Lobbying on the up as Silicon Valley feels the regulatory squeeze

The internet giants have started filing their lobbying reports with the Center for Responsive Politics with records being shattered all over the place.

Each quarter US companies are legally required to disclose to Congress how much has been spend on political lobbying. Although the figures we are about to discuss are only for the US market, international players will certainly spend substantially more, it gives a good idea of the pressure which the internet players are facing. Governments are attempting to exert more control and Silicon Valley doesn’t like it.

Looking at the filings, having spent $4.9 million in the final three months, Google managed to total $21.2 million across the whole of 2018, a new high for the firm. This compares to $18.3 million spent across 2017.

Facebook is another which saw its lobby bill increase. In its latest filing, Facebook reported just over $3 million for Q4, and totalled almost $13 million across the year. In the Facebook case it should hardly be surprising to see a massive leap considering the scale and the depth of the Cambridge Analytica scandal which it has not been able to shake off.

More filings will be due over the next couple of days, the deadline for the fourth quarter period was January 22, though the database search tool is awful. What is worth noting is this is set to be the biggest year for internet lobby spend, however it is still nothing compared to the vast swathes which are spend elsewhere.

Lobby tableIn total, the internet industry might have spent a whopping $68.7 million on lobbying Washington over 2017 (2018 data is still not complete), but that is nothing compared to more mature industries. The Oil and Gas segment spent $126 million, while Insurance pumped $162 million into the lobbyists pockets, but the winner by a long was the pharmaceutical industry spending an eye-watering $279 million on lobbyists across the year (see image for full list).

As you can see, the ceiling has been set very high for lobbying and it will almost certainly increase over the next couple of years. All around the world governments and regulators are attempting to exert more control over the internet industry, and while the lobbying process isn’t necessarily attempting to block these new rules, the aim will be to get the best deal possible.

In comparison to other industries, the internet specifically and technology on the whole is relatively new. You have to take into account the internet as a mass market tool is only in its teen years and is demonstrating the same rebellious tendencies as young adults do. New ideas are being explored and boundaries are being pushed; with some breakthroughs rules do not exist, while the emergence of new business models means companies fall into the grey areas of regulation. The internet has been operating relatively untethered over the last few years, though this is changing.

2018 was a year where it all started to hit home. Countless data breaches demonstrated the digital world is one where security has not been nailed, while data privacy scandals have shown how dated some regulations are. It doesn’t help that Silicon Valley seems to operate behind a curtain which only the privileged few are allowed to peak behind, but even if this barrier was thrown open, only a small percentage of the world would actually understand what was going on or how to regulate it effectively.

GDPR was a step in the right direction in handing control of personal information back to the user, but this only applies to European citizens. Other countries, such as India, are learning from these regulations with the ambition of creating their own, but it is still very early days. The rules and regulations of the digital economy are being shaped and the internet giants will certainly want to influence proceedings to ensure they can still continue to hoover up profits in the manner which they have become accustomed to.

Looking at where money has been spent, data privacy and security concerns is a common theme with all the internet players who want to protect their standing in the sharing economy, though mobile location privacy issues is another shared concern. With data getting cheaper, more people will be connected all the time, opening the door for more location-based services and data collection. This could be big business for the internet giants, though it has been targeted by privacy advocates looking to curb the influence of Silicon Valley. Other issues have included tax reforms, antitrust and artificial intelligence.

So yes, a remarkable amount of cash is being spent by the likes of Google and Facebook at the moment, but this will only grow in time as regulators and legislators become more familiar with the business of the internet and, more importantly, how to govern it.

Nerves jangle as Aussies delay TPG/Vodafone merger decision

The Australian regulator has pushed back the deadline for its decision on whether Vodafone Australia and TPG can move forward with the proposed £8.2 billion merger.

