ICO gets serious on British Airways over GDPR

The UK’s Information Commissioner Officer has swung the sharp stick of GDPR at British Airways and it looks like the damage might be a £183.39 million fine.

With GDPR inked into the rule book in May last year, the first investigations under the new guidelines will be coming to a conclusion in the near future. There have been several judgments passed in the last couple of months, but this is one of the most significant in the UK to date.

What is worth noting is this is not the final decision; this is an intention to fine £183.39 million. We do not imagine the final figure will differ too much, the ICO will want to show it is serious, but BA will be giving the opportunity to have its voice heard with regard to the amount.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham.

“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The EU’s GDPR, General Data Protection Regulation, offers regulators the opportunity to fine guilty parties €20 million or as much as 3% of total revenues for the year the incident occurred. In this case, BA will be fined 1.5% of its total revenues for 2018, with the fine being reduced for several reasons.

In September 2018, user traffic was directed towards a fake British Airways site, with the nefarious actors harvesting the data of more than 500,000 customers. In this instance, BA informed the authorities of the breach the defined window, co-operated during the investigation and made improvements to its security systems.

While many might have suggested the UK watchdog, or many regulators around the world for that matter, lack teeth when it comes to dealing with privacy violations, this ruling should put that preconception to rest. This is a weighty fine, which should force the BA management team to take security and privacy seriously; if there is one way to make executives listen, its hit them in the pocket.

This should also be seen as a lesson for other businesses in the UK. Not only is the ICO brave enough to hand out fines for non-compliance, it is mature enough to reduce the fine should the effected organization play nice. £183.39 million is half of what was theoretically possible and should be seen as a win for BA.

Although this is a good start, we would like to see the ICO, and other regulatory bodies, set their sight on the worst offenders when it comes to data privacy. Companies like BA should be punished when they end up on the wrong side of right, but the likes of Facebook, Google and Amazon have gotten an easy ride so far. These are the companies who have the greatest influence when it comes to personal information, and the ones which need to be shown the rod.

This is one of the first heavy fines implemented in the era of GDPR and the difference is clear. Last November, Uber was fined £385,000 for a data breach which impacted 2.7 million customers and drivers in the UK. The incident occurred prior to the introduction of GDPR, the reason the punishment looks so measly compared to the BA fine here.

The next couple of months might be a busy time in the office of the ICO as more investigations conclude. We expect some heavy fines as the watchdog bears its teeth and forces companies back onto the straight and narrow when it comes to privacy and data protection.

Security is a concern, especially as it can hit bank accounts now

New research from EY suggests British businesses are more concerned than ever about security. Funny that, considering there’s now a whopping fine to worry about.

Security is one of those areas which is constantly discussed but little is done to address. Irrelevant as to how many CEOs tell you its top of the agenda or how many statements start with the phrase ‘our customers security is our number one concern’, it’s an aspect of the technology world which has been swept aside. But not according to this research from EY.

“It’s not surprising that businesses are most concerned with the threat of cyberattacks,” said Adrian Baschnonga, Global Lead Telecommunications Analyst at EY. “The introduction of 5G will help organisations unlock new growth opportunities, but this transition comes at a time when fears regarding data breaches and network security are especially pronounced.”

While you always have to take statements like this with a pinch of salt, it might be right this time. Why? Because if you want to make executives care about something aside from their annual bonuses, you have to fight fire with fire.

Under the General Data Protection Regulations (GDPR) brought into play last May, any company which is found to have inadequately protected customer or employee data are subject to fines of 3% of annual turnover or €20 million. GDPR fines are proportionate to the risk posed by a breach, allowing flexibility for regulators to tackle the problem, but it certainly seems to have caught some attention.

According to professional services firm RPC, in the 12 months prior to September 30 2018 (the period in which GDPR was introduced) the Information Commissioners Office issued fines totalling just over £5 million, a 24% increase on the previous period of 12 months. Considering the ICO only had a couple of months to swing the GDPR stick at offenders, it would be fair to assume the watchdog is fully embracing the new powers offered to it.

