UK ‘losing momentum’ in pursuit of digital utopia

A scathing report from the House Committee on Science and Technology has suggesting the Government has lost its way on its quest to evolve the UK into a digital society.

There are positive steps being made, though the Committee has pointed to several flaws, including a lack of leadership. The general message from the Committee of one of unstructured, inefficient progress and ineffective programmes. It doesn’t paint the prettiest of pictures for a country which so proudly (and regularly) preaches its leadership position in the global digital economy.

“The potential that digital Government can bring is huge: transforming the relationship between the citizen and the State, saving money and making public services more efficient and agile,” said Norman Lamb, Chair of the Science and Technology Committee. “However, it is clear that the current digital service offered by the Government has lost momentum and is not transforming the citizen-State relationship as it could.

“Single unique identifiers can transform the efficiency and transparency of Government services. The Government should ensure there is a national debate on single unique identifiers for citizens to use when accessing public services along with the right of the citizen to know exactly what the Government is doing with their data.

“In the UK, we have no idea when and how Government departments are accessing and using our data. We could learn from the very different relationship between citizen and the state in Estonia.”

The Government Digital Service is a unit in the Cabinet Office tasked with transforming the provision of online public services. The GDS was set-up in April 2011 with a mantra of ‘Digital by Default’ to create a new culture and baseline for the UK economy and society. Unfortunately for the GDS, the report suggests there is still too much of a reliance on legacy technologies, while a lack of leadership in the department is faltering progress.

For those who are currently in charge of the department, the emergence of this report should be viewed as even more worrying. The Committee suggests that since the departure of former Minister for the Cabinet Office Francis Maude, and the subsequent resignation of several senior civil servants, there has been ‘slowing’ momentum, pointing towards international rankings where several countries have overtaken the UK in digital preparedness.

Another point which has been raised in the report is the absence of a Chief Data Officer. The appointment of such an individual has been a commitment from the Government since 2017, though it seems other issues have taken priority.

There are various other issues raised by the report, including a lack of a centralised strategy to deal with cybersecurity, though the overall tone of the report seems to be focused on a lack of action. The Government has been preaching the benefits of the digital society, promising overhaul of departments and a new relationship with data, though little of this seems to have translated to action in public sector departments.

In proposing the introduction of ‘Digital Champions’ in each department, the Committee are seemingly hoping good intentions and proclamations lead to real-world changes. However, the risk of the ‘Digital Champion’ is one which every business will know. Appointments will have to be made, but appropriate power must be allocated to the individual to ensure changes are forced through. There are too many examples of meaningless job titles which result in zero impact to the organization.

Perhaps the biggest issue which has been highlighted is a shortage of skills in the various departments and a lack of data-sharing between the departments or with enterprise and the general public. Estonia has been used as an example of the success of an open-data model and without this open approach the foundations for a data-economy cannot be created.

Ultimately, this is a report few will be surprised to see. Public sector organizations generally have to be dragged through any transformation strategy, and without driving leadership at the top, change will not filter down through the various departments. New leadership is perhaps needed and new roles with power need to be created; left to create its own fate, the public sector will not change.

Google’s Sidewalk’s bet is a nightmare for the privacy conscious

If you’re concerned about whether Google is listening to you through your phone or smart speaker, soon enough you’ll have to worry about lampposts having ears, or at least if your live in Toronto.

For those who have not been keeping up-to-date with the Canadian tech scene, Google’s Sidewalk Labs is currently working in partnership with Toronto to demonstrate the vision of tomorrow; the smart city. Plans are still being drawn up, though it looks like two neighbourhoods will be created with a new Google campus bang in the middle.

The Master Innovation and Development Plan (MIDP) hope to create the city of tomorrow and will be governed by Waterfront Toronto, a publicly-funded organization. In a move to seemingly appease the data concerns of Waterfront Toronto, Google has now stated all the systems would be run by analysing data, but Sidewalk Labs will not disclose personal information to third parties without explicit consent and will not sell personal information.

This is the first bit of insight we’ve had on this initiative for a while. Having secured the project in 2017, Sidewalk Labs has been in R&D mode. The team is attempting to prove the business case and the products, though it won’t be long before work is underway. Assuming of course Google is able to duck and weave through the red-tape which is going to be presented over the next 12-18 months.

