Europe

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds

Posted by | Advertising Tech, america, Android, cookies, data processing, data protection, data security, ePrivacy Regulation, Europe, european union, Facebook, France, GDPR, General Data Protection Regulation, Germany, Google, information commissioner's office, instagram, law, online advertising, privacy, spamming, TC, United States, University of Michigan | No Comments

New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

As Europe’s General Data Protection Regulation (GDPR) came into force in May 2018, bringing in a tough new regime of fines for non-compliance, websites responded by popping up legal disclaimers which signpost visitor tracking activities. Some of these cookie notices even ask for consent to track you.

But many don’t — even now, more than a year later.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself. (With such baked in tricks, who can blame them?)

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

The paper, which we’ve reviewed in draft ahead of publication, is co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan in the US — and entitled: (Un)informed Consent: Studying GDPR Consent Notices in the Field.

The researchers ran a number of studies, gathering ~5,000 of cookie notices from screengrabs of leading websites to compile a snapshot (derived from a random sub-sample of 1,000) of the different cookie consent mechanisms in play in order to paint a picture of current implementations.

They also worked with a German ecommerce website over a period of four months to study how more than 82,000 unique visitors to the site interacted with various cookie consent designs which the researchers’ tweaked in order to explore how different defaults and design choices affected individuals’ privacy choices.

Their industry snapshot of cookie consent notices found that the majority are placed at the bottom of the screen (58%); not blocking the interaction with the website (93%); and offering no options other than a confirmation button that does not do anything (86%). So no choice at all then.

A majority also try to nudge users towards consenting (57%) — such as by using ‘dark pattern’ techniques like using a color to highlight the ‘agree’ button (which if clicked accepts privacy-unfriendly defaults) vs displaying a much less visible link to ‘more options’ so that pro-privacy choices are buried off screen.

And while they found that nearly all cookie notices (92%) contained a link to the site’s privacy policy, only a third (39%) mention the specific purpose of the data collection or who can access the data (21%).

The GDPR updated the EU’s long-standing digital privacy framework, with key additions including tightening the rules around consent as a legal basis for processing people’s data — which the regulation says must be specific (purpose limited), informed and freely given for consent to be valid.

Even so, since May last year there has been an outgrown in cookie ‘consent’ mechanisms popping up or sliding atop websites that still don’t offer EU visitors the necessary privacy choices, per the research.

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law,” the researchers argue.

“Our results show that a reasonable amount of users are willing to engage with consent notices, especially those who want to opt out or do not want to opt in. Unfortunately, current implementations do not respect this and the large majority offers no meaningful choice.”

The researchers also record a large differential in interaction rates with consent notices — of between 5 and 55% — generated by tweaking positions, options, and presets on cookie notices.

This is where consent gets manipulated — to flip visitors’ preference for privacy.

They found that the more choices offered in a cookie notice, the more likely visitors were to decline the use of cookies. (Which is an interesting finding in light of the vendor laundry lists frequently baked into the so-called “transparency and consent framework” which the industry association, the Internet Advertising Bureau (IAB), has pushed as the standard for its members to use to gather GDPR consents.)

“The results show that nudges and pre-selection had a high impact on user decisions, confirming previous work,” the researchers write. “It also shows that the GDPR requirement of privacy by default should be enforced to make sure that consent notices collect explicit consent.”

Here’s a section from the paper discussing what they describe as “the strong impact of nudges and pre-selections”:

Overall the effect size between nudging (as a binary factor) and choice was CV=0.50. For example, in the rather simple case of notices that only asked users to confirm that they will be tracked, more users clicked the “Accept” button in the nudge condition, where it was highlighted (50.8% on mobile, 26.9% on desktop), than in the non-nudging condition where “Accept” was displayed as a text link (39.2% m, 21.1% d). The effect was most visible for the category-and vendor-based notices, where all checkboxes were pre-selected in the nudging condition, while they were not in the privacy-by-default version. On the one hand, the pre-selected versions led around 30% of mobile users and 10% of desktop users to accept all third parties. On the other hand, only a small fraction (< 0.1%) allowed all third parties when given the opt-in choice and around 1 to 4 percent allowed one or more third parties (labeled “other” in 4). None of the visitors with a desktop allowed all categories. Interestingly, the number of non-interacting users was highest on average for the vendor-based condition, although it took up the largest part of any screen since it offered six options to choose from.

The key implication is that just 0.1% of site visitors would freely choose to enable all cookie categories/vendors — i.e. when not being forced to do so by a lack of choice or via nudging with manipulative dark patterns (such as pre-selections).

Rising a fraction, to between 1-4%, who would enable some cookie categories in the same privacy-by-default scenario.

“Our results… indicate that the privacy-by-default and purposed-based consent requirements put forth by the GDPR would require websites to use consent notices that would actually lead to less than 0.1 % of active consent for the use of third parties,” they write in conclusion.

They do flag some limitations with the study, pointing out that the dataset they used that arrived at the 0.1% figure is biased — given the nationality of visitors is not generally representative of public Internet users, as well as the data being generated from a single retail site. But they supplemented their findings with data from a company (Cookiebot) which provides cookie notices as a SaaS — saying its data indicated a higher accept all clicks rate but still only marginally higher: Just 5.6%.

Hence the conclusion that if European web users were given an honest and genuine choice over whether or not they get tracked around the Internet, the overwhelming majority would choose to protect their privacy by rejecting tracking cookies.

This is an important finding because GDPR is unambiguous in stating that if an Internet service is relying on consent as a legal basis to process visitors’ personal data it must obtain consent before processing data (so before a tracking cookie is dropped) — and that consent must be specific, informed and freely given.

Yet, as the study confirms, it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

It’s also all too common to see sites that nudge visitors towards a big brightly colored ‘click here’ button to accept data processing — squirrelling any opt outs into complex sub-menus that can sometimes require hundreds of individual clicks to deny consent per vendor.

You can even find websites that gate their content entirely unless or until a user clicks ‘accept’ — aka a cookie wall. (A practice that has recently attracted regulatory intervention.)

Nor can the current mess of cookie notices be blamed on a lack of specific guidance on what a valid and therefore legal cookie consent looks like. At least not any more. Here, for example, is a myth-busting blog which the UK’s Information Commissioner’s Office (ICO) published last month that’s pretty clear on what can and can’t be done with cookies.

For instance on cookie walls the ICO writes: “Using a blanket approach such as this is unlikely to represent valid consent. Statements such as ‘by continuing to use this website you are agreeing to cookies’ is not valid consent under the higher GDPR standard.” (The regulator goes into more detailed advice here.)

