France

French court slaps down Google’s appeal against $57M GDPR fine

Posted by | Alphabet, Android, cnil, data controller, data processing, digital rights, Europe, european union, France, GDPR, General Data Protection Regulation, Google, ireland, Max Schrems, privacy, United States | No Comments

France’s top court for administrative law has dismissed Google’s appeal against a $57M fine issued by the data watchdog last year for not making it clear enough to Android users how it processes their personal information.

The State Council issued the decision today, affirming the data watchdog CNIL’s earlier finding that Google did not provide “sufficiently clear” information to Android users — which in turn meant it had not legally obtained their consent to use their data for targeted ads.

“Google’s request has been rejected,” a spokesperson for the Conseil D’Etat confirmed to TechCrunch via email.

“The Council of State confirms the CNIL’s assessment that information relating to targeting advertising is not presented in a sufficiently clear and distinct manner for the consent of the user to be validly collected,” the court also writes in a press release [translated with Google Translate] on its website.

It found the size of the fine to be proportionate — given the severity and ongoing nature of the violations.

Importantly, the court also affirmed the jurisdiction of France’s national watchdog to regulate Google — at least on the date when this penalty was issued (January 2019).

The CNIL’s multimillion dollar fine against Google remains the largest to date against a tech giant under Europe’s flagship General Data Protection Regulation (GDPR) — lending the case a certain symbolic value, for those concerned about whether the regulation is functioning as intended vs platform power.

While the size of the fine is still relative peanuts vs Google’s parent entity Alphabet’s global revenue, changes the tech giant may have to make to how it harvests user data could be far more impactful to its ad-targeting bottom line. 

Under European law, for consent to be a valid legal basis for processing personal data it must be informed, specific and freely given. Or, to put it another way, consent cannot be strained.

In this case French judges concluded Google had not provided clear enough information for consent to be lawfully obtained — including objecting to a pre-ticked checkbox which the court affirmed does not meet the requirements of the GDPR.

So, tl;dr, the CNIL’s decision has been entirely vindicated.

Reached for comment on the court’s dismissal of its appeal, a Google spokeswoman sent us this statement:

People expect to understand and control how their data is used, and we’ve invested in industry-leading tools that help them do both. This case was not about whether consent is needed for personalised advertising, but about how exactly it should be obtained. In light of this decision, we will now review what changes we need to make.

GDPR came into force in 2018, updating long standing European data protection rules and opening up the possibility of supersized fines of up to 4% of global annual turnover.

However actions against big tech have largely stalled, with scores of complaints being funnelled through Ireland’s Data Protection Commission — on account of a one-stop-shop mechanism in the regulation — causing a major backlog of cases. The Irish DPC has yet to issue decisions on any cross border complaints, though it has said its first ones are imminent — on complaints involving Twitter and Facebook.

Ireland’s data watchdog is also continuing to investigate a number of complaints against Google, following a change Google announced to the legal jurisdiction of where it processes European users’ data — moving them to Google Ireland Limited, based in Dublin, which it said applied from January 22, 2019 — with ongoing investigations by the Irish DPC into a long running complaint related to how Google handles location data and another major probe of its adtech, to name two

On the GDPR one-stop shop mechanism — and, indirectly, the wider problematic issue of ‘forum shopping’ and European data protection regulation — the French State Council writes: “Google believed that the Irish data protection authority was solely competent to control its activities in the European Union, the control of data processing being the responsibility of the authority of the country where the main establishment of the data controller is located, according to a ‘one-stop-shop’ principle instituted by the GDPR. The Council of State notes however that at the date of the sanction, the Irish subsidiary of Google had no power of control over the other European subsidiaries nor any decision-making power over the data processing, the company Google LLC located in the United States with this power alone.”

In its own statement responding to the court’s decision, the CNIL notes the court’s view that GDPR’s one-stop-shop mechanism was not applicable in this case — writing: “It did so by applying the new European framework as interpreted by all the European authorities in the guidelines of the European Data Protection Committee.”

Privacy NGO noyb — one of the privacy campaign groups which lodged the original ‘forced consent’ complaint against Google, all the way back in May 2018 — welcomed the court’s decision on all fronts, including the jurisdiction point.

Commenting in a statement, noyb’s honorary chairman, Max Schrems, said: “It is very important that companies like Google cannot simply declare themselves to be ‘Irish’ to escape the oversight by the privacy regulators.”

A key question is whether CNIL — or another (non-Irish) EU DPA — will be found to be competent to sanction Google in future, following its shift to naming its Google Ireland subsidiary as the regional data processor. (Other tech giants use the same or a similar playbook, seeking out the EU’s more ‘business-friendly’ regulators.)

On the wider ruling, Schrems also said: “This decision requires substantial improvements by Google. Their privacy policy now really needs to make it crystal clear what they do with users’ data. Users must also get an option to agree to only some parts of what Google does with their data and refuse other things.”

French digital rights group, La Quadrature du Net — which had filed a related complaint against Google, feeding the CNIL’s investigation — also declared victory today, noting it’s the first sanction in a number of GDPR complaints it has lodged against tech giants on behalf of 12,000 citizens.

Nouvelle victoire !

Le @Conseil_Etat valide intégralement, en la reprenant à son compte, la sanction de 50 millions d’€ contre Google prononcée en janvier 2019 par la CNIL.https://t.co/6gJRL5ZM3r

— La Quadrature du Net (@laquadrature) June 19, 2020

“The rest of the complaints against Google, Facebook, Apple and Microsoft are still under investigation in Ireland. In any case, this is what this authority promises us,” it added in another tweet.

Powered by WPeMatico

Fairphone teams up with /e/OS on a box-fresh ‘deGoogled’ handset

Posted by | Android, cyanogenmod, e/os, Europe, Fairphone, Fairphone 3, France, free software, Google, hardware, Mobile, Netherlands, operating systems, privacy, smartphones | No Comments

The makers of the world’s most ethical smartphone, the Fairphone 3, have teamed up for a version of the device with even less big tech on board.

The Netherlands-based device maker has partnered with France’s /e/OS to offer a “de-Googled” version of its latest handset, running an Android AOSP fork out of the box that’s itself built atop a fork of CyanogenMod (remember them?) — called LineageOS (via Engadget).

“The deGoogled Fairphone 3 is most likely the first privacy conscious and sustainable phone,” runs the blurb on /e/OS’ website. “It combines a phone that cares for people and planet and an OS and apps that care for your privacy.”

