Germany

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds

Posted by | Advertising Tech, america, Android, cookies, data processing, data protection, data security, ePrivacy Regulation, Europe, european union, Facebook, France, GDPR, General Data Protection Regulation, Germany, Google, information commissioner's office, instagram, law, online advertising, privacy, spamming, TC, United States, University of Michigan | No Comments

New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

As Europe’s General Data Protection Regulation (GDPR) came into force in May 2018, bringing in a tough new regime of fines for non-compliance, websites responded by popping up legal disclaimers which signpost visitor tracking activities. Some of these cookie notices even ask for consent to track you.

But many don’t — even now, more than a year later.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself. (With such baked in tricks, who can blame them?)

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

The paper, which we’ve reviewed in draft ahead of publication, is co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan in the US — and entitled: (Un)informed Consent: Studying GDPR Consent Notices in the Field.

The researchers ran a number of studies, gathering ~5,000 of cookie notices from screengrabs of leading websites to compile a snapshot (derived from a random sub-sample of 1,000) of the different cookie consent mechanisms in play in order to paint a picture of current implementations.

They also worked with a German ecommerce website over a period of four months to study how more than 82,000 unique visitors to the site interacted with various cookie consent designs which the researchers’ tweaked in order to explore how different defaults and design choices affected individuals’ privacy choices.

Their industry snapshot of cookie consent notices found that the majority are placed at the bottom of the screen (58%); not blocking the interaction with the website (93%); and offering no options other than a confirmation button that does not do anything (86%). So no choice at all then.

A majority also try to nudge users towards consenting (57%) — such as by using ‘dark pattern’ techniques like using a color to highlight the ‘agree’ button (which if clicked accepts privacy-unfriendly defaults) vs displaying a much less visible link to ‘more options’ so that pro-privacy choices are buried off screen.

And while they found that nearly all cookie notices (92%) contained a link to the site’s privacy policy, only a third (39%) mention the specific purpose of the data collection or who can access the data (21%).

The GDPR updated the EU’s long-standing digital privacy framework, with key additions including tightening the rules around consent as a legal basis for processing people’s data — which the regulation says must be specific (purpose limited), informed and freely given for consent to be valid.

Even so, since May last year there has been an outgrown in cookie ‘consent’ mechanisms popping up or sliding atop websites that still don’t offer EU visitors the necessary privacy choices, per the research.

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law,” the researchers argue.

“Our results show that a reasonable amount of users are willing to engage with consent notices, especially those who want to opt out or do not want to opt in. Unfortunately, current implementations do not respect this and the large majority offers no meaningful choice.”

The researchers also record a large differential in interaction rates with consent notices — of between 5 and 55% — generated by tweaking positions, options, and presets on cookie notices.

This is where consent gets manipulated — to flip visitors’ preference for privacy.

They found that the more choices offered in a cookie notice, the more likely visitors were to decline the use of cookies. (Which is an interesting finding in light of the vendor laundry lists frequently baked into the so-called “transparency and consent framework” which the industry association, the Internet Advertising Bureau (IAB), has pushed as the standard for its members to use to gather GDPR consents.)

“The results show that nudges and pre-selection had a high impact on user decisions, confirming previous work,” the researchers write. “It also shows that the GDPR requirement of privacy by default should be enforced to make sure that consent notices collect explicit consent.”

Here’s a section from the paper discussing what they describe as “the strong impact of nudges and pre-selections”:

Overall the effect size between nudging (as a binary factor) and choice was CV=0.50. For example, in the rather simple case of notices that only asked users to confirm that they will be tracked, more users clicked the “Accept” button in the nudge condition, where it was highlighted (50.8% on mobile, 26.9% on desktop), than in the non-nudging condition where “Accept” was displayed as a text link (39.2% m, 21.1% d). The effect was most visible for the category-and vendor-based notices, where all checkboxes were pre-selected in the nudging condition, while they were not in the privacy-by-default version. On the one hand, the pre-selected versions led around 30% of mobile users and 10% of desktop users to accept all third parties. On the other hand, only a small fraction (< 0.1%) allowed all third parties when given the opt-in choice and around 1 to 4 percent allowed one or more third parties (labeled “other” in 4). None of the visitors with a desktop allowed all categories. Interestingly, the number of non-interacting users was highest on average for the vendor-based condition, although it took up the largest part of any screen since it offered six options to choose from.

The key implication is that just 0.1% of site visitors would freely choose to enable all cookie categories/vendors — i.e. when not being forced to do so by a lack of choice or via nudging with manipulative dark patterns (such as pre-selections).

Rising a fraction, to between 1-4%, who would enable some cookie categories in the same privacy-by-default scenario.

“Our results… indicate that the privacy-by-default and purposed-based consent requirements put forth by the GDPR would require websites to use consent notices that would actually lead to less than 0.1 % of active consent for the use of third parties,” they write in conclusion.

They do flag some limitations with the study, pointing out that the dataset they used that arrived at the 0.1% figure is biased — given the nationality of visitors is not generally representative of public Internet users, as well as the data being generated from a single retail site. But they supplemented their findings with data from a company (Cookiebot) which provides cookie notices as a SaaS — saying its data indicated a higher accept all clicks rate but still only marginally higher: Just 5.6%.

Hence the conclusion that if European web users were given an honest and genuine choice over whether or not they get tracked around the Internet, the overwhelming majority would choose to protect their privacy by rejecting tracking cookies.

This is an important finding because GDPR is unambiguous in stating that if an Internet service is relying on consent as a legal basis to process visitors’ personal data it must obtain consent before processing data (so before a tracking cookie is dropped) — and that consent must be specific, informed and freely given.

Yet, as the study confirms, it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

It’s also all too common to see sites that nudge visitors towards a big brightly colored ‘click here’ button to accept data processing — squirrelling any opt outs into complex sub-menus that can sometimes require hundreds of individual clicks to deny consent per vendor.

You can even find websites that gate their content entirely unless or until a user clicks ‘accept’ — aka a cookie wall. (A practice that has recently attracted regulatory intervention.)

Nor can the current mess of cookie notices be blamed on a lack of specific guidance on what a valid and therefore legal cookie consent looks like. At least not any more. Here, for example, is a myth-busting blog which the UK’s Information Commissioner’s Office (ICO) published last month that’s pretty clear on what can and can’t be done with cookies.

