get your VAT reimbursement might depend on how convenient it is to do so, and generally speaking, the process is paper-based and pretty annoying. Inovat is a startup that aims to simplify and digitize the process so that it’s not such a pain, opening the door for people to get more of the money they’re rightly owed.
Inovat accomplishes this with an app, available on mobile or on desktop, which employs optical character recognition (OCR) and machine learning to interpret receipts you upload or photograph, determine how much VAT you should be owed for your purchase, and prepare the requisite forms for submission to a customs officer or via an online customs filing form like those found at some airports.
Innovat co-founders Ilya Melkumov and Sonya Baranova came up with the idea because they themselves had encountered the problem of VAT remittance many times, as Russian and Ukranian nationals respectively, traveling within Europe and making purchases on their trips. Melkumov, a former professional e-sports player, met Inovat’s CTO Igor Titov while playing games online, after the two struck up a conversation about getting VAT returns.
Melkumov and Baranova both believed the outdated process, which included high fees and often required paper forms or a lot of manual work to track receipts, could benefit from technologies that are helping improve and modernize other areas related to economics, like the finance industry. They mapped out the currently available solutions, figured out what the industry didn’t yet have and where they could offer solutions. They then quickly got to work building the actual product.
“In July we got together, and by September we had the first version of the product and we started testing it ourselves,” Melkumov told me in an interview. “From there, we started automating parts of it – we had to solve the scalability, we had to understand how we could scan and extract the information from the recipes in a scalable manner.”

That’s where Titov came in, bringing experience from work done for banks and other clients to help make it technically feasible. The resulting app is easy to use, and takes what was a painful and complicated process and makes it as easy as remembering to snap a photo when you make a purchase. They also say they can return up to 50 percent greater refunds to customers versus traditional methods.
“You go to a store, you get the receipt, you take a picture of the receipt,” Melkumov explained. “Then we analyze the receipt and create a unique digital form, which has all your receipts compiled in one digital form linked to a QR code and then you scan that with the customs officer (or automated scanning) and get that processed right away.”
Inovat is focused entirely on the U.K. right now, and its product is designed specifically for that reimbursement flow. That market alone represents $4.3 billion, Melkumov estimates, so it’s large enough for them to focus on it narrowly for now. But, he adds that they definitely have their eye on potential expansion down the road.
“The European market is around $20 billion, and we’ve been contacted by multiple European governments towards creating a more digital tax refund solution,” he said. “Next steps for us is definitely expansion into other European countries.”

Reddit links UK-US trade talk leak to Russian influence campaign

Reddit has linked account activity involving the leak and amplification of sensitive UK-US trade talks on its platform during the ongoing UK election campaign to a suspected Russian political influence operation.
Or, to put it more plainly, the social network suspects that Russian operatives are behind the leak of sensitive trade data — likely with the intention of impacting the UK’s General Election campaign.
The country goes to the polls next week, on December 12.
The UK has been politically deadlocked since mid 2016 over how to implement the result of the referendum to leave the European Union . The minority Conservative government has struggled to negotiate a brexit deal that parliament backs. Another hung parliament or minority government would likely result in continued uncertainty.
In a post discussing the “Suspected campaign from Russia”, Reddit writes:

We were recently made aware of a post on Reddit that included leaked documents from the UK. We investigated this account and the accounts connected to it, and today we believe this was part of a campaign that has been reported as originating from Russia.
Earlier this year Facebook discovered a Russian campaign on its platform, which was further analyzed by the Atlantic Council and dubbed “Secondary Infektion.” Suspect accounts on Reddit were recently reported to us, along with indicators from law enforcement, and we were able to confirm that they did indeed show a pattern of coordination. We were then able to use these accounts to identify additional suspect accounts that were part of the campaign on Reddit. This group provides us with important attribution for the recent posting of the leaked UK documents, as well as insights into how adversaries are adapting their tactics.

Reddit says that an account, called gregoratior, originally posted the leaked trade talks document. Later a second account, ostermaxnn, reposted it. The platform also found a “pocket of accounts” that worked together to manipulate votes on the original post in an attempt to amplify it. Though fairly fruitlessly, as it turned out; the leak gained little attention on Reddit, per the company.
As a result of the investigation Reddit says it has banned 1 subreddit and 61 accounts — under policies against vote manipulation and misuse of its platform.
The story doesn’t end there, though, because whoever was behind the trade talk leak appears to have resorted to additional tactics to draw attention to it — including emailing campaign groups and political activists directly.
This activity did bear fruit this month when the opposition Labour party got hold of the leak and made it into a major campaign issue, claiming the 451-page document shows the Conservative party, led by Boris Johnson, is plotting to sell off the country’s free-at-the-point-of-use National Health Service (NHS) to US private health insurance firms and drug companies.
Labour party leader, Jeremy Corbyn, showed a heavily redacted version of the document during a TV leaders debate earlier this month, later calling a press conference to reveal a fully un-redacted version of the data — arguing the document proves the NHS is in grave danger if the Conservatives are re-elected.
Johnson has denied Labour’s accusation that the NHS will be carved up as the price of a Trump trade deal. But the leaked document itself is genuine.
It details preliminary meetings between UK and US trade negotiators, which took place between July 2017 and July 2019, in which discussion of the NHS takes place, in addition to other issues such as food standards. Although the document does not confirm what position the UK might seek to adopt in any future trade talks with the US.
The source of the heavily redacted version of the document appears to be a Freedom of Information (FOI) request by campaigning organisation, Global Justice Now — which told Vice it made an FOI request to the UK’s Department for International Trade around 18 months ago.
The group said it was subsequently emailed a fully unredacted version of the document by an unknown source which also appears to have sent the data directly to the Labour party. So while the influence operation looks to have originated on Reddit, the agents behind it seem to have resorted to more direct means of data dissemination in order for the leak to gain the required attention to become an election-influencing issue.
Experts in online influence operations had already suggested similarities between the trade talks leak and an earlier Russian operation, dubbed Secondary Infektion, which involved the leak of fake documents on multiple online platforms. Facebook identified and took down that operation in May.
In a report analysing the most recent leak, social network mapping and analysis firm Graphika says the key question is how the trade document came to be disseminated online a few weeks before the election.
“The mysterious [Reddit] user seemingly originated the leak of a diplomatic document by posting it around online, just six weeks before the UK elections. This raises the question of how the user got hold of the document in the first place,” it writes. “This is the single most pressing question that arises from this report.”
Graphika’s analysis concludes that the manner of leaking and amplifying the trade talks data “closely resembles” the known Russian information operation, Secondary Infektion.
“The similarities to Secondary Infektion are not enough to provide conclusive attribution but are too close to be simply a coincidence. They could indicate a return of the actors behind Secondary Infektion or a sophisticated attempt by unknown actors to mimic it,” it adds.
Internet-enabled Russian influence operations that feature hacking and strategically timed data dumps of confidential/sensitive information, as well as the seeding and amplification of political disinformation which is intended to polarize, confuse and/or disengage voters, have become a regular feature of Western elections in recent years.
The most high profile example of Russian election interference remains the 2016 hack of documents and emails from Hillary Clinton’s presidential campaign and Democratic National Committee — which went on to be confirmed by US investigators as an operation by the country’s GRU intelligence agency.
In 2017 emails were also leaked from French president Emmanuel Macron’s campaign shortly before the election — although with apparently minimal impact in that case. (Attribution is also less clear-cut.)
Russian activity targeting UK elections and referendums remains a matter of intense interest and investigation — and had been raised publicly as a concern by former prime minister, Theresa May, in 2017.
Although her government failed to act on recommendations to strengthen UK election and data laws to respond to the risks posed by Internet-enabled interference. She also did nothing to investigate questions over the extent of foreign interference in the 2016 brexit referendum.
May was finally unseated by the ongoing political turmoil around brexit this summer, when Johnson took over as prime minister. But he has also turned a wilfully blind eye to the risks around foreign election interference — while fully availing himself of data-fuelled digital campaign methods whose ethics have been questioned by multiple UK oversight bodies.
A report into Russian interference in UK politics which was compiled by the UK’s intelligence and security parliamentary committee — and had been due to be published ahead of the general election — was also personally blocked from publication by the prime minister.
Voters won’t now get to see that information until after the election. Or, well, barring another strategic leak…

