european union

Google files appeal against Europe’s $5BN antitrust fine for Android

Posted by | Android, antitrust, app developers, Apps, competition commission, competition law, EC, Europe, european commission, european union, Google, lawsuit, Margrethe Vestager, Mobile, play store, smartphone, smartphones, Sundar Pichai | No Comments

Google has lodged its legal appeal against the European Commission’s €4.34 billion (~$5BN) antitrust ruling against its Android mobile OS, according to Reuters — the first step in a process that could keep its lawyers busy for years to come.

“We have now filed our appeal of the EC’s Android decision at the General Court of the EU,” it told the news agency, via email.

We’ve reached out to Google for comment on the appeals process.

Rulings made by the EU’s General Court in Luxembourg can be appealed to the top court, the Court of Justice of the European Union, but only on points of law.

Europe’s competition commissioner, Margrethe Vestager, announced the record-breaking antitrust penalty for Android in July, following more than two years of investigation of the company’s practices around its smartphone operating system.

Vestager said Google had abused the regional dominance of its smartphone platform by requiring that manufacturers pre-install other Google apps as a condition for being able to license the Play Store.

She also found the company had made payments to some manufacturers and mobile network operators in exchange for them exclusively pre-installing Google Search on their devices, and used Google Play licensing to prevent manufacturers from selling devices based on Android forks — which would not have to include Google services and, in Vestager’s view, “could have provided a platform for rival search engines as well as other app developers to thrive”.

Google rejected the Commission’s findings and said it would appeal.

In a blog post at the time, Google CEO Sundar Pichai argued the contrary — claiming the Android ecosystem has “created more choice, not less” for consumers, and saying the Commission ruling “ignores the new breadth of choice and clear evidence about how people use their phones today”.

According to Reuters the company reiterated its earlier arguments in reference to the appeal.

A spokesperson for the EC told us simply: “The Commission will defend its decision in Court.”

Powered by WPeMatico

Panasonic to move its European HQ out of the UK because Brexit

Posted by | amsterdam, Asia, Brexit, corporate tax, Europe, european union, Gadgets, Government, Japan, Panasonic, tax haven, United Kingdom | No Comments

Chalk up yet another Brexit deficit: Japanese electronics firm Panasonic will be moving its European headquarters from the UK to Amsterdam in October because it’s worried about the tax implications if it stays, the Nikkei Asian Review reports.

The company is concerned it could face tax liabilities if the UK shifts its corporate tax regime as a result of Brexit.

Laurent Abadie, CEO of Panasonic Europe, told the publication Japan could treat the U.K. as a tax haven if the country lowers its corporate rate — as the government has indeed suggested it will to try to make itself a more attractive destination for businesses once it’s outside the European Union’s trading bloc.

In November 2016 the UK Prime Minister announced a review of the country’s corporate tax rate — saying the government could move to substantially cut the rate below the current 20%.

Prior to that, former chancellor George Osborne pledged to cut the rate to below 15%.

At the same time as announcing the rate review, the PM unveiled a package of business-focused measures — intended to try to quell fears around Brexit. Although a rate cut evidently isn’t friendly to every business.

In the case of Panasonic, it’s concerned that if the U.K. gets designated a tax-haven by Japan it could be saddled with back taxes back home. So moving to stay regionally headquartered within the European Union removes that risk.

Abadie also told the Nikkei Asian Review that moving its regional HQ to continental Europe will help it avoid any barriers to the flow of people and goods thrown up by Brexit.

The shape of any deal — or even whether there will be a deal between the UK and the EU, post-Brexit — still remains to be seen just a few months before the UK is scheduled to exit the EU, in March 2019. So businesses are having to make key decisions based on possible or potential outcomes.

Meanwhile the UK’s regulatory influence in the region continues to be diminished…

In terms of trade, access to talent, and regulatory influence, we’re relegating ourselves to the second division.

— Ian Dunt (@IanDunt) August 30, 2018

Powered by WPeMatico

Dixons Carphone says millions more customers affected by 2017 breach

Posted by | Carphone Warehouse, computer security, data breach, Dixons Carphone, electronics, Europe, european union, Gadgets, Mobile, Security, United Kingdom | No Comments

A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked.

The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.

Last month it said 5.9M payment cards and 1.2M customer records had been accessed. But with its investigation into the breach “nearing completion”, it now says approximately 10M records containing personal data (but no financial information) may have been accessed last year — in addition to the 5.9M compromised payment cards it disclosed last month.