For instance on cookie walls the ICO writes: “Using a blanket approach such as this is unlikely to represent valid consent. Statements such as ‘by continuing to use this website you are agreeing to cookies’ is not valid consent under the higher GDPR standard.” (The regulator goes into more detailed advice here.)

While France’s data watchdog, the CNIL, also published its own detailed guidance last month — if you prefer to digest cookie guidance in the language of love and diplomacy.

(Those of you reading TechCrunch back in January 2018 may also remember this sage plain english advice from our GDPR explainer: “Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable.” So don’t say we didn’t warn you.)

Nor are Europe’s data protection watchdogs lacking in complaints about improper applications of ‘consent’ to justify processing people’s data.

Indeed, ‘forced consent’ was the substance of a series of linked complaints by the pro-privacy NGO noyb, which targeted T&Cs used by Facebook, WhatsApp, Instagram and Google Android immediately GDPR started being applied in May last year.

While not cookie notice specific, this set of complaints speaks to the same underlying principle — i.e. that EU users must be provided with a specific, informed and free choice when asked to consent to their data being processed. Otherwise the ‘consent’ isn’t valid.

So far Google is the only company to be hit with a penalty as a result of that first wave of consent-related GDPR complaints; France’s data watchdog issued it a $57M fine in January.

But the Irish DPC confirmed to us that three of the 11 open investigations it has into Facebook and its subsidiaries were opened after noyb’s consent-related complaints. (“Each of these investigations are at an advanced stage and we can’t comment any further as these investigations are ongoing,” a spokeswoman told us. So, er, watch that space.)

The problem, where EU cookie consent compliance is concerned, looks to be both a failure of enforcement and a lack of regulatory alignment — the latter as a consequence of the ePrivacy Directive (which most directly concerns cookies) still not being updated, generating confusion (if not outright conflict) with the shiny new GDPR.

However the ICO’s advice on cookies directly addresses claimed inconsistencies between ePrivacy and GDPR, stating plainly that Recital 25 of the former (which states: “Access to specific website content may be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose”) does not, in fact, sanction gating your entire website behind an ‘accept or leave’ cookie wall.

Here’s what the ICO says on Recital 25 of the ePrivacy Directive:

  • ‘specific website content’ means that you should not make ‘general access’ subject to conditions requiring users to accept non-essential cookies – you can only limit certain content if the user does not consent;
  • the term ‘legitimate purpose’ refers to facilitating the provision of an information society service – ie, a service the user explicitly requests. This does not include third parties such as analytics services or online advertising;

So no cookie wall; and no partial walls that force a user to agree to ad targeting in order to access the content.

It’s worth point out that other types of privacy-friendly online advertising are available with which to monetize visits to a website. (And research suggests targeted ads offer only a tiny premium over non-targeted ads, even as publishers choosing a privacy-hostile ads path must now factor in the costs of data protection compliance to their calculations — as well as the cost and risk of massive GDPR fines if their security fails or they’re found to have violated the law.)

Negotiations to replace the now very long-in-the-tooth ePrivacy Directive — with an up-to-date ePrivacy Regulation which properly takes account of the proliferation of Internet messaging and all the ad tracking techs that have sprung up in the interim — are the subject of very intense lobbying, including from the adtech industry desperate to keep a hold of cookie data. But EU privacy law is clear.

“[Cookie consent]’s definitely broken (and has been for a while). But the GDPR is only partly to blame, it was not intended to fix this specific problem. The uncertainty of the current situation is caused the delay of the ePrivacy regulation that was put on hold (thanks to lobbying),” says Martin Degeling, one of the research paper’s co-authors, when we suggest European Internet users are being subject to a lot of ‘consent theatre’ (ie noisy yet non-compliant cookie notices) — which in turn is causing knock-on problems of consumer mistrust and consent fatigue for all these useless pop-ups. Which work against the core aims of the EU’s data protection framework.

“Consent fatigue and mistrust is definitely a problem,” he agrees. “Users that have experienced that clicking ‘decline’ will likely prevent them from using a site are likely to click ‘accept’ on any other site just because of one bad experience and regardless of what they actually want (which is in most cases: not be tracked).”

“We don’t have strong statistical evidence for that but users reported this in the survey,” he adds, citing a poll the researchers also ran asking site visitors about their privacy choices and general views on cookies. 

Degeling says he and his co-authors are in favor of a consent mechanism that would enable web users to specify their choice at a browser level — rather than the current mess and chaos of perpetual, confusing and often non-compliant per site pop-ups. Although he points out some caveats.

“DNT [Do Not Track] is probably also not GDPR compliant as it only knows one purpose. Nevertheless  something similar would be great,” he tells us. “But I’m not sure if shifting the responsibility to browser vendors to design an interface through which they can obtain consent will lead to the best results for users — the interfaces that we see now, e.g. with regard to cookies, are not a good solution either.

“And the conflict of interest for Google with Chrome are obvious.”

The EU’s unfortunate regulatory snafu around privacy — in that it now has one modernized, world-class privacy regulation butting up against an outdated directive (whose progress keeps being blocked by vested interests intent on being able to continue steamrollering consumer privacy) — likely goes some way to explaining why Member States’ data watchdogs have generally been loath, so far, to show their teeth where the specific issue of cookie consent is concerned.

At least for an initial period the hope among data protection agencies (DPAs) was likely that ePrivacy would be updated and so they should wait and see.

They have also undoubtedly been providing data processors with time to get their data houses and cookie consents in order. But the frictionless interregnum while GDPR was allowed to ‘bed in’ looks unlikely to last much longer.

Firstly because a law that’s not enforced isn’t worth the paper it’s written on (and EU fundamental rights are a lot older than the GDPR). Secondly, with the ePrivacy update still blocked DPAs have demonstrated they’re not just going to sit on their hands and watch privacy rights be rolled back — hence them putting out guidance that clarifies what GDPR means for cookies. They’re drawing lines in the sand, rather than waiting for ePrivacy to do it (which also guards against the latter being used by lobbyists as a vehicle to try to attack and water down GDPR).

And, thirdly, Europe’s political institutions and policymakers have been dining out on the geopolitical attention their shiny privacy framework (GDPR) has attained.

Much has been made at the highest levels in Europe of being able to point to US counterparts, caught on the hop by ongoing tech privacy and security scandals, while EU policymakers savor the schadenfreude of seeing their US counterparts being forced to ask publicly whether it’s time for America to have its own GDPR.

With its extraterritorial scope, GDPR was always intended to stamp Europe’s rule-making prowess on the global map. EU lawmakers will feel they can comfortably check that box.