Review: Driving the track-ready, race-banned McLaren Senna GTR

The McLaren Senna GTR shouldn’t exist.
This feat of engineering and design isn’t allowed on public roads. It’s built for the track, but prohibited from competing in motorsports. And yet, the GTR is no outlier at McLaren. It’s part of their Ultimate Series, a portfolio of extreme and distinct hypercars that now serve as the foundation of the company’s identity and an integral part of their business model.
The P1, introduced in 2012, was McLaren Automotive’s opening act on the hypercar stage and was an instant success for both the brand and its business. McLaren followed it up with the P1 GTR, then went on to chart a course toward the Ultimate Series of today and beyond.
Since 2017, the automaker has added the Senna, Speedtail, Senna GTR and now the open-cockpit Elva to the Ultimate Series portfolio. While the GTR is certainly the most extreme and limited in how and where it can be used, it follows a larger pattern of the Ultimate Series as being provocatively designed with obsessive intent.
Automotive takes the wheel
Purpose-built race cars that call on every modern tool of engineering and design have historically been produced for one purpose: winning. This objective, nourished by billions of dollars of investment from the motorsports industry, has led to technological and performance breakthroughs that have eventually trickled down to automotive.
The pipeline that has produced a century of motorsports-driven innovation is narrowing as racing regulations become more restrictive. Now, a new dynamic is taking shape. Automotive is taking the technological lead.

Take the McLaren Senna road car, the predecessor to the GTR. McLaren had to constrain the design of the Senna to make it road legal. But the automaker loaded it with active aerodynamics and chassis control systems that racing engineers could only dream about.
McLaren wasn’t finished. It pushed the bounds further and produced a strictly track-focused and unconstrained race car that expands upon the Senna’s lack of conformity. The Senna GTR might be too advanced and too fast for any racing championship, but McLaren said to hell with it and made the vehicle anyway.
The bet paid off. All 75 Senna GTR hypercars, which start at $1.65 million, sold before the first one was even produced.
The Senna GTR is the symbol of a new reality — a hypercar market that thrives on the ever-more-extreme, homologation standards be damned.
Two weeks ago, I had a chance to get behind the wheel of the Senna GTR at the Snetterton Circuit in the U.K. to find out how McLaren went about developing this wholly unconstrained machine.
Behind the wheel
Rr-rr-rr-kra-PAH! The deafening backfire of the GTR’s 814-horsepower 4.0-liter twin-turbo V8 engine snapped me to attention and instantly transported me to the moment earlier in the day that provided the first hints of what my drive might be like.
Rob Bell, the McLaren factory driver who did track development for the GTR, was on hand to get the car warmed up. Shortly after he set out, the car ripped down the front-straight, climbing through RPMs with an ear-protection-worthy scream that reverberated off every nearby surface, an audible reminder of how unshackled it is.
As Bell approached Turn 1, the rear wing quickly dropped back to its standard setting from the straightaway DRS (drag reduction system) position, then to an even more aggressive airbrake as he went hard to the brakes from 6th gear down to 5th to 4th. The vehicle responded with the signature kra-PAH! kra-PAH! and then promptly discharged huge flames out the exhaust as the anti-lag settings keep a bit of fuel flowing off-throttle.
I thought to myself, ‘Holy sh*t! This thing is no joke!’

Sliding into the driver’s seat, I feel at home. The cockpit is purposeful. The track was cold with some damp spots, and the GTR is a stiff, lightweight race car with immense power on giant slick tires. Conventional wisdom would suggest the driver — me in this case — should slowly work up to speed in these otherwise treacherous conditions. However, the best way to get the car to work is to get temperature in the tires by leaning on it a bit right away. Bell sent me out in full “Race” settings for both the engine and electronic traction and stability controls. Within a few corners — and before the end of the lap — I had a good feel for the tuning of the ABS, TC and ESC, which were all intuitive and minimally invasive.
As a racing driver, it’s rare to feel a tinge of excitement just to go for a drive. As professionals, driving is a clinical exercise. But the GTR triggered that feeling.
I started by pushing hard in slower corners and before long worked my way up the ladder to the fast, high-commitment sections. The car violently accelerated up through the gears, leaving streaks of rubber at the exit of every corner.
Once the car is straight, drivers can push the DRS button to reduce drag and increase speed for an extra haptic kick. The DRS button is now a manual function on the upper left of the steering wheel to give the driver more control over when it’s deployed. After hitting the DRS, the car dares you to keep your right foot planted on the throttle, then instantly hunkers down under braking with a stability I’ve rarely experienced.
The active rear wing adds angle while the active front flaps take it out to counterbalance the effect of the car’s weight shifting forward onto the front axle, letting you drive deeper and deeper into each corner. It’s sharply reactive; the GTR stuck to the road, but still required a bit of driving with my fingertips out at the limit on that cold day. I soon discovered that the faster I went, the more downforce the car generated, and the more speed I was able to extract from it.
Tip to tail
In almost any other environment, the Senna road car is the most shocking car you’ve ever seen. Its cockpit shape is reminiscent of a sci-fi spaceship capsule. The enormous swan neck-mounted rear wing is one highlight in a long list of standout features. The Senna road car looks downright pedestrian next to the GTR.