While this far from a definite sign the merger will be blocked by the watchdog, the longer the evaluation process goes on for, the stronger the feelings of apprehension will get. If the Aussies were happy with the plans to create a convergence player, they would have said so, but perhaps the regulator is just making sure it effectively does its due diligence.

The tie up between the pair is supposed to be an effort to capitalise on convergence bounties and reinvigorate the competitive edge of the business. That said, last month the Australian Competition and Consumer Commission (ACCC) weighed into the equation raising concerns a merger would de-incentivise the market to offer low-cost services.

According to Reuters, the ACCC has extended its own self-imposed deadline to evaluate the merger by two weeks to April 11. If the watchdog cannot build a case to deny the merger by that point it probably never will be able to, but you have to wonder whether the additional time is being used to validate its position of opposition.

All regulators are supposed to take a balanced and impartial position when assessing these transactions, though its negative opinion last month suggests the agency is looking for a reason to deny as opposed to evaluating what information is on the table. Giving itself an extra couple of weeks will only compound this theory in the mind of sceptics.

To be even handed though, the consolidation argument is perfectly logical and completely absurd depending on who you are. There are benefits and negatives on both sides of the equation, irrelevant as to how passionately supporters and detractors preach to you. For all the arguments and evidence which are presented, a bucket-full of salt will probably be required.

France fines Google for being vague

The French regulator has swung the GDPR stick for the first time and landed it firmly on Google’s rump, costing the firm €50 million for transparency and consent violations.

The National Data Protection Commission (CNIL) has been investigating the search engine giant since May when None Of Your Business (NOYB) and La Quadrature du Net (LQDN) filed complaints suggesting GDPR violations. The claims specifically suggested Google was not providing adequate information to the user on how data would be used or retained for, while also suggesting Google made the process to find more information unnecessarily complex.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the CNIL said in a statement.

“But the processing operations are particularly massive and intrusive because of the number of services offered (about twenty), the amount and the nature of the data processed and combined. The restricted committee observes in particular that the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes.”

This seems to be the most prominent issue raised by the CNIL. Google was being too vague when obtaining consent in the first instance, but when digging deeper the rabbit hole become too complicated.

Information on data processing purposes, the data storage periods or the categories of personal data used for the ad personalization were spread across several pages or documents. It has been deemed too complicated for any reasonable member of the general public to make sense of and therefore a violation of GDPR.

When first obtaining consent, Google did not offer enough clarity on how data would be used, therefore was without legal grounding to offer personalised ads. Secondly, the firm then wove too vexing a maze of red-tape for those who wanted to understand the implications further.

It’ll now be interesting to see how many other firms are brought to the chopping block. Terms of Service have been over-complicated documents for a long-time now, with the excessive jargon almost becoming best practise in the industry. Perhaps this ruling will ensure internet companies make the legal necessities more accessible, otherwise they might be facing the same swinging GDPR stick as Google has done here.

For those who are finding the NOYB acronym slightly familiar it might be because the non-profit recently filed complaints against eight of the internet giants, including Google subsidiary YouTube. These complaints focus on ‘right to access’ clauses in GDPR, with none of the parties responding to requests with enough information on how data is sourced, how long it would be retained for or how it has been used.

As GDPR is still a relatively new set of regulations for the courts to ponder, the complaints from NOYB and LQDN were filed almost simultaneously as the new rules came into force, this case gives some insight into how sharp the CNIL’s teeth are. €50 million might not be a monstrous amount for Google, but this is only a single ruling. There are more complaints in the pipeline meaning the next couple of months could prove to be very expensive for the Silicon Valley slicker.

Privacy champion Max Schrems is back with another lawsuit

The man who is largely credited with the downfall of Safe Harbour has re-emerged from the shadows to take eight of the internet giants to court over GDPR violations.

As user privacy increasingly seems to be an alien concept to Silicon Valley and the other internet players, Austrian data privacy champion Max Schrems has jumped into the limelight once again. This time he is challenged eight internet companies and