Jaguar Land Rover takes a rewarding approach to the sharing economy

Jaguar Land Rover is testing out a new rewards scheme that will see drivers rewarded with cryptocurrency for sharing data.

Like many automotive companies around the world, Jaguar Land Rover has seemingly identified the future of the industry lies beyond purchasing a vehicle, and this is certainly an interesting approach. In return for sharing data with Jaguar Land Rover, such as traffic congestion or potholes, drivers will earn cryptocurrency.

“The connected car technologies we are developing will be transformative and truly turn your Jaguar or Land Rover into a third space, in addition to your home or office,” said Russell Vickers, Software Architect at Jaguar Land Rover.

“In the future an autonomous car could drive itself to a charging station, recharge and pay, while its owner could choose to participate in the sharing economy – earning rewards from sharing useful data such as warning other cars of traffic jams.”

Partnering with the IOTA Foundation, to make use of distributed ledger technologies, by sharing relevant driving information with either Jaguar Land Rover or a local authority, cryptocurrency will be deposited into the driver’s smart wallet. These rewards could be used for a variety of different things, such as paying for tolls, parking and electric charging.

The technology is currently being trialled at the new Jaguar Land Rover software engineering base in Shannon, Ireland, forming part of part of Jaguar Land Rover’s Destination Zero strategy which aims to achieve zero emissions, zero accidents and zero congestion. Like many manufacturing companies, Jaguar Land Rover is attempting to carve itself a slice of the increasingly profitable sharing economy.

FTC launches investigation for privacy practices in US

The Federal Trade Commission (FTC) has issued orders to seven US broadband providers seeking non-public information to assess privacy practises.

Although this investigation is relatively broad, this might be another attempt from the US Government to get a handle on the privacy practices of the fast-evolving digital economy. Several scandals over the last 18 months have demonstrated current rules are not fit for purpose, containing too many loopholes and inadequately governing an industry which has progressed beyond the reach of bureaucracy.

The FTC has been under pressure in recent months to get a better handle on the data machines which power the digital economy, bringing in billions for the likes of Amazon and Google, but increasingly the telcos. While many fingers have been pointed at the residents of Silicon Valley, the telcos have been making money through the transfer of personal information also.

This investigation is an important step forward in creating a better understanding of the data and sharing economy, a foundation to create resilient and future-proof regulations. Some might suggest this sort of investigation should have happened years ago, but hindsight is always 20/20; who would have predicted the scale of scandals we have witnessed recently.

AT&T, AT&T Mobility, Comcast Cable Communications, Google Fiber, T-Mobile US, Verizon, and Cellco Partnership are the firms which have received the demands.

As part of the investigation, the FTC is requesting:

  • The categories of personal information collected about consumers or their devices
  • Purpose of collecting data for each of the categories
  • Methods of collecting the data
  • Policies for employees to access this data
  • Retention policies
  • What information is transferred to third-parties
  • How the data is the information is aggregated, anonymized or deidentified
  • Disclosures to customers about data collection and transfer to third-parties
  • What choices are offered to the customer
  • How accessible personal data is to the customer

As you can see, this is an incredibly broad and in-depth request, with a lot of the information being non-public. Many of the telcos who have been sent the orders will be uncomfortable releasing this information, though they’ll have no choice.

Although this is a good first step for the FTC, we would hope the investigation is broadened further in the future. More information and insight needs to be collected from the OTTs, the masters of manipulating the data-sharing economy. The telcos are small fish in this expedition, but it is progress.

All eyes from the data-sharing community will be keenly directed towards the FTC over the next couple of months. While this investigation is nothing more than a virtual pebble dropped into the digital pond for the moment, there is the potential for those ripples to grow into waves. This could be the first step towards major regulatory reform, an overdue revolution to gain a better handle on the wild-west internet economy.

Security is a concern, especially as it can hit bank accounts now

New research from EY suggests British businesses are more concerned than ever about security. Funny that, considering there’s now a whopping fine to worry about.

Security is one of those areas which is constantly discussed but little is done to address. Irrelevant as to how many CEOs tell you its top of the agenda or how many statements start with the phrase ‘our customers security is our number one concern’, it’s an aspect of the technology world which has been swept aside. But not according to this research from EY.

“It’s not surprising that businesses are most concerned with the threat of cyberattacks,” said Adrian Baschnonga, Global Lead Telecommunications Analyst at EY. “The introduction of 5G will help organisations unlock new growth opportunities, but this transition comes at a time when fears regarding data breaches and network security are especially pronounced.”