A pithy explainer of its “privacy by design ecosystem” — and the point of “Android without Google” — further notes: “We have removed many pieces of code that send your personal data to remote servers without your consent. We don’t scan your data in your phone or in your cloud space, and we don’t track your location a hundred times a day or collect what you’re doing with your apps.”

When the Fairphone 3 launched last September it came with Android 9 preloaded. But the company touted a post-launch update that would make it easy for buyers to wipe Google services off their slate and install the Android Open Source Project, which it recommended for advanced users.

The new /e/OS flavor offers a third OS option.

Per Engadget, Fairphone said it polled members of its community asking which alternative OS to offer and /e/OS got more votes than a number of others. The company also highlighted /e/OS’ privacy by design as a factor in the choice, lauding how it shuts down “unwanted data flows,” meaning users have more control over what their phone is doing.

The e/OS flavor of the Fairphone 3 ships from May 6, priced at just under €480 — a €30 premium on the Googley flavor of Android you get on the standard Fairphone 3.

Existing owners of Fairphone’s third-gen handset can manually install /e/OS gratis via an installer on its website.

When the Fairphone 3 launched last year the company told us only around 5% of Fairphone users opt to go full open source — which suggests the /e/OS Fairphone 3 will be a niche choice for even these discerning buyers.

Powered by WPeMatico

Germany ditches centralized approach to app for COVID-19 contacts tracing

Posted by | Android, api, Apple, Apps, Bluetooth, contact tracing, coronavirus, COVID-19, decentralization, DP-3T, Europe, european commission, european union, France, Germany, Google, Health, iOS, mobile app, operating systems, p2p, PEPP-PT, privacy, smartphones, surveillance, United Kingdom | No Comments

Germany has U-turned on building a centralized COVID-19 contacts tracing app — and will instead adopt a decentralized architecture, Reuters reported Sunday, citing a joint statement by chancellery minister Helge Braun and health minister Jens Spahn.

In Europe in recent weeks, a battle has raged between different groups backing centralized vs decentralized infrastructure for apps being fast-tracked by governments which will use Bluetooth-based smartphone proximity as a proxy for infection risk — in the hopes of supporting the public health response to the coronavirus by automating some contacts tracing.

Centralized approaches that have been proposed in the region would see pseudonymized proximity data stored and processed on a server controlled by a national authority, such as a healthcare service. However concerns have been raised about allowing authorities to scoop up citizens’ social graph, with privacy experts warning of the risk of function creep and even state surveillance.

Decentralized contacts tracing infrastructure, by contrast, means ephemeral IDs are stored locally on device — and only uploaded with a user’s permission after a confirmed COVID-19 diagnosis. A relay server is used to broadcast infected IDs — enabling devices to locally compute if there’s a risk that requires notification. So social graph data is not centralized.

The change of tack by the German government marks a major blow to a homegrown standardization effort, called PEPP-PT, that had been aggressively backing centralization — while claiming to ‘preserve privacy’ on account of not tracking location data. It quickly scrambled to propose a centralized architecture for tracking coronavirus contacts, led by Germany’s Fraunhofer Institute, and claiming the German government as a major early backer, despite PEPP-PT later saying it would support decentralized protocols too.

As we reported earlier, the effort faced strident criticism from European privacy experts — including a group of academics developing a decentralized protocol called DP-3T — who argue p2p architecture is truly privacy preserving. Concerns were also raised about a lack of transparency around who is behind PEPP-PT and the protocols they claimed to support, with no code published for review.

The European Commission, meanwhile, has also recommended the use of decentralization technologies to help boost trust in such apps in order to encourage wider adoption.

EU parliamentarians have also warned regional governments against trying to centralize proximity data during the coronavirus crisis.

But it was Apple and Google jumping into the fray earlier this month by announcing joint support for decentralized contacts tracing that was the bigger blow — with no prospect of platform-level technical restrictions being lifted. iOS limits background access to Bluetooth for privacy and security reasons, so national apps that do not meet this decentralized standard won’t benefit from API support — and will likely be far less usable, draining battery and functioning only if actively running.

Nonetheless PEPP-PT told journalists just over a week ago that it was engaged in fruitful discussions with Apple and Google about making changes to their approach to accommodate centralized protocols.

Notably, the tech giants never confirmed that claim. They have only since doubled down on the principle of decentralization for the cross-platform API for public health apps — and system-wide contacts tracing which is due to launch next month.

At the time of writing PEPP-PT’s spokesman, Hans-Christian Boos, had not responded to a request for comment on the German government withdrawing support.

Boos previously claimed PEPP-PT had around 40 governments lining up to join the standard. However in recent days the momentum in Europe has been going in the other direction. A number of academic institutions that had initially backed PEPP-PT have also withdrawn support.

In a statement emailed to TechCrunch, the DP-3T project welcomed Germany’s U-turn. “DP-3T is very happy to see that Germany is adopting a decentralized approach to contact tracing and we look forward to its next steps implementing such a technique in a privacy preserving manner,” the group told us.

Berlin’s withdrawal leaves France and the UK the two main regional backers of centralized apps for coronavirus contacts tracing. And while the German U-turn is certainly a hammer blow for the centralized camp in Europe the French government appears solid in its support — at least for now.

France has been developing a centralized coronavirus contacts tracing protocol, called ROBERT, working with Germany’s Fraunhofer Institute and others.

In an opinion issued Sunday, France’s data protection watchdog, the CNIL, did not take active issue with centralizing pseudonymized proximity IDs — saying EU law does not in principle forbid such a system — although the watchdog emphasized the need to minimize the risk of individuals being re-identified.

It’s notable that France’s digital minister, Cédric O, has been applying high profile public pressure to Apple over Bluetooth restrictions — telling Bloomberg last week that Apple’s policy is a blocker to the virus tracker.

Yesterday O was also tweeting to defend the utility of the planned ‘Stop Covid’ app.

« Oui l’application #StopCovid est utile ». Volontaire, anonyme, transparente et temporaire, elle apporte les garanties de protection des libertés individuelles. À la disposition des acteurs sanitaires, elle les aidera dans la lutte contre le #COVID19 https://t.co/12xYG5Z8ZC

— Cédric O (@cedric_o) April 26, 2020

We reached out to France’s digital ministry for comment on Germany’s decision to switch to a decentralized approach but at the time of writing the department had not responded.

In a press release today the government highlights the CNIL view that its approach is compliant with data protection rules, and commits to publishing a data protection impact assessment ahead of launching the app.