This also seems to have hit home with those investing in new technologies. 40% of respondents to EY’s survey are worried about 5G and cyberattacks, while 37% saw IoT as a risk. These numbers aren’t particularly high, but they are the biggest concerns.

Another factor to consider is the consumer. While many will have been blind to the risk of data breaches in by-gone years, this does not seem to be the case anymore. Recent Lloyd’s research claims 44% of UK consumers believe there is a risk to personal safety in the sharing economy, perhaps indicating they would be hard-pushed to share data. If enterprise organizations are going to benefit from the data boom, they’ll have to convince customers that their personal information will be safe.

Whether this translates to appropriate security investments remains to be seen, as there seems to be a lack of ownership over security overall. Enterprise organizations are looking to suppliers for security to be built into products, while it is perfectly reasonable for suppliers to ask enterprise organizations to do more. Security should be built into products, but if an individual buys a front door, the manufacturer cannot be blamed when it is left open or an inadequate lock is used.

More often than not the carrot is used to incentivise business, but it seems the GDPR stick is an effective tool in bringing security to the front of executive’s minds. Hopefully now there will be less pandering for PR headlines and more affirmative action.

France fines Google for being vague

The French regulator has swung the GDPR stick for the first time and landed it firmly on Google’s rump, costing the firm €50 million for transparency and consent violations.

The National Data Protection Commission (CNIL) has been investigating the search engine giant since May when None Of Your Business (NOYB) and La Quadrature du Net (LQDN) filed complaints suggesting GDPR violations. The claims specifically suggested Google was not providing adequate information to the user on how data would be used or retained for, while also suggesting Google made the process to find more information unnecessarily complex.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the CNIL said in a statement.

“But the processing operations are particularly massive and intrusive because of the number of services offered (about twenty), the amount and the nature of the data processed and combined. The restricted committee observes in particular that the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes.”

This seems to be the most prominent issue raised by the CNIL. Google was being too vague when obtaining consent in the first instance, but when digging deeper the rabbit hole become too complicated.

Information on data processing purposes, the data storage periods or the categories of personal data used for the ad personalization were spread across several pages or documents. It has been deemed too complicated for any reasonable member of the general public to make sense of and therefore a violation of GDPR.

When first obtaining consent, Google did not offer enough clarity on how data would be used, therefore was without legal grounding to offer personalised ads. Secondly, the firm then wove too vexing a maze of red-tape for those who wanted to understand the implications further.

It’ll now be interesting to see how many other firms are brought to the chopping block. Terms of Service have been over-complicated documents for a long-time now, with the excessive jargon almost becoming best practise in the industry. Perhaps this ruling will ensure internet companies make the legal necessities more accessible, otherwise they might be facing the same swinging GDPR stick as Google has done here.

For those who are finding the NOYB acronym slightly familiar it might be because the non-profit recently filed complaints against eight of the internet giants, including Google subsidiary YouTube. These complaints focus on ‘right to access’ clauses in GDPR, with none of the parties responding to requests with enough information on how data is sourced, how long it would be retained for or how it has been used.

As GDPR is still a relatively new set of regulations for the courts to ponder, the complaints from NOYB and LQDN were filed almost simultaneously as the new rules came into force, this case gives some insight into how sharp the CNIL’s teeth are. €50 million might not be a monstrous amount for Google, but this is only a single ruling. There are more complaints in the pipeline meaning the next couple of months could prove to be very expensive for the Silicon Valley slicker.

Facebook hit with Italian fine as share buy-back ramps up

The Italian watchdog is the latest to slap a fine on Facebook for misleading and abusing consumer confidence.

The Autorità Garante della Concorrenza e del Mercato (AGCM) has imposed a €10 million fine on Facebook after a lengthy investigation which begin in April. The watchdog has come to the conclusion the social media giant has violated articles 21 and 22 of the Consumer Code, misleading the consumer on how data would be collected, what information would be sourced and the commercial purpose.