While France’s data watchdog, the CNIL, also published its own detailed guidance last month — if you prefer to digest cookie guidance in the language of love and diplomacy.

(Those of you reading TechCrunch back in January 2018 may also remember this sage plain english advice from our GDPR explainer: “Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable.” So don’t say we didn’t warn you.)

Nor are Europe’s data protection watchdogs lacking in complaints about improper applications of ‘consent’ to justify processing people’s data.

Indeed, ‘forced consent’ was the substance of a series of linked complaints by the pro-privacy NGO noyb, which targeted T&Cs used by Facebook, WhatsApp, Instagram and Google Android immediately GDPR started being applied in May last year.

While not cookie notice specific, this set of complaints speaks to the same underlying principle — i.e. that EU users must be provided with a specific, informed and free choice when asked to consent to their data being processed. Otherwise the ‘consent’ isn’t valid.

So far Google is the only company to be hit with a penalty as a result of that first wave of consent-related GDPR complaints; France’s data watchdog issued it a $57M fine in January.

But the Irish DPC confirmed to us that three of the 11 open investigations it has into Facebook and its subsidiaries were opened after noyb’s consent-related complaints. (“Each of these investigations are at an advanced stage and we can’t comment any further as these investigations are ongoing,” a spokeswoman told us. So, er, watch that space.)

The problem, where EU cookie consent compliance is concerned, looks to be both a failure of enforcement and a lack of regulatory alignment — the latter as a consequence of the ePrivacy Directive (which most directly concerns cookies) still not being updated, generating confusion (if not outright conflict) with the shiny new GDPR.

However the ICO’s advice on cookies directly addresses claimed inconsistencies between ePrivacy and GDPR, stating plainly that Recital 25 of the former (which states: “Access to specific website content may be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose”) does not, in fact, sanction gating your entire website behind an ‘accept or leave’ cookie wall.

Here’s what the ICO says on Recital 25 of the ePrivacy Directive:

  • ‘specific website content’ means that you should not make ‘general access’ subject to conditions requiring users to accept non-essential cookies – you can only limit certain content if the user does not consent;
  • the term ‘legitimate purpose’ refers to facilitating the provision of an information society service – ie, a service the user explicitly requests. This does not include third parties such as analytics services or online advertising;

So no cookie wall; and no partial walls that force a user to agree to ad targeting in order to access the content.

It’s worth point out that other types of privacy-friendly online advertising are available with which to monetize visits to a website. (And research suggests targeted ads offer only a tiny premium over non-targeted ads, even as publishers choosing a privacy-hostile ads path must now factor in the costs of data protection compliance to their calculations — as well as the cost and risk of massive GDPR fines if their security fails or they’re found to have violated the law.)

Negotiations to replace the now very long-in-the-tooth ePrivacy Directive — with an up-to-date ePrivacy Regulation which properly takes account of the proliferation of Internet messaging and all the ad tracking techs that have sprung up in the interim — are the subject of very intense lobbying, including from the adtech industry desperate to keep a hold of cookie data. But EU privacy law is clear.

“[Cookie consent]’s definitely broken (and has been for a while). But the GDPR is only partly to blame, it was not intended to fix this specific problem. The uncertainty of the current situation is caused the delay of the ePrivacy regulation that was put on hold (thanks to lobbying),” says Martin Degeling, one of the research paper’s co-authors, when we suggest European Internet users are being subject to a lot of ‘consent theatre’ (ie noisy yet non-compliant cookie notices) — which in turn is causing knock-on problems of consumer mistrust and consent fatigue for all these useless pop-ups. Which work against the core aims of the EU’s data protection framework.

“Consent fatigue and mistrust is definitely a problem,” he agrees. “Users that have experienced that clicking ‘decline’ will likely prevent them from using a site are likely to click ‘accept’ on any other site just because of one bad experience and regardless of what they actually want (which is in most cases: not be tracked).”

“We don’t have strong statistical evidence for that but users reported this in the survey,” he adds, citing a poll the researchers also ran asking site visitors about their privacy choices and general views on cookies. 

Degeling says he and his co-authors are in favor of a consent mechanism that would enable web users to specify their choice at a browser level — rather than the current mess and chaos of perpetual, confusing and often non-compliant per site pop-ups. Although he points out some caveats.

“DNT [Do Not Track] is probably also not GDPR compliant as it only knows one purpose. Nevertheless  something similar would be great,” he tells us. “But I’m not sure if shifting the responsibility to browser vendors to design an interface through which they can obtain consent will lead to the best results for users — the interfaces that we see now, e.g. with regard to cookies, are not a good solution either.

“And the conflict of interest for Google with Chrome are obvious.”

The EU’s unfortunate regulatory snafu around privacy — in that it now has one modernized, world-class privacy regulation butting up against an outdated directive (whose progress keeps being blocked by vested interests intent on being able to continue steamrollering consumer privacy) — likely goes some way to explaining why Member States’ data watchdogs have generally been loath, so far, to show their teeth where the specific issue of cookie consent is concerned.

At least for an initial period the hope among data protection agencies (DPAs) was likely that ePrivacy would be updated and so they should wait and see.

They have also undoubtedly been providing data processors with time to get their data houses and cookie consents in order. But the frictionless interregnum while GDPR was allowed to ‘bed in’ looks unlikely to last much longer.

Firstly because a law that’s not enforced isn’t worth the paper it’s written on (and EU fundamental rights are a lot older than the GDPR). Secondly, with the ePrivacy update still blocked DPAs have demonstrated they’re not just going to sit on their hands and watch privacy rights be rolled back — hence them putting out guidance that clarifies what GDPR means for cookies. They’re drawing lines in the sand, rather than waiting for ePrivacy to do it (which also guards against the latter being used by lobbyists as a vehicle to try to attack and water down GDPR).

And, thirdly, Europe’s political institutions and policymakers have been dining out on the geopolitical attention their shiny privacy framework (GDPR) has attained.

Much has been made at the highest levels in Europe of being able to point to US counterparts, caught on the hop by ongoing tech privacy and security scandals, while EU policymakers savor the schadenfreude of seeing their US counterparts being forced to ask publicly whether it’s time for America to have its own GDPR.

With its extraterritorial scope, GDPR was always intended to stamp Europe’s rule-making prowess on the global map. EU lawmakers will feel they can comfortably check that box.

However they are also aware the world is watching closely and critically — which makes enforcement a very key piece. It must slot in too. They need the GDPR to work on paper and be seen to be working in practice.