While you always have to take statements like this with a pinch of salt, it might be right this time. Why? Because if you want to make executives care about something aside from their annual bonuses, you have to fight fire with fire.

Under the General Data Protection Regulations (GDPR) brought into play last May, any company which is found to have inadequately protected customer or employee data are subject to fines of 3% of annual turnover or €20 million. GDPR fines are proportionate to the risk posed by a breach, allowing flexibility for regulators to tackle the problem, but it certainly seems to have caught some attention.

According to professional services firm RPC, in the 12 months prior to September 30 2018 (the period in which GDPR was introduced) the Information Commissioners Office issued fines totalling just over £5 million, a 24% increase on the previous period of 12 months. Considering the ICO only had a couple of months to swing the GDPR stick at offenders, it would be fair to assume the watchdog is fully embracing the new powers offered to it.

This also seems to have hit home with those investing in new technologies. 40% of respondents to EY’s survey are worried about 5G and cyberattacks, while 37% saw IoT as a risk. These numbers aren’t particularly high, but they are the biggest concerns.

Another factor to consider is the consumer. While many will have been blind to the risk of data breaches in by-gone years, this does not seem to be the case anymore. Recent Lloyd’s research claims 44% of UK consumers believe there is a risk to personal safety in the sharing economy, perhaps indicating they would be hard-pushed to share data. If enterprise organizations are going to benefit from the data boom, they’ll have to convince customers that their personal information will be safe.

Whether this translates to appropriate security investments remains to be seen, as there seems to be a lack of ownership over security overall. Enterprise organizations are looking to suppliers for security to be built into products, while it is perfectly reasonable for suppliers to ask enterprise organizations to do more. Security should be built into products, but if an individual buys a front door, the manufacturer cannot be blamed when it is left open or an inadequate lock is used.

More often than not the carrot is used to incentivise business, but it seems the GDPR stick is an effective tool in bringing security to the front of executive’s minds. Hopefully now there will be less pandering for PR headlines and more affirmative action.

UK sets out battle plan to tackle Silicon Valley’s ‘Digital Gangsters’

Facebook is only the tip of the iceberg, but Parliament is coming after Zuckerberg and his Silicon Valley cronies in the long-standing battle to understand and curb the influence of social media.

Featuring representatives from both sides of the political aisle led by the Department for Digital, Culture, Media and Sport (DCMS), this perhaps set the scene for one of the most aggressive stances against the social media giants. If all the recommendations are followed up on, there could be some major disruption on the horizon.

New regulations, new definitions for the business model, a new regulator, new fines, new competition investigations and new levies against the internet players, the outcome certainly justifies the months spend investigating the complex and diverse tapestry of social media and its impact on today’s society.

“We hope that the Government will include these considerations when it reviews the UK’s competition powers in April 2019, as stated in the Government response to our Interim Report,” the report states in its concluding statements. “Companies like Facebook should not be allowed to behave like ‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.”

Such is the pace of the legislative machine, nothing will change in the immediate future, but this is an important first step into the red-tape maze of regulation. This parliamentary committee, and the subsequent report, are laying the foundations for the future. The scene has been set, with the committee painting a complex picture of deception, greed and mistrust, readying bureaucrats for an assault.

To understand how we have gotten to this point you have to go back to Cambridge Analytica scandal. Until this point the data economy was thundering along relatively undisturbed, free from the worries of regulation and oversight, however this scandal pulled the curtain back ever so slightly. The data machine was slightly exposed, but ever since politicians have been clawing to understand the cogs and levers.

But what does this report recommend? Firstly, new regulatory mechanisms. The parliamentary committee has suggested the formation of a new regulatory body, which will be funded by levies placed on the internet companies wishing to operate in the UK, which would have greater insight and powers to pry open business models and processes. Another interesting recommendation is the creation of new definitions for the internet economy.

This is part of the issue today and the reason internet giants have so much freedom. Rules have been designed for different types of organizations for a bygone era. To compensate for the inadequacy of the rulebook, new clauses have been built on top. The issue has been compounded, creating a complicated red-tape maze with loop holes, secret corridors and grey areas for lawyers to expose. The shaky foundations have not provided a suitable mechanism to hold the segment accountable.