However they are also aware the world is watching closely and critically — which makes enforcement a very key piece. It must slot in too. They need the GDPR to work on paper and be seen to be working in practice.

So the current cookie mess is a problematic signal which risks signposting regulatory failure — and that simply isn’t sustainable.

A spokesperson for the European Commission told us it cannot comment on specific research but said: “The protection of personal data is a fundamental right in the European Union and a topic the Juncker commission takes very seriously.”

“The GDPR strengthens the rights of individuals to be in control of the processing of personal data, it reinforces the transparency requirements in particular on the information that is crucial for the individual to make a choice, so that consent is given freely, specific and informed,” the spokesperson added. 

“Cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.”

All of which suggests that the movement, when it comes, must come from a reforming adtech industry.

With robust privacy regulation in place the writing is now on the wall for unfettered tracking of Internet users for the kind of high velocity, real-time trading of people’s eyeballs that the ad industry engineered for itself when no one knew what was being done with people’s data.

GDPR has already brought greater transparency. Once Europeans are no longer forced to trade away their privacy it’s clear they’ll vote with their clicks not to be ad-stalked around the Internet too.

The current chaos of non-compliant cookie notices is thus a signpost pointing at an underlying privacy lag — and likely also the last gasp signage of digital business models well past their sell-by-date.

Powered by WPeMatico

Drone sighting at Germany’s busiest airport grounds flights for about an hour

Posted by | drone, drone regulations, drones, Europe, Frankfurt, Frankfurt Airport, Gadgets, Gatwick Airport, Germany, robotics | No Comments

A drone sighting caused all flights to be suspended at Frankfurt Airport for around an hour this morning. The airport is Germany’s busiest by passenger numbers, serving almost 14.8 million passengers in the first three months of this year.

In a tweet sent after flights had resumed the airport reported that operations were suspended at 07:27, before the suspension was lifted at 08:15, with flights resuming at 08:18.

It added that security authorities were investigating the incident.

Drohnensichtung am @Airport_FRA . Flugbetrieb im Zeitraum von 07:27 bis 08:15 Uhr eingestellt. Aufklärungs- und Fahndungsmaßnahmen der Sicherheitsbehörden wurden umgesetzt. Flugbetrieb seit 08:18 Uhr wieder aufgenommen. Unsere Pressemitteilung folgt. #BPol #WirSindSicherheit pic.twitter.com/ejXhY4Iva7

— Bundespolizei Flughafen Frankfurt am Main (@bpol_air_fra) May 9, 2019

A report in local press suggests more than 100 takeoffs and landings were cancelled as a result of the disruption caused by the drone sighting.

All flights to Frankfurt (FRA) are currently holding or diverting due to drone activity near the airport https://t.co/tAdvgn4Mpf pic.twitter.com/eKC1U2CyTq

— International Flight Network (@FlightIntl) May 9, 2019

It’s the second such incident at the airport after a drone sighting at the end of March also caused flights to be suspended for around half an hour.

Drone sightings near airports have been on the increase for years as drones have landed in the market at increasingly affordable prices, as have reports of drone near misses with aircraft.

The Frankfurt suspension follows far more major disruption caused by repeat drone sightings at the UK’s second largest airport, Gatwick Airport, late last year — which caused a series of flight shutdowns and travel misery for hundreds of thousands of people right before the holiday period.

The UK government came in for trenchant criticism immediately afterwards, with experts saying it had failed to listen and warnings about the risks posed by drone misuse. A planned drone bill has also been long delayed, meaning new legislation to comprehensively regulate drones has slipped.

In response to the Gatwick debacle the UK government quickly pushed through an expansion of existing drone no-fly zones around airports after criticism by aviation experts — beefing up the existing 1km exclusion zone to 5km. It also said police would get new powers to tackle drone misuse.

In Germany an amendment to air traffic regulations entered into force in 2017 that prohibits drones being flown within 1.5km of an airport. Drones are also banned from being flown in controlled airspace.

However with local press reporting rising drone sightings near German airports, with the country’s Air Traffic Control registering 125 last year (31 of which were around Frankfurt), the 1.5km limit looks similarly inadequate.

Powered by WPeMatico

Roblox hits milestone of 90M monthly active users

Posted by | Europe, France, Gaming, Germany, online games, online safety, Roblox, United Kingdom, video games, video gaming | No Comments

Kids gaming platform Roblox, most recently valued at over $2.5 billion, has reached a new milestone of 90 million monthly active users, the company said on Sunday. That’s up from the 70 million monthly actives it claimed at its last funding round — a $150 million Series F announced last fall. The sizable increase in users is credited to Roblox’s international expansion efforts, and particularly its more recent support for the French and German languages.

The top 150 games that run on the Roblox platform are now available in both languages, along with community moderation, customer support and parental resources.

The gaming company also has been steadily growing as more kids join after hearing about it from friends or seeing its games played on YouTube, for example. Like Fortnite, it has become a place that kids go to “hang out” online even when not actively playing.

The games themselves are built by third-party creators, while Roblox gets a share of the revenue the games generate from the sale of virtual goods. In 2017, Roblox paid out $30 million to its creator community, and later said that number would more than double in 2018. It says that players and creators now spend more than a billion hours per month on its platform.

Roblox’s growth has not been without its challenges, however. Bad actors last year subverted the game’s protections to assault a child’s in-game avatar — a serious problem for a game aimed at kids, and a PR crisis, as well. But the company addressed the problem by quickly securing its platform to prevent future hacks of this kind, apologized to parents, banned the hackers and soon after launched a “digital civility initiative” as part of its broader push for online safety.

Months later, Roblox was still surging.

International expansion was part of the plan when Roblox chose to raise additional funding, despite already being cash-flow positive.

As CEO David Baszucki explained last fall, the idea was to create “a war chest, to have a buffer, to have the opportunity to do acquisitions,” and “to have a strong balance sheet as we grow internationally.”

The company soon made good on its to-do list, making its first acquisition in October 2018 when it picked up the app performance startup, PacketZoom. It also followed Minecraft’s footsteps into the education market, and has since been working to make its service available to a global base of users.

On that front, Roblox says Europe has played a key role, with millions of users and hundreds of thousands of game creators — like those behind the Roblox games “Ski Resort” (Germany), “Crash Course” (France) and “Heists 2 (U.K.).

In addition to French and German, Roblox is available in English, Portuguese and Spanish, and plans to support more languages in the coming months, it says.