“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated,” the company said in a statement.

In terms of what personal data the 10M records contained, a Dixons Carphone spokeswoman told us: “This continues to relate to personal data, and the types of data that may have been accessed are, for example, name, address or email address.”

The company says it’s taking the precaution of contacting all its customers — to apologize and advise them of “protective steps to minimize the risk of fraud”.

It adds it has no evidence that the unauthorized access is continuing, having taken steps to secure its systems when the breach was discovered last month, saying: “We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.”

Commenting in a statement, Dixons Carphone CEO, Alex Baldock, added: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

Back in 2015, Carphone Warehouse, a mobile division of Dixons Carphone, also suffered a hack which affected around 3M people. And in January the company was fined £400k by the ICO as a consequence of that earlier breach.

Since then new European Union regulations (GDPR) have come into force which greatly raise the maximum penalties which regulators can impose for serious data breaches.

Last month, following Dixon’s disclosure of the latest breach, the UK’s data watchdog, the ICO, told us it was liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.

Of the 5.9M payment cards which Dixons disclosed last month as having been compromised, it said the vast majority had been protected by chip and PIN technology. But around 105,000 lacked the security tech so Dixons said at the time could therefore have been compromised.

It’s the additional 1.2M records containing non-financial personal data — such as name, address or email address — that have been revised upwards now, to ~10M records, which constitutes almost half the Group’s customer base in the UK and Ireland.

The spokeswoman told us the Group has approximately 22M customers in the region.

https://www.ncsc.gov.uk/guidance/ncsc-advice-dixons-carphone-plc-customers

Powered by WPeMatico

EU fines Asus, Denon & Marantz, Philips and Pioneer $130M for online price fixing

Posted by | antitrust, asus, Boston Acoustics, competition, competition law, consumer electronics, Denon & Marantz, eCommerce, Europe, european union, Gadgets, hardware, Marantz, Margrethe Vestager, Philips, price - fixing, Pricing | No Comments

The European Union’s antitrust authorities have issued a series of penalties, fining consumer electronics companies Asus, Denon & Marantz, Philips and Pioneer more than €110 million (~$130M) in four separate decisions for imposing fixed or minimum resale prices on their online retailers in breach of EU competition rules.

It says the four companies engaged in so-called “fixed or minimum resale price maintenance (RPM)” by restricting the ability of their online retailers to set their own retail prices for widely used consumer electronics products — such as kitchen appliances, notebooks and hi-fi products.

Asus has been hit with the largest fine (63.5M), followed by Philips (29.8M). The other two fines were 10.1M for Pioneer, and 7.7M for Denon & Marantz.

The Commission found the manufacturers put pressure on ecommerce outlets who offered their products at low prices, writing: “If those retailers did not follow the prices requested by manufacturers, they faced threats or sanctions such as blocking of supplies. Many, including the biggest online retailers, use pricing algorithms which automatically adapt retail prices to those of competitors. In this way, the pricing restrictions imposed on low pricing online retailers typically had a broader impact on overall online prices for the respective consumer electronics products.”

It also notes that use of “sophisticated monitoring tools” by the manufacturers allowed them to “effectively track resale price setting in the distribution network and to intervene swiftly in case of price decreases”.

“The price interventions limited effective price competition between retailers and led to higher prices with an immediate effect on consumers,” it added.

In particular, Asus, was found to have monitored the resale price of retailers for certain computer hardware and electronics products such as notebooks and displays — and to have done so in two EU Member States (Germany and France), between 2011 and 2014.

While Denon & Marantz was found to have engaged in “resale price maintenance” with respect to audio and video consumer products such as headphones and speakers of the brands Denon, Marantz and Boston Acoustics in Germany and the Netherlands between 2011 and 2015.

Philips was found to have done the same in France between the end of 2011 and 2013 — but for a range of consumer electronics products, including kitchen appliances, coffee machines, vacuum cleaners, home cinema and home video systems, electric toothbrushes, hair driers and trimmers.

In Pioneer’s case, the resale price maintenance covered products including home theatre devices, iPod speakers, speaker sets and hi-fi products.

The Commission said the company also limited the ability of its retailers to sell-cross border to EU consumers in other Member States in order to sustain different resale prices in different Member States, for example by blocking orders of retailers who sold cross-border. Its conduct lasted from the beginning of 2011 to the end of 2013 and concerned 12 countries (Germany, France, Italy, the United Kingdom, Spain, Portugal, Sweden, Finland, Denmark, Belgium, the Netherlands and Norway).