The rear wing stretches off the back of the car with sculpted carbon fiber endplates and seamlessly connects to the rear fender bodywork. The diffuser that emerges from the car’s underbody — creating low pressure by accelerating the airflow under the car for added downforce — is massive. The giant 325/705-19 Pirelli slicks are slightly exposed from behind, giving you the full sense of just how much rubber is on the ground, and the sharp edges of the center exit exhaust tips are already a bluish-purple tint.
The cockpit shape and dihedral doors are instantly recognizable from the road car. But inside, the GTR is all business. The steering wheel is derived from McLaren’s 720S GT3 racing wheel, a butterfly shape with buttons and rotary switches aplenty. The dash is an electronic display straight out of a race car; six-point belts and proper racing seats complete the aesthetic.

Arriving at the front of the car, the active front wing-flaps are as prominent as ever, while the splitter extends several inches farther out in front of the car and is profiled with a raised area in the center to reduce pitch sensitivity given the car’s much lower dynamic ride-height. In fact, nearly the entire front end of the car has been tweaked; there are additional dive-planes, the forward facing bodywork at the sides of the car have been squared-off and reshaped, and an array of vortex generators have been carved into the outer edge of the wider, bigger splitter surface.
All of these design choices in the front point to the primary area of development from the Senna road-car to the GTR: maximizing its l/d or ratio of lift (in this case the inverse of lift, downforce) to drag.
McLaren pulled two of its F1 aerodynamicists into the GTR project to take the car’s aero to a new level. The upshot: a 20% increase in the car’s total downforce compared to the Senna road car, while increasing aero efficiency — the ratio of downforce to drag — by an incredible 50%. The car is wider, lower and longer than its road-going counterpart, and somehow looks more properly proportioned with its road-legal restrictions stripped away to take full advantage of its design freedom.

This was the car the Senna always wanted to be.
The development process of the GTR was short and to the point. When you have F1 aerodynamicists and a GT3 motorsport program in-house attacking what is already the most high-performing production track car in the industry, it can be. There were areas they could instantly improve by freeing themselves of road-car constraints — the interior of the car could be more spartan; the overall vehicle dimensions and track width could increase; the car would no longer need electronically variable ride heights for different road surfaces so the suspension system could be more purposeful for track use; the car would have larger, slick tires.
All this provided a cohesive mechanical platform upon which to release the aerodynamic assault of guided simulation and CFD.

The GTR benefits from the work of talented humans and amazing computer programs working together with a holistic design approach. What was once a sort of invisible magic, aerodynamics has become a well-understood means of generating performance. But you still have to know what you’re seeking to accomplish; the priorities for a car racing at Pikes Peak are much different than those of a streamliner at Bonneville.
The development team for the GTR sought to maximize the total level of downforce that the tires could sustain, then really kicked their efforts into gear to clean up airflow around the car as much as possible. Many of the aggressive-looking design elements that differentiate the GTR from the Senna are not just for additional downforce but to move air around the car with less turbulence — less turbulent air means less drag. You can’t see it or feel it, but it certainly shows up on the stopwatch, and is often the difference between a car that just looks fast and one that actually is.
I hadn’t asked how fast the car was relative to other GT race cars before I drove it. I think a part of me was fearful that despite its appearance and specs it might be wholly tuned down to be sure it was approachable for an amateur on a track day. And that would make sense, as that’s the likely use-case this car will have. After driving the GTR, I didn’t hesitate for a second to ask, to which they humbly said that it’s seconds faster than their own McLaren 720S GT3 car, and still had some headroom.The Senna GTR is another exercise in exploring the limits of technology, engineering and performance for McLaren, enabled by a market of enthusiasts with the means to support it. And this trend is likely to continue unless motorsports changes the rules to allow hypercars.
McLaren’s next move
The Automobile Club de l’Ouest, organizers of the FIA World Endurance Championship, which includes the 24 Hours of Le Mans, has been working for years to develop regulations that could include them. While these discussions are gaining momentum, it remains to be seen whether motorsport can provide a legitimate platform for the hypercar in the modern era.
The last time this kind of exercise was embarked on was more than 20 years ago during the incredible but short-lived GT1-era at Le Mans that spanned from 1995 to 1998. It saw McLaren, Porsche, Mercedes and others pull out all the stops to create the original hypercars — in most cases comically unroadworthy homologation specials like the Porsche 911 GT1 Strassenversion (literally “street version”) and Mercedes CLK GTR — for the sole purpose of becoming the underpinnings of a winning race car on the world’s stage.
At that time, the race cars made sense to people; the streetcars were misfits of which only the necessary minimum of 25 units were produced in most cases, and the whole thing collapsed due to loopholes, cost, politics and the lack of any real endgame.
Today, the ACO benefits from a road-going hypercar market that McLaren played a key role in developing. Considering McLaren’s success with hyper-specific specialized vehicles in recent years, I’d bet the automaker could produce a vehicle custom-tailored to a worthy set of hypercar regulations. Even if not, McLaren will continue to develop and sell vehicles under its Ultimate Series banner.
And there’s already evidence that McLaren is doubling down. 
McLaren shows off the open cockpit Elva.
McLaren’s Track 25 business plan targets $1.6 billion in investment toward 18 new vehicles between 2018 and 2025. The company’s entire portfolio will use performance-focused hybrid powertrains by 2025.
The paint had barely dried on the Senna GTR before McLaren introduced another new vehicle, the Elva. And more are coming. McLaren is already promising a successor to the mighty P1. I, for one, am looking forward to what else they have in store.

A Sprint contractor left thousands of US cell phone bills on the internet by mistake