The report states what many already know but little has been done to correct. These social media companies are no-longer simply ‘platforms’ and neither are they ‘publishers’, therefore they should not be regulated as such. A new definition should be created, with rules specific to this segment. It’s amazing to think it has taken this long to come to this conclusion, but the committee is pushing for specific rules for specific circumstances.

The report also calls for a new ‘code of ethics’, designed by independent experts and overseen by the newly created regulatory body, to hold the internet giants accountable. Using the same principle as Ofcom uses for the regulation of broadcasters, these rules would be specific to the case. It would be a square peg for a square hole.

This new approach may also be extended to the murky world of political campaigning also. After the ICO called for a pause of political spending during election periods last year, the committee has responded by suggesting new powers which would:

“…define digital campaigning, including having agreed definitions of what constitutes online political advertising, such as agreed types of words that continually arise in adverts that are not sponsored by a specific political party.”

Again, this is a criticism of the sluggish nature of regulation, not recognising the world has evolved. New rules should reflect the new digital landscape, the changing methods of promoting messages and microtargeted political campaigning. More transparency will be suggested, “clear, persistent banners on all paid-for political adverts and videos, indicating the source and the advertiser”, as well as new transparency metrics for campaigns to declare such activities.

Perhaps a more dangerous area which has finally been addressed is the in-direct campaigning which benefits or detracts from parties and individuals. These are organizations such as Leave.EU, which had no direct link to political bodies but presenting questionable materials to individuals through the hyper-targeted advertising model offered by social media companies. This takes the committee into the nefarious world of foreign influence also.

Finally, the committee is also tasking the Competition Markets Authority (CMA) to conduct an extensive investigation into the power and influence of the social media companies. Again, this means little for the moment, but it could be the first step towards identifying potential ‘monopolies’, providing justification to break up the gathering empires.

This aspect of the report leans on documentation sourced by Six4Three, a tech company which is suing Facebook for in-appropriately influencing the success of its products.

“Given the contents of the Six4Three documents that we have published, it should also investigate whether Facebook specifically has been involved in any anti-competitive practices and conduct a review of Facebook’s business practices towards other developers, to decide whether Facebook is unfairly using its dominant market position in social media to decide which businesses should succeed or fail,” the report states.

The content of this report should not be dismissed as busywork for boresome bureaucrats but a direct threat to the success of Silicon Valley. The internet companies should be very worried about the content of this report, the conclusions these politicians have drawn and the potential implications of any recommendations. This is a political hot point right now, and we suspect there is enough ill-feeling towards the internet players to take these suggestions forward.

Facebook is the company which is constantly attracting the headlines, but this company is just one of many. The mentality has spread throughout the digital ecosystem, but Facebook is the scape goat. Unfortunately for all those involved, Facebook CEO Mark Zuckerberg has continued to antagonise politicians by refusing to show up to briefings, compounding the problem and rallying political enemies towards a single cause.

Although these recommendations are only the first steps into the complicated world of regulation, there is potential for significant disruption. With GDPR bubbling away in the background, and further privacy regulations in the pipeline, the basic business model of the internet giants is being challenged here. This document could be a defining factor in the future of the digital economy.

California data dividend sounds nice but shows digital economy ignorance

The State of California might be making friends in Silicon Valley with its defence of net neutrality rules, but in proposing a ‘data dividend’ on the digital economy, these kinships might turn sour very quickly.

In his ‘State of the State’ speech this week, California Governor Gavin Newsom proposed a new ‘data dividend’ which would see internet players who monetise user’s personal information have to pay those users for the privilege, according to CNBC. This might sound like a lovely idea to share the wealth, but you can guarantee Silicon Valley is going to throw a temper tantrum about this.

“California’s consumers should also be able to share in the wealth that is created from their data,” said Newsom.

Aside from the revolt from the likes of Google and Facebook which is bound to be on the horizon, Newsom has joined the long list of politicians who are demonstrating they don’t understand how the digital economy functions. Social media platforms or video hosting websites are offered for free to the consumer because data is taken as payment. The value exchange is a free service for the permission to monetise personal data.

While this might sound like an excellent way for Newsom to score political points with the voters of California, you have to wonder how the internet players are going to react. There will of course be intense lobbying, but should the proposal make it into the rulebook, will services continue to be offered for free? Perhaps the internet players will replace lost revenues created by the digital dividend with a paywall?