The most recent development is a series of white papers which are addressing numerous topics from sustainable production plans, mobility, data protection and privacy and the envisioned usecases. If you have a spare few hours, you can find all the documentation here.

Of course, there are plenty of smart city initiatives around the world but what makes this one interesting is that the concept of ‘smart’ is being built from the foundations. This is a greenfield project not brownfield, which is substantially easier. Buildings, street furniture and infrastructure can be built with connectivity in mind.

This is the challenge which other cities are facing, lets take London as an example. Construction on the London Underground system started in 1863, while the London sewage system was plumbed in between 1859 and 1865. The city itself, and the basic layout, was established in 50 AD. Although there are creative solutions to enhance connectivity, most cities were built in the days before most could even conceive of the internet.

The Quayside and Villiers West neighbourhoods will be home to almost 7,000 residents and offer jobs to even more, anchored by the new Google campus. The buildings will offer ‘adaptable’ spaces, including floor plates and sliding walls panels to accelerate renovations and reduce vacancies. It will also be incredibly energy friendly, featuring a thermal energy grid which could heat and cool homes using the natural temperature of the earth.

But onto the areas which most people in the industry will be interested in; the introduction of new technologies and access to data.

High-speed internet connections will be promised to all residents and businesses, intelligent traffic lights and curbs will be deployed to better regulate traffic, smart awnings will be introduced for those into gimmicky technology and the neighbours will be designed to allow for an army of underground delivery robots to function.

Autonomous driving is one technology area which fits perfectly into the greenfield advantage. The complications of creating a landscape for autonomous vehicles in older cities are great, but by building up the regions with connectivity in mind many of these challenges can be averted. Not only can the introduction of self-driving vehicles be accelerated, but ride-sharing (Zipcar) or hailing (Uber) alternatives can be assisted while other options such as e-scooters are more realistic.

Such is the ambition nurtured in the Google business, if there is a crazy idea which can be applied to the smart city concept, Sidewalk Labs have probably factored it into the design and build process.

And now onto the data. This is where the project has drawn criticism as Google does not necessarily have the most glistening record when it comes to data privacy and protection. Small print littered throughout various applications has ensured Google is never too far away from criticism. In fairness, this is a problem which is industry wide, but a cloud of scepticism has been placed over any initiative which has data as the fuel.

The latest announcement from Google/Sidewalk Labs focuses on this very issue. Sidewalk Labs will not sell any personal information, this data will not be used to fuel the advertising mechanisms and it will not disclose this insight to third-parties. Explicit consent would have to be provided in any of these circumstances.

Whether these conditions will be up to the standards defined by Waterfront Toronto remains to be seen. This body has the final say and may choose to set its own standards at a higher or lower level. Anonymity might be called into play as many activists have been pushing. This is not a scenario which Google would want to see.

While expanding into new services might seem like an attractive idea, if this expansion can be coupled with additional access to data to fuel the Google data machine, it is a massive win for the internet giant. Let’s not forget, everything which Google has done to date (perhaps excluding Loon and the failed Fiber business) has paid homage to the advertising mechanisms.

Fi offers it interesting data on customer locations, the smart speakers are simply an extension of the core advertising business through a new user interface and Android allowed Google to place incredibly profitable products as default on billions of phones and devices. If Google can start to access new data sets it can offer new services, engage new customers and create new revenues for investors.

Let’s say it can start collecting data on traffic flow, this could become important insight for traffic management and city planners when it comes to adding or altering bus routes. This data could also be used to reduce energy consumption on street lights or traffic lights; if there is no-one there, do they actually need to be on? It could also help retailers forecast demand for new stores and aid the police with their work.

These ideas might not sound revolutionary or that they would bring in billions, but always remember, Google never does anything for free. This is a company which seems to see ideas before anyone else and can monetize them like few others. If Google is paying this much attention to an idea or project, there must be money to be made and we bet there is quite a bit.

But this is where Google is facing the greatest opposition. Because it is so good at extracting insight and value from data, it is one of the companies which is facing the fiercest criticism. This will be the most notable the further afield Google spreads its wings. It seems the world is content with Google sucking value out of personal data when it comes to search engines or mobile apps, but pavements, lampposts and bus stops might be a step too far for some.