A contractor working for cell giant Sprint stored on an unprotected cloud server hundreds of thousands of cell phone bills of AT&T, Verizon and T-Mobile subscribers.
The storage bucket had more than 261,300 documents, the vast majority of which were phone bills belonging to cell subscribers dating as far back as 2015. But the bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone to access the data inside.
It’s not known how long the bucket was exposed.
The bills — which contained names, addresses and phone numbers, and many included call histories — were collected as part of an offer to allow cell subscribers to switch to Sprint, according to Sprint-branded documents found on the server. The documents explained how the cell giant would pay for the subscriber’s early termination fee to break their current cell service contract, a common sales tactic used by cell providers.
In some cases we found other sensitive documents, such as a bank statement, and a screenshot of a web page that had subscribers’ online usernames, passwords and account PINs — which in combination could allow access to a customer’s account.
U.K.-based penetration testing company Fidus Information Security found the exposed data, but it wasn’t immediately clear who owned the bucket. Fidus disclosed the security lapse to Amazon, which informed the customer of the exposure — without naming them. The bucket was subsequently shut down.
A Verizon and AT&T phone bill from two customers. (Image: supplied)
A T-Mobile bill found on the exposed servers. A handful of Sprint bills were also found. (Image: supplied)
After a brief review of the cache, we found one document that said, simply, “TEST.” When we ran the file through a metadata checker, it revealed the name of the person who created the document — an account executive at Deardorff Communications, the marketing agency tasked with the Sprint promotion.
When reached, Jeff Deardorff, president of Deardorff Communications, confirmed his company owned the bucket and that access was restricted earlier on Wednesday.
“I have launched an internal investigation to determine the root cause of this issue, and we are also reviewing our policies and procedures to make sure something like this doesn’t happen again,” he told TechCrunch in an email.
Given the exposed information involved customers of the big four cell giants, we contacted each company. AT&T did not comment, and T-Mobile did not respond to a request for comment. Verizon spokesperson Richard Young said the company was “currently reviewing” the matter and would have details “as soon as it’s available.” (TechCrunch is owned by Verizon.)
When reached, a spokesperson for Sprint would not disclose the nature of its relationship with Deardorff nor would they comment on the record at the time of writing.
It’s not known why the data was exposed in the first place. It’s not uncommon for AWS storage buckets to be misconfigured by being set to “public” and not “private.”
“The uptrend we’re seeing in sensitive data being publicly accessible is concerning, despite Amazon releasing tools to help combat this,” said Harriet Lester, director of research and development at Fidus. “This scenario was slightly different to usual as it was tricky to identify the owner of the bucket, but thankfully the security team at AWS were able to pass the report on to the owner within hours and public access was shut down soon after.”
We asked Deardorff if his company plans to inform those whose information was exposed by the security lapse. We did not immediately receive a response.
Read more:
Tuft & Needle exposed thousands of customer shipping labels
StockX was hacked, exposing millions of customers’ data
DoorDash confirms data breach affected 4.9 million customers, workers and merchants
Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report
Stop saying, ‘We take your privacy and security seriously’
Capital One breach also hit other major companies, say researchers
Macy’s said hackers stole customer credit cards — again

Carbon dioxide emissions are set to hit a record high this year (it’s not fine, but not hopeless)

Carbon dioxide emissions, one of the main contributors to the climate changes bringing extreme weather, rising oceans, and more frequent fires that have killed hundreds of Americans and cost the U.S. billions of dollars, are set to reach another record high in 2019.
That’s the word from the Global Carbon Project, an initiative of researchers around the world led by Stanford University scientist Rob Jackson.
The new projections from the Global Carbon Project are set out in a trio of papers published in “Earth System Science Data“, “Environmental Research Letters“, and “Nature Climate Change“.
That’s the bad news. The good news (if you want to take a glass half-full view) is that the rate of growth has slowed dramatically from the previous two years. However, researchers are warning that emissions could keep increasing for another decade unless nations around the globe take dramatic action to change their approach to energy, transportation and industry, according to a statement from Jackson.

“When the good news is that emissions growth is slower than last year, we need help,” said Jackson, a professor of Earth system science in Stanford’s School of Earth, Energy & Environmental Sciences (Stanford Earth), in a statement. “When will emissions start to drop?”

Just in: Global carbon emissions hit a new all-time high in 2019, up 0.6% from last year.
This news is shockingly important and heartbreakingly serious. Not only are we entirely failing to reduce emissions, we are making the climate emergency worse at an increasingly fast rate. pic.twitter.com/A2nasPT3lI
— Eric Holthaus (@EricHolthaus) December 4, 2019

Globally, carbon dioxide emissions from fossil fuel sources (which are over 90 percent of all emissions) are expected to grow 0.6 percent over the 2018 emissions. In 2018 that figure was 2.1 percent above the 2017 figure, which was, itself, a 1.5 percent increase over 2016 emissions figures.
Even as the use of coal is in drastic decline around the world, natural gas and oil use is climbing, according to researchers, and stubbornly high per capita emissions in affluent countries mean that reductions won’t be enough to offset the emissions from developing countries as they turn to natural gas and gasoline for their energy and transportation needs.
“Emissions cuts in wealthier nations must outpace increases in poorer countries where access to energy is still needed,” said Pierre Friedlingstein, a mathematics professor at the University of Exeter and lead author of the Global Carbon Budget paper in Earth System Science Data, in a statement.
Some countries are making progress. Both the UK and Denmark have managed to achieve economic growth while simultaneously reducing their carbon emissions. In the third quarter of the year, renewable power supplied more energy to homes and businesses in the United Kingdom than fossil fuels for the first time in the nation’s history, according to a report cited by “The Economist”.

Costs of wind and solar power are declining so dramatically that they are cost competitive with natural gas in many parts of the wealthy world and cheaper than coal, according to a study earlier in the year from the International Monetary Fund.
Still, the U.S., the European Union and China account for more than half of all carbon dioxide emissions. Carbon dioxide emissions in the U.S. did decrease year-on-year — projected to decline by 1.7 percent — but it’s not enough to counteract the rising demand from countries like China, where carbon dioxide emissions are expected to rise by 2.6 percent.
And the U.S. has yet to find a way to wean itself off of its addiction to cheap gasoline and big cars. It hasn’t helped that the country is throwing out emissions requirements for passenger vehicles that would have helped to reduce its contribution to climate change even further. Even so, at current ownership rates, there’s a need to radically reinvent transportation given what U.S. car ownership rates mean for the world.
U.S. oil consumption per person is 16 times greater than in India and six times greater than in China, according to the reports. And the United States has roughly one car per-person while those numbers are roughly one for every 40 people in India and one for every 6 in China. If ownership rates in either country were to rise to similar levels as the U.S. that would put 1 billion cars on the road in either country.
About 40 percent of global carbon dioxide emissions were attributable to coal use, 34 percent from oil, 20 percent from natural gas, and the remaining 6 percent from cement production and other sources, according to a Stanford University statement on the Global Carbon Project report.
“Declining coal use in the U.S. and Europe is reducing emissions, creating jobs and saving lives through cleaner air,” said Jackson, who is also a senior fellow at the Stanford Woods Institute for the Environment and the Precourt Institute for Energy, in a statement. “More consumers are demanding cheaper alternatives such as solar and wind power.”
There’s hope that a combination of policy, technology and changing social habits can still work to reverse course. The adoption of new low-emission vehicles, the development of new energy storage technologies, continued advancements in energy efficiency, and renewable power generation in a variety of new applications holds some promise. As does the social adoption of alternatives to emissions intensive animal farming and crop cultivation.

Reasons to be climate cheerful (ish)

“We need every arrow in our climate quiver,” Jackson said, in a statement. “That means stricter fuel efficiency standards, stronger policy incentives for renewables, even dietary changes and carbon capture and storage technologies.”
 