So the current cookie mess is a problematic signal which risks signposting regulatory failure — and that simply isn’t sustainable.

A spokesperson for the European Commission told us it cannot comment on specific research but said: “The protection of personal data is a fundamental right in the European Union and a topic the Juncker commission takes very seriously.”

“The GDPR strengthens the rights of individuals to be in control of the processing of personal data, it reinforces the transparency requirements in particular on the information that is crucial for the individual to make a choice, so that consent is given freely, specific and informed,” the spokesperson added. 

“Cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.”

All of which suggests that the movement, when it comes, must come from a reforming adtech industry.

With robust privacy regulation in place the writing is now on the wall for unfettered tracking of Internet users for the kind of high velocity, real-time trading of people’s eyeballs that the ad industry engineered for itself when no one knew what was being done with people’s data.

GDPR has already brought greater transparency. Once Europeans are no longer forced to trade away their privacy it’s clear they’ll vote with their clicks not to be ad-stalked around the Internet too.

The current chaos of non-compliant cookie notices is thus a signpost pointing at an underlying privacy lag — and likely also the last gasp signage of digital business models well past their sell-by-date.

Powered by WPeMatico

Google to auction slots on Android default search ‘choice screen’ in Europe next year, rivals cry ‘pay-to-play’ foul

Posted by | Android, antitrust, Apps, competition, DuckDuckGo, Europe, Google, lawsuit, privacy, Qwant, Search | No Comments

Starting early next year Google will present Android users in Europe with a search engine choice screen when handsets bundle its own search service by default.

In a blog post announcing the latest change to flow from the European Union’s record-breaking $5 billion antitrust enforcement against Android last year, when the Commission found Google had imposed illegal restrictions on device makers (OEMs) and carriers using its dominant smartphone platform, it says new Android phones will be shown the choice screen once during set-up (or again after any factory reset).

The screen will display a selection of three rival search engines alongside its own.

OEMs will still be able to offer Android devices in Europe that bundle a non-Google search engine by default (though per Google’s reworked licensing terms they have to pay it to do so). In those instances Google said the choice screen will not be displayed.

Google says rival search engines will be selected for display on the default choice screen, per market, via a fixed-price sealed bid annual auction — with any winners (and/or eligible search providers) being displayed in a random order alongside its own.

Search engines that win the auction will secure one of three open slots on the choice screen, with Google’s own search engine always occupying one of the four total slots.

“In each country auction, search providers will state the price that they are willing to pay each time a user selects them from the choice screen in the given country,” it writes. “Each country will have a minimum bid threshold. The three highest bidders that meet or exceed the bid threshold for a given country will appear in the choice screen for that country.”

android choice screen

If there aren’t enough bids to surface three winners per auction then Google says it will randomly select from a pool of eligible search providers, which it is also inviting to apply to participate in the choice screen. (Eligibility criteria can be found here.)

“Next year, we’ll introduce a new way for Android users to select a search provider to power a search box on their home screen and as the default in Chrome (if installed),” it writes. “Search providers can apply to be part of the new choice screen, which will appear when someone is setting up a new Android smartphone or tablet in Europe.”

“As always, people can continue to customize and personalize their devices at any time after set up. This includes selecting which apps to download, changing how apps are arranged on the screen, and switching the default search provider in apps like Google Chrome,” it adds.

Google’s blog post makes no mention of whether the choice screen will be pushed to the installed base of Android devices. But a spokeswoman told us the implementation requires technical changes that means it can only be supported on new devices.

Default selections on a dominant platform are of course hugely important for gaining or sustaining market share. And it’s only since competition authorities dialed up their scrutiny that the company has started to make some shifts in how it bundles its own services in dominant products such as Android and Chrome.

Earlier this year Google quietly added rival pro-privacy search engine DuckDuckGo as one of the default choices offered by its Chrome browser, for example.

In April it also began rolling out choice screens to both new and existing Android users in Europe — offering a prompt to download additional search apps and browsers.

In the latter case, each screen shows five apps in total, including whatever search and browser is already installed. Apps not already installed are included based on their market popularity and shown in a random order.

android choice app screen.max 1000x1000

French pro-privacy search engine Qwant told us that since the rollout of the app service choice screen to Android devices the share of Qwant users using its search engine on mobile has leapt up from around 2% to more than a quarter (26%) of its total user base.

Qwant co-founder and CEO Eric Léandri said the app choice screen shows that competing against Google on search is possible — but only “thanks to the European Commission” stepping in and forcing the unbundling.

However, he raised serious concerns about the sealed bid auction structure that Google has announced for the default search choice — pointing out that many of the bidders for the slots will also be using Google advertising and technology; while the sealed structure of the auction means no-one outside Google will know what prices are being submitted as bids, making it impossible for rivals to know whether the selections Google makes are fair.

Even Google’s own FAQ swings abruptly from claims of the auction it has devised being “a fair and objective method” for determining which search providers get slots, to a flat “no” and “no” on any transparency on bid amounts or the number of providers it deems eligible per market…

Screenshot 2019 08 02 at 16.51.50

“Even if Google is Google some people can choose something else if they have the choice. But now that Google knows it, it wants to stop the process,” Léandri told TechCrunch.

“It is not up to Google to now charge its competitors for its faulty behavior and the amount of the fine, through an auction system that will benefit neither European consumers nor free competition, which should not be distorted by such process,” Qwant added in an emailed press statement. “The proposed bidding process would be open to so-called search engines that derive their results and revenues from Google, thereby creating an unacceptable distortion and a high risk of manipulation, inequity or disloyalty of the auction.”

“The decision of the European Commission must benefit European consumers by ensuring the conditions of a freedom of choice based on the intrinsic merits of each engine and the expectations of citizens, especially regarding the protection of their personal data, and not on their ability to fund Google or to be financed by it,” it also said.

In a further complaint, Léandri said Google is requiring bidders in the choice screen auction to sign an NDA in order to participate — which Qwant argues would throw a legal obstacle in the way of it being able to participate, considering it is a complainant in the EU’s antitrust case (ongoing because Google is appealing).

“Qwant cannot accept that the auction process is subject to a non-disclosure agreement as imposed by Google while its complaint is still pending,” it writes. “Such a confidentiality agreement has no other possible justification than the desire to silence its competitors on the anomalies they would see. This, again, is an unacceptable abuse of its dominant position.”

We’ve reached out to the Commission with questions about Google’s choice screen auction. Update: A Commission spokesperson told us:

The decision provides rival search providers the possibility to strike exclusive pre-installation deals with smartphone and tablet manufacturers. This was not possible before.