If France presses ahead it’s not clear how the country will avoid its app being ignored or abandoned by smartphone users who find it irritating to use. (Although it’s worth noting that Google’s Android platform has a substantial marketshare in the market, with circa 80% vs 20% for iOS, per Kantar.)

A debate in the French parliament tomorrow is due to include discussion of contacts tracing apps.

We’ve also reached out to the UK’s NHSX — which has been developing a COVID-19 contacts tracing app for the UK market — and will update this report with any response.

In a blog post Friday the UK public healthcare unit’s digital transformation division said it’s “working with Apple and Google on their welcome support for tracing apps around the world”, a PR line that entirely sidesteps the controversy around centralized vs decentralized app infrastructures.

The UK has previously been reported to be planning to centralize proximity data — raising questions about the efficacy of its planned app too, given iOS restrictions on background access to Bluetooth.

“As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can ‘look under the bonnet’ and help us ensure the security is absolutely world class,” the NHSX’s Matthew Gould and Dr Geraint Lewis added in the statement.

Update: The NHSX still hasn’t responded to the questions we sent it this morning about how the app will function but a spokesperson has now told the BBC it intends to push ahead with a centralized approach — and is planning to make use of a workaround to mitigate iOS restrictions by waking up the app in the background every time the phone detects another device running the same software.

Per the BBC: “It then executes some code before returning to a dormant state. This all happens at speed, but there is still an energy impact. By contrast, Apple’s own solution allows the matching to be done without the app having to wake up at all.”

When we followed up with NHSX’s press office to ask why we hadn’t received a response to our questions we were CC’d into another email to additional comms staff, one of whom responded to the group email without realizing our email address was included in the thread — writing: “I thought a line hadn’t been cleared? I checked the NHSEI process earlier and one hadn’t been through there.”

Powered by WPeMatico

Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility

Posted by | Android, Apple, Apps, Bluetooth, Cédric O, contacts tracing, coronavirus, COVID-19, cryptography, dave burke, Europe, european union, France, Germany, Google, Health, privacy, TC | No Comments

Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.

The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.

The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.

The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.

It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.

Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.

On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.

Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).

Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.

As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.

Coronavirus tracing: Platforms versus governments

One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.

In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.

This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”

While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.

Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.

Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”

The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.

The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.

Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.

Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.

Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.

Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”

“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.

“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”

“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”

DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.

“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”

“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”

MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.

Powered by WPeMatico

COVID-19 crisis spurs triple-digit growth for refurbishing startup Back Market

Posted by | Amazon, Apple, Back Market, Column, coronavirus, COVID-19, eCommerce, Europe, Extra Crunch, France, Gadgets, grover, Growth, hardware, paris, retail, smartphone, Startups | No Comments
Eva Yoo
Contributor

Eva Yoo is founder of Seek Road, the project wherein she cycles from Seoul to London while interviewing startups on the Silk Road.

While a number of startups have been hard hit by efforts to curb the spread of the COVID-19 virus, refurbishing firm Back Market is showing increased growth globally.

The Paris -based startup encourages customers to send in their old devices so they can be refurbished and resold into the e-commerce secondhand market. The growth achieved in the midst of the COVID-19 crisis is partly due to increased laptop sales as people seek better devices to work remotely.

For people who are unsure whether refurbished products are reliable, Back Market permits customers to send in old devices, exchange them for newer versions and pay the difference. CEO Thibaud Hug de Larauze said this payback service is currently possible only in France, but starting in Q2, it will be available in other markets.

Founded in 2014, Back Market has raised a total of €48 million in funding over two rounds, most recently a Series B in June 2018. The company is profitable and reportedly still has money to spend from its last funding round.

“We don’t release the gross merchandise volume, but it’s a three-digit growth rate,” Hug de Larauze told TechCrunch. “We saw an increase in demand for laptops, printers and other devices needed for working at home. Demand for refurbished phones is going down as people seek to get the first necessity items, like food for their situation.”

Over the past two weeks, Back Market saw skyrocketing demand from Italy, a nation with a high coronavirus death toll where citizens were warned they would be confined to their homes for four weeks.

Another factor that helped the platform’s growth: Smartphone brands like Apple and Samsung closed their retail stores, a move that turned Back Market into a major supply channel. While offline retailers and carriers are shut down in Europe, Hug de Larauze says Chinese offline retailers and refurbishing factories are starting to get back to work.

Powered by WPeMatico

Google is now publishing coronavirus mobility reports, feeding off users’ location history

Posted by | california, China, coronavirus, COVID-19, data protection, Europe, european commission, european union, France, Google, gps, Italy, Mobile, mobile devices, privacy, smartphone, spain, targeted advertising, TC, United States, Yves-Alexandre de Montjoye | No Comments

Google is giving the world a clearer glimpse of exactly how much it knows about people everywhere — using the coronavirus crisis as an opportunity to repackage its persistent tracking of where users go and what they do as a public good in the midst of a pandemic.

In a blog post today, the tech giant announced the publication of what it’s branding COVID-19 Community Mobility Reports, an in-house analysis of the much more granular location data it maps and tracks to fuel its ad-targeting, product development and wider commercial strategy to showcase aggregated changes in population movements around the world.

The coronavirus pandemic has generated a worldwide scramble for tools and data to inform government responses. In the EU, for example, the European Commission has been leaning on telcos to hand over anonymized and aggregated location data to model the spread of COVID-19.

Google’s data dump looks intended to dangle a similar idea of public policy utility while providing an eyeball-grabbing public snapshot of mobility shifts via data pulled off of its global user-base.

In terms of actual utility for policymakers, Google’s suggestions are pretty vague. The reports could help government and public health officials “understand changes in essential trips that can shape recommendations on business hours or inform delivery service offerings,” it writes.

“Similarly, persistent visits to transportation hubs might indicate the need to add additional buses or trains in order to allow people who need to travel room to spread out for social distancing,” it goes on. “Ultimately, understanding not only whether people are traveling, but also trends in destinations, can help officials design guidance to protect public health and essential needs of communities.”

The location data Google is making public is similarly fuzzy — to avoid inviting a privacy storm — with the company writing it’s using “the same world-class anonymization technology that we use in our products every day,” as it puts it.

“For these reports, we use differential privacy, which adds artificial noise to our datasets enabling high quality results without identifying any individual person,” Google writes. “The insights are created with aggregated, anonymized sets of data from users who have turned on the Location History setting, which is off by default.”

“In Google Maps, we use aggregated, anonymized data showing how busy certain types of places are—helping identify when a local business tends to be the most crowded. We have heard from public health officials that this same type of aggregated, anonymized data could be helpful as they make critical decisions to combat COVID-19,” it adds, tacitly linking an existing offering in Google Maps to a coronavirus-busting cause.