Researchers find making a sick reef sound like a healthy one could help its recovery

A new study, published in Nature Communications (via Washington Post), found promising early results from an experiment wherein sounds that you’d hear from a healthy reef are played back at a reef that’s dying. It may sound a bit like a bait-and-switch, but previous research has shown that one way to help reefs that are under duress is to encourage diverse and abundant fish populations, which can help counteract the downward spiral that ultimately leads to reef death.
Over the course of six weeks, researchers from the UK and Australia played audio recordings over speakers installed underwater at dead patches found in Australia’s Great Barrier Reef. The recordings were taken from healthy sections, and included a range of sounds typical to thriving coral communities, including noises made by fish, shrimp, molluscs and other reef-dwellers. These sounds act as cues for young fish looking to settle down and establish communities of their own.
The researchers found that up to twice as many fish ended up populating the reefs where these sounds were played, versus areas in similar states of decay where they were not. They also found that there was more biodiversity at these locations, with up to 50 percent more species in the mix vs. the control sites, and that the new denizens who did make their way to the reefs with the artificial sounds tended to set up to stay.
On its own, bringing fish populations back to dead and dying reefs won’t reverse the damage done. But this technique could be used in tandem with others being developed by scientists and researchers, including re-planting fresh coral and developing heat-resistant coral strains, to return vibrancy and life to portions of the oceans’ reefs where human activity has taken a serious toll.

Africa Roundup: Nigerian fintech gets $360M, mints unicorn, draws Chinese VC

November 2019 could mark when Nigeria (arguably) became Africa’s unofficial capital for fintech investment and digital finance startups.
The month saw $360 million invested in Nigerian focused payment ventures. That is equivalent to roughly one-third of all the startup VC raised for the entire continent in 2018, according to Partech stats.
A notable trend-within-the-trend is that more than half — or $170 million — of the funding to Nigerian fintech ventures in November came from Chinese investors. This marks a pivot in China’s engagement with Africa to tech. We’ll get to that.
Before the big Chinese backed rounds, one of Nigeria’s earliest fintech companies, Interswitch, confirmed its $1 billion valuation after Visa took a minority stake in the company. Interswitch would not disclose the amount to TechCrunch, but Sky News reporting pegged it at $200 million for 20%.
Founded in 2002 by Mitchell Elegbe, Interswitch pioneered the infrastructure to digitize Nigeria’s then predominantly paper-ledger and cash-based economy.
The company now provides much of the tech-wiring for Nigeria’s online banking system that serves Africa’s largest economy and population. Interswitch offers a number of personal and business finance products, including its Verve payment cards and Quickteller payment app.
The financial services firm has expanded its physical presence to Uganda, Gambia and Kenya . The Nigerian company also sells its products in 23 African countries and launched a partnership in August for Verve cardholders to make payments on Discover’s global network.
Visa and Interswitch touted the equity investment as a strategic collaboration between the two companies, without a lot of detail on what that will mean.
One point TechCrunch did lock down is Interswitch’s (long-awaited) and imminent IPO. A source close to the matter said the company will list on a major exchange by mid-2020.
For the near to medium-term, Interswitch could stand as Africa’s sole tech-unicorn, as e-commerce venture Jumia’s volatile share-price and declining market-cap — since an April IPO — have dropped the company’s valuation below $1 billion.

Nigeria’s Interswitch confirms $1B valuation after Visa investment

Circling back to China, November was the month that signaled Chinese actors are all in on African tech.
In two separate rounds, Chinese investors put $220 million into OPay and PalmPay — two fledgling startups with plans to scale in Nigeria and the broader continent.
PalmPay, a consumer oriented payments product, went live last month with a $40 million seed-round (one of the largest in Africa in 2019) led by Africa’s biggest mobile-phone seller — China’s Transsion.
The startup was upfront about its ambitions, stating its goals to become “Africa’s largest financial services platform,” in a company release.
To that end, PalmPay conveniently entered a strategic partnership with its lead investor. The startup’s payment app will come pre-installed on Transsion’s mobile device brands, such as Tecno, in Africa — for an estimated reach of 20 million phones.
PalmPay also launched in Ghana in November and its UK and Africa based CEO, Greg Reeve, confirmed plans to expand to additional African countries in 2020.

OPay’s $120 million Series B was announced several days after the PalmPay news and came only months after the mobile-based fintech venture raised $50 million.
Founded by Chinese owned consumer internet company Opera — and backed by 9 Chinese investors — OPay is the payment utility for a suite of Opera developed internet based commercial products in Nigeria. These include ride-hail apps ORide and OCar and food delivery service OFood.
With its latest Series A, OPay announced it would expand in Kenya, South Africa, and Ghana.
Though it wasn’t fintech, Chinese investors also backed a (reported) $30 million Series B for East African trucking logistics company Lori Systems in November.
With OPay, PalmPay, and Lori Systems, startups in Africa have raised a combined $240 million from 15 Chinese investors in a span of months.
There are a number of things to note and watch out for here, as TechCrunch reporting has illuminated (and will continue to do in follow-on coverage).
These moves mark a next chapter in China’s engagement in Africa and could raise some new issues. Hereto, the country’s interaction with Africa’s tech ecosystem has been relatively light compared to China’s deal-making on infrastructure and commodities.
There continues to be plenty of debate (and critique) of China’s role in Africa. This new digital-phase will certainly add a fresh component to all that. One thing to track will be data-privacy and national-security concerns that may emerge around Chinese actors investing heavily in African mobile consumer platforms.
We’ve seen lines (allegedly) blur on these matters between Chinese state and private-sector actors with companies such as Huawei.
As OPera and PalmPay expand, they may need to do some reassuring of African regulators as countries (such as Kenya) establish more formal consumer protection protocols for digital platforms.
One more thing to follow on OPay’s funding and planned expansion is the extent to which it puts Opera (and its entire suite of consumer internet products) in competition with multiple actors in Africa’s startup ecosystem. Opera’s Africa ventures could go head to head with Uber, Jumia, and M-Pesa — the mobile money-product that put Kenya out front on digital finance in Africa before Nigeria.