Of course, criticism might disappear when jealousy emerges. The hardcore privacy advocates will never rest, but most simply don’t care that much. Privacy violations will of course cause uproar, but if there is a fair trade-off, most will accept Google’s role. If Google can prove these neighbourhoods not only improve the quality of life, but also offer advantages to entertainment and business (for example), this initiative could prove to be very popular with the general public, governments and businesses.

Jaguar Land Rover takes a rewarding approach to the sharing economy

Jaguar Land Rover is testing out a new rewards scheme that will see drivers rewarded with cryptocurrency for sharing data.

Like many automotive companies around the world, Jaguar Land Rover has seemingly identified the future of the industry lies beyond purchasing a vehicle, and this is certainly an interesting approach. In return for sharing data with Jaguar Land Rover, such as traffic congestion or potholes, drivers will earn cryptocurrency.

“The connected car technologies we are developing will be transformative and truly turn your Jaguar or Land Rover into a third space, in addition to your home or office,” said Russell Vickers, Software Architect at Jaguar Land Rover.

“In the future an autonomous car could drive itself to a charging station, recharge and pay, while its owner could choose to participate in the sharing economy – earning rewards from sharing useful data such as warning other cars of traffic jams.”

Partnering with the IOTA Foundation, to make use of distributed ledger technologies, by sharing relevant driving information with either Jaguar Land Rover or a local authority, cryptocurrency will be deposited into the driver’s smart wallet. These rewards could be used for a variety of different things, such as paying for tolls, parking and electric charging.

The technology is currently being trialled at the new Jaguar Land Rover software engineering base in Shannon, Ireland, forming part of part of Jaguar Land Rover’s Destination Zero strategy which aims to achieve zero emissions, zero accidents and zero congestion. Like many manufacturing companies, Jaguar Land Rover is attempting to carve itself a slice of the increasingly profitable sharing economy.

FTC launches investigation for privacy practices in US

The Federal Trade Commission (FTC) has issued orders to seven US broadband providers seeking non-public information to assess privacy practises.

Although this investigation is relatively broad, this might be another attempt from the US Government to get a handle on the privacy practices of the fast-evolving digital economy. Several scandals over the last 18 months have demonstrated current rules are not fit for purpose, containing too many loopholes and inadequately governing an industry which has progressed beyond the reach of bureaucracy.

The FTC has been under pressure in recent months to get a better handle on the data machines which power the digital economy, bringing in billions for the likes of Amazon and Google, but increasingly the telcos. While many fingers have been pointed at the residents of Silicon Valley, the telcos have been making money through the transfer of personal information also.

This investigation is an important step forward in creating a better understanding of the data and sharing economy, a foundation to create resilient and future-proof regulations. Some might suggest this sort of investigation should have happened years ago, but hindsight is always 20/20; who would have predicted the scale of scandals we have witnessed recently.

AT&T, AT&T Mobility, Comcast Cable Communications, Google Fiber, T-Mobile US, Verizon, and Cellco Partnership are the firms which have received the demands.

As part of the investigation, the FTC is requesting:

  • The categories of personal information collected about consumers or their devices
  • Purpose of collecting data for each of the categories
  • Methods of collecting the data
  • Policies for employees to access this data
  • Retention policies
  • What information is transferred to third-parties
  • How the data is the information is aggregated, anonymized or deidentified
  • Disclosures to customers about data collection and transfer to third-parties
  • What choices are offered to the customer
  • How accessible personal data is to the customer

As you can see, this is an incredibly broad and in-depth request, with a lot of the information being non-public. Many of the telcos who have been sent the orders will be uncomfortable releasing this information, though they’ll have no choice.

Although this is a good first step for the FTC, we would hope the investigation is broadened further in the future. More information and insight needs to be collected from the OTTs, the masters of manipulating the data-sharing economy. The telcos are small fish in this expedition, but it is progress.

All eyes from the data-sharing community will be keenly directed towards the FTC over the next couple of months. While this investigation is nothing more than a virtual pebble dropped into the digital pond for the moment, there is the potential for those ripples to grow into waves. This could be the first step towards major regulatory reform, an overdue revolution to gain a better handle on the wild-west internet economy.