The reports consist of per country, or per state, downloads (with 131 countries covered initially), further broken down into regions/counties — with Google offering an analysis of how community mobility has changed vs a baseline average before COVID-19 arrived to change everything.

So, for example, a March 29 report for the whole of the U.S. shows a 47 percent drop in retail and recreation activity vs the pre-CV period; a 22% drop in grocery & pharmacy; and a 19% drop in visits to parks and beaches, per Google’s data.

While the same date report for California shows a considerably greater drop in the latter (down 38% compared to the regional baseline); and slightly bigger decreases in both retail and recreation activity (down 50%) and grocery & pharmacy (-24%).

Google says it’s using “aggregated, anonymized data to chart movement trends over time by geography, across different high-level categories of places such as retail and recreation, groceries and pharmacies, parks, transit stations, workplaces, and residential.” The trends are displayed over several weeks, with the most recent information representing 48-to-72 hours prior, it adds.

The company says it’s not publishing the “absolute number of visits” as a privacy step, adding: “To protect people’s privacy, no personally identifiable information, like an individual’s location, contacts or movement, is made available at any point.”

Google’s location mobility report for Italy, which remains the European country hardest hit by the virus, illustrates the extent of the change from lockdown measures applied to the population — with retail & recreation dropping 94% vs Google’s baseline; grocery & pharmacy down 85%; and a 90% drop in trips to parks and beaches.

The same report shows an 87% drop in activity at transit stations; a 63% drop in activity at workplaces; and an increase of almost a quarter (24%) of activity in residential locations — as many Italians stay at home instead of commuting to work.

It’s a similar story in Spain — another country hard-hit by COVID-19. Though Google’s data for France suggests instructions to stay-at-home may not be being quite as keenly observed by its users there, with only an 18% increase in activity at residential locations and a 56% drop in activity at workplaces. (Perhaps because the pandemic has so far had a less severe impact on France, although numbers of confirmed cases and deaths continue to rise across the region.)

While policymakers have been scrambling for data and tools to inform their responses to COVID-19, privacy experts and civil liberties campaigners have rushed to voice concerns about the impacts of such data-fueled efforts on individual rights, while also querying the wider utility of some of this tracking.

And yes, the disclaimer is very broad. I’d say, this is largely a PR move.

Apart from this, Google must be held accountable for its many other secondary data uses. And Google/Alphabet is far too powerful, which must be addressed at several levels, soon. https://t.co/oksJgQAPAY

— Wolfie Christl (@WolfieChristl) April 3, 2020

Contacts tracing is another area where apps are fast being touted as a potential solution to get the West out of economically crushing population lockdowns — opening up the possibility of people’s mobile devices becoming a tool to enforce lockdowns, as has happened in China.

“Large-scale collection of personal data can quickly lead to mass surveillance,” is the succinct warning of a trio of academics from London’s Imperial College’s Computational Privacy Group, who have compiled their privacy concerns vis-a-vis COVID-19 contacts tracing apps into a set of eight questions app developers should be asking.

Discussing Google’s release of mobile location data for a COVID-19 cause, the head of the group, Yves-Alexandre de Montjoye, gave a general thumbs up to the steps it’s taken to shrink privacy risks. Although he also called for Google to provide more detail about the technical processes it’s using in order that external researchers can better assess the robustness of the claimed privacy protections. Such scrutiny is of pressing importance with so much coronavirus-related data grabbing going on right now, he argues.

“It is all aggregated; they normalize to a specific set of dates; they threshold when there are too few people and on top of this they add noise to make — according to them — the data differentially private. So from a pure anonymization perspective it’s good work,” de Montjoye told TechCrunch, discussing the technical side of Google’s release of location data. “Those are three of the big ‘levers’ that you can use to limit risk. And I think it’s well done.”

“But — especially in times like this when there’s a lot of people using data — I think what we would have liked is more details. There’s a lot of assumptions on thresholding, on how do you apply differential privacy, right?… What kind of assumptions are you making?” he added, querying how much noise Google is adding to the data, for example. “It would be good to have a bit more detail on how they applied [differential privacy]… Especially in times like this it is good to be… overly transparent.”

While Google’s mobility data release might appear to overlap in purpose with the Commission’s call for EU telco metadata for COVID-19 tracking, de Montjoye points out there are likely to be key differences based on the different data sources.

“It’s always a trade off between the two,” he says. “It’s basically telco data would probably be less fine-grained, because GPS is much more precise spatially and you might have more data points per person per day with GPS than what you get with mobile phone but on the other hand the carrier/telco data is much more representative — it’s not only smartphone, and it’s not only people who have latitude on, it’s everyone in the country, including non smartphone.”

There may be country specific questions that could be better addressed by working with a local carrier, he also suggested. (The Commission has said it’s intending to have one carrier per EU Member State providing anonymized and aggregated metadata.)

On the topical question of whether location data can ever be truly anonymized, de Montjoye — an expert in data reidentification — gave a “yes and no” response, arguing that original location data is “probably really, really hard to anonymize”.

“Can you process this data and make the aggregate results anonymous? Probably, probably, probably yes — it always depends. But then it also means that the original data exists… Then it’s mostly a question of the controls you have in place to ensure the process that leads to generating those aggregates does not contain privacy risks,” he added.

Perhaps a bigger question related to Google’s location data dump is around the issue of legal consent to be tracking people in the first place.

While the tech giant claims the data is based on opt-ins to location tracking the company was fined $57M by France’s data watchdog last year for a lack of transparency over how it uses people’s data.

Then, earlier this year, the Irish Data Protection Commission (DPC) — now the lead privacy regulator for Google in Europe — confirmed a formal probe of the company’s location tracking activity, following a 2018 complaint by EU consumers groups which accuses Google of using manipulative tactics in order to keep tracking web users’ locations for ad-targeting purposes.

“The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing,” said the DPC in a statement in February, announcing the investigation.

The legal questions hanging over Google’s consent to track people likely explains the repeat references in its blog post to people choosing to opt in and having the ability to clear their Location History via settings. (“Users who have Location History turned on can choose to turn the setting off at any time from their Google Account, and can always delete Location History data directly from their Timeline,” it writes in one example.)

In addition to offering up coronavirus mobility porn reports — which Google specifies it will continue to do throughout the crisis — the company says it’s collaborating with “select epidemiologists working on COVID-19 with updates to an existing aggregate, anonymized dataset that can be used to better understand and forecast the pandemic.”