But the company doesn’t want to face another incident or PR crisis as it moves into new countries.

On that front, Roblox is working with digital safety leaders in both France and Germany, as part of its Digital Civility Initiative. In France, it’s working with e-Enfance; and in Germany, it’s working with Unterhaltungssoftware Selbstkontrolle (USK). Roblox also added USK’s managing director, Elisabeth Secker, to the company’s Trust & Safety Advisory Board.

“We are excited to welcome Roblox as a new member to the USK and I’m honored to join the company’s Trust & Safety Advisory Board,” said Elisabeth Secker, Managing Director of the Entertainment Software Self-Regulation Body (USK), in a statement. “We are happy to support Roblox in their efforts to make their platform not only safe, but also to empower kids, teens, and parents with the skills they need to create positive online experiences.”

Powered by WPeMatico

It’s a draw in latest Qualcomm v Apple patent scores

Posted by | Apple, China, Germany, international trade commission, iPhone, lawsuit, Mobile, Patent Infringement, Patent Law, Qualcomm, san diego, United States | No Comments

It’s Qualcomm 1, Apple 1 in the latest installment of the pair’s bitter patent bust-up — the litigious IP infringement claim saga that also combines a billion-dollar royalties suit filed by Cupertino alleging that the mobile chipmaker’s licensing terms are unfair.

The iPhone maker filed against Qualcomm on the latter front two years ago and the trial is due to kick off next month. But a U.S. federal court judge issued a bracing sharpener earlier this month, in the form of a preliminary ruling — finding Qualcomm owes Apple nearly $1 billion in patent royalty rebate payments. So that courtroom looks like one to watch for sure.

Yesterday’s incremental, two-fold development in the overarching saga relates to patent charges filed by Qualcomm against Apple back in 2017, via complaints to the U.S. International Trade Commission (ITC) in which it sought to block domestic imports of iPhones.

In an initial determination on one of these patent complaints published yesterday, an ITC administrative law judge found Apple violated one of Qualcomm’s patents — and recommended an import ban.

Though Apple could (and likely will) request a review of that non-binding decision.

Related: A different ITC judge found last year that Apple had violated another Qualcomm patent but did not order a ban on imports — on “public interest” grounds.

ITC staff also previously found no infringement of the very same patent, which likely bolsters the case for a review. (The patent in question, U.S. Patent No. 8,063,674, relates to “multiple supply-voltage power-up/down detectors.”)

Then, later yesterday, the ITC issued a final determination on a second Qualcomm v Apple patent complaint — finding no patent violations on the three claims that remained at issue (namely: U.S. Patent No. 9,535,490; U.S. Patent No. 8,698,558; and U.S. Patent No. 8,633,936), terminating its investigation.

Qualcomm said it intends to appeal.

The mixed bag of developments sit in the relatively “minor battle” category of this slow-motion high-tech global legal war (though, of the two, the ITC’s final decision looks more significant), along with the outcome of a jury trial in San Diego earlier this month, which found in Qualcomm’s favor over some of the same patents the ITC cleared Apple of infringing.

Reuters reports the chipmaker has cited the contradictory outcome of the earlier jury trial as grounds to push for a “reconsideration” of the ITC’s decision.

“The Commission’s decision is inconsistent with the recent unanimous jury verdict finding infringement of the same patent after Apple abandoned its invalidity defense at the end of trial,” Qualcomm said in a statement. “We will seek reconsideration by the Commission in view of the jury verdict.”

Albeit, given the extreme complexities of chipset component patent suits, it’s not really surprising a jury might reach a different outcome to an ITC judge.

In the other corner, Apple issued its now customary punchy response statement to the latest developments, swinging in with: “Qualcomm is using these cases to distract from having to answer for the real issues, their monopolistic business practices.”

Safe to say, the litigious saga continues. And iPhones continue being sold in the U.S.

Other notable (but still only partial) wins for Qualcomm include a court decision in China last year ordering a ban on iPhone sales in the market — which Apple filed an appeal to overturn. So no China iPhone ban yet.

And an injunction ordered by a court in Germany forced Apple to briefly pull certain iPhone models from sale in its own stores in January. By February the models were back on its shelves — albeit now with Qualcomm not Intel chips inside.

But it’s not all been going Qualcomm’s way in Germany. Also in January, another court in the country dismissed a separate patent claim as groundless.

A decision is also still pending in the U.S. Federal Trade Commission’s antitrust case against Qualcomm.

In that suit the chipmaker is accused of operating a monopoly and forcing exclusivity from Apple while charging “excessive” licensing fees for standards-essential patents. The trial wrapped up in January and is pending a verdict.

Powered by WPeMatico

US threatens to reduce intelligence sharing if Germany doesn’t ban Huawei

Posted by | 5g, China, european commission, Germany, Government, huawei, Mobile, mobile network, Security, telecommunications, U.S. government | No Comments

The U.S. government is threatening to reduce the amount of intelligence it shares with Germany if Huawei wins a contract to build the country’s next-generation 5G network.

That’s the takeaway from a letter sent by the U.S. ambassador to Germany, Richard Grenell, to Germany’s economics minister Peter Altmaier, as reported by The Wall Street Journal. Grenell, appointed by President Trump last year, said the U.S. would not be able to continue sharing the same level or amount of classified intelligence over fears of Chinese spying.

It comes just days after Germany’s federal cybersecurity agency announced its 5G security requirements, but did not outright ban Huawei from the contract-bidding process.

It’s the latest move — if not a significant escalation — by the Trump administration to pressure its allies into dropping the Chinese networking gear maker over its links to the Chinese military.

The U.S.’ anti-Huawei cabal has so far seen CanadaAustraliaNew Zealand, Japan and most of Europe drop plans to use Huawei gear, which governments and phone networks have said is both cheap and reliable, but necessary for the anticipated explosion in 5G interest.

But Germany has — like the British — seen little conclusive evidence to show that Beijing is behind the scenes pulling the strings — only that the company could be compelled to spy in the future once use of the technology has been firmly established.

Korbinian Wagner, a spokesperson for the German ministry for economic affairs, confirmed the receipt of the letter but declined to comment on its contents.

The Department of State did not respond to requests for comment.