Security is a concern, especially as it can hit bank accounts now

New research from EY suggests British businesses are more concerned than ever about security. Funny that, considering there’s now a whopping fine to worry about.

Security is one of those areas which is constantly discussed but little is done to address. Irrelevant as to how many CEOs tell you its top of the agenda or how many statements start with the phrase ‘our customers security is our number one concern’, it’s an aspect of the technology world which has been swept aside. But not according to this research from EY.

“It’s not surprising that businesses are most concerned with the threat of cyberattacks,” said Adrian Baschnonga, Global Lead Telecommunications Analyst at EY. “The introduction of 5G will help organisations unlock new growth opportunities, but this transition comes at a time when fears regarding data breaches and network security are especially pronounced.”

While you always have to take statements like this with a pinch of salt, it might be right this time. Why? Because if you want to make executives care about something aside from their annual bonuses, you have to fight fire with fire.

Under the General Data Protection Regulations (GDPR) brought into play last May, any company which is found to have inadequately protected customer or employee data are subject to fines of 3% of annual turnover or €20 million. GDPR fines are proportionate to the risk posed by a breach, allowing flexibility for regulators to tackle the problem, but it certainly seems to have caught some attention.

According to professional services firm RPC, in the 12 months prior to September 30 2018 (the period in which GDPR was introduced) the Information Commissioners Office issued fines totalling just over £5 million, a 24% increase on the previous period of 12 months. Considering the ICO only had a couple of months to swing the GDPR stick at offenders, it would be fair to assume the watchdog is fully embracing the new powers offered to it.

This also seems to have hit home with those investing in new technologies. 40% of respondents to EY’s survey are worried about 5G and cyberattacks, while 37% saw IoT as a risk. These numbers aren’t particularly high, but they are the biggest concerns.

Another factor to consider is the consumer. While many will have been blind to the risk of data breaches in by-gone years, this does not seem to be the case anymore. Recent Lloyd’s research claims 44% of UK consumers believe there is a risk to personal safety in the sharing economy, perhaps indicating they would be hard-pushed to share data. If enterprise organizations are going to benefit from the data boom, they’ll have to convince customers that their personal information will be safe.

Whether this translates to appropriate security investments remains to be seen, as there seems to be a lack of ownership over security overall. Enterprise organizations are looking to suppliers for security to be built into products, while it is perfectly reasonable for suppliers to ask enterprise organizations to do more. Security should be built into products, but if an individual buys a front door, the manufacturer cannot be blamed when it is left open or an inadequate lock is used.

More often than not the carrot is used to incentivise business, but it seems the GDPR stick is an effective tool in bringing security to the front of executive’s minds. Hopefully now there will be less pandering for PR headlines and more affirmative action.

UK sets out battle plan to tackle Silicon Valley’s ‘Digital Gangsters’

Facebook is only the tip of the iceberg, but Parliament is coming after Zuckerberg and his Silicon Valley cronies in the long-standing battle to understand and curb the influence of social media.

Featuring representatives from both sides of the political aisle led by the Department for Digital, Culture, Media and Sport (DCMS), this perhaps set the scene for one of the most aggressive stances against the social media giants. If all the recommendations are followed up on, there could be some major disruption on the horizon.

New regulations, new definitions for the business model, a new regulator, new fines, new competition investigations and new levies against the internet players, the outcome certainly justifies the months spend investigating the complex and diverse tapestry of social media and its impact on today’s society.

“We hope that the Government will include these considerations when it reviews the UK’s competition powers in April 2019, as stated in the Government response to our Interim Report,” the report states in its concluding statements. “Companies like Facebook should not be allowed to behave like ‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.”

Such is the pace of the legislative machine, nothing will change in the immediate future, but this is an important first step into the red-tape maze of regulation. This parliamentary committee, and the subsequent report, are laying the foundations for the future. The scene has been set, with the committee painting a complex picture of deception, greed and mistrust, readying bureaucrats for an assault.

To understand how we have gotten to this point you have to go back to Cambridge Analytica scandal. Until this point the data economy was thundering along relatively undisturbed, free from the worries of regulation and oversight, however this scandal pulled the curtain back ever so slightly. The data machine was slightly exposed, but ever since politicians have been clawing to understand the cogs and levers.