“Data of this type has helped researchers look into predicting epidemics, plan urban and transit infrastructure, and understand people’s mobility and responses to conflict and natural disasters,” it adds.

Powered by WPeMatico

Dating and fertility apps among those snitching to ‘out of control’ ad tech, report finds

Posted by | Adtech, Advertising Tech, Android, AppNexus, AT&T, data processing, digital advertising, digital marketing, Europe, european union, Facebook, France, GDPR, General Data Protection Regulation, Google, gps, information commissioner's office, leanplum, Marketing, Norwegian Consumer Council, OKCupid, online advertising, online privacy, OpenX, privacy, programmatic advertising, smaato, smartphone, targeted advertising, terms of service, Twitter | No Comments

The latest report to warn that surveillance capitalism is out of control — and “free” digital services can in fact be very costly to people’s privacy and rights — comes courtesy of the Norwegian Consumer Council, which has published an analysis of how popular apps are sharing user data with the behavioral ad industry.

It suggests smartphone users have little hope of escaping ad tech’s pervasive profiling machinery — short of not using a smartphone at all.

A majority of the apps that were tested for the report were found to transmit data to “unexpected third parties” — with users not being clearly informed about who was getting their information and what they were doing with it. Most of the apps also did not provide any meaningful options or on-board settings for users to prevent or reduce the sharing of data with third parties.

“The evidence keeps mounting against the commercial surveillance systems at the heart of online advertising,” the Council writes, dubbing the current situation “completely out of control, harming consumers, societies, and businesses,” and calling for curbs to prevalent practices in which app users’ personal data is broadcast and spread “with few restraints.” 

“The multitude of violations of fundamental rights are happening at a rate of billions of times per second, all in the name of profiling and targeting advertising. It is time for a serious debate about whether the surveillance-driven advertising systems that have taken over the internet, and which are economic drivers of misinformation online, is a fair trade-off for the possibility of showing slightly more relevant ads.

“The comprehensive digital surveillance happening across the ad tech industry may lead to harm to both individuals, to trust in the digital economy, and to democratic institutions,” it also warns.

In the report, app users’ data is documented being shared with tech giants such as Facebook, Google and Twitter — which operate their own mobile ad platforms and/or other key infrastructure related to the collection and sharing of smartphone users’ data for ad targeting purposes — but also with scores of other faceless entities that the average consumer is unlikely to have heard of.

The Council commissioned a data flow analysis of 10 popular apps running on Google’s Android smartphone platform — generating a snapshot of the privacy black hole that mobile users inexorably tumble into when they try to go about their digital business, despite the existence (in Europe) of a legal framework that’s supposed to protect people by giving citizens a swathe of rights over their personal data.

Among the findings are a makeup filter app sharing the precise GPS coordinates of its users; ovulation, period and mood-tracking apps sharing users’ intimate personal data with Facebook and Google (among others); dating apps exchanging user data with each other, and also sharing with third parties sensitive user info like individuals’ sexual preferences (and real-time device specific tells such as sensor data from the gyroscope… ); and a games app for young children that was found to contain 25 embedded SDKs and which shared the Android Advertising ID of a test device with eight third parties.

The 10 apps whose data flows were analyzed for the report are the dating apps Grindr, Happn, OkCupid, and Tinder; fertility/period tracker apps Clue and MyDays; makeup app Perfect365; religious app Muslim: Qibla Finder; children’s app My Talking Tom 2; and the keyboard app Wave Keyboard.

“Altogether, Mnemonic [the company which the Council commissioned to conduct the technical analysis] observed data transmissions from the apps to 216 different domains belonging to a large number of companies. Based on their analysis of the apps and data transmissions, they have identified at least 135 companies related to advertising. One app, Perfect365, was observed communicating with at least 72 different such companies,” the report notes.

“Because of the scope of tests, size of the third parties that were observed receiving data, and popularity of the apps, we regard the findings from these tests to be representative of widespread practices in the adtech industry,” it adds.

Aside from the usual suspect (ad)tech giants, less well-known entities seen receiving user data include location data brokers Fysical, Fluxloop, Placer, Places/Fouraquare, Safegraph and Unacast; behavioral ad targeting players like Receptiv/Verve, Neura, Braze and LeanPlum; mobile app marketing analytics firms like AppsFlyer; and ad platforms and exchanges like AdColony, AT&T’s AppNexus, Bucksense, OpenX, PubNative, Smaato and Vungle.

In the report, the Forbrukerrådet concludes that the pervasive tracking of smartphone users which underpins the behavioral ad industry is all but impossible for smartphone users to escape — even if they are able to locate an on-device setting to opt out of behavioral ads.

This is because multiple identifiers are being attached to them and their devices, and also because of frequent sharing/syncing of identifiers by ad tech players across the industry. (It also points out that on the Android platform, a setting where users can opt-out of behavioral ads does not actually obscure the identifier — meaning users have to take it on trust that ad tech entities won’t just ignore their request and track them anyway.)

The Council argues its findings suggest widespread breaches of Europe’s General Data Protection Regulation (GDPR), given that key principles of that pan-EU framework — such as data protection by design and default — are in stark conflict with the systematic, pervasive background profiling of app users it found (apps were, for instance, found sharing personal data by default, requiring users to actively seek out an obscure device setting to try to prevent being profiled).

“The extent of tracking and complexity of the ad tech industry is incomprehensible to consumers, meaning that individuals cannot make informed choices about how their personal data is collected, shared and used. Consequently, the massive commercial surveillance going on throughout the ad tech industry is systematically at odds with our fundamental rights and freedoms,” it also argues.

Where (user) consent is being relied upon as a legal basis to process personal data, the standard required by GDPR states it must be informed, freely given and specific.

But the Council’s analysis of the apps found them sorely lacking on that front.

“In the cases described in this report, none of the apps or third parties appear to fulfil the legal conditions for collecting valid consent,” it writes. “Data subjects are not informed of how their personal data is shared and used in a clear and understandable way, and there are no granular choices regarding use of data that is not necessary for the functionality of the consumer-facing services.”

It also dismisses another possible legal base — known as legitimate interests — arguing app users “cannot have a reasonable expectation for the amount of data sharing and the variety of purposes their personal data is used for in these cases.”

The report points out that other forms of digital advertising (such as contextual advertising) which do not rely on third parties processing personal data are available — arguing that further undermines any ad tech industry claims of “legitimate interests” as a valid base for helping themselves to smartphone users’ data.