In order to ensure the effective implementation of the decision, Google also agreed to implement a choice screen. We have seen in the past that a choice screen can be an effective way to promote user choice.

We will be closely monitoring the implementation of the choice screen mechanism, including listening to relevant feedback from the market, in particular in relation to the presentation and mechanics of the choice screen and to the selection mechanism of rival search providers. The Commission is committed to a full and effective implementation of the decision.

DuckDuckGo founder Gabriel Weinberg has also been quick to point to flaws in the auction structure — writing on Twitter: “A ‘ballot box’ screen could be an excellent way to increase meaningful consumer choice if designed properly. Unfortunately, Google’s announcement today will not meaningfully deliver consumer choice.

“A pay-to-play auction with only 4 slots means consumers won’t get all the choices they deserve, and Google will profit at the expense of the competition. We encourage regulators to work with directly with Google, us, and others to ensure the best system for consumers.”

Powered by WPeMatico

LIV, a startup making VR gaming more interactive for audiences, raises $1M from Oculus founder and Seedcamp

Posted by | Europe, Gaming, LIV.tv, Palmer Luckey, Recent Funding, SeedCamp, Startups, TC, Virtual reality | No Comments

LIV, a Prague-based company that wants to make VR gaming more fun to watch, and in turn bring players and spectators closer together, has picked up $1 million in funding. That’s a pretty modest raise as far as ambitious upstarts go — and LIV is certainly ambitious. However, the list of backers includes noteworthy names, such as the founder of Oculus (and designer of Oculus Rift), Palmer Luckey.

Other investors in LIV include Jaroslav Beck, CEO and co-founder of Beat Games (the studio behind VR streaming hit Beat Saber); early-stage VC Seedcamp; accelerator Techstars; Prague’s Credo Ventures; VR company VIVE; and mixed reality production specialist Splitverse.

Founded in 2016, LIV is betting on the premise that VR gaming represents an entirely new platform, and it is new platforms with nascent ecosystems where the biggest opportunities lie. Furthermore, while the watching of video game live streams shows no signs of abating — made popular via sites such as Twitch — the spectator experience hasn’t transitioned very gracefully to VR.

“Creating content in VR is incredibly hard, there are no tools for it, and no shareable content form factor that conveys the experience of being in VR,” says LIV co-founder AJ Shewki, who was previously a competitive gamer under the moniker “Dr Doom.”

“LIV empowers developers and content creators to grow their audience through shareable VR content. Developers integrate our SDK, and content creators are then able to create content with those games and experiences using the LIV App. The content format is called ‘Mixed Reality Capture’ (MRC).”

The “Mixed Reality Capture” experience is inevitably best watched rather than conveyed through the written word (you can see an example below). However, what MRC essentially does is inject a live video or, alternatively, a 3D avatar of the player’s body, inside the video game stream so spectators experience not only what the player sees (the classic VR first-person perspective) but can also follow the “real-world” movements the player makes to execute moves within the game. As a player moves their arms, for example, their avatar can be seen replicating the same moves based on sensor data pulled from the VR gear the player is wearing.

It is this ability to closely watch and potentially learn from the best players that has made video game streaming so popular. But, argues Shewki, the move to VR was initially a backwards step in this regard, as it required additional technology to close the gap between player and spectator.

“The LIV App gives streamers the tools to broadcast themselves as themselves, or as their favourite avatars, inside any of the 100s of games that we support. We support hundreds if not thousands of avatars, including the popular Japanese VRM avatar format,” says Shewki.

“The LIV App also brings utilities like stream chat, stream alerts, scene controls and camera controls natively into the headset using our proprietary 3D overlay system, built specifically with performance in mind (which in VR is already a scarce resource). The LIV SDK is integrated by developers to get their games LIV-ready. We support Unity, Unreal as well as custom engines, and have done integrations with all of them.”

Longer term, Shewki says he wants LIV to not only enable a better live-streaming experience but to evolve into what the company is describing as a “real-time audience interaction platform” for VR streamers and games developers. The thinking here is that spectators of VR can also become participants beyond the simple chatroom experience that exists today.

Dubbed “LIV Play” and targeting a closed alpha release by the end of the year, the idea is to give audiences the ability to influence what happens in-game and in real time, such as purchasing health potions when a player most needs them or spawning extra monsters when they least expect it.

“Our hypothesis was: If we give viewers more engaging ways to participate, as opposed to what you have today with chat, polls and donations, they will,” explains Shewki. “We ran experiments with Beat Saber where we let audiences replace cubes with bombs and do more fun donations. Our experiment results over 120 days were incredible. Week 1 and 2: 700% higher revenue/minute through higher engagement. It petered out to 300% higher rev/min at 120 days, where it’s stayed.”

In other words, take the same monetisation approach that we have seen in games like Fortnite and apply it to the audience side of live-gaming spectatorship. “Creativity is our only limit here,” enthuses Shewki.

Powered by WPeMatico

UK to toughen telecoms security controls to shrink 5G risks

Posted by | 5g, broadband, Ciaran Martin, computer security, Conservative Party, Cyberwarfare, Europe, huawei, Internet of Things, jeremy wright, Mobile, mobile device, National Cyber Security Centre, national security council, ofcom, Security, supply chain, TC, telecommunications, telecoms infrastructure, UK government, United Kingdom, United States, us government, vodafone | No Comments

Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the U.K. government has published a review of the telecoms supply chain, which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.

However, it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the U.S. has been pressurizing its allies to do.

Giving a statement in parliament this afternoon, the U.K.’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.

“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.

“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”

Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government.”

The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.

First policy response will be ‘soft’, common cybersecurity standards. Then regulations, with strict standards and #GDPR like fines. New powers allowing to compel telecoms to do something. And work to increase diversity. pic.twitter.com/nBLWneFUDK

— Lukasz Olejnik (@lukOlejnik) July 22, 2019

“Until the new legislation is put in place, government and Ofcom will work with all telecoms operators to secure adherence to the new requirements on a voluntary basis,” Wright told parliament today. “Operators will be required to subject vendors to rigorous oversight through procurement and contract management. This will involve operators requiring all their vendors to adhere to the new Telecoms Security Requirements.

“They will also be required to work closely with vendors, supported by government, to ensure effective assurance testing for equipment, systems and software, and to support ongoing verification arrangements.”

The review also calls for competition and diversity within the supply chain — which Wright said will be needed “if we are to drive innovation and reduce the risk of dependency on individual suppliers.”