Some politicians appear to be very anti-profit when it comes to the internet players, seemingly believing platforms like Facebook and Twitter are a public service not private corporations with shareholders to keep happy. These are companies which should of course be held accountable when it comes to data privacy and protection standards, but the value exchange in the digital economy has been accepted as a business model which benefits both sides of the equation.

This is not the first time such an idea has been aired, though rarely has it floated out of such senior political offices. The profits which flow into Silicon Valley are being attacked from numerous sides currently, but you also have to ask what others impacts there will be on the development of the digital economy.

One of the reasons the technology industry has been advancing so quickly in recent years is the aggressive investments which have been made in R&D by Silicon Valley. The likes of Amazon and Google are certainly not shy about searching for the next big idea, fully embracing the concept of fail-fast, but the confidence in these investments exists partly because of the commercial successes of the core business models. Sustained erosion of these revenue channels might well result in smaller R&D operations.

Not only will this slow down improvements to customer experience, it could also place speed bumps in-front of momentum. The US technology industry is advancing very quickly, with some truly wonderful and ludicrous ideas being explored (See Google’s Loon), but this progress could stutter when you attack the ways these companies make money.

The battle between Silicon Valley and rule makers is raging for several reasons. The internet companies have been caught with their pants down in the data protection and privacy realms, though their resistance to collaboration is antagonising politicians. Silicon Valley is desperately trying to side-road and resist any new rules to govern the digital economy, as any major corporation would, but these rules are of course critical for positive societal development. The more Silicon Valley resists, the more aggressive proposals will be put forward.

We strongly agree with the calls to increase regulation on the digital economy, but you have to pick your battles. What would be the benefit to the user with these rules? A couple of dollars a year, nothing which will turn heads, but what will be the consequences?

Hold the internet players to more stringent data protection rules. Enforce more consent regulations. Ensure these companies pay fair and reasonable tax. But destroying a generally accepted way to make money will probably not end well. We suspect this might be a net loss in the long-run.

Germany has a swing at Facebook advertising platform

German regulator Bundeskartellamt has made a fresh attempt to curb the powers of the internet giants, this time targeting the data processing capabilities of Facebook.

The case built by Bundeskartellamt is based on what it has deemed market abuses by the dominant social media player in Germany. With Google+ shutting down, the regulator believes Facebook has a dominant position in the market, though it has not effectively informed users about the process of combing third-party data sets with information taken from the core Facebook platform to improve the detail of user profiles for advertising purposes.

This has been deemed inappropriate and Facebook has been ordered to shut down the process. This is not the first time this practise has been criticised by the regulator, but this is the first concrete ruling to for Facebook to desist.

“With regard to Facebook’s future data processing policy, we are carrying out what can be seen as an internal divestiture of Facebook’s data,” said Andreas Mundt, President of the Bundeskartellamt. “In future, Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts.

“In future, consumers can prevent Facebook from unrestrictedly collecting and using their data. The previous practice of combining all data in a Facebook user account, practically without any restriction, will now be subject to the voluntary consent given by the users. If users do not consent, Facebook may not exclude them from its services and must refrain from collecting and merging data from different sources.”

Facebook has already stated it will appeal the decision with the Düsseldorf Higher Regional Court, though this should come as little surprise considering the attack on the foundations of the social media giants business model. The reason companies like Facebook and Google have been so successful in the early days of the data-sharing economy is because of the accuracy of advertising. This ruling could have a notable impact.

Not only does Facebook collect information about you from its core platform, but by supplementing this picture with more detail from third-party sources, a hyper-targeted advertising platform can be created. It’s seemingly one of the reasons advertisers have stuck by Facebook despite numerous scandals over the last couple of years; there are very few other platforms or businesses which can offer advertising services on par.

Although it is now common knowledge platforms such as Facebook sell ‘you’ to advertisers to fuel the spreadsheets, Bundeskartellamt believes the firm should obtain consent from the user should it want to use additional information to create a more detailed user profile. This data could be taken from sister platforms such as Instagram or WhatsApp, or third-party websites and applications which have ‘like’ or ‘share’ buttons embedded.

“By combining data from its own website, company-owned services and the analysis of third-party websites, Facebook obtains very detailed profiles of its users and knows what they are doing online,” said Mundt.

The practise becomes a bit more nefarious however. Even if there is no Facebook symbols or embedded buttons on the page or application a user is viewing, data might still be flowing back to the social media giant. This is not what anyone would consider transparent and should be addressed in all markets, not just Germany.