But what does this report recommend? Firstly, new regulatory mechanisms. The parliamentary committee has suggested the formation of a new regulatory body, which will be funded by levies placed on the internet companies wishing to operate in the UK, which would have greater insight and powers to pry open business models and processes. Another interesting recommendation is the creation of new definitions for the internet economy.

This is part of the issue today and the reason internet giants have so much freedom. Rules have been designed for different types of organizations for a bygone era. To compensate for the inadequacy of the rulebook, new clauses have been built on top. The issue has been compounded, creating a complicated red-tape maze with loop holes, secret corridors and grey areas for lawyers to expose. The shaky foundations have not provided a suitable mechanism to hold the segment accountable.

The report states what many already know but little has been done to correct. These social media companies are no-longer simply ‘platforms’ and neither are they ‘publishers’, therefore they should not be regulated as such. A new definition should be created, with rules specific to this segment. It’s amazing to think it has taken this long to come to this conclusion, but the committee is pushing for specific rules for specific circumstances.

The report also calls for a new ‘code of ethics’, designed by independent experts and overseen by the newly created regulatory body, to hold the internet giants accountable. Using the same principle as Ofcom uses for the regulation of broadcasters, these rules would be specific to the case. It would be a square peg for a square hole.

This new approach may also be extended to the murky world of political campaigning also. After the ICO called for a pause of political spending during election periods last year, the committee has responded by suggesting new powers which would:

“…define digital campaigning, including having agreed definitions of what constitutes online political advertising, such as agreed types of words that continually arise in adverts that are not sponsored by a specific political party.”

Again, this is a criticism of the sluggish nature of regulation, not recognising the world has evolved. New rules should reflect the new digital landscape, the changing methods of promoting messages and microtargeted political campaigning. More transparency will be suggested, “clear, persistent banners on all paid-for political adverts and videos, indicating the source and the advertiser”, as well as new transparency metrics for campaigns to declare such activities.

Perhaps a more dangerous area which has finally been addressed is the in-direct campaigning which benefits or detracts from parties and individuals. These are organizations such as Leave.EU, which had no direct link to political bodies but presenting questionable materials to individuals through the hyper-targeted advertising model offered by social media companies. This takes the committee into the nefarious world of foreign influence also.

Finally, the committee is also tasking the Competition Markets Authority (CMA) to conduct an extensive investigation into the power and influence of the social media companies. Again, this means little for the moment, but it could be the first step towards identifying potential ‘monopolies’, providing justification to break up the gathering empires.

This aspect of the report leans on documentation sourced by Six4Three, a tech company which is suing Facebook for in-appropriately influencing the success of its products.

“Given the contents of the Six4Three documents that we have published, it should also investigate whether Facebook specifically has been involved in any anti-competitive practices and conduct a review of Facebook’s business practices towards other developers, to decide whether Facebook is unfairly using its dominant market position in social media to decide which businesses should succeed or fail,” the report states.

The content of this report should not be dismissed as busywork for boresome bureaucrats but a direct threat to the success of Silicon Valley. The internet companies should be very worried about the content of this report, the conclusions these politicians have drawn and the potential implications of any recommendations. This is a political hot point right now, and we suspect there is enough ill-feeling towards the internet players to take these suggestions forward.

Facebook is the company which is constantly attracting the headlines, but this company is just one of many. The mentality has spread throughout the digital ecosystem, but Facebook is the scape goat. Unfortunately for all those involved, Facebook CEO Mark Zuckerberg has continued to antagonise politicians by refusing to show up to briefings, compounding the problem and rallying political enemies towards a single cause.

Although these recommendations are only the first steps into the complicated world of regulation, there is potential for significant disruption. With GDPR bubbling away in the background, and further privacy regulations in the pipeline, the basic business model of the internet giants is being challenged here. This document could be a defining factor in the future of the digital economy.

California data dividend sounds nice but shows digital economy ignorance

The State of California might be making friends in Silicon Valley with its defence of net neutrality rules, but in proposing a ‘data dividend’ on the digital economy, these kinships might turn sour very quickly.