The U.S. and Germany have worked to try to repair their intelligence sharing relationship following the Edward Snowden disclosures after allegations that the National Security Agency was caught tapping into the phone of German chancellor Angela Merkel. Germany is one of dozens of countries that obtain classified signals intelligence from the U.S. intelligence community, as both a member of NATO and the so-called 14 Eyes alliance of European countries, which rely on the data sharing alliance for counterterrorism efforts. Germany suffered several terrorist attacks in the past two years, most of which inspired by Kurdish extremists and supporters of the so-called Islamic State.

The European Commission is set to rule on a potential bloc-wide ban of Huawei gear in the coming weeks, per reports.

Meanwhile, Germany is expected to launch its 5G spectrum as early as next week, sparking the beginning of the country’s first foray into the next-generation mobile network.

Updated with response from German government,

Powered by WPeMatico

Amazon stops selling stick-on Dash buttons

Posted by | Amazon, amazon dash, api, button, connected objects, Dash, dash button, Dash Replenishment, e-commerce, eCommerce, Gadgets, Germany, Internet of Things, IoT, voice assistant | No Comments

Amazon has confirmed it has retired physical stick-on Dash buttons from sale — in favor of virtual alternatives that let Prime Members tap a digital button to reorder a staple product.

It also points to its Dash Replenishment service — which offers an API for device makers wanting to build internet-connected appliances that can automatically reorder the products they need to function, be it cat food, batteries or washing power — as another reason why physical Dash buttons, which launched back in 2015 (costing $5 a pop), are past their sell-by date.

Amazon says “hundreds” of IoT devices capable of self-ordering on Amazon have been launched globally to date by brands including Beko, Epson, illy, Samsung and Whirlpool, to name a few.

So why press a physical button when a digital one will do? Or, indeed, why not do away with the need to push a button all and just let your gadgets rack up your grocery bill all by themselves while you get on with the importance business of consuming all the stuff they’re ordering?

You can see where Amazon wants to get to with its “so customers don’t have to think at all about restocking” line. Consumption that entirely removes the consumer’s decision-making process from the transactional loop is quite the capitalist wet dream. Though the company does need to be careful about consumer protection rules as it seeks to excise friction from the buying process.

The e-commerce behemoth also claims customers are “increasingly” using its Alexa voice assistant to reorder staples, such as via the Alexa Shopping voice shopping app (Amazon calls it “hands-free shopping”) that lets people inform the machine about a purchase intent and it will suggest items to buy based on their Amazon order history.

Albeit, it offers no actual usage metrics for Alexa Shopping. So that’s meaningless PR.

A less flashy but perhaps more popular option than “hands-free shopping,” which Amazon also says has contributed to making physical Dash buttons redundant, is its Subscribe & Save program.

This “lets customers automatically receive their favorite items every month,” as Amazon puts it. It offers an added incentive of discounts that kick in if the user signs up to buy five or more products per month. But the mainstay of the sales pitch is convenience with Amazon touting time saved by subscribing to “essentials” — and time saved from compiling boring shopping lists once again means more time to consume the stuff being bought on Amazon…

In a statement about retiring physical Dash buttons from global sale on February 28, Amazon also confirmed it will continue to support existing Dash owners — presumably until their buttons wear down to the bare circuit board from repeat use.

“Existing Dash Button customers can continue to use their Dash Button devices,” it writes. “We look forward to continuing support for our customers’ shopping needs, including growing our Dash Replenishment product line-up and expanding availability of virtual Dash Buttons.”

So farewell then clunky Dash buttons. Another physical push-button bites the dust. Though plastic-y Dash buttons were quite unlike the classic iPhone home button — always seeming temporary and experimental rather than slick and coolly reassuring. Even so, the end of both buttons points to the need for tech businesses to tool up for the next wave of contextually savvy connected devices. More smarts, and more controllable smarts is key.

Amazon’s statement about “shifting focus” for Dash does not mention potential legal risks around the buttons related to consumer rights challenges — but that’s another angle here.

In January a court in Germany ruled Dash buttons breached local e-commerce rules, following a challenge by a regional consumer watchdog that raised concerns about T&Cs that allow Amazon to substitute a product of a higher price or even a different product entirely than what the consumer had originally selected. The watchdog argued consumers should be provided with more information about price and product before taking the order — and the judges agreed — though Amazon said it would seek to appeal.

While it’s not clear whether or not that legal challenge contributed to Amazon’s decision to shutter Dash, it’s clear that virtual Dash buttons offer more opportunities for displaying additional information prior to a purchase than a screen-less physical Dash button. They also are more easily adaptable to any tightening legal requirements across different markets.

The demise of the physical Dash was reported earlier by CNET.

Powered by WPeMatico

Europe is prepared to rule over 5G cybersecurity

Posted by | 5g, artificial intelligence, Australia, barcelona, broadband, China, computer security, EC, Emerging-Technologies, Europe, european commission, european union, Germany, huawei, Internet of Things, Mariya Gabriel, Mobile, mwc 2019, network technology, New Zealand, Security, telecommunications, trump, UK government, United Kingdom, United States, zte | No Comments

The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to Chinese network equipment makers.

The Commission is considering a defacto ban on kit made by Chinese companies including Huawei in the face of security and espionage concerns, per Reuters.

Appearing on stage at the Mobile World Congress tradeshow in Barcelona today, Mariya Gabriel, European commissioner for digital economy and society, flagged network “cybersecurity” during her scheduled keynote, warning delegates it’s stating the obvious for her to say that “when 5G services become mission critical 5G networks need to be secure”.

Geopolitical concerns between the West and China are being accelerated and pushed to the fore as the era of 5G network upgrades approach, as well as by ongoing tensions between the U.S. and China over trade.

“I’m well away of the unrest among all of you key actors in the telecoms sectors caused by the ongoing discussions around the cybersecurity of 5G,” Gabriel continued, fleshing out the Commission’s current thinking. “Let me reassure you: The Commission takes your view very seriously. Because you need to run these systems everyday. Nobody is helped by premature decisions based on partial analysis of the facts.

“However it is also clear that Europe has to have a common approach to this challenge. And we need to bring it on the table soon. Otherwise there is a risk that fragmentation rises because of diverging decisions taken by Member States trying to protect themselves.”

“We all know that this fragmentation damages the digital single market. So therefore we are working on this important matter with priority. And to the Commission we will take steps soon,” she added.

The theme of this year’s show is “intelligent connectivity”; the notion that the incoming 5G networks will not only create links between people and (many, many more) things but understand the connections they’re making at a greater depth and resolution than has been possible before, leveraging the big data generated by many more connections to power automated decision-making in near real time, with low latency another touted 5G benefit (as well as many more connections per cell).