To rub salt into the wounds, the AGCM also believes articles 24 and 25 of the Consumer Code were also ignored. These violations are a bit more nefarious as the AGCM has stated Facebook implemented an aggressive practice as it “exerts undue influence on registered consumers, who suffer, without express and prior consent”. A rather devilish picture is being painted by the Italian watchdog, with Facebook portrayed as the antagonist of a fair and transparent society.

For Facebook, this is simply another example of a government turning against it. It wasn’t that long-ago Facebook was a business every government wanted to get into the good books of and a brand which was admired by the majority of consumers. The Cambridge Analytica scandal has sent the reputation of the social media giant into freefall, pulling back the curtain on the terrifying complexities of the data economy. The difference between how the machine functions and how these billionaires have educated the masses who provide the fuel is quite staggering.

Despite the world turning against Facebook, it seems the management team is embracing the phrase ‘no such thing as bad publicity’.

Last week, an 8-K filing was made by David Kling, Facebook’s General Counsel and Secretary, to the Security and Exchange Commission, which authorises an additional $9 billion in the share buy-back scheme which commenced in 2017. This is the second time the management team has bolstered the chest, taking advantage of a decline in share price to seemingly take back more control of the business from investors.

Facebook Shareprice

As you can see from the image above (courtesy of Google Finance), Facebook share price has fallen by almost 37% since the summer, as the fallout of the Cambridge Analytica continues to scare investors. The management team clearly believe Facebook shares are being undervalued by the market, pumping cash into the share buy-back scheme perhaps to dilute the influence external shareholders can have on the business.

There are of course numerous reasons a company would repurchase shares. It might believe there is simply too much exposure on the market, it might be trying to reduce the influence on the business from external factors or it might not know what else to do with the free cash which it has available.

With Facebook increasingly coming under scrutiny by regulators and governments, it makes sense the management team want fewer shares on the exchanges. This minimises the damage which can be struck by negative press and unfavourable regulations, but also reduces the scrutiny which can be placed on decisions and future strategies. The management team have been under pressure recently for, what the market believes are, poor growth prospects.

However, there is a downside. Sometimes investors might consider the ramping up of a share buy-back scheme as a lack of ideas from the firm. Firstly, it is trying to protect itself for future earning calls, and secondly, it perhaps indicates the business does not know what to do with free cash, of which Facebook has a lot of.

Facebook has not been an innovative company for some years now. Most of the ‘new’ products and services introduced by the team are reinventions of something which already exists with the Facebook brand slapped on (marketplace, enterprise communications etc.), or are a blatant rip-off of a competitor’s idea. The Stories feature on Facebook and Instagram is clearly an imitation of the My Story feature on Snapchat. Some believe share buy-back programmes are evidence a firm has run out of new ideas.

Facebook is increasingly coming under pressure from consumers, governments, regulators and investors, though little is being done to reverse this trend. Posters have been displayed across the major cities promising the consumer it does care, and while executives have been meeting with governments, the answers being provided are increasingly unsatisfactory. The release of 250 Facebook emails and memos by the UK government has shed further light on the deception, though the response has been on par with Facebook’s form.

It’s almost like Zuckerberg and his cronies don’t care anymore. Instagram seems to be offsetting (at least partially) the decline in engagement on the Facebook platform, so there are still prospects to participate in the digital economy. The image of the company which is being created right now is one of arrogance. Facebook seems to think it is untouchable, and perhaps €10 million fine demonstrates it is.

How long will it take Mark to pay off this fine? Is Facebook actually going to be held accountable for wrong-doing?

Uber feels sharp(ish) end of Dutch and British stick

Following a data breach which exposed personal information of roughly three million European customers, Uber has been fined over £900,000 by Dutch and British authorities.

£900,000 does sound like a lot of cash, but let’s just put it into perspective for the moment. In the Netherlands, details of 174,000 customers and drivers were hacked, resulting in a €600,000 (roughly £532,000) fine, while the punishment for leaking details of 2.7 million customers and drivers in the UK was £385,000. In the US, where the exposure was admittedly significantly higher, Uber had to fork out $148 million. The numbers aren’t exactly consistent.