In his ‘State of the State’ speech this week, California Governor Gavin Newsom proposed a new ‘data dividend’ which would see internet players who monetise user’s personal information have to pay those users for the privilege, according to CNBC. This might sound like a lovely idea to share the wealth, but you can guarantee Silicon Valley is going to throw a temper tantrum about this.

“California’s consumers should also be able to share in the wealth that is created from their data,” said Newsom.

Aside from the revolt from the likes of Google and Facebook which is bound to be on the horizon, Newsom has joined the long list of politicians who are demonstrating they don’t understand how the digital economy functions. Social media platforms or video hosting websites are offered for free to the consumer because data is taken as payment. The value exchange is a free service for the permission to monetise personal data.

While this might sound like an excellent way for Newsom to score political points with the voters of California, you have to wonder how the internet players are going to react. There will of course be intense lobbying, but should the proposal make it into the rulebook, will services continue to be offered for free? Perhaps the internet players will replace lost revenues created by the digital dividend with a paywall?

Some politicians appear to be very anti-profit when it comes to the internet players, seemingly believing platforms like Facebook and Twitter are a public service not private corporations with shareholders to keep happy. These are companies which should of course be held accountable when it comes to data privacy and protection standards, but the value exchange in the digital economy has been accepted as a business model which benefits both sides of the equation.

This is not the first time such an idea has been aired, though rarely has it floated out of such senior political offices. The profits which flow into Silicon Valley are being attacked from numerous sides currently, but you also have to ask what others impacts there will be on the development of the digital economy.

One of the reasons the technology industry has been advancing so quickly in recent years is the aggressive investments which have been made in R&D by Silicon Valley. The likes of Amazon and Google are certainly not shy about searching for the next big idea, fully embracing the concept of fail-fast, but the confidence in these investments exists partly because of the commercial successes of the core business models. Sustained erosion of these revenue channels might well result in smaller R&D operations.

Not only will this slow down improvements to customer experience, it could also place speed bumps in-front of momentum. The US technology industry is advancing very quickly, with some truly wonderful and ludicrous ideas being explored (See Google’s Loon), but this progress could stutter when you attack the ways these companies make money.

The battle between Silicon Valley and rule makers is raging for several reasons. The internet companies have been caught with their pants down in the data protection and privacy realms, though their resistance to collaboration is antagonising politicians. Silicon Valley is desperately trying to side-road and resist any new rules to govern the digital economy, as any major corporation would, but these rules are of course critical for positive societal development. The more Silicon Valley resists, the more aggressive proposals will be put forward.

We strongly agree with the calls to increase regulation on the digital economy, but you have to pick your battles. What would be the benefit to the user with these rules? A couple of dollars a year, nothing which will turn heads, but what will be the consequences?

Hold the internet players to more stringent data protection rules. Enforce more consent regulations. Ensure these companies pay fair and reasonable tax. But destroying a generally accepted way to make money will probably not end well. We suspect this might be a net loss in the long-run.

Germany has a swing at Facebook advertising platform

German regulator Bundeskartellamt has made a fresh attempt to curb the powers of the internet giants, this time targeting the data processing capabilities of Facebook.

The case built by Bundeskartellamt is based on what it has deemed market abuses by the dominant social media player in Germany. With Google+ shutting down, the regulator believes Facebook has a dominant position in the market, though it has not effectively informed users about the process of combing third-party data sets with information taken from the core Facebook platform to improve the detail of user profiles for advertising purposes.

This has been deemed inappropriate and Facebook has been ordered to shut down the process. This is not the first time this practise has been criticised by the regulator, but this is the first concrete ruling to for Facebook to desist.

“With regard to Facebook’s future data processing policy, we are carrying out what can be seen as an internal divestiture of Facebook’s data,” said Andreas Mundt, President of the Bundeskartellamt. “In future, Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts.

“In future, consumers can prevent Facebook from unrestrictedly collecting and using their data. The previous practice of combining all data in a Facebook user account, practically without any restriction, will now be subject to the voluntary consent given by the users. If users do not consent, Facebook may not exclude them from its services and must refrain from collecting and merging data from different sources.”