Futuristic scenarios being floated include connected cars neatly pulling to the sides of the road ahead of an ambulance rushing a patient to hospital — or indeed medical operations being aided and even directed remotely in real-time via 5G networks supporting high resolution real-time video streaming.

But for every touted benefit there are easy to envisage risks to network technology that’s being designed to connect everything all of the time — thereby creating a new and more powerful layer of critical infrastructure society will be relying upon.

Last fall the Australia government issued new security guidelines for 5G networks that essential block Chinese companies such as Huawei and ZTE from providing equipment to operators — justifying the move by saying that differences in the way 5G operates compared to previous network generations introduces new risks to national security.

New Zealand followed suit shortly after, saying kit from the Chinese companies posed a significant risk to national security.

While in the U.S. President Trump has made 5G network security a national security priority since 2017, and a bill was passed last fall banning Chinese companies from supplying certain components and services to government agencies.

The ban is due to take effect over two years but lawmakers have been pressuring to local carriers to drop 5G collaborations with companies such as Huawei.

In Europe the picture is so far more mixed. A UK government report last summer investigating Huawei’s broadband and mobile infrastructure raised further doubts, and last month Germany was reported to be mulling a 5G ban on the Chinese kit maker.

But more recently the two EU Member States have been reported to no longer be leaning towards a total ban — apparently believing any risk can be managed and mitigated by oversight and/or partial restrictions.

It remains to be seen how the Commission could step in to try to harmonize security actions taken by Member States around nascent 5G networks. But it appears prepared to set rules.

That said, Gabriel gave no hint of its thinking today, beyond repeating the Commission’s preferred position of less fragmentation, more harmonization to avoid collateral damage to its overarching Digital Single Market initiative — i.e. if Member States start fragmenting into a patchwork based on varying security concerns.

We’ve reached out to the Commission for further comment and will update this story with any additional context.

During the keynote she was careful to talk up the transformative potential of 5G connectivity while also saying innovation must work in lock-step with European “values”.

“Europe has to keep pace with other regions and early movers while making sure that its citizens and businesses benefit swiftly from the new infrastructures and the many applications that will be built on top of them,” she said.

“Digital is helping us and we need to reap its opportunities, mitigate its risks and make sure it is respectful of our values as much as driven by innovation. Innovation and values. Two key words. That is the vision we have delivered in terms of the defence for our citizens in Europe. Together we have decided to construct a Digital Single Market that reflects the values and principles upon which the European Union has been built.”

Her speech also focused on AI, with the commissioner highlighting various EC initiatives to invest in and support private sector investment in artificial intelligence — saying it’s targeting €20BN in “AI-directed investment” across the private and public sector by 2020, with the goal for the next decade being “to reach the same amount as an annual average” — and calling on the private sector to “contribute to ensure that Europe reaches the level of investment needed for it to become a world stage leader also in AI”.

But again she stressed the need for technology developments to be thoughtfully managed so they reflect the underlying society rather than negatively disrupting it. The goal should be what she dubbed “human-centric AI”.

“When we talk about AI and new technologies development for us Europeans it is not only about investing. It is mainly about shaping AI in a way that reflects our European values and principles. An ethical approach to AI is key to enable competitiveness — it will generate user trust and help facilitate its uptake,” she said.

“Trust is the key word. There is no other way. It is only by ensuring trustworthiness that Europe will position itself as a leader in cutting edge, secure and ethical AI. And that European citizens will enjoy AI’s benefits.”

Powered by WPeMatico

Apple is selling the iPhone 7 and iPhone 8 in Germany again

Posted by | antitrust, Apple, apple inc, China, Europe, Federal Trade Commission, Germany, Intel, iPhone, lawsuit, licensing, Mobile, mobile phones, patent litigation, patents, Qorvo, Qualcomm, smartphone, standards-essential patents | No Comments

Two older iPhone models are back on sale in Apple stores in Germany — but only with Qualcomm chips inside.

The iPhone maker was forced to pull the iPhone 7 and iPhone 8 models from shelves in its online shop and physical stores in the country last month, after chipmaker Qualcomm posted security bonds to enforce a December court injunction it secured via patent litigation.

Apple told Reuters it had “no choice” but to stop using some Intel chips for handsets to be sold in Germany. “Qualcomm is attempting to use injunctions against our products to try to get Apple to succumb to their extortionist demands,” it said in a statement provided to the news agency.

Apple and Qualcomm have been embroiled in an increasingly bitter global legal battle around patents and licensing terms for several years.

The litigation follows Cupertino’s move away from using only Qualcomm’s chips in iPhones after, in 2016, Apple began sourcing modem chips from rival Intel — dropping Qualcomm chips entirely for last year’s iPhone models. Though still using some Qualcomm chips for older iPhone models, as it will now for iPhone 7 and iPhone 8 units headed to Germany.

For these handsets Apple is swapping out Intel modems that contain chips from Qorvo which are subject to the local patent litigation injunction. (The litigation relates to a patented smartphone power management technology.) 

Hence Apple’s Germany webstore is once again listing the two older iPhone models for sale…

Newer iPhones containing Intel chips remain on sale in Germany because they do not containing the same components subject to the patent injunction.

“Intel’s modem products are not involved in this lawsuit and are not subject to this or any other injunction,” Intel’s general counsel, Steven Rodgers, said in a statement to Reuters.

While Apple’s decision to restock its shelves with Qualcomm-only iPhone 7s and 8s represents a momentary victory for Qualcomm, a separate German court tossed another of its patent suits against Apple last month — dismissing it as groundless. (Qualcomm said it would appeal.)

The chipmaker has also been pursing patent litigation against Apple in China, and in December Apple appealed a preliminary injunction banning the import and sales of old iPhone models in the country.

At the same time, Qualcomm and Apple are both waiting the result of an antitrust trial brought against Qualcomm’s licensing terms in the U.S.

Two years ago the FTC filed charges against Qualcomm, accusing the chipmaker of operating a monopoly and forcing exclusivity from Apple while charging “excessive” licensing fees for standards-essential patents.

The case was heard last month and is pending a verdict or settlement.

Powered by WPeMatico

Is Europe closing in on an antitrust fix for surveillance technologists?

Posted by | Android, antitrust, competition law, data protection, data protection law, DCMS committee, digital media, EC, Europe, european commission, european union, Facebook, General Data Protection Regulation, Germany, Giovanni Buttarelli, Google, instagram, Margrethe Vestager, Messenger, photo sharing, privacy, Social, social media, social networks, surveillance capitalism, TC, terms of service, United Kingdom, United States | No Comments

The German Federal Cartel Office’s decision to order Facebook to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power.