“The large amount of personal data being sent to a variety of third parties, who all have their own purposes and policies for data processing, constitutes a widespread violation of data subjects’ privacy,” the Council argues. “Even if advertising is necessary to provide services free of charge, these violations of privacy are not strictly necessary in order to provide digital ads. Consequently, it seems unlikely that the legitimate interests that these companies may claim to have can be demonstrated to override the fundamental rights and freedoms of the data subject.”

The suggestion, therefore, is that “a large number of third parties that collect consumer data for purposes such as behavioural profiling, targeted advertising and real-time bidding, are in breach of the General Data Protection Regulation.”

The report also discusses the harms attached to such widespread violation of privacy — pointing out risks such as discrimination and manipulation of vulnerable individuals, as well as chilling effects on speech, added fuel for ad fraud and the torching of trust in the digital economy, among other society-afflicting ill being fueled by ad tech’s obsession with profiling everyone…

Some of the harm of this data exploitation stems from significant knowledge and power asymmetries that render consumers powerless. The overarching lack of transparency of the system makes consumers vulnerable to manipulation, particularly when unknown companies know almost everything about the individual consumer. However, even if regular consumers had comprehensive knowledge of the technologies and systems driving the adtech industry, there would still be very limited ways to stop or control the data exploitation.

Since the number and complexity of actors involved in digital marketing is staggering, consumers have no meaningful ways to resist or otherwise protect themselves from the effects of profiling. These effects include different forms of discrimination and exclusion, data being used for new and unknowable purposes, widespread fraud, and the chilling effects of massive commercial surveillance systems. In the long run, these issues are also contributing to the erosion of trust in the digital industry, which may have serious consequences for the digital economy.

To shift what it dubs the “significant power imbalance between consumers and third party companies,” the Council calls for an end to the current practices of “extensive tracking and profiling” — either by companies changing their practices to “respect consumers’ rights,” or — where they won’t — urging national regulators and enforcement authorities to “take active enforcement measures, to establish legal precedent to protect consumers against the illegal exploitation of personal data.”

It’s fair to say that enforcement of GDPR remains a work in progress at this stage, some 20 months after the regulation came into force, back in May 2018. With scores of cross-border complaints yet to culminate in a decision (though there have been a couple of interesting ad tech and consent-related enforcements in France).

We reached out to Ireland’s Data Protection Commission (DPC) and the U.K.’s Information Commissioner’s Office (ICO) for comment on the Council’s report. The Irish regulator has multiple investigations ongoing into various aspects of ad tech and tech giants’ handling of online privacy, including a probe related to security concerns attached to Google’s ad exchange and the real-time bidding process which features in some programmatic advertising. It has previously suggested the first decisions from its hefty backlog of GDPR complaints will be coming early this year. But at the time of writing the DPC had not responded to our request for comment on the report.

A spokeswoman for the ICO — which last year put out its own warnings to the behavioral advertising industry, urging it to change its practices — sent us this statement, attributed to Simon McDougall, its executive director for technology and innovation, in which he says the regulator has been prioritizing engaging with the ad tech industry over its use of personal data and has called for change itself — but which does not once mention the word “enforcement”…

Over the past year we have prioritised engagement with the adtech industry on the use of personal data in programmatic advertising and real-time bidding.

Along the way we have seen increased debate and discussion, including reports like these, which factor into our approach where appropriate. We have also seen a general acknowledgment that things can’t continue as they have been.

Our 2019 update report into adtech highlights our concerns, and our revised guidance on the use of cookies gives greater clarity over what good looks like in this area.

Whilst industry has welcomed our report and recognises change is needed, there remains much more to be done to address the issues. Our engagement has substantiated many of the concerns we raised and, at the same time, we have also made some real progress.

Throughout the last year we have been clear that if change does not happen we would consider taking action. We will be saying more about our next steps soon – but as is the case with all of our powers, any future action will be proportionate and risk-based.

Powered by WPeMatico

Microsoft’s HoloLens 2 starts shipping

Posted by | augmented reality, Australia, barcelona, Canada, China, Computer Vision, computing, France, Gadgets, Germany, hardware, head-mounted displays, holography, hololens 2, ireland, Japan, machine learning, Microsoft, microsoft hardware, Microsoft HoloLens, Microsoft Ignite 2019, mixed reality, New Zealand, United Kingdom, Windows 10 | No Comments

Earlier this year, at Mobile World Congress in Barcelona, Microsoft announced the second generation of its HoloLens augmented reality visor. Today, the $3,500 HoloLens 2 is going on sale in the United States, Japan, China, Germany, Canada, United Kingdom, Ireland, France, Australia and New Zealand, the same countries where it was previously available for pre-order.

Ahead of the launch, I got to spend some time with the latest model after a brief demo in Barcelona earlier this year. Users will immediately notice the larger field of view, which still doesn’t cover your full field of view, but offers a far better experience compared to the first version (where you often felt like you were looking at the virtual objects through a stamp-sized window).

The team also greatly enhanced the overall feel of wearing the device. It’s not light, at 1.3 pounds, but with the front visor that flips up and the new mounting system it is far more comfortable.

In regular use, existing users will also immediately notice the new gestures for opening the Start menu (this is Windows 10, after all). Instead of a “bloom” gesture, which often resulted in false positives, you now simply tap on the palm of your hand, where a Microsoft logo now appears when you look at it.

Eye tracking, too, has been greatly improved and works well, even over large distances, and the new machine learning model also does a far better job at tracking all of your fingers. All of this is powered by a lot of custom hardware, including Microsoft’s second-generation “holographic processing unit.”

Microsoft has also enhanced some of the cloud tools it built for HoloLens, including Azure Spatial Anchors, which allow for persistent holograms in a given space that anybody else who is using a holographic app can then see in the same spot.

Taken together, all of the changes result in a more comfortable and smarter device, with reduced latency when you look at the various objects around you and interact with them.

Powered by WPeMatico

Google brings its Jacquard wearables tech to Levi’s Trucker Jacket

Posted by | Android, Australia, Clothing, Fashion, France, Gadgets, Germany, Google, Google ATAP, hardware, Italy, jacket, Jacquard, Japan, noise cancelling, TC, United Kingdom, United States, Wearables | No Comments

Back in 2015, Google’s ATAP team demoed a new kind of wearable tech at Google I/O that used functional fabrics and conductive yarns to allow you to interact with your clothing and, by extension, the phone in your pocket. The company then released a jacket with Levi’s in 2017, but that was expensive, at $350, and never really quite caught on. Now, however, Jacquard is back. A few weeks ago, Saint Laurent launched a backpack with Jacquard support, but at $1,000, that was very much a luxury product. Today, however, Google and Levi’s are announcing their latest collaboration: Jacquard-enabled versions of Levi’s Trucker Jacket.