The government will therefore pursue “a targeted diversification strategy, supporting the growth of new players in the parts of the network that pose security and resilience risks,” he added.

“We will promote policies that support new entrants and the growth of smaller firms,” he also said, sounding a call for security startups to turn their attention to 5G.

Government would “seek to attract trusted and established firms to the UK market,” he added — dubbing a “vibrant and diverse telecoms market” as both good for consumers and for national security.

“The Review I commissioned was not designed to deal only with one specific company and its conclusions have much wider application. And the need for them is urgent. The first 5G consumer services are launching this year,” he said. “The equally vital diversification of the supply chain will take time. We should get on with it.”

Last week two U.K. parliamentary committees espoused a view that there’s no technical reason to ban Huawei from all 5G supply — while recognizing there may be other considerations, such as geopolitics and human rights, which impact the decision.

The Intelligence and Security Committee also warned that what it dubbed the “unnecessarily protracted” delay in the government taking a decision about 5G suppliers is damaging U.K. relations abroad.

Despite being urged to get a move on the specific issue of Huawei, it’s notable that the government continues to hold off. Albeit, a new prime minister will be appointed later this week, after votes of Conservative Party members are counted — which may be contributing to ongoing delay.

“Since the US government’s announcement [on May 16, adding Huawei and 68 affiliates to its Entity List on national security grounds] we have sought clarity on the extent and implications but the position is not yet entirely clear. Until it is, we have concluded it would be wrong to make specific decisions in relation to Huawei,” Wright said, adding: “We will do so as soon as possible.”

In a press release accompanying the telecoms supply chain review the government said decisions would be taken about high risk vendors “in due course.”

Earlier this year a leak from a meeting of the U.K.’s National Security Council suggested the government was preparing to give an amber light to Huawei to continue supplying 5G — though limiting its participation to non-core portions of networks.

The Science & Technology Committee also recommended the government mandate the exclusion of Huawei from the core of 5G networks.

Wright’s statement appears to hint that that position remains the preferred one — barring a radical change of policy under a new PM — with, in addition to talk of encouraging diversity in the supply chain, the minister also flagging the review’s conclusion that there should be “additional controls on the presence in the supply chain of certain types of vendor which pose significantly greater security and resilience risks to UK telecoms.”

“Additional controls” doesn’t sound like a euphemism for an out-and-out ban.

In a statement responding to the review, Huawei expressed confidence that it’s days of supplying U.K. 5G are not drawing to a close — writing:

The UK Government’s Supply Chain Review gives us confidence that we can continue to work with network operators to rollout 5G across the UK. The findings are an important step forward for 5G and full fibre broadband networks in the UK and we welcome the Government’s commitment to “a diverse telecoms supply chain” and “new legislation to enforce stronger security requirements in the telecoms sector”. After 18 years of operating in the UK, we remain committed to supporting BT, EE, Vodafone and other partners build secure, reliable networks.”

The evidence shows excluding Huawei would cost the UK economy £7 billion and result in more expensive 5G networks, raising prices for anyone with a mobile device. On Friday, Parliament’s Intelligence & Security Committee said limiting the market to just two telecoms suppliers would reduce competition, resulting in less resilience and lower security standards. They also confirmed that Huawei’s inclusion in British networks would not affect the channels used for intelligence sharing.

A spokesman for the company told us it already supplies non-core elements of U.K. carriers’ EE and Vodafone’s network, adding that it’s viewing Wright’s statement as an endorsement of that status quo.

While the official position remains to be confirmed, all the signals suggest the U.K.’s 5G security strategy will be tied to tightened regulation and oversight, rather than follow a U.S. path of seeking to shut out Chinese tech giants.

Commenting on the government’s telecoms supply chain review in a statement, Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre, said: “As the UK’s lead technical authority, we have worked closely with DCMS [the Department for Digital, Culture, Media and Sport] on this review, providing comprehensive analysis and cyber security advice. These new measures represent a tougher security regime for our telecoms infrastructure, and will lead to higher standards, much greater resilience and incentives for the sector to take cyber security seriously.

“This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place to live and work online by ensuring that cyber security is embedded into future networks from inception.”

Although, tougher security standards for telecoms combined with updated regulations that bake in major fines for failure suggest Huawei will have its work cut out not to be excluded by the market, as carriers will be careful about vendors as they work to shrink their risk.

Earlier this year a report by an oversight body that evaluates its approach to security was withering — finding “serious and systematic defects” in its software engineering and cybersecurity competence.

Powered by WPeMatico

Huawei 5G indecision is hitting UK’s relations abroad, warns committee

Posted by | 5g, 5g network, China, Conservative Party, Europe, european union, huawei, Internet of Things, Mobile, National Cyber Security Centre, national security council, Security, supply chain, telecommunications, Theresa May, UK government, United Kingdom | No Comments

The U.K.’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay.

In a statement on 5G suppliers, the Intelligence and Security committee (ISC) writes that the government must take a decision “as a matter of urgency.”

Earlier this week another parliamentary committee, which focuses on science and technology, concluded there is no technical reason to exclude Huawei as a 5G supplier, despite security concerns attached to the company’s ties to the Chinese state, though it did recommend it be excluded from core 5G supply.

The delay in the U.K. settling on a 5G-supplier policy can be linked not only to the complexities of trying to weigh and balance security considers with geopolitical pressures but also ongoing turmoil in domestic politics, following the 2016 EU referendum Brexit vote — which continues to suck most of the political oxygen out of Westminster. (And will very soon have despatched two U.K. prime ministers in three years.)

Outgoing PM Theresa May, whose successor is due to be selected by a vote by Conservative Party members next week, appeared to be leaning toward giving Huawei an amber light earlier this year.

A leak to the press from a National Security Council meeting back in April suggested Huawei would be allowed to provide kit, but only for non-core parts of 5G networks — raising questions about how core and non-core are delineated in the next-gen networks.

The leak led to the sacking by May of the then defense minister, Gavin Williamson, after an investigation into confidential information being passed to the media in which she said she had lost confidence in him.

The publication of a government Telecoms Supply Chain Review, whose terms of reference were published last fall, has also been delayed — leading carriers to press the government for greater clarity last month.

But with May herself now on the way out, having agreed in May to step down as PM, the decision on 5G supply is on hold.

It will be down to either Boris Johnson or Jeremy Hunt, the two remaining contenders to take over as PM, to choose whether or not to let the Chinese tech giant supply U.K. 5G networks.

Whichever of the men wins the vote, they will arrive in the top job needing to give their full attention to finding a way out of the Brexit morass — with a mere three months til an October 31 Brexit extension deadline looming. So there’s a risk 5G may not seem as urgent an issue and a decision again be kicked back.