One European Commission source we spoke to, who was commenting in a personal capacity, described it as “clearly pioneering” and “a big deal”, even without Facebook being fined a dime.

The FCO’s decision instead bans the social network from linking user data across different platforms it owns, unless it gains people’s consent (nor can it make use of its services contingent on such consent). Facebook is also prohibited from gathering and linking data on users from third party websites, such as via its tracking pixels and social plugins.

The order is not yet in force, and Facebook is appealing, but should it come into force the social network faces being de facto shrunk by having its platforms siloed at the data level.

To comply with the order Facebook would have to ask users to freely consent to being data-mined — which the company does not do at present.

Yes, Facebook could still manipulate the outcome it wants from users but doing so would open it to further challenge under EU data protection law, as its current approach to consent is already being challenged.

The EU’s updated privacy framework, GDPR, requires consent to be specific, informed and freely given. That standard supports challenges to Facebook’s (still fixed) entry ‘price’ to its social services. To play you still have to agree to hand over your personal data so it can sell your attention to advertisers. But legal experts contend that’s neither privacy by design nor default.

The only ‘alternative’ Facebook offers is to tell users they can delete their account. Not that doing so would stop the company from tracking you around the rest of the mainstream web anyway. Facebook’s tracking infrastructure is also embedded across the wider Internet so it profiles non-users too.

EU data protection regulators are still investigating a very large number of consent-related GDPR complaints.

But the German FCO, which said it liaised with privacy authorities during its investigation of Facebook’s data-gathering, has dubbed this type of behavior “exploitative abuse”, having also deemed the social service to hold a monopoly position in the German market.

So there are now two lines of legal attack — antitrust and privacy law — threatening Facebook (and indeed other adtech companies’) surveillance-based business model across Europe.

A year ago the German antitrust authority also announced a probe of the online advertising sector, responding to concerns about a lack of transparency in the market. Its work here is by no means done.

Data limits

The lack of a big flashy fine attached to the German FCO’s order against Facebook makes this week’s story less of a major headline than recent European Commission antitrust fines handed to Google — such as the record-breaking $5BN penalty issued last summer for anticompetitive behaviour linked to the Android mobile platform.

But the decision is arguably just as, if not more, significant, because of the structural remedies being ordered upon Facebook. These remedies have been likened to an internal break-up of the company — with enforced internal separation of its multiple platform products at the data level.

This of course runs counter to (ad) platform giants’ preferred trajectory, which has long been to tear modesty walls down; pool user data from multiple internal (and indeed external sources), in defiance of the notion of informed consent; and mine all that personal (and sensitive) stuff to build identity-linked profiles to train algorithms that predict (and, some contend, manipulate) individual behavior.

Because if you can predict what a person is going to do you can choose which advert to serve to increase the chance they’ll click. (Or as Mark Zuckerberg puts it: ‘Senator, we run ads.’)

This means that a regulatory intervention that interferes with an ad tech giant’s ability to pool and process personal data starts to look really interesting. Because a Facebook that can’t join data dots across its sprawling social empire — or indeed across the mainstream web — wouldn’t be such a massive giant in terms of data insights. And nor, therefore, surveillance oversight.

Each of its platforms would be forced to be a more discrete (and, well, discreet) kind of business.

Competing against data-siloed platforms with a common owner — instead of a single interlinked mega-surveillance-network — also starts to sound almost possible. It suggests a playing field that’s reset, if not entirely levelled.

(Whereas, in the case of Android, the European Commission did not order any specific remedies — allowing Google to come up with ‘fixes’ itself; and so to shape the most self-serving ‘fix’ it can think of.)

Meanwhile, just look at where Facebook is now aiming to get to: A technical unification of the backend of its different social products.

Such a merger would collapse even more walls and fully enmesh platforms that started life as entirely separate products before were folded into Facebook’s empire (also, let’s not forget, via surveillance-informed acquisitions).

Facebook’s plan to unify its products on a single backend platform looks very much like an attempt to throw up technical barriers to antitrust hammers. It’s at least harder to imagine breaking up a company if its multiple, separate products are merged onto one unified backend which functions to cross and combine data streams.

Set against Facebook’s sudden desire to technically unify its full-flush of dominant social networks (Facebook Messenger; Instagram; WhatsApp) is a rising drum-beat of calls for competition-based scrutiny of tech giants.

This has been building for years, as the market power — and even democracy-denting potential — of surveillance capitalism’s data giants has telescoped into view.

Calls to break up tech giants no longer carry a suggestive punch. Regulators are routinely asked whether it’s time. As the European Commission’s competition chief, Margrethe Vestager, was when she handed down Google’s latest massive antitrust fine last summer.

Her response then was that she wasn’t sure breaking Google up is the right answer — preferring to try remedies that might allow competitors to have a go, while also emphasizing the importance of legislating to ensure “transparency and fairness in the business to platform relationship”.

But it’s interesting that the idea of breaking up tech giants now plays so well as political theatre, suggesting that wildly successful consumer technology companies — which have long dined out on shiny convenience-based marketing claims, made ever so saccharine sweet via the lure of ‘free’ services — have lost a big chunk of their populist pull, dogged as they have been by so many scandals.

From terrorist content and hate speech, to election interference, child exploitation, bullying, abuse. There’s also the matter of how they arrange their tax affairs.

The public perception of tech giants has matured as the ‘costs’ of their ‘free’ services have scaled into view. The upstarts have also become the establishment. People see not a new generation of ‘cuddly capitalists’ but another bunch of multinationals; highly polished but remote money-making machines that take rather more than they give back to the societies they feed off.

Google’s trick of naming each Android iteration after a different sweet treat makes for an interesting parallel to the (also now shifting) public perceptions around sugar, following closer attention to health concerns. What does its sickly sweetness mask? And after the sugar tax, we now have politicians calling for a social media levy.

Just this week the deputy leader of the main opposition party in the UK called for setting up a standalone Internet regulatory with the power to break up tech monopolies.

Talking about breaking up well-oiled, wealth-concentration machines is being seen as a populist vote winner. And companies that political leaders used to flatter and seek out for PR opportunities find themselves treated as political punchbags; Called to attend awkward grilling by hard-grafting committees, or taken to vicious task verbally at the highest profile public podia. (Though some non-democratic heads of state are still keen to press tech giant flesh.)