These jackets, which will come in different styles, including the Classic Trucker and the Sherpa Trucker, and in men’s and women’s versions, will retail for $198 for the Classic Trucker and $248 for the Sherpa Trucker. In addition to the U.S., it’ll be available in Australia, France, Germany, Italy, Japan and the U.K.

The idea here is simple and hasn’t changed since the original launch: a dongle in your jacket’s cuff connects to conductive yarns in your jacket. You can then swipe over your cuff, tap it or hold your hand over it to issue commands to your phone. You use the Jacquard phone app for iOS or Android to set up what each gesture does, with commands ranging from saving your location to bringing up the Google Assistant in your headphones, from skipping to the next song to controlling your camera for selfies or simply counting things during the day, like the coffees you drink on the go. If you have Bose noise-canceling headphones, the app also lets you set a gesture to turn your noise cancellation on or off. In total, there are currently 19 abilities available, and the dongle also includes a vibration motor for notifications.

2019 09 30 0946 1

What’s maybe most important, though, is that this (re-)launch sets up Jacquard as a more modular technology that Google and its partners hope will take it from a bit of a gimmick to something you’ll see in more places over the next few months and years.

“Since we launched the first product with Levi’s at the end of 2017, we were focused on trying to understand and working really hard on how we can take the technology from a single product […] to create a real technology platform that can be used by multiple brands and by multiple collaborators,” Ivan Poupyrev, the head of Jacquard by Google told me. He noted that the idea behind projects like Jacquard is to take things we use every day, like backpacks, jackets and shoes, and make them better with technology. He argued that, for the most part, technology hasn’t really been added to these things that we use every day. He wants to work with companies like Levi’s to “give people the opportunity to create new digital touchpoints to their digital life through things they already have and own and use every day.”

What’s also important about Jacquard 2.0 is that you can take the dongle from garment to garment. For the original jacket, the dongle only worked with this one specific type of jacket; now, you’ll be able to take it with you and use it in other wearables as well. The dongle, too, is significantly smaller and more powerful. It also now has more memory to support multiple products. Yet, in my own testing, its battery still lasts for a few days of occasional use, with plenty of standby time.

jacquard dongle

Poupyrev also noted that the team focused on reducing cost, “in order to bring the technology into a price range where it’s more attractive to consumers.” The team also made lots of changes to the software that runs on the device and, more importantly, in the cloud to allow it to configure itself for every product it’s being used in and to make it easier for the team to add new functionality over time (when was the last time your jacket got a software upgrade?).

He actually hopes that over time, people will forget that Google was involved in this. He wants the technology to fade into the background. Levi’s, on the other hand, obviously hopes that this technology will enable it to reach a new market. The 2017 version only included the Levi’s Commuter Trucker Jacket. Now, the company is going broader with different styles.

“We had gone out with a really sharp focus on trying to adapt the technology to meet the needs of our commuter customer, which a collection of Levi’s focused on urban cyclists,” Paul Dillinger, the VP of Global Product Innovation at Levi’s, told me when I asked him about the company’s original efforts around Jacquard. But there was a lot of interest beyond that community, he said, yet the built-in features were very much meant to serve the needs of this specific audience and not necessarily relevant to the lifestyles of other users. The jackets, of course, were also pretty expensive. “There was an appetite for the technology to do more and be more accessible,” he said — and the results of that work are these new jackets.

IMG 20190930 102524

Dillinger also noted that this changes the relationship his company has with the consumer, because Levi’s can now upgrade the technology in your jacket after you bought it. “This is a really new experience,” he said. “And it’s a completely different approach to fashion. The normal fashion promise from other companies really is that we promise that in six months, we’re going to try to sell you something else. Levi’s prides itself on creating enduring, lasting value in style and we are able to actually improve the value of the garment that was already in the consumer’s closet.”

I spent about a week with the Sherpa jacket before today’s launch. It does exactly what it promises to do. Pairing my phone and jacket took less than a minute and the connection between the two has been perfectly stable. The gesture recognition worked very well — maybe better than I expected. What it can do, it does well, and I appreciate that the team kept the functionality pretty narrow.

Whether Jacquard is for you may depend on your lifestyle, though. I think the ideal user is somebody who is out and about a lot, wearing headphones, given that music controls are one of the main features here. But you don’t have to be wearing headphones to get value out of Jacquard. I almost never wear headphones in public, but I used it to quickly tag where I parked my car, for example, and when I used it with headphones, I found using my jacket’s cuffs easier to forward to the next song than doing the same on my headphones. Your mileage may vary, of course, and while I like the idea of using this kind of tech so you need to take out your phone less often, I wonder if that ship hasn’t sailed at this point — and whether the controls on your headphones can’t do most of the things Jacquard can. Google surely wants Jacquard to be more than a gimmick, but at this stage, it kind of still is.

IMG 20190930 104137IMG 20190930 104137

Powered by WPeMatico

Europe’s antitrust chief, Margrethe Vestager, set for expanded role in next Commission

Posted by | Android, Apple, artificial intelligence, digital economy, e-commerce, Europe, european commission, european parliament, european union, Facebook, financial services, France, Google, Margrethe Vestager, Mariya Gabriel, online disinformation, Policy, TC, Trump administration, United Kingdom, United States, Vera Jourova | No Comments

As the antitrust investigations stack up on US tech giants’ home turf there’s no sign of pressure letting up across the pond.

European Commission president-elect Ursula von der Leyen today unveiled her picks for the next team of commissioners who will take up their mandates on November 1 — giving an expanded role to competition commissioner Margrethe Vestager. The pick suggests the next Commission is preparing to dial up its scrutiny of big tech’s data monopolies.

Under the draft list of commissioners-designate, which still needs to be approved in full by the European Parliament, Vestager has been named executive VP overseeing a new portfolio called ‘Europe fit for the digital age’.

But, crucially, she will also retain the competition portfolio — which implies attention on growing Europe’s digital economy will go hand in glove with scrutiny of fairness in ecommerce and ensuring a level playing field vs US platform giants.

“Executive vice-president Margrethe Vestager will lead our work on a Europe fit for the digital age,” said von der Leyen at a press conference to announce her picks. “Digitalization has a huge impact on the way we live, we work, we communicate. In some fields Europe has to catch up — for example in the field of business to consumer but in other fields we’re excellent. Europe is the frontrunner, for example in business to business, when we talk about digital twins of products and procedures.