Uber should certainly consider itself lucky the incident occurred prior to the implementation of GDPR, though the fines simply demonstrate how important the new rules are in enforcing data protection requirements. Under today’s rules, Uber could have potentially been fined 3% of global annual turnover, and we suspect the fact it tried to cover up the incident meant it would have been held fully accountable.

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” said Information Commissioner’s Office Director of Investigations, Steve Eckersley. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.

“Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber-attack. Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

While many found the implementation of GDPR a nightmare, this is an incident which demonstrates why new data protection rules were completely necessary. In our opinion, Uber got off lightly considering the severity of the breach and subsequent efforts to cover up the hack with ‘hush-money’.

Once the breach was discovered, Uber tried to sweep the incident under the rug. Instead of reporting the breach to authorities, customers and drivers, $100,000 was paid to the hacker, with the promise the data would be deleted, it was downloaded from a cloud-based storage system operated by Uber’s US parent company, and the hacker would keep quiet. As with all of these incidents, the truth eventually emerged. Here, it took a full year.

In both the Dutch data protection authority’s and the ICO’s investigations it was found the breach could have been avoiding if basic and appropriate data protection protocols were followed. Under GDPR, Uber is obliged to inform the relevant data protection authorities within 72 hours of discovery, which can mean fines can be avoided. If a company co-operates and is able to demonstrate it has put in place acceptable protections, authorities will not punish in the strictest of terms.

This is an aspect of GDPR which we like. Rule makers have accepted there is no such thing as 100% secure, and has created a framework which has in-built sympathy for those cases which cannot be avoided. As long as a company is proactive and honest, authorities are willing to work alongside industry to make customers and employees more secure.

This is not an example of this perfect scenario however. Uber acted completely irresponsibly and is incredibly fortunate the incident occurred during a time when data protection rules and punishments were woefully outdated. The whole incident does leave two questions remaining however…

Firstly, how many more incidents have there been which have been swept under the carpet, as we can almost guarantee there will be a few, and secondly, will the EU hold the guilty parties fully accountable to GDPR punishments? We need to know whether authorities are prepared to swing the very sharp stick GDPR hands them.

Italian watchdog bares its gums in Apple and Samsung planned obsolescence case

Italian regulator AGCM has shown its bite is particularly toothless after fining Apple and Samsung €10 million and €5 million respectively over planned obsolescence.

Following a ten-month investigation for unfair commercial practices, the watchdog found the pair guilty, though after months of barking the bite has proven to be as gummy as a 70 year-old Welwyn Garden City pensioner. For many companies the fines would be considered monstrous, but for these two, it will barely register a blip on the financials.

The statement from the AGCM reads as follows:

“As a result of two complex investigations, the AGCM has ascertained that the companies of the Apple group and of the Samsung group have realized unfair commercial practices in violation of the articles. 20, 21, 22 and 24 of the Consumer Code in relation to the release of some firmware updates of mobile phones that have caused serious malfunctions and significantly reduced performance, thereby accelerating the process of replacing them.”

In Samsung’s case, the watchdog believes the company insisted users who had purchased a Note 4 to install the new Android firmware called Marshmallow, which was designed for the Note 7, but failed to inform of serious malfunctions due to the greater stress on the device.

Apple told the owners of various models of iPhone 6 to install the new iOS 10, which was developed for the iPhone7, without informing the greater energy demands of the new operating system and the possible inconveniences, such as sudden shutdowns. To counter these issues, a new update was released without warning that its installation could reduce the speed of response and functionality of the devices.

In a second investigation of Apple, AGCM found the iLeader did not provide consumers with adequate information about some characteristics of the batteries, such as their average life and deterioration, nor the correct procedures to maintain, verify and replace the batteries to preserve the full functionality of the devices.

Just to put the fines into some perspective, it would take Apple approximately 20 minutes to pay off the €10 million fine, while Samsung would take around 16 minutes to pay off its €5 million penalty.

The issue with these fines is the severity. Apple and Samsung have failed in their responsibilities to their customers, and should be punished. However, these are monstrous companies with unthinkably large bank accounts. Fines should be proportional to the size of the company, otherwise fear will not be instilled.