In its statement on 5G supply, the ISC backs the view expressed by the public-facing branch of the U.K.’s intelligence service that network security is not dependent on any one supplier being excluded from building it — writing that: “The National Cyber Security Centre… has been clear that the security of the UK’s telecommunications network is not about one company or one country: the ‘flag of origin’ for telecommunications equipment is not the critical element in determining cyber security.”

The committee argues that “some parts of the network will require greater protection” — writing that “critical functions cannot be put at risk” but also that there are “less sensitive functions where more risk can be carried”, albeit without specifying what those latter functions might be.

“It is this distinction — between the sensitivity of the functions — that must determine security, rather than where in the network those functions are located: notions of ‘core’ and ‘edge’ ate therefore misleading in this context,” it adds. “We should therefore be thinking of different levels of security, rather than a one size fits all approach, within a network that has been built to be resilient to attack, such that no single action could disable the system.”

The committee’s statement also backs the view that the best way to achieve network resilience is to support diversity in the supply chain — i.e. by supporting more competition.

But at the same time it emphasizes that the 5G supply decision “cannot be viewed solely through a technical lens — because it is not simply a decision about telecommunications equipment.”

“This is a geostrategic decision, the ramifications of which may be felt for decades to come,” it warns, raising concerns about the perceptions of U.K. intelligence sharing partners by emphasizing the need for those allies to trust the decisions the government makes.

It also couches a U.K. decision to give Huawei access a risk by suggesting it could be viewed externally as an endorsement of the company, thereby encouraging other countries to follow suit — without paying the full (and it asserts vitally) necessary attention to the security piece.

“The UK is a world leader in cyber security: therefore if we allow Huawei into our 5G network we must be careful that that is not seen as an endorsement for others to follow. Such a decision can only happen where the network itself will be constructed securely and with stringent regulation,” it writes.

The committee’s statement goes on to raise as a matter of concern the U.K.’s general reliance on China as a technology supplier.

“One of the lessons the UK Government must learn from the current debate over 5G is that with the technology sector now monopolised by such a few key players, we are over-reliant on Chinese technology — and we are not alone in this, this is a global issue. We need to consider how we can create greater diversity in the market. This will require us to take a long term view — but we need to start now,” it warns.

It ends by reiterating that the debate about 5G supply has been “unnecessarily protracted” — pressing the next U.K. prime minister to get on and take a decision “so that all concerned can move forward.”

Powered by WPeMatico

Watch an unfiltered interview of PicsArt founder at Disrupt Berlin

Posted by | Apps, Disrupt, disrupt berlin, Disrupt Berlin 2019, Europe, Hovhannes Avoyan, Mobile, Picsart, Startups | No Comments

Smartphones have become a creative playground thanks to cameras and innovative apps, such as PicsArt. With PicsArt, anybody can add filters and stickers and tweak photos and videos in many different ways. It has been a massive hit with 130 million monthly active users. And that’s why I’m excited to announce that PicsArt founder and CEO Hovhannes Avoyan is joining us at TechCrunch Disrupt Berlin.

PicsArt started with a simple app that lets you edit photos before sharing them. There are many companies in this space, including VSCO, Snapseed and Prisma. But PicsArt has managed to become a cultural phenomenon in many countries, including China.

If you’re thinking about editing a photo or video in one way or another, chances are you can do it in PicsArt. In addition to traditional editing tools (cropping, rotating, curves, etc.), you can add filters, auto-beautify your face, change your hair color, add stickers and text, cut out your face and use masks just like in Photoshop… I’m not going to list everything you can do because it’s a long list.

The result is an app packed with features that lets you express yourself, create visual storytelling and improve your social media skills. If you’re an Instagram user, chances are you’ve seen more than one photo that has been edited using PicsArt.

picsart

While the app is free with ads, users can also subscribe to a premium subscription to unlock additional features. And PicsArt is not just about editing, as you can also use the app as its own social network.

PicsArt is based in the U.S. and has raised $45 million over the years. But the company is also betting big on Armenia, with a big engineering team over there.

And it’s a natural fit, as Hovhannes Avoyan is originally from Armenia. In addition to PicsArt, he has founded many successful startups in the past — he sold them to Lycos, Bertelsmann, GFI, TeamViewer and HelpSystems. Many entrepreneurs would have a hard time founding just one of these companies, so I can’t wait to hear how Avoyan manages to work on so many different products and turn those products into successes.

Buy your ticket to Disrupt Berlin to listen to this discussion and many others. The conference will take place on December 11-12.

In addition to panels and fireside chats, like this one, new startups will participate in the Startup Battlefield to compete for the highly coveted Battlefield Cup.



Hovhannes Avoyan is a serial entrepreneur, investor and scholar. He is the founder and CEO of PicsArt, the No. 1 photo and video editing app and community with more than 130 million monthly active users. PicsArt is backed by Sequoia Capital, Insight Venture Partners, DCM and Siguler Guff. The company employs more than 350 people and is headquartered in San Francisco, with offices across the globe in Yerevan, Armenia; Los Angeles; Beijing; and an AI lab in Moscow.

Avoyan brings more than 25 years of experience in computer programming and global business management. Prior to PicsArt, Avoyan founded five other startups, all of which had successful acquisitions by global companies including Lycos, Bertelsmann, GFI, TeamViewer, and HelpSystems.

He is a graduate of Harvard Business School’s Bertelsmann Senior Executive’s program. He received his B.S. and M.S. from the State Engineering University of Armenia and his M.A. in Political Science and International Affairs from the American University of Armenia. He’s also a frequent speaker at business conferences on topics ranging from business strategy to international team building and Al.

Powered by WPeMatico

No technical reason to exclude Huawei as 5G supplier, says UK committee

Posted by | 5g, Asia, Australia, China, cyber security, Ericsson, Europe, huawei, human rights, Ian Levy, Internet of Things, jeremy wright, Mobile, National Cyber Security Centre, national security, Nokia, privacy, Security, TC, telecommunications, United Kingdom, United States, zte | No Comments

A UK parliamentary committee has concluded there are no technical grounds for excluding Chinese network kit vendor Huawei from the country’s 5G networks.

In a letter from the chair of the Science & Technology Committee to the UK’s digital minister Jeremy Wright, the committee says: “We have found no evidence from our work to suggest that the complete exclusion of Huawei from the UK’s telecommunications networks would, from a technical point of view, constitute a proportionate response to the potential security threat posed by foreign suppliers.”