“We have to make more out of the field of artificial intelligence. We have to make our single market a digital single market. We have to use way more the big data that is out there but we don’t make enough out of it. What innovation and startups are concerned. It’s not only need to know but it’s need to share big data. We have to improve on cyber security. We have to work hard on our technological sovereignty just to name a few issues in these broad topics.

“Margrethe Vestager will co-ordinate the whole agenda. And be the commissioner for competition. She will work together with the commissioner for internal market, innovation and youth, transport, energy, jobs, health and justice.”

If tech giants were hoping for Europe’s next Commission to pay a little less attention to question marks hanging over the fairness of their practices they’re likely to be disappointed as Vestager is set to gain expanded powers and a broader canvas to paint on. The new role clearly positions her to act on the review of competition policy she instigated towards the end of her current mandate — which focused on the challenges posed by digital markets.

Since taking over as Europe’s competition chief back in 2014, Vestager has made a name for herself by blowing the dust off the brief and driving forward on a series of regulatory interventions targeting tech giants including Amazon, Apple and Google . In the latter case this has included opening a series of fresh probes as well as nailing the very long running Google Shopping saga inherited from her predecessor.

The activity of the department under her mandate has clearly catalyzed complainants — creating a pipeline of cases for her to tackle. And just last month Reuters reported she had been preparing an “intensive” handover of work looking into complaints against Google’s job search product to her successor — a handover that won’t now be necessary, assuming the EU parliament gives its backing to von der Leyen’s team.

While the competition commissioner has thus far generated the biggest headlines for the size of antitrust fines she’s handed down — including a record-breaking $5BN fine for Google last year for illegal restrictions attached to Android — her attention on big data holdings as a competition risk is most likely to worry tech giants going forward.

See, for example, the formal investigation of Amazon’s use of merchant data announced this summer for a sign of the direction of travel.

Vestager has also talked publicly about regulating data flows as being a more savvy route to control big tech versus swinging a break up hammer. And while — on the surface — regulating data might sound less radical a remedy than breaking giants like Google and Facebook up, placing hard limits on how data can be used has the potential to effect structural separation via a sort of regulatory keyhole surgery that’s likely to be quicker and implies a precision that may also make it more politically palatable.

That’s important given the ongoing EU-US trade friction kicked up by the Trump administration which is never shy of lashing out, especially at European interventions that seek to address some of the inequalities generated by tech giants — most recently Trump gave France’s digital tax plans a tongue-lashing.

von der Leyen was asked during the press conference whether Vestager might not been seen as a controversial choice given Trump’s views of her activity to date (Europe’s “tax lady” is one of the nicer things he’s said about Vestager). The EU president-elect dismissed the point saying the only thing that matters in assigning Commission portfolios is “quality and excellence”, adding that competition and digital is the perfect combination to make the most of Vestager’s talents.

“Vestager has done an outstanding job as a commissioner for competition,” she went on. “At competition and the issues she’s tackling there are closely linked to the digital sector too. So having her as an executive vice-president for the digital in Europe is absolutely a perfect combination.

“She’ll have this topic as a cross-cutting topic. She’ll have to work on the Digital Single Market. She will work on the fact that we want to use in a better way big data that is out there, that we collect every day — non-personalized data. That we should use way better, in the need for example to share with others for innovation, for startups, for new ideas.

“She will work on the whole topic of cyber security. Which is the more we’re digitalized, the more we’re vulnerable. So there’s a huge field in front of her. And as she’s shown excellence in the Commission portfolio she’ll keep that — the executive vice-presidents have with the DGs muscles to deal with their vast portfolios’ subject they have to deal with.”

In other choices announced today, the current commissioner for Digital Economy and Society, Mariya Gabriel, will be taking up a new portfolio called ‘Innovation and Youth’. And Sylvie Goulard was named as ‘Internal Market’ commissioner, leading on industrial policy and promoting the Digital Single Market, as well as getting responsibility for Defence Industry and Space.

Another executive VP choice, Valdis Dombrovskis, looks likely to be tackling thorny digital taxation issues — with responsibility for co-ordinating the Commission’s work on what’s been dubbed an “Economy that Works for People”, as well as also being commissioner for financial services. 

In prepared remarks on that role, von der Leyen said: We have a unique social market economy. It is the source of our prosperity and social fairness. This is all the more important when we face a twin transition: climate and digital. Valdis Dombrovskis will lead our work to bring together the social and the market in our economy.”

Frans Timmermans, who was previously in the running as a possible candidate for Commission president but lost out to von der Leyen, is another exec VP pick. He’s set to be focused on delivering a European Green Deal and managing climate action policy.

Another familiar face — current justice, consumer and gender affairs commissioner, Věra Jourová — has also been named as an exec VP, gaining responsibility for “Values and Transparency”, a portfolio title which suggests she’ll continue to be involved in EU efforts to combat online disinformation on platforms.

The rest of the Commission portfolio appointments can be found here.

There are 26 picks in all — 27 counting von der Leyen who has already been confirmed as president; one per EU country. The UK has no representation in the next Commission given it is due to leave the bloc on October 31, the day before the new Commission takes up its mandate.

von der Leyen touted the team she presented today as balanced and diverse, including on gender lines as well as geographically to take account of the full span of European Union members.

“It draws on all the strength and talents, men and women, experienced and young, east and west, south and north, a team that is well balanced, a team that brings together diversity of experience and competence,” she said. “I want a Commission that is led with determination, that is clearly focused on the issues at hand — and that provides answers.”

Commissioners elect

“There’s one fundamental that connects this team: We want to bring new impetus to Europe’s democracy,” she added. “This is our joint responsibility. And democracy is more than voting in elections in every five years; it is about having your voice heard. It’s about having been able to participate in the way our society’s built. We gave to address some of the deeper issues in our society that have led to a loss of faith in democracy.”

In a signal of her intention that the new Commission should “walk the talk” on making Europe fit for the digital age she announced that college meetings will be paperless and digital.

On lawmaking, she added that there will be a one-in, one-out policy — with any new laws and regulation supplanting an existing rule in a bid to cut red tape.

The shape of the next Commission remains in draft pending approval by the European Parliament to all the picks. The parliament must vote to accept the entire college of commissioners — a process that’s preceded by hearings of the commissioners-designate in relevant parliamentary committees.

Powered by WPeMatico