Fines are supposed to act as a deterrent for any wrong-doing in the future. Considering how minor these penalties are in comparison to the annual turnover of Apple and Samsung, what is to stop them from continuing to edge along the line of right and wrong.

Unfortunately this is the current state of play. Regulators can try to protect the consumer, but until they are given the power to effectively and proportionally punish wrong-doers, nothing will change. This is not the last time Apple and Samsung will be caught doing something wrong, and it’s because they are effectively being allowed to get away with it.

 

Europe hits Google with €4.3bn fine for Android antitrust violations

Google has been handed a record €4.3 billion by the European Commission, with the bureaucrats claiming the search giant abused the dominant position of Android to bully consumers into using its search engine.

The European Commission, hereafter known as the Gaggle of Red-tapers, has given Google 90 days to end the activities, or face non-compliance payments of up to 5% of the average daily worldwide turnover of Alphabet, Google’s parent company. Google has been bundling its search engine and Chrome apps into the operating system, with the Gaggle also claiming it blocked manufacturers from creating devices that run forked versions of Android, and also making payments to manufacturers and telcos to ensure exclusivity on devices.

“Today, mobile internet makes up more than half of global internet traffic,” said Chief Competition Gaggler, Commissioner Margrethe Vestager. “It has changed the lives of millions of Europeans.

“Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine. In this way, Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere. This is illegal under EU antitrust rules.”

The three issues here are as follows:

  • Manufacturers are required to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google’s app store, which manufacturers confirmed was a ‘must have’ feature as part of the investigation
  • Payments to certain large manufacturers and mobile network operators on condition that they exclusively pre-installed the Google Search app on their devices
  • Prevented manufacturers wishing to pre-install Google apps from selling devices running on alternative versions of Android that were not approved by Google, known as Android Forks

EC Google antitrust diagram

Google will of course appeal the fine, and will likely use its own legal might to tie the Gaggle up in more red-tape than the boresome bureaucrats ever thought possible, but this is a notable decision. Not only has the European Commission come to the conclusion Android has a dominant position in the European market, some 80% of smartphone run on the OS, but it has determined Google actively sought to inhibit competition, and therefore negatively impact the experience and choice of the consumer.

One of the conclusions Google has found issue with is the competition between Android and Apple’s iOS. The Gaggle has decided the two are not competing with each other, due to the fact Apple devices are not tailored towards the low-end of the market, therefore Android maintains a monopoly over poorer demographics and regions. The Gaggle also notes there is a ‘cost’ to switching to iOS, including loss of data, contacts, and having to learn how to use a new OS, which counts against the search giant. Google disagrees with this point, even quoting the Gaggle’s own research that suggests 89% of respondents believe the two OS’ compete.

Another important aspect to note is the openness of Android. This is an additional bugbear of the Gaggle, pointing towards the limited opensource nature of the OS as a negative, though Google contends this point. Should Android be make more open to developers and users, the fragmentation in the ecosystem could be boggling. Google argue it needs to maintain control to ensure consistency and experience. This argument is less clear cut, as there are positives and negative outcomes on both sides.

“To be successful, open-source platforms have to painstakingly balance the needs of everyone that uses them. History shows that without rules around baseline compatibility, open-source platforms fragment, which hurts users, developers and phone makers,” Google CEO Sundar Pichai said in a blog post. “Android’s compatibility rules avoid this, and help make it an attractive long-term proposition for everyone.”

Overall, this is of course not a new argument. The European Commission found fault with Microsoft bundling Internet Explorer with its Window OS in years gone, while Google has constantly been under the microscope in Belgium. The Gaggle does not seem comfortable with the idea of relaying revenues to other aspects of the ecosystem, a business model which is becoming more common in the digital era.

For a service to be free, there has to be a value exchange. As it stands, device manufacturers get an Android licence for free under the condition Google products are set as default. Google spends an unknown amount every year to ensure Android is the best OS on the market, and monetizes the experience through its search engine. Should it be proven Google is operating illegally, the practise should be adjusted, but we would argue there would be detrimental impact to the consumer should it be stopped completely.