Though the committee does go on to recommend the government mandate the exclusion of Huawei from the core of 5G networks, noting that UK mobile network operators have “mostly” done so already — but on a voluntary basis.

If it places a formal requirement on operators not to use Huawei for core supply the committee urges the government to provide “clear criteria” for the exclusion so that it could be applied to other suppliers in future.

Reached for a response to the recommendations, a government spokesperson told us: “The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.”

The spokesperson for the Department for Digital, Media, Culture and Sport added: “The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.”

In recent years the US administration has been putting pressure on allies around the world to entirely exclude Huawei from 5G networks — claiming the Chinese company poses a national security risk.

Australia announced it was banning Huawei and another Chinese vendor ZTE from providing kit for its 5G networks last year. Though in Europe there has not been a rush to follow the US lead and slam the door on Chinese tech giants.

In April leaked information from a UK Cabinet meeting suggested the government had settled on a policy of granting Huawei access as a supplier for some non-core parts of domestic 5G networks, while requiring they be excluded from supplying components for use in network cores.

On this somewhat fuzzy issue of delineating core vs non-core elements of 5G networks, the committee writes that it “heard unanimously and clearly” from witnesses that there will still be a distinction between the two in the next-gen networks.

It also cites testimony by the technical director of the UK’s National Cyber Security Centre (NCSC), Dr Ian Levy, who told it “geography matters in 5G”, and pointed out Australia and the UK have very different “laydowns” — meaning “we may have exactly the same technical understanding, but come to very different conclusions”.

In a response statement to the committee’s letter, Huawei SVP Victor Zhang welcomed the committee’s “key conclusion” before going on to take a thinly veiled swiped at the US — writing: “We are reassured that the UK, unlike others, is taking an evidence based approach to network security. Huawei complies with the laws and regulations in all the markets where we operate.”

The committee’s assessment is not all comfortable reading for Huawei, though, with the letter also flagging the damning conclusions of the most recent Huawei Oversight Board report which found “serious and systematic defects” in its software engineering and cyber security competence — and urging the government to monitor Huawei’s response to the raised security concerns, and to “be prepared to act to restrict the use of Huawei equipment if progress is unsatisfactory”.

Huawei has previously pledged to spend $2BN addressing security shortcomings related to its UK business — a figure it was forced to qualify as an “initial budget” after that same Oversight Board report.

“It is clear that Huawei must improve the standard of its cybersecurity,” the committee warns.

It also suggests the government consults on whether telecoms regulator Ofcom needs stronger powers to be able to force network suppliers to clean up their security act, writing that: “While it is reassuring to hear that network operators share this point of view and are ready to use commercial pressure to encourage this, there is currently limited regulatory power to enforce this.”

Another committee recommendation is for the NCSC to be consulted on whether similar security evaluation mechanisms should be established for other 5G vendors — such as Ericsson and Nokia: Two European based kit vendors which, unlike Huawei, are expected to be supplying core 5G.

“It is worth noting that an assurance system comparable to the Huawei Cyber Security Evaluation Centre does not exist for other vendors. The shortcomings in Huawei’s cyber security reported by the Centre cannot therefore be directly compared to the cyber security of other vendors,” it notes.

On the issue of 5G security generally the committee dubs this “critical”, adding that “all steps must be taken to ensure that the risks are as low as reasonably possible”.

Where “essential services” that make use of 5G networks are concerned, the committee says witnesses were clear such services must be able to continue to operate safely even if the network connection is disrupted. Government must ensure measures are put in place to safeguard operation in the event of cyber attacks, floods, power cuts and other comparable events, it adds. 

While the committee concludes there is no technical reason to limit Huawei’s access to UK 5G, the letter does make a point of highlighting other considerations, most notably human rights abuses, emphasizing its conclusion does not factor them in at all — and pointing out: “There may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.

It adds that Huawei’s global cyber security and privacy officer, John Suffolk, confirmed that a third party had supplied Huawei services to Xinjiang’s Public Security Bureau, despite Huawei forbidding its own employees from misusing IT and comms tech to carry out surveillance of users.

The committee suggests Huawei technology may therefore be being used to “permit the appalling treatment of Muslims in Western China”.

Powered by WPeMatico

Hero Labs raises £2.5M for its ultrasonic device to monitor a property’s water use and prevent leaks

Posted by | Earthworm Group, Europe, Gadgets, Hero Labs, Recent Funding, Startups, TC | No Comments

Hero Labs, a London-based startup that is developing “smart” technology to help prevent water leaks in U.K. properties, has raised £2.5 million in seed funding. The round is led by Earthworm Group, an environmental fund manager, with further support via a £300,000 EU innovation grant and a number of unnamed private investors.

The new capital will be used by Hero Labs to accelerate development of its first product: a smart device dubbed “Sonic” that uses ultrasonic technology to monitor water use within a property, including the early detection of water leaks.

Founded in 2018 by Krystian Zajac after he exited Neos, a smart home insurer that was acquired by Aviva, Hero Labs was born out of the realisation that a lot of smart home technology either wasn’t very smart or didn’t solve mass problems (Zajac had also previously run a smart home company focusing on ultra-high-net-worth individuals that delivered bespoke designs for things like motorised swimming pool floors or home cinemas doubling up as panic rooms).

Coupled with this, the Hero Labs founder learned that water wastage was a very costly problem, both financially and environmentally, with water leaks being the number one culprit for property damage in the U.K., ahead of fires, gas explosions or break-ins combined. This sees water leaks cost the U.K. insurance industry £1 billion per year, apparently.

“My vision for the company is to solve real-life problems with truly smart technology,” Zajac tells me. “From working at Neos and alongside some of the world’s largest home insurers I understood the problems that impacted ordinary homeowners and their families on a day-to-day basis. Perhaps most surprisingly, I learnt that water leaks are far and way the biggest cause of damage to homes… I also wanted to do more for the environment in my next venture after learning that water leaks waste 3 billion litres of water a day in the U.K. alone.”

KZ Event

To that end, the Sonic device and service is described as a smart leak defence system. Aimed at anyone who wants to prevent water leaks in their property — including homeowners, landlords, facilities management, property developers and businesses — the ultrasonic device typically attaches to the piping below your sink and “listens” to the vibrations coming off the interconnected pipes.

Sonic then monitors the water flow using machine learning and its algorithms to identify usage and detect anomalies. This requires the technology to understand the difference between appliances, running taps and even flushing toilets so that it can build up a picture of normal water usage in the home and in turn identify if that pattern is broken. Crucially, if needed, Sonic can automatically shut off the water supply to prevent a water leak from damaging the property or its possessions.