In Europe, Facebook’s repeat snubs of the UK parliament’s requests last year for Zuckerberg to face policymakers’ questions certainly did not go unnoticed.

Zuckerberg’s empty chair at the DCMS committee has become both a symbol of the company’s failure to accept wider societal responsibility for its products, and an indication of market failure; the CEO so powerful he doesn’t feel answerable to anyone; neither his most vulnerable users nor their elected representatives. Hence UK politicians on both sides of the aisle making political capital by talking about cutting tech giants down to size.

The political fallout from the Cambridge Analytica scandal looks far from done.

Quite how a UK regulator could successfully swing a regulatory hammer to break up a global Internet giant such as Facebook which is headquartered in the U.S. is another matter. But policymakers have already crossed the rubicon of public opinion and are relishing talking up having a go.

That represents a sea-change vs the neoliberal consensus that allowed competition regulators to sit on their hands for more than a decade as technology upstarts quietly hoovered up people’s data and bagged rivals, and basically went about transforming themselves from highly scalable startups into market-distorting giants with Internet-scale data-nets to snag users and buy or block competing ideas.

The political spirit looks willing to go there, and now the mechanism for breaking platforms’ distorting hold on markets may also be shaping up.

The traditional antitrust remedy of breaking a company along its business lines still looks unwieldy when faced with the blistering pace of digital technology. The problem is delivering such a fix fast enough that the business hasn’t already reconfigured to route around the reset. 

Commission antitrust decisions on the tech beat have stepped up impressively in pace on Vestager’s watch. Yet it still feels like watching paper pushers wading through treacle to try and catch a sprinter. (And Europe hasn’t gone so far as trying to impose a platform break up.) 

But the German FCO decision against Facebook hints at an alternative way forward for regulating the dominance of digital monopolies: Structural remedies that focus on controlling access to data which can be relatively swiftly configured and applied.

Vestager, whose term as EC competition chief may be coming to its end this year (even if other Commission roles remain in potential and tantalizing contention), has championed this idea herself.

In an interview on BBC Radio 4’s Today program in December she poured cold water on the stock question about breaking tech giants up — saying instead the Commission could look at how larger firms got access to data and resources as a means of limiting their power. Which is exactly what the German FCO has done in its order to Facebook. 

At the same time, Europe’s updated data protection framework has gained the most attention for the size of the financial penalties that can be issued for major compliance breaches. But the regulation also gives data watchdogs the power to limit or ban processing. And that power could similarly be used to reshape a rights-eroding business model or snuff out such business entirely.

#GDPR allows imposing a permanent ban on data processing. This is the nuclear option. Much more severe than any fine you can imagine, in most cases. https://t.co/X772NvU51S

— Lukasz Olejnik (@lukOlejnik) January 28, 2019

The merging of privacy and antitrust concerns is really just a reflection of the complexity of the challenge regulators now face trying to rein in digital monopolies. But they’re tooling up to meet that challenge.

Speaking in an interview with TechCrunch last fall, Europe’s data protection supervisor, Giovanni Buttarelli, told us the bloc’s privacy regulators are moving towards more joint working with antitrust agencies to respond to platform power. “Europe would like to speak with one voice, not only within data protection but by approaching this issue of digital dividend, monopolies in a better way — not per sectors,” he said. “But first joint enforcement and better co-operation is key.”

The German FCO’s decision represents tangible evidence of the kind of regulatory co-operation that could — finally — crack down on tech giants.

Blogging in support of the decision this week, Buttarelli asserted: “It is not necessary for competition authorities to enforce other areas of law; rather they need simply to identity where the most powerful undertakings are setting a bad example and damaging the interests of consumers.  Data protection authorities are able to assist in this assessment.”

He also had a prediction of his own for surveillance technologists, warning: “This case is the tip of the iceberg — all companies in the digital information ecosystem that rely on tracking, profiling and targeting should be on notice.”

So perhaps, at long last, the regulators have figured out how to move fast and break things.

Powered by WPeMatico

Apple Pay is coming to Target, Taco Bell, Speedway and two other US chains

Posted by | 7-eleven, Apple, apple inc, Apple Pay, costco, cvs, Germany, jack in the box, Mobile, mobile payments, payments, privacy, Security, taco bell, Target | No Comments

A little more retail momentum for Apple Pay: Apple has announced another clutch of U.S. retailers will soon support its eponymous mobile payment tech — most notably discount retailer Target.

Apple Pay is rolling out to Target stores now, according to Apple, which says it will be available in all 1,850 of its U.S. retail locations “in the coming weeks.”

Also signing up to Apple Pay are fast food chains Taco Bell and Jack in the Box; Speedway convenience stores; and Hy-Vee supermarkets in the Midwest.

“With the addition of these national retailers, 74 of the top 100 merchants in the US and 65 per cent of all retail locations across the country will support Apple Pay,” notes Apple in a press release.

Speedway customers can use Apple Pay at all of its approximately 3,000 locations across the Midwest, East Coast and Southeast from today, according to Apple, as well as at Hy-Vee stores’ more than 245 outlets in the Midwest.

It says the payment tech is also rolling out to more than 7,000 Taco Bell and 2,200 Jack in the Box locations “in the next few months.”

Back in the summer Apple announced it had signed up longtime holdout CVS, with the pharmacy introducing Apple Pay across its ~8,400 standalone locations last year.

Also signing up then: 7-Eleven, which Apple says has now launched support for Apple Pay in 95 percent of its U.S. convenience stores in 2018.

Last year retail giant Costco also completed the rollout of Apple Pay to its more than 500 U.S. warehouses.

While, in December, Apple Pay also finally launched in Germany — where Apple slated it would be accepted at a range of “supermarkets, boutiques, restaurants and hotels and many other places” at launch, albeit “cash only” remains a common demand from the country’s small businesses.

Update: In a blog post about the Apple Pay launch, Target confirmed that users of its Target REDcard credit or debit cards cannot use the store payment card with Apple Pay.

The retail giant also said it will soon support contactless mobile payment technologies on the Android smartphone platform, naming Google Pay and Samsung Pay specifically, as well as supporting contactless payment cards from Mastercard, Visa, American Express and Discover.

“Offering guests more ways to conveniently and quickly pay is just another way we’re making it easier than ever to shop Target,” said Target’s chief information officer, Mike McNamara, in a statement.

Powered by WPeMatico