Opera’s Africa fintech startup OPay gains $120M from Chinese investors

Shifting back to American engagement in African tech, Twitter and Square CEO Jack Dorsey was on the continent in November. No sooner than he’d finished his first trip, Dorsey announced plans to move to Africa in 2020, for 3 to 6 months, saying on Twitter “Africa will define the future (especially the bitcoin one!).”
We still don’t know much about what this last trip — or his future foray — mean in terms of concrete partnerships, investment, or market moves in Africa from Dorsey and his companies.
He visited Nigeria, Ghana, South Africa and Ethiopia and met with leaders at Nigeria’s CcHub (Bosun Tijani), Ethiopia’s Ice Addis (Markos Lemming), and did some meetings with fintech founders in Lagos (Paga’s Tayo Oviosu).
I know most of the organizations and people Dorsey talked to pretty well and nothing has shaken out yet in terms of partnership or investment news from his recent trip.
On what could come out of Dorsey’s 2020 move to Africa, per his tweet and news highlighted in this roundup, a good bet would be it will have something to with fintech and Square.
More Africa-related stories @TechCrunch
Lime is launching electric scooters in Cape Town
Pan-African e-tailer Jumia grows 3Q revenue, e-payments and losses
Sim Shagaya’s uLesson African edtech startup raises $3.1M
Samasource raises $14.8M for global AI data biz driven from Africa
Chaka opens up global investing to Africa’s most populous nation
Solar-based ISP startup Tizeti launches 4G LTE network in Nigeria
Senegal’s NIMA Codes to launch address app in 15 African countries
African tech around the ‘net
Kenyan e-commerce startup Copia nets $26m Series B funding
Nigerian entrepreneur Temie Giwa-Tubosun wins Jack Ma’s African business hero award
Kenyan public WiFi sensation BRCK launches In South Africa

As the new year beckons European investors start moving into new roles

As the Holiday Season approaches, new jobs for players in the tech ecosystem beckon. And this is no less true for investors. Two notable moves have recently happened that are worthy of note in the European scene.
The first is that GR Capital, a pan-European VC, is opening an office in London and has lured Jason Ball, who, earlier this year, left Qualcomm Ventures where had been European Managing Director for over a decade. Bad spent ten years as a mentor at Seedcamp and individually invested in more than ten companies. He was understood to be looking for new challenges, either building a new fund or joining another – so now we have our answer as to what he decided.
Founded in 2016 by Roma Ivaniuk in Ukraine, GR Capital specializes in late-stage VC investments. It has over $70M under management and has invested in Lime, Azimo, WeFox, McMakler, Glovo and Meero among others. The fund has traditionally been known for investing in Eastern Europe, but with a London office and the extremely well-networked Ball under its belt, we should be hearing more from them on the wider European scene in future.
Ivaniuk said in a statement that the move “means we can now drive our pan-European business activities from the continent’s most important VC hub, London.”
Ball said “We see a huge opportunity here to connect the dots between West and East. The London ecosystem is an exciting offering for investors in Eastern Europe, which in turn presents unique R&D and growth opportunities for portfolio companies.”
Meanwhile, Jon Bradford was most recently a partner of Motive Partners and a UK investment pioneer — having founded the Springboard Accelerator that merged with Techstars to become Techstars London, as well as helping to co-found F6S and Tech.eu. But he is also on the move, now joining Dynamo Ventures as its newest partner.
Bradford will be joining Dynamo on a full-time basis having previously been an advisor who helped launch the debut fund. He has invested in over 100 startups over the last decade including Apiary, Hassle, Tray.io, Flitto (that recently IPO’ed in Korea), Sendbird and Chainalysis. Dynamo is a US-EU based seed fund focused on B2B startups in supply chain and mobility. It has invested in 20 startups across the US and overseas, investing in including Sennder (Berlin), Skupos, Stord, Gatik and LEAF Logistics.

Mixcloud data breach exposes over 20 million user records

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web.
The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to examine and verify the authenticity of the data.
The data contained usernames, email addresses, and passwords that appear to be scrambled with the SHA-2 algorithm, making the passwords near impossible to unscramble. The data also contained account sign-up dates and the last-login date. It also included the country from which the user signed up, their internet (IP) address, and links to profile photos.
We verified a portion of the data by validating emails against the site’s password reset feature.
The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records.
The data was listed for sale for $4,000, or about 0.5 bitcoin. We’re not linking to the dark web listing.
Mixcloud last year secured a $11.5 million cash injection from media investment firm WndrCo, led by Hollywood media proprietor Jeffrey Katzenberg.
It’s the latest in a string of high profile data breaches in recent months. The breached data came from the same dark web seller who also alerted TechCrunch to the StockX breach earlier this year. The apparel trading company initially claimed its customer-wide password reset was for “system updates,” but later came clean, admitting it was hacked, exposing more than four million records, after TechCrunch obtained a portion of the breached data.
An email to Mixcloud’s press mailbox bounced, and its last listed public relations agency told TechCrunch it no longer represents the company.
As a London-based company, Mixcloud falls under U.K. and European data protection rules. Companies can be fined up to 4% of their annual turnover for violations of European GDPR rules.
Read more:
StockX was hacked, exposing millions of customers’ data
DoorDash confirms data breach affected 4.9 million customers, workers and merchants
Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report
Stop saying, ‘We take your privacy and security seriously’
Capital One breach also hit other major companies, say researchers
Macy’s said hackers stole customer credit cards — again

European parliament’s NationBuilder contract under investigation by data regulator