Facebook has already stated it will appeal the decision with the Düsseldorf Higher Regional Court, though this should come as little surprise considering the attack on the foundations of the social media giants business model. The reason companies like Facebook and Google have been so successful in the early days of the data-sharing economy is because of the accuracy of advertising. This ruling could have a notable impact.

Not only does Facebook collect information about you from its core platform, but by supplementing this picture with more detail from third-party sources, a hyper-targeted advertising platform can be created. It’s seemingly one of the reasons advertisers have stuck by Facebook despite numerous scandals over the last couple of years; there are very few other platforms or businesses which can offer advertising services on par.

Although it is now common knowledge platforms such as Facebook sell ‘you’ to advertisers to fuel the spreadsheets, Bundeskartellamt believes the firm should obtain consent from the user should it want to use additional information to create a more detailed user profile. This data could be taken from sister platforms such as Instagram or WhatsApp, or third-party websites and applications which have ‘like’ or ‘share’ buttons embedded.

“By combining data from its own website, company-owned services and the analysis of third-party websites, Facebook obtains very detailed profiles of its users and knows what they are doing online,” said Mundt.

The practise becomes a bit more nefarious however. Even if there is no Facebook symbols or embedded buttons on the page or application a user is viewing, data might still be flowing back to the social media giant. This is not what anyone would consider transparent and should be addressed in all markets, not just Germany.

Overall, the Bundeskartellamt believes Facebook is abusing its dominant market position to the detriment of the other side of the equation, the user. While this will be escalated to higher courts, should the regulator win favour from the judges Facebook would have to obtain consent from every single one of its 32 million German users. It certainly will be able to obtain consent from many, but it would be a dent to the increasing under-fire advertising machine.

This is of course not the first time Germany has taken a run up at the internet giants. Germany has consistently been one of the leading nations attempting to tackle the power and influence of the internet players, creating a more tightknit regulatory framework which you would naturally expect in business. However, the social giants and their slippery lawyers are doing their best to resist.

Back in 2016, Facebook was told to stop collecting WhatsApp data from users and delete all the information it has already collected, due to the fact proper consent had not been obtained. It has also been investigating whether the Google+ data breach during the latter months of 2018 violates GDPR. Germany has also been one of the leading voices in the prolonged battle to ensure the internet giants pay fair and reasonable taxes across the European bloc.

What we are seeing in this case is another example of a regulator cracking down on the freedoms granted to Silicon Valley. For years, the internet players have been sliding between rules designed to parallel industries, exposing the grey and unregulated areas, as rule makers consistently struggle to keep pace with technological progress. There are numerous governments attempting to create more accountability, though it has been an uphill struggle so far.

The next couple of months will certainly be an interesting period in Germany. With judges considering the Facebook appeal, a win for the Bundeskartellamt could at as a springboard to wrap up the OTTs in more red-tape. We hope there is enough wiggle room left to innovate, but the last two years of scandals have shown the dire need to more strictly regulate Silicon Valley.

Privacy International points GDPR finger at Facebook

An investigation from privacy advocacy group Privacy International on the flow of personal information has questioned whether Facebook and its advertisers are violating Europe’s GDPR.

To date there have not been any major challenges using the data privacy regulation. There have of course been numerous violations of user privacy, but as these incidents occurred prior to the implementation of GDPR, the old-version of the rules and punishments were used. This investigation from Privacy International could prove to be a landmark.

The investigation itself questions whether Facebook and the app-developers which use its platform for data collection and user identification is acting responsibly and legally. Using the Facebook Software Development Kit (SDK), data is automatically sent back to the social media giant, irrelevant as to whether consent has been collected, or even if the user has a Facebook book account.

“Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” Privacy International states on its website.

“App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called ‘mitmproxy’, an interactive HTTPS proxy, Privacy International has analysed the data that a number of Android apps transmit to Facebook through the Facebook SDK.”

After testing dozens of different apps, Privacy International claims 61% automatically transfer data to Facebook the moment a user opens the app, while others routinely send Facebook data that is incredibly detailed. Some of these users may be logged out of the platform or might not even have a Facebook account in the first place. Developers tested include travel comparison app Kayak, job search company Indeed and crowd-sourced search service Yelp.