Overall, the Bundeskartellamt believes Facebook is abusing its dominant market position to the detriment of the other side of the equation, the user. While this will be escalated to higher courts, should the regulator win favour from the judges Facebook would have to obtain consent from every single one of its 32 million German users. It certainly will be able to obtain consent from many, but it would be a dent to the increasing under-fire advertising machine.

This is of course not the first time Germany has taken a run up at the internet giants. Germany has consistently been one of the leading nations attempting to tackle the power and influence of the internet players, creating a more tightknit regulatory framework which you would naturally expect in business. However, the social giants and their slippery lawyers are doing their best to resist.

Back in 2016, Facebook was told to stop collecting WhatsApp data from users and delete all the information it has already collected, due to the fact proper consent had not been obtained. It has also been investigating whether the Google+ data breach during the latter months of 2018 violates GDPR. Germany has also been one of the leading voices in the prolonged battle to ensure the internet giants pay fair and reasonable taxes across the European bloc.

What we are seeing in this case is another example of a regulator cracking down on the freedoms granted to Silicon Valley. For years, the internet players have been sliding between rules designed to parallel industries, exposing the grey and unregulated areas, as rule makers consistently struggle to keep pace with technological progress. There are numerous governments attempting to create more accountability, though it has been an uphill struggle so far.

The next couple of months will certainly be an interesting period in Germany. With judges considering the Facebook appeal, a win for the Bundeskartellamt could at as a springboard to wrap up the OTTs in more red-tape. We hope there is enough wiggle room left to innovate, but the last two years of scandals have shown the dire need to more strictly regulate Silicon Valley.

Privacy International points GDPR finger at Facebook

An investigation from privacy advocacy group Privacy International on the flow of personal information has questioned whether Facebook and its advertisers are violating Europe’s GDPR.

To date there have not been any major challenges using the data privacy regulation. There have of course been numerous violations of user privacy, but as these incidents occurred prior to the implementation of GDPR, the old-version of the rules and punishments were used. This investigation from Privacy International could prove to be a landmark.

The investigation itself questions whether Facebook and the app-developers which use its platform for data collection and user identification is acting responsibly and legally. Using the Facebook Software Development Kit (SDK), data is automatically sent back to the social media giant, irrelevant as to whether consent has been collected, or even if the user has a Facebook book account.

“Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” Privacy International states on its website.

“App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called ‘mitmproxy’, an interactive HTTPS proxy, Privacy International has analysed the data that a number of Android apps transmit to Facebook through the Facebook SDK.”

After testing dozens of different apps, Privacy International claims 61% automatically transfer data to Facebook the moment a user opens the app, while others routinely send Facebook data that is incredibly detailed. Some of these users may be logged out of the platform or might not even have a Facebook account in the first place. Developers tested include travel comparison app Kayak, job search company Indeed and crowd-sourced search service Yelp.

Looking at the Kayak example, not only was information transferred back to Facebook once the app was opened and closed, but also during each stage of the search process. In the example Privacy International gives, the user selected a flight from London Gatwick to Tokyo between December 2 and 5, Narita Airport was then selected, before another search was conducted searching for hotels for two adults in the city. All of this information was sent to Facebook without prompt, despite Kayak claiming, ‘don’t worry, we’ll never share anything without your permission’, when the user signs in.

Alone this information is useful, but not incredibly so. However, when you consider the huge number of apps which will be sending information back to Facebook, an incredibly detailed picture of the user can be built. Using the other apps tested in this investigation, Facebook could also learn or make assumptions about the user’s religion (Muslim Pro), music interests (Shazam), salary and disposable income (Indeed Job Search) and interest in physical activities (MyFitnessPal). All of this information could be used to feed incredibly personalised advertisements to the user.

The big question which remains is whether this could be perceived as a violation of GDPR. Facebook has stated it released an update to the SDK which allowed developers to suspend the automatic data transfers, though this was only for version 4.34 and later. With the Opt-out section (the Google advertising ID) automatically turned off, some might suggest the user is being led as opposed to asked.

Another factor which could work against Facebook is the collection of data on users who do not have Facebook accounts; this is much more suspect. As per GDPR, a company has to have a specific and justified reason to collect personal information. It does appear Facebook is collecting information on users despite having no purpose or valid reason to do so.

With fines for violating GDPR up to 3% of annual turnover, the stakes are very high. This could prove to be one of the first tests of the rules, designed to protect the privacy of the general public, and few will be surprised Facebook is a central character in the story. With the social media giant seemingly antagonising many governments around the world, we suspect there will be a queue forming to have a swing with the sharp GDPR stick.