The only other alternative is to charge the device manufacturers for the right to use Android. We suspect this will never happen, but we have no doubt this expense would be passed onto the consumer, who will probably end up using Google anyway as the search engine is arguably the best on the market.

The payments to manufacturers and telcos is not the most above-board business we’ve ever come across, and perhaps preventing the development of Forks is suspect, though this point is much more nuanced; Google is rightly claiming fragmentation of the OS and applications would impact experience. That said, we don’t have too much of an issue with the conditional bundling of other services with the Play Store and Android OS; Google has to make money after all; it doesn’t offer software as a charity.

The European Commission will continue to argue the dominant position of Google will impact innovation, though the Google party line can be summed up pretty simply; its helping develop the ecosystem:

“The free distribution of the Android platform, and of Google’s suite of applications, is not only efficient for phone makers and operators – it’s of huge benefit for developers and consumers,” said Pichai. “If phone makers and mobile network operators couldn’t include our apps on their wide range of devices, it would upset the balance of the Android ecosystem. So far, the Android business model has meant that we haven’t had to charge phone makers for our technology, or depend on a tightly controlled distribution model.”

The outcome of this saga is unlikely to be known for months. Google’s lawyers will do everything possible to complicate the situation, lobbyists will be charged and the PR machine will start cranking, but there is the potential to have a very fundamental impact on the industry. Will Google bow to demands and lose its grip on search? Could it start charging a license fee Android? Or might it just say screw everyone else and keep Android exclusively for its own Pixel devices in Apple-esque style?

Apple faces Korea fine for abusing telco neediness

Korea’s Fair Trade Commission has said it has launched an investigation into whether Apple is abusing its market position in the market, overcharging customers and exploiting the tired telcos.

According to the Korean Times, the investigation could take up to two months and other local sources has said the fine could exceed 100 trillion won, approximately $93 million. Should Koreans find the iLeader guilty, it could make for worrying precedent for a company which has a strangle hold on its ecosystem and go-to-market strategy.

This is not the first time Apple has been under the microscope in Korea for the way it deals with telcos. The first iPhone was sold in Korea in 2009, and since that point there have been numerous claims of unfair practises, such as shifting advertising costs to the telcos or dictating how the products should be sold.

It should not be viewed as uncommon for a brand to get involved with how a product is displayed in store or through advertising, especially for Apple which is heavily reliant on the brand and consumer loyalty for the incredible sales, however should the Korean FTC unveil any dodgy conditions or criteria, there might be a bit of trouble. One of the areas which will also be included in the investigation is the pricing of the handsets themselves.

Consumers in Korea have been forced to pay 200,000 won (roughly $187) more than those in Japan and the US, which might be an issue if Apple is found to be too heavily involved. Should domestic and local telcos/outlets decide the Koreans should pay more, the FTC could say nothing as this is simply local market forces. If Apple is forcing the price up, this treated as abusing a dominant market position and unfairly exploiting the consumer.

Apple is a company which likes to maintain a level of control over its products. This is part of the reason the brand is so strong and reliable; it has a specific message and image which is communicated very consistently throughout the world. Should Korean authorities look to drive a wedge in-between Apple and the telcos because of unfair practises, the control over how the brand is presented and communicated would loosen. This would certainly be a worrying development for the iChief which has almost cult-like control over its legions of iFollowers; variances in the brand would weaken the marionette strings.

This is of course not the first time Apple has faced criticism over unfair practises. In 2013, Taiwan fined Apple for controlling prices and in 2016 France dished out a €48.5 million fine for forcing telcos to pay for advertising. It did an effective job of damage limitation there, and will be looking to do the same here.

Google fined for search engine bias in India, but probably doesn’t care

Google has been fined roughly $21 million by the Competition Commission of India (CCI) for search engine bias; on most recent financial results, it would take Google around 90 minutes to work off the fine.