Will a full launch planned for later this year, Sonic is targeting consumers as well as small businesses initially. “We are [also] in discussions with insurers who might subsidise the product or give it away completely for free to certain more affluent customers to minimise the risk of water escape,” adds Zajac.

Powered by WPeMatico

N26 launches its challenger bank in the US

Posted by | challenger bank, Europe, fintech, Mobile, N26, Startups, TC | No Comments

European fintech startup N26 is now accepting customers in the U.S. The company is launching a bank account with a debit card that should provide a better experience compared to traditional retail banks.

If you’re familiar with N26, the product that is going live today won’t surprise you much. Customers in the U.S. can download a mobile app and create a bank account from their phone in just a few minutes. It’s a true bank account with ACH payments, routing and account numbers.

A few days later, you receive a debit card that you can control from the mobile app. Every time you make a transaction, you instantly receive a push notification telling you how much money you just paid. You can set up your PIN code, customize limits, turn on and off online payments, and make ATM withdrawals or payments abroad.

And that’s about all there is to know. But what about fees? Basic N26 accounts are free. There’s no monthly fee and no minimum balance. There’s no fee on transactions in a foreign currency and you get two free ATM withdrawals per month.

N26 US App and Card

N26 is going to progressively roll out signups over the summer as a sort of beta program. If you’ve signed up to the waitlist, you’ll get an invitation over the coming hours, days and weeks. There are currently 100,000 people on the waitlist. N26 will then open signups to everyone later this summer.

When N26 rolls out its final product in a couple of months, the company says that it plans to automatically find and reimburse fees the ATM operators are charging. N26 cards in the U.S. work on the Visa network instead of Mastercard.

Just like Chime, N26 will also try to let you get paid up to two days early if you get paid via direct deposit. Instead of waiting a couple of days to clear those transactions, N26 will go ahead and top up your account.

N26 US 2

White label

Behind the scenes, there are a few differences between N26 in Europe and N26 in the U.S. While N26 has a full-fledged banking license in Europe, the company has partnered with Axos Bank, which is acting as a white-label partner in the U.S.

Axos Bank essentially manages your money for you, and N26 acts as the interface between customers and their bank accounts. As a result, you get an FDIC-insured account.

N26 first partnered with a third-party company in Europe, as well. But it was a costly deal that wasn’t meant to stick around. The startup got a banking license in Germany that was good for Europe at large. In the U.S., it’s a different story, as the market is not as unified as in Europe — it’s complicated to get a license to operate in all 50 states.

“We looked at 30 players, we did some due diligence and we’re happy to partner with Axos Bank. The deals that you get in the U.S. for white-label banks are much more favorable than in Europe,” N26 co-founder and CEO Valentin Stalf told me. “It’s a setup for the longer term. It’s good for a couple million customers,” Stalf added later in the conversation.

Just a start

N26 is already planning more features for the U.S. The company plans to roll out two premium plans — N26 Metal and then N26 Black.

And it sounds like there will be some changes when it comes to perks for premium users. “We took that to a separate level,” Stalf said.

And shared Spaces are finally arriving in the coming months. Spaces are sub-accounts designed to put money aside. You can swipe money from one Space to another or you can set up automated rules.

Eventually, you’ll be able to share a Space with other people so that you can save money and spend money together. It’ll work “like a WhatsApp group,” Stalf said.

N26 currently has 3.5 million customers in Europe and has raised more than $500 million in total so far. There are now a thousand people working for N26 in Berlin, 60 employees in New York, 80 people in Barcelona and a small team of five to 10 people starting soon in Vienna.

“It went from being a small company to being an international company,” Stalf said.

N26 Spaces ENUS

Powered by WPeMatico

Bunq lets you track and settle up group expenses

Posted by | Bunq, challenger bank, Europe, fintech, Mobile, Startups | No Comments

Fintech startup Bunq is announcing a handful of new features today, such as a way to track group expenses without creating a joint account, a web app and better Siri integration.

If you usually track vacation expenses and group expenses from your phone, chances are you’ve been using two different products — a mobile app like Splitwise to track group expenses with your friends, and a peer-to-peer payment app to settle up balances.

Bunq is essentially bundling these two features with Slice Groups for owners of the Bunq Travel Card. Given that the Bunq app already lists all your transactions, adding transactions to a group is easier than with your average group payment tracking app.

After adding other people to your Slice Group, each person can add expenses to the group. You get a list of your most recent Bunq transactions and you can add them to a group. You also can add manual transactions in case you paid for something using cash, for instance.

This is just a group accounting feature. When you add a transaction to a Slice Group, your money remains in your account. But you can see who has a positive balance and who has a negative balance.

When you settle up a group, people who owe money get a push notification. They can then tap on the notification and send money from their Bunq account to your friends’ Bunq accounts.

This feature will work particularly well for groups of people who all use the Bunq Travel Card. But it doesn’t fundamentally change how you manage your money with groups.

Bunq now has two tiers of users. Free users get a travel card with an account that they can top up. Paid users get a full-fledged bank account with banking information.

Multiple paid users can already create joint accounts with their roommates or partner. You can then associate your Bunq card with a joint account and spend money from that joint account directly.

So if you have a Bunq Travel Card, Slice Groups are for you. If you have a Bunq bank account, joint accounts are for you.

Revolut doesn’t try to reinvent the wheel, either, as you can only split individual card transactions with other users. It could take a while to settle all transactions after a long vacation. Revolut also lets you create Group Vaults. Those are sub-accounts to put some money aside and invite other people to contribute. But only the admin can withdraw and spend money from those vaults.

N26 has promised Shared Spaces so that you can create sub-accounts and share them with other people. But the feature isn’t live yet.

Lydia’s take on group expenses works more like Bunq’s joint accounts. You can create sub-accounts and share those accounts with other people. Everyone can then top up that account and attach a payment method, such as a payment card or a virtual card in Apple Pay or Google Pay. You also can move expenses from one sub-account to another. When you’re back from vacation, you can associate your card with your personal Lydia account again.

In addition to Slice Groups, Bunq is launching a web interface to access your bank account. It works a bit like WhatsApp’s web app. You scan a QR code with your phone and you can then control the mobile app from a desktop web browser.

Bunq should also work better with Siri. You can now send money using your voice or change card settings. Finally, the startup has also made improvements to its business accounts with a few new features. For instance, you can now automatically put money aside to pay back VAT later down the road.

bunq update 11

Powered by WPeMatico