Facebook back on the ropes with more privacy punches

Facebook faces fresh questions surrounding data privacy, with reports emerging it granted advertising customers access to user’s private messages with friends and family.

This is a company which is not helping itself but is looking increasingly suspect. The data and sharing economy does of course require users to make an exchange in order to receive free services, but the personalised advertising machine created by Facebook is starting to look scary. The detail which is known on users, and the apparent nonchalant approach the firm has to abuse of the platform, is starting to become very worrying.

Now we have one of the most worrying accusations. According to the New York Times, new documents have emerged suggesting Facebook granted permissions to advertisers which seemingly go far beyond the consent granted by users.

Among the accusations, sourced from internal documents, Netflix and Spotify were given the ability to read user’s private messages, while Bing was able to access all information about a user’s connections without specific consent. Amazon was given permission to obtain contact information through indirect connections, and Yahoo was allowed view streams of friends’ posts. The Yahoo partnership can be traced back to this summer, long after Facebook had declared such practises had been ended.

Aside from the NYT investigation, one user has also taken the time to pen her frustrations after realising location controls on the platform made no difference to personalised advertising. Aleksandra Korolova turned off all available location services on Facebook, WhatsApp and Instagram, cleared location details off her profile, removed geo-tagging on photos, but was still receiving personalised ads based on recent movements.

“Reading Facebook’s explanations to advertisers provides insight into how this is done,” said Korolova in a Medium post. “Specifically, Facebook tells advertisers that it learns user locations from the IP address, WiFi and Bluetooth data.”

The illusion of control has been created, though Facebook is finding ways around user consent and loopholes to any commitments it has previously made.

The inability for Facebook to be transparent, clearly telling the user what is going on, is incredible. There are so many examples of this company misleading the general public, governments and regulators, they are becoming difficult to count. This is a toxic company which should not be trusted. We are struggling to believe any statement which the company is now making.

In response, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, has gone to Facebook’s standard response.

“…we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs,” said Papamiltiadis. “We’re already in the process of reviewing all our APIs and the partners who can access them.”

This seems to be Facebook’s new response to accusations which question whether it has acted ethically or legally; partially accepting responsibility and saying they will do better in the future. This is not a good enough answer anymore. It might have worked the first couple of times, but the repetition from Facebook executives just shows how little the company thinks about the general public. We are just assets to be traded in the pursuit of greater advertising revenues.

Privacy is a small hurdle; the grey expanses of technology regulation are too wide for this to be a problem. Facebook is making a mockery of the general public and the data privacy landscape.

UK Gov pulls back the curtain on Facebook data policies

With pressure mounting against Facebook over the last few months it was only a matter of time before a treasure trove of treachery was unveiled; the UK government has done just that.

Considering the breadth and depth of the information revealed by Damian Collins, a MP and Chair of the Digital, Culture, Media and Sport Committee, and the likelihood this is only scratching the surface, it’ll be some time before we discover the full impact. But, the door has been opened. For Facebook, the PR machine will have to find another gear as this will take some battling.

“As we’ve said many times, Six4Three – creators of the Pikinis app – cherrypicked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users,” Facebook said in a statement. “The set of documents, by design, tells only one side of the story and omits important context.”

Facebook is standing by changes made in 2014 which prevented developers seizing personal information of user’s friends, those who had not opted in. This is effectively the saga which kicked off the entire Cambridge Analytica scandal. Facebook argues Six4Three didn’t receive a temporary extension, allowing the app to continue operating while the changes were implemented, and the court case is manufactured revenge.

The Six4Three lawsuit is where Collins and his Committee managed to get their hands on the documents which have been unveiled here. Officials compelled Six4Three CEO Ted Kramer to hand over the documents while on a business trip to London. The documents were obtained as part of a legal discovery process brought about through Six4Three’s lawsuit against Facebook.

The documents are quite damning, suggesting Facebook used user personal information as a commodity, offering the team a useful bargaining chip to secure more attractive contracts, while also nipping any competitive threats before momentum was gathered. For Facebook, this should be considered a nightmare, and it seems investors agree. At the time of writing share price had dropped by 2.7% in overnight trading.