The investigation into Google initially began in 2012, following a complaint from dating website  Matrimony.com and social justice group Consumer Unity & Trust Society. The investigation ruled that Google abused its dominant market position around the design of Search Engine Result Page, with the team favouring commercial relationships.

“The CCI in its order noted that the allegations against Google in respect of search results essentially centred around design of Search Engine Result Page (SERP),” the CCI said in a statement.

“Exhibiting a self-imposed regulatory forbearance from scrutinizing product designs in ascertaining anti-trust violations, CCI noted in its order that product design is an important and integral dimension of competition, undue intervention in designs of SERP can affect legitimate product improvements.

“CCI further observed in its order that Google, being the gateway to the internet for a vast majority of internet users due to its dominance in the online web search market, is under an obligation to discharge its special responsibility.”

This is of course not the first time Google has found itself on the wrong side of right when it comes to antitrust watchdogs. Back in June it was fined €2.42 billion by the European Commission for bias on its comparison shopping service, Android got put in the naughty corner by authorities in Turkey in March, while it has also been under investigation in South Korea. These are only a couple of examples; Google is no stranger to the courtroom.

While action from the regulatory authorities is a positive sign, the time it took to make this decision and the amount which Google is being fined are the issue.

Firstly, five years to come to a decision is way too long. During this time Google would most likely have carried on with (now found) dodgy activities, profiting considerably off them. Google is an incredibly profitable machine and would have made hundreds of millions, if not billions, across this period. If a business practise is wrong it needs to be identified and stopped quickly. Five years is abysmal.

Secondly, the fine; it is nowhere near high enough. As mentioned before, using a crude calculation based on the total revenues brought in over the last quarter ($32.323 billion) it would take Google approximately 90 minutes to pay off the fine. If authorities want to be taken seriously they need to impose fines which are taken seriously by the guilty. $21 million is nothing to Google and is hardly going to be considered a deterrent. Right now, the CCI is looking like a very toothless watchdog.

Europe slaps Qualcomm with €1 billion fine for abusing dominance in LTE basebands

Mobile chip giant Qualcomm has been fined yet again for abusing its dominant market position, this time by the European Commission.

The precise amount of the fine is €997 million, but what’s €3 million between friends? As we have come to expect from the EC, this decision took 2.5 years to make. The investigation opened in July 2015, then escalated at the end of that year. An intriguing twist to this decision is the EC’s finding that Qualcomm directly bribed Apple, with which it is currently involved in bitter litigation, to stay loyal.

“Qualcomm illegally shut out rivals from the market for LTE baseband chipsets for over five years, thereby cementing its market dominance,” said Commissioner Margrethe Vestager. “Qualcomm paid billions of US dollars to a key customer, Apple, so that it would not buy from rivals. These payments were not just reductions in price – they were made on the condition that Apple would exclusively use Qualcomm’s baseband chipsets in all its iPhones and iPads.

“This meant that no rival could effectively challenge Qualcomm in this market, no matter how good their products were. Qualcomm’s behaviour denied consumers and other companies more choice and innovation – and this in a sector with a huge demand and potential for innovative technologies. This is illegal under EU antitrust rules and why we have taken today’s decision.”

Maybe all the aggro between Qualcomm and Apple came about because Qualcomm stopped paying up. Who knows? Qualcomm has been quick to issue a public response, referring to the Apple things as “…an expired agreement between Qualcomm and Apple, which was in effect from 2011 through 2016, for the pricing of modem chips.” The litigation between the two companies kicked off in January 2017.

Qualcomm will, of course, appeal. “We are confident this agreement did not violate EU competition rules or adversely affect market competition or European consumers,” said Don Rosenberg, Qualcomm General Counsel. “We have a strong case for judicial review and we will immediately commence that process.”

The other thing Qualcomm was keen to stress is that this has nothing to do with its licensing business, which is what Apple is objecting to, and has no impact on ongoing operations. That may be true but it’s hard to ignore the constant stream of negative judgements being made about Qualcomm’s business practices around the world. Investors don’t seem too bothered, with Qualcomm shares only down a percentage point on the news.