In all four cases, the Commission said the level of fines were reduced — 50% in the case of Pioneer; and 40% for each of the others — due to the companies’ co-operation with its investigations, specifying that they had provided evidence with “significant added value” and had “expressly acknowledg[ed] the facts and the infringements of EU antitrust rules”.

Commenting in a statement, commissioner Margrethe Vestager, who heads up the bloc’s competition policy, said: The online commerce market is growing rapidly and is now worth over 500 billion euros in Europe every year. More than half of Europeans now shop online. As a result of the actions taken by these four companies, millions of European consumers faced higher prices for kitchen appliances, hair dryers, notebook computers, headphones and many other products. This is illegal under EU antitrust rules. Our decisions today show that EU competition rules serve to protect consumers where companies stand in the way of more price competition and better choice.”

We’ve reached out to all the companies for comment.

The fines follow the Commission’s ecommerce sector inquiry, which reported in May 2017, and showed that resale-price related restrictions are by far the most widespread restrictions of competition in ecommerce markets, making competition enforcement in this area a priority — as part of the EC’s wider Digital Single Market strategy.

The Commission further notes that the sector inquiry shed light on the increased use of automatic software applied by retailers for price monitoring and price setting.

Separate investigations were launched in February 2017 and June 2017 to assess if certain online sales practices are preventing, in breach of EU antitrust rules, consumers from enjoying cross-border choice and from being able to buy products and services online at competitive prices. The Commission adds that those investigations are ongoing.

Commenting on today’s EC decision, a spokesman for Philips told us: “Since the start of the EC investigation in late 2013, which Philips reported in its Annual Reports, the company has fully cooperated with the EC. Philips initiated an internal investigation and addressed the matter in 2014.”

“It is good that we can now leave this case behind us, and focus on the positive impact that our products and solutions can have on people,” he added. “Let me please stress that Philips attaches prime importance to full compliance with all applicable laws, rules and regulations. Being a responsible company, everyone in Philips is expected to always act with integrity. Philips rigorously enforces compliance of its General Business Principles throughout the company. Philips has a zero tolerance policy towards non-compliance in relation to breaches of its General Business Principles.”

Anticipating the decision of the EC, he said the company had already recognized a 30M provision in its Q2 2018.

Powered by WPeMatico

Facebook, Google face first GDPR complaints over ‘forced consent’

Posted by | Advertising Tech, Android, data protection, Europe, european union, Facebook, General Data Protection Regulation, Google, instagram, lawsuit, Mark Zuckerberg, Max Schrems, privacy, Social, social network, social networking, terms of service, WhatsApp | No Comments

After two years coming down the pipe at tech giants, Europe’s new privacy framework, the General Data Protection Regulation (GDPR), is now being applied — and long time Facebook privacy critic, Max Schrems, has wasted no time in filing four complaints relating to (certain) companies’ ‘take it or leave it’ stance when it comes to consent.

The complaints have been filed on behalf of (unnamed) individual users — with one filed against Facebook; one against Facebook-owned Instagram; one against Facebook-owned WhatsApp; and one against Google’s Android.

Schrems argues that the companies are using a strategy of “forced consent” to continue processing the individuals’ personal data — when in fact the law requires that users be given a free choice unless a consent is strictly necessary for provision of the service. (And, well, Facebook claims its core product is social networking — rather than farming people’s personal data for ad targeting.)

“It’s simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’,” Schrems writes in a statement.

“Facebook has even blocked accounts of users who have not given consent,” he adds. “In the end users only had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process.”

We’ve reached out to all the companies involved for comment and will update this story with any response. Update: Facebook has now sent the following statement, attributed to its chief privacy officer, Erin Egan: “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”

Schrems most recently founded a not-for-profit digital rights organization to focus on strategic litigation around the bloc’s updated privacy framework, and the complaints have been filed via this crowdfunded NGO — which is called noyb (aka ‘none of your business’).

As we pointed out in our GDPR explainer, the provision in the regulation allowing for collective enforcement of individuals’ data rights is an important one, with the potential to strengthen the implementation of the law by enabling non-profit organizations such as noyb to file complaints on behalf of individuals — thereby helping to redress the power imbalance between corporate giants and consumer rights.