Europe’s lead data regulator has issued its first ever sanction of an EU institution — taking enforcement action against the European parliament over its use of US-based digital campaign company, NationBuilder, to process citizens’ voter data ahead of the spring elections.
NationBuilder is a veteran of the digital campaign space — indeed, we first covered the company back in 2011— which has become nearly ubiquitous for digital campaigns in some markets.
But in recent years European privacy regulators have raised questions over whether all its data processing activities comply with regional data protection rules, responding to growing concern around election integrity and data-fuelled online manipulation of voters.
The European parliament had used NationBuilder as a data processor for a public engagement campaign to promote voting in the spring election, which was run via a website called thistimeimvoting.eu.
The website collected personal data from more than 329,000 people interested in the EU election campaign — data that was processed on behalf of the parliament by NationBuilder.
The European Data Protection Supervisor (EDPS), which started an investigation in February 2019, acting on its own initiative — and “taking into account previous controversy surrounding this company” as its press release puts it — found the parliament had contravened regulations governing how EU institutions can use personal data related to the selection and approval of sub-processors used by NationBuilder.
The sub-processors in question are not named. (We’ve asked for more details.)
The parliament received a second reprimand from the EDPS after it failed to publish a compliant Privacy Policy for the thistimeimvoting website within the deadline set by the EDPS. Although the regulator says it acted in line with its recommendations in the case of both sanctions.
The EDPS also has an ongoing investigation into whether the Parliament’s use of the voter mobilization website, and related processing operations of personal data, were in accordance with rules applicable to EU institutions (as set out in Regulation (EU) 2018/1725).
The enforcement actions had not been made public until a hearing earlier this week — when assistant data protection supervisor, Wojciech Wiewiórowski, mentioned the matter during a Q&A session in front of MEPs.
He referred to the investigation as “one of the most important cases we did this year”, without naming the data processor. “Parliament was not able to create the real auditing actions at the processor,” he told MEPs. “Neither control the way the contract has been done.”
“Fortunately nothing bad happened with the data but we had to make this contract terminated the data being erased,” he added.
When TechCrunch asked the EDPS for more details about this case on Tuesday a spokesperson told us the matter is “still ongoing” and “being finalized” and that it would communicate about it soon.
Today’s press release looks to be the upshot.
Provided canned commentary in the release Wiewiórowski writes:
The EU parliamentary elections came in the wake of a series of electoral controversies, both within the EU Member States and abroad, which centred on the the threat posed by online manipulation. Strong data protection rules are essential for democracy, especially in the digital age. They help to foster trust in our institutions and the democratic process, through promoting the responsible use of personal data and respect for individual rights. With this in mind, starting in February 2019, the EDPS acted proactively and decisively in the interest of all individuals in the EU to ensure that the European Parliament upholds the highest of standards when collecting and using personal data. It has been encouraging to see a good level of cooperation developing between the EDPS and the European Parliament over the course of this investigation.
One question that arises is why no firmer sanction has been issued to the European parliament — beyond a (now public) reprimand, some nine months after the investigation began.
Another question is why the matter was not more transparently communicated to EU citizens.
The EDPS’ PR emphasizes that its actions “are not limited to reprimands”, without explaining why the two enforcements thus far didn’t merit tougher action. (At the time of writing the EDPS had not responded to questions about why no fines have so far been issued.)
There may be more to come, though.
The regulator says it will “continue to check the parliament’s data protection processes” — revealing that the European Parliament has finished informing individuals of a revised intention to retain personal data collected by the thistimeimvoting website until 2024.
“The outcome of these checks could lead to additional findings,” it warns, adding that it intends to finalise the investigation by the end of this year.
Asked about the case, a spokeswoman for the European parliament told us that the thistimeimvoting campaign had been intended to motivate EU citizens to participate in the democratic process, and that it used a mix of digital tools and traditional campaigning techniques in order to try to reach as many potential voters as possible. 
She said NationBuilder had been used as a customer relations management platform to support staying in touch with potential voters — via an offer to interested citizens to sign up to receive information from the parliament about the elections (including events and general info).
Subscribers were also asked about their interests — which allowed the parliament to send personalized information to people who had signed up.
Some of the regulatory concerns around NationBuilder have centered on how it allows campaigns to match data held in their databases (from people who have signed up) with social media data that’s publicly available, such as an unlocked Twitter account or public Facebook profile.
In 2017 in France, after an intervention by the national data watchdog, NationBuilder suspended this data matching tool in the market.
The same feature has attracted attention from the UK’s Information Commissioner — which warned last year that political parties should be providing a privacy notice to individuals whose data is collected from public sources such as social media and matched. Yet aren’t.
“The ICO is concerned about political parties using this functionality without adequate information being provided to the people affected,” the ICO said in the report, while stopping short of ordering a ban on the use of the matching feature.
Its investigation confirmed that up to 200 political parties or campaign groups used NationBuilder during the 2017 UK general election.

Trouva, an online marketplace for independent boutiques, raises $22M

Amazon helped pioneer and now dominates the online marketplace business model, where a variety of merchants post items for sale on its platform for billions of consumers to discover and buy them. Today, a London startup that’s taken that idea but is applying it to a far more curated set of retailers and goods has raised some money to fuel its international growth.
Trouva, which provides an online marketplace for brick-and-mortar independent boutiques selling “beautiful” and hard-to-find pieces — think Farfetch but less fancy and less high-end design — has raised £17 million ($21.8 million) in funding, money that it will be using to expand outside of the UK on the back of a strong launch in its Berlin last year, as well as to continue building out more technology on its platform, specifically around inventory and logistics management.
The funding is being led by Octopus Ventures, C4 Ventures (the venture firm launched by Apple vet Pascal Cagni) and Downing Ventures. BGF and LocalGlobe were also in the round, which brings the total raised to about $36 million. Mandeep Singh, who co-founded the company with Alex Loizou and Glen Walker, said in an interview that the startup is not disclosing valuation. 
Amazon may dominate our consciousness (and for some of us, our wallets, with its sticky Prime perks) when it comes to browsing for a variety of goods online, buying them, and getting them delivered to us in an efficient way.
But the Amazon way leaves a lot out of the proposition: for retailers it doesn’t give them a lot of leeway in how they present items, and they have to compete with many thousands of other offers (including Amazon itself) to get their products seen.
More generally for both sellers and buyers, the ethos of the platform is that of an “everything” store with little in the way of focus or curation: you can watch movies or listen to music, or you can buy an HDMI cable, or you can buy food, or you can buy a book, or you can buy a vase… and so on. That in a way makes it more of a functional rather than pleasurable experience.
This opens the door to a multitude of different competitors, and there is where Trouva has stepped in. Where Amazon gives us the promise of everything, the smaller startup has effectively incorporated scarcity into its DNA.
“We are very picky,” Singh said. “We have to turn down the majority of applications from stores that want to sell on our site. We are looking for the very best curators. Having every single vase in the world is less important than having the best one, curated by an expert.”
While we are continuing to see a surge of purchasing via the web and apps — a trend that will get played out during holiday shopping in the weeks ahead — analysts estimate that some 85% of retail is still happening offline.
Within that group there is an interesting core of brick-and-mortar independent shops: At a time when large chains and the likes of Amazon are shifting the sands for how people sell things — and certainly how people shop — there remains a large group of independent retailers — “curators,” as Singh describes them. These shops target consumers with disposable income, people who are looking for more unique things to buy with their money.

The challenge of the ‘High Street’
Independent stores are often under threat in cities like London. First, they pop up in areas where rents are not as high, with like-minded people congregating to live in the same neighborhoods for the same reason. There, they sell a small selection of not-cheap clothes, interesting home goods, a variety of tchotchkes, or quirky gifts and develop a local following.
But their emergence can also often signal wider tides of gentrification. Ultimately, that shift is what moves those stores out as the rents subsequently go up, and bigger chains and fancy boutiques move in. (SoHo in NYC is another classic victim of this trend.)
Be that as it may, Singh notes that there are still more than 20,000 independent shops in the UK. “And we are working with 500 of the very best,” he added.
The company’s biggest competition, to my mind, are other players that are also looking to target the same kinds of shoppers online, for example, another UK site, Not On The High Street, or Etsy, which focuses less on retailers and more on makers. Similarly, there is the prospect of stores building their own sites, although that comes with its own set of headaches that independent shopkeepers may be less inclined to deal with.
“Yes, it’s very easy for an independent brick-and-mortar boutique to set up an online shop. That’s the easy part,” Singh said. “But what you find with independents is that building a website doesn’t help drive customers. There is a range of backend technology that we take care of, including inventory management software and handling the logistics of shipping. All of those can be difficult for a [physical] boutique to do on its own. It’s easy to sell online but you still need someone who has the economies of scales to pick up and deliver.”
On the other hand, he notes that “Amazon definitely doesn’t worry us.”
“We position ourselves as the complete opposite. Giants like that are too focused on categories that work well,” he added. Notably, he believes that the biggest threats are the same ones that threaten the independent stores that use Trouva to sell online: “Offline chains, those who sell homewares and clothes. The big guys.”
Trouva has no plans to move into selling its own goods, or to work with other online retailers, although it might consider down the line how it could leverage warehouse space to help its retailers with their inventory management (since many of these shops are very small indeed). “One hundred percent of our supply comes from our brick and mortar store partners,” he said.
Nor does it currently have anything like a Prime-style loyalty program. It does work with retailers and shipping partners to provide an end-to-end shipping service from store to buyer, with options for next-day delivery if it’s necessary.
“The relationship is mutually symbiotic with the boutiques, who benefit from a broader customer base, better priced and efficient delivery and stock tracking and management software from Trouva, and in turn higher revenues and improved profitability,” said Jo Oliver, a venture partner at investor Octopus. “As more boutiques are added the customer proposition becomes more and more attractive, particularly as Trouva’s footprint expands internationally.”
Singh notes that there is “exclusivity” for the shops that eventually come on to Trouva, although that’s almost by default since they are the kinds of small operations that are unlikely to be in the business of trying to expand their online presence.
Amazon has been working hard to improve how it interfaces with and curates items on its site to provide products, and a marketplace selling service, to the same consumer and retailer demographics that Trouva (and others) target. That’s unlikely to disappear over time, especially since Amazon plays the long game, where it will gradually tinker with an idea while at the same time quietly shift our shopping habits to match what it is producing.
“Online sellers like Amazon and eBay have tried to make a better experience, but it’s very hard for a business to change its DNA,” Singh said.
Updated with investor comment.