While these reports might not come as a surprise to those who work in the technology space, the general public are unlikely to find these reports very appealing. Facebook crafts an image of itself as a business which wants to help society, though these documents creates a perception of millionaires viewing the user as nothing more than a number, trading away information which doesn’t really belong to them. This idea will not be well-received by the general public.

Looking at the specifics of the documents, apps were invited to use Facebook just as long as it improved the Facebook brand, while some competitors were not allowed to use Facebook tools without the specific sign-off of CEO Mark Zuckerberg himself. One of these examples is Vine, which could be viewed as a means to obstruct rivals. Those who are legally-minded will know this could cause all sorts of problems for the social media giant.

Facebook has clearly recognised this is an issue as well. As part of its statement, Facebook has said it prevented apps which replicate the core functionality of its platform from reaping the full benefits, though it plans to remove this ‘out of date’ policy as soon as possible.

This is of course on concession Facebook is making, though there will have to be a hell of a lot more over the coming months. These documents are damning of the attitudes towards data privacy and also Facebook’s own policies. The lawmakers are sharpening their sticks and it won’t be long before they start taking more accurate aims at a firm which has done little to aid investigations, dodging meaningful questions like perfectly crafted PR ninjas.

One of the biggest recurring themes of the documents is the value which has been placed on data obtained through user’s friends. The idea of linking financial value to the developer’s ability to gain access to friend’s data is one of the key issues being raised by Collins. Some might suggest this goes against repeated statements from Facebook that it was unaware its platform was being abused.

This is the issue. Facebook has continually proclaimed its innocence, accepting criticisms that it should have done more, but ultimately the blame for abuse should be directed elsewhere. These documents suggest the social media giant was not only aware of the abuses but debated and understood the controversial nature. This does appear to be a complete contradiction of the firm’s previous stance.

Another example of this is an update made to changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user.

Perhaps this suggests a breach of trust during internal meetings and email exchanges, but it also damages the brand credibility of Facebook moving forwards. Facebook is in a hole right now, there’s no doubt about that.

Google faces GDPR complaints over user location tracking

Seven privacy advocacy groups will be reporting Google to their relevant data protection authority, claiming the firm is violating GDPR through location tracking of users.

Forbrukerrådet (Norway), Consumentenbond (The Netherlands), Ekpizo (Greece), dTest (Czech Republic), Zveza Potrošnikov Slovenije (Slovenia), Federacja Konsumentów (Poland) and Sveriges Konsumenter (Sweden) will all file complaints, while vzbv in Germany is considering action for an injunction and the  Transatlantic Consumer Dialogue will bring it to the attention of the Federal Trade Commission. This is of course not the first time Google has faced complaints in the EU over privacy, but the volume here might cause a headache.

The complaint is a simple one. Even if a dataset has been anonymised by Google, detailed information on that users location can make this irrelevant, while in-depth and personal insights can be learned, violating user rights to privacy. For example, if a smartphone is stationary for eight hour consistently, at the same time every night, it would be a fair assumption this is the home address of the person, while learning about what bars they visit could give away the sexual persuasion of the individual.

Not only are these insights which can be used for personalised advertising, but the data can be sold onto other companies to dictate was services are sold to that individual at what price. An insurance company could up premiums for someone who never visits the gym, but this is not personal information which the individual has given permission to be released. Some would argue it is an invasion of privacy, others would suggest it is statistical science and fair game.

One of the complaints being made against Google is the lack of transparency. Yes, Google has made the consumer aware it collects information when the opt-outs are not altered in ‘location history’ settings tabs, though it has not made the user aware this opt-out could be irrelevant. By using other apps and services, Google is collecting the data in any case. Once it is said out loud it should seem obvious, even if you have opted out when you want to use the Maps app, you will have to send Google your location data, but the slight contradiction has the capacity to confuse users. This is not what many would consider complete transparency.

“Google’s practices leave consumers very little choice other than providing their location data, which is then used by the company for a wide range of purposes including targeted advertising,” European privacy group BEUC said in a statement. “BEUC and its members argue that these practices contradict basic principles of the GDPR, such as the lawfulness, transparency and fairness of processing, and infringe on data subject’s rights such as the right to information. In our assessment Google notably lacks a lawful legal ground for processing the location data in question.”

There will of course be investigations over the course of the next couple of months, as we suspect there will be more complaints filed in the near future, though this will be a test of GDPR. As a reminder, the largest fine which the EU can impose is 3% of annual turnover. Google might have been able to swallow previous fines from the EU, but this one will be a bit more difficult to justify.