That said, the GDPR’s collective redress provision is a component that Member States can choose to derogate from, which helps explain why the first four complaints have been filed with data protection agencies in Austria, Belgium, France and Hamburg in Germany — regions that also have data protection agencies with a strong record of defending privacy rights.

Given that the Facebook companies involved in these complaints have their European headquarters in Ireland it’s likely the Irish data protection agency will get involved too. And it’s fair to say that, within Europe, Ireland does not have a strong reputation as a data protection rights champion.

But the GDPR allows for DPAs in different jurisdictions to work together in instances where they have joint concerns and where a service crosses borders — so noyb’s action looks intended to test this element of the new framework too.

Under the penalty structure of GDPR, major violations of the law can attract fines as large as 4% of a company’s global revenue which, in the case of Facebook or Google, implies they could be on the hook for more than a billion euros apiece — if they are deemed to have violated the law, as the complaints argue.

That said, given how freshly fixed in place the rules are, some EU regulators may well tread softly on the enforcement front — at least in the first instances, to give companies some benefit of the doubt and/or a chance to make amends to come into compliance if they are deemed to be falling short of the new standards.

However, in instances where companies themselves appear to be attempting to deform the law with a willfully self-serving interpretation of the rules, regulators may feel they need to act swiftly to nip any disingenuousness in the bud.

“We probably will not immediately have billions of penalty payments, but the corporations have intentionally violated the GDPR, so we expect a corresponding penalty under GDPR,” writes Schrems.

Only yesterday, for example, Facebook founder Mark Zuckerberg — speaking in an on stage interview at the VivaTech conference in Paris — claimed his company hasn’t had to make any radical changes to comply with GDPR, and further claimed that a “vast majority” of Facebook users are willingly opting in to targeted advertising via its new consent flow.

“We’ve been rolling out the GDPR flows for a number of weeks now in order to make sure that we were doing this in a good way and that we could take into account everyone’s feedback before the May 25 deadline. And one of the things that I’ve found interesting is that the vast majority of people choose to opt in to make it so that we can use the data from other apps and websites that they’re using to make ads better. Because the reality is if you’re willing to see ads in a service you want them to be relevant and good ads,” said Zuckerberg.

He did not mention that the dominant social network does not offer people a free choice on accepting or declining targeted advertising. The new consent flow Facebook revealed ahead of GDPR only offers the ‘choice’ of quitting Facebook entirely if a person does not want to accept targeting advertising. Which, well, isn’t much of a choice given how powerful the network is. (Additionally, it’s worth pointing out that Facebook continues tracking non-users — so even deleting a Facebook account does not guarantee that Facebook will stop processing your personal data.)

Asked about how Facebook’s business model will be affected by the new rules, Zuckerberg essentially claimed nothing significant will change — “because giving people control of how their data is used has been a core principle of Facebook since the beginning”.

“The GDPR adds some new controls and then there’s some areas that we need to comply with but overall it isn’t such a massive departure from how we’ve approached this in the past,” he claimed. “I mean I don’t want to downplay it — there are strong new rules that we’ve needed to put a bunch of work into making sure that we complied with — but as a whole the philosophy behind this is not completely different from how we’ve approached things.

“In order to be able to give people the tools to connect in all the ways they want and build community a lot of philosophy that is encoded in a regulation like GDPR is really how we’ve thought about all this stuff for a long time. So I don’t want to understate the areas where there are new rules that we’ve had to go and implement but I also don’t want to make it seem like this is a massive departure in how we’ve thought about this stuff.”

Zuckerberg faced a range of tough questions on these points from the EU parliament earlier this week. But he avoided answering them in any meaningful detail.

So EU regulators are essentially facing a first test of their mettle — i.e. whether they are willing to step up and defend the line of the law against big tech’s attempts to reshape it in their business model’s image.

Privacy laws are nothing new in Europe but robust enforcement of them would certainly be a breath of fresh air. And now at least, thanks to GDPR, there’s a penalties structure in place to provide incentives as well as teeth, and spin up a market around strategic litigation — with Schrems and noyb in the vanguard.

Schrems also makes the point that small startups and local companies are less likely to be able to use the kind of strong-arm ‘take it or leave it’ tactics on users that big tech is able to unilaterally apply and extract ‘consent’ as a consequence of the reach and power of their platforms — arguing there’s an underlying competition concern that GDPR could also help to redress.

“The fight against forced consent ensures that the corporations cannot force users to consent,” he writes. “This is especially important so that monopolies have no advantage over small businesses.”

Powered by WPeMatico