Brexit ad blitz data firm paid by Vote Leave broke privacy laws, watchdogs find

A joint investigation by watchdogs in Canada and British Columbia has found that Cambridge Analytica-linked data firm, Aggregate IQ, broke privacy laws in Facebook ad-targeting work it undertook for the official Vote Leave Brexit campaign in the UK’s 2016 EU referendum.
A quick reminder: Vote Leave was the official leave campaign in the referendum on the UK’s membership of the European Union. While Cambridge Analytica is the (now defunct) firm at the center of a massive Facebook data misuse scandal which has dented the company’s fortunes and continues to tarnish its reputation.
Vote Leave’s campaign director, Dominic Cummings — now a special advisor to the UK prime minister — wrote in 2017 that the winning recipe for the leave campaign was data science. And, more specifically, spending 98% of its marketing budget on “nearly a billion targeted digital adverts”.
Targeted at Facebook users.
The problem is, per the Canadian watchdogs’ conclusions, AIQ did not have proper legal consents from UK voters for disclosing their personal information to Facebook for the Brexit ad blitz which Cummings ordered.
Either for “the purpose of advertising to those individuals (via ‘custom audiences’) or for the purpose of analyzing their traits and characteristics in order to locate and target others like them (via ‘lookalike audiences’)”.
Oops.

Here’s Dominic Cummings describing how he & Vote Leave used AIQ & Facebook to target carefully tailored disinformation on millions of British voters in 2016. It’s beyond grim that this man is now Boris Johnson’s senior adviser. pic.twitter.com/eGggKHoLU0
— Tom Scott (@Tom___Scott) July 24, 2019

Last year the UK’s Electoral Commission also concluded that Vote Leave breached election campaign spending limits by channeling money to AIQ to run the targeting political ads on Facebook’s platform, via undeclared joint working with another Brexit campaign, BeLeave. So there’s a full sandwich of legal wrongdoings stuck to the brexit mess that UK society remains mired in, more than three years later.
Meanwhile, the current UK General Election is now a digital petri dish for data scientists and democracy hackers to run wild experiments in microtargeted manipulation — given election laws haven’t been updated to take account of the outgrowth of the adtech industry’s tracking and targeting infrastructure, despite multiple warnings from watchdogs and parliamentarians.
Data really is helluva a drug.

Fake news inquiry calls for social media levy to defend democracy

The Canadian investigation cleared AIQ of any wrongdoing in its use of phone numbers to send SMS messages for another pro-Brexit campaign, BeLeave; a purpose the watchdogs found had been authorized by the consent provided by individuals who gave their information to that youth-focused campaign.
But they did find consent problems with work AIQ undertook for various US campaigns on behalf of Cambridge Analytica affiliate, SCL Elections — including for a political action committee, a presidential primary campaign and various campaigns in the 2014 midterm elections.
And, again — as we know — Facebook is squarely in the frame here too.
“The investigation finds that the personal information provided to and used by AIQ comes from disparate sources. This includes psychographic profiles derived from personal information Facebook disclosed to Dr. Aleksandr Kogan, and onward to Cambridge Analytica,” the watchdogs write.
“In the case of their work for US campaigns… AIQ did not attempt to determine whether there was consent it could rely on for its use and disclosure of personal information.”
The investigation also looked at AIQ’s work for multiple Canadian campaigns — finding fewer issues related to consent. Though the report states that in: “certain cases, the purposes for which individuals are informed, or could reasonably assume their personal information is being collected, do not extend to social media advertising and analytics”.
AIQ also gets told off for failing to properly secure the data it misused.
This element of the probe resulted from a data breach reported by UpGuard after it found AIQ running an unsecured GitLab repository — holding what the report dubs “substantial personal information”, as well as encryption keys and login credentials which it says put the personal information of 35 million+ people at risk.
Double oops.
“The investigation determined that AIQ failed to take reasonable security measures to ensure that personal information under its control was secure from unauthorized access or disclosure,” is the inexorable conclusion.
Turns out if an entity doesn’t have a proper legal right to people’s information in the first place it may not be majorly concerned about where else the data might end up.
The report flows from an investigation into allegations of unauthorized access and use of Facebook user profiles which was started by the Office of the Information and Privacy Commissioner for BC in late 2017. A separate probe was opened by the Office of the Privacy Commissioner of Canada last year. The two watchdogs subsequently combined their efforts.
The upshot for AIQ from the joint investigation’s finding of multiple privacy and security violations is a series of, er, “recommendations”.
On the data use front it is suggested the company take “reasonable measures” to ensure any third-party consent it relies on for collection, use or disclosure of personal information on behalf of clients is “adequate” under the relevant Canadian and BC privacy laws.
“These measures should include both contractual measures and other measures, such as reviewing the consent language used by the client,” the watchdogs suggest. “Where the information is sensitive, as with political opinions, AIQ should ensure there is express consent, rather than implied.”
On security, the recommendations are similarly for it to “adopt and maintain reasonable security measures to protect personal information, and that it delete personal information that is no longer necessary for business or legal purposes”.
“During the investigation, AIQ took steps to remedy its security breach. AIQ has agreed to implement the Offices’ recommendations,” the report adds.
The upshot of political ‘data science’ for Western democracies? That’s still tbc. Buckle up.

WP Twitter Auto Publish Powered By : XYZScripts.com