Looking at the Kayak example, not only was information transferred back to Facebook once the app was opened and closed, but also during each stage of the search process. In the example Privacy International gives, the user selected a flight from London Gatwick to Tokyo between December 2 and 5, Narita Airport was then selected, before another search was conducted searching for hotels for two adults in the city. All of this information was sent to Facebook without prompt, despite Kayak claiming, ‘don’t worry, we’ll never share anything without your permission’, when the user signs in.

Alone this information is useful, but not incredibly so. However, when you consider the huge number of apps which will be sending information back to Facebook, an incredibly detailed picture of the user can be built. Using the other apps tested in this investigation, Facebook could also learn or make assumptions about the user’s religion (Muslim Pro), music interests (Shazam), salary and disposable income (Indeed Job Search) and interest in physical activities (MyFitnessPal). All of this information could be used to feed incredibly personalised advertisements to the user.

The big question which remains is whether this could be perceived as a violation of GDPR. Facebook has stated it released an update to the SDK which allowed developers to suspend the automatic data transfers, though this was only for version 4.34 and later. With the Opt-out section (the Google advertising ID) automatically turned off, some might suggest the user is being led as opposed to asked.

Another factor which could work against Facebook is the collection of data on users who do not have Facebook accounts; this is much more suspect. As per GDPR, a company has to have a specific and justified reason to collect personal information. It does appear Facebook is collecting information on users despite having no purpose or valid reason to do so.

With fines for violating GDPR up to 3% of annual turnover, the stakes are very high. This could prove to be one of the first tests of the rules, designed to protect the privacy of the general public, and few will be surprised Facebook is a central character in the story. With the social media giant seemingly antagonising many governments around the world, we suspect there will be a queue forming to have a swing with the sharp GDPR stick.

Facebook back on the ropes with more privacy punches

Facebook faces fresh questions surrounding data privacy, with reports emerging it granted advertising customers access to user’s private messages with friends and family.

This is a company which is not helping itself but is looking increasingly suspect. The data and sharing economy does of course require users to make an exchange in order to receive free services, but the personalised advertising machine created by Facebook is starting to look scary. The detail which is known on users, and the apparent nonchalant approach the firm has to abuse of the platform, is starting to become very worrying.

Now we have one of the most worrying accusations. According to the New York Times, new documents have emerged suggesting Facebook granted permissions to advertisers which seemingly go far beyond the consent granted by users.

Among the accusations, sourced from internal documents, Netflix and Spotify were given the ability to read user’s private messages, while Bing was able to access all information about a user’s connections without specific consent. Amazon was given permission to obtain contact information through indirect connections, and Yahoo was allowed view streams of friends’ posts. The Yahoo partnership can be traced back to this summer, long after Facebook had declared such practises had been ended.

Aside from the NYT investigation, one user has also taken the time to pen her frustrations after realising location controls on the platform made no difference to personalised advertising. Aleksandra Korolova turned off all available location services on Facebook, WhatsApp and Instagram, cleared location details off her profile, removed geo-tagging on photos, but was still receiving personalised ads based on recent movements.

“Reading Facebook’s explanations to advertisers provides insight into how this is done,” said Korolova in a Medium post. “Specifically, Facebook tells advertisers that it learns user locations from the IP address, WiFi and Bluetooth data.”

The illusion of control has been created, though Facebook is finding ways around user consent and loopholes to any commitments it has previously made.

The inability for Facebook to be transparent, clearly telling the user what is going on, is incredible. There are so many examples of this company misleading the general public, governments and regulators, they are becoming difficult to count. This is a toxic company which should not be trusted. We are struggling to believe any statement which the company is now making.

In response, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, has gone to Facebook’s standard response.

“…we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs,” said Papamiltiadis. “We’re already in the process of reviewing all our APIs and the partners who can access them.”

This seems to be Facebook’s new response to accusations which question whether it has acted ethically or legally; partially accepting responsibility and saying they will do better in the future. This is not a good enough answer anymore. It might have worked the first couple of times, but the repetition from Facebook executives just shows how little the company thinks about the general public. We are just assets to be traded in the pursuit of greater advertising revenues.

Privacy is a small hurdle; the grey expanses of technology regulation are too wide for this to be a problem. Facebook is making a mockery of the general public and the data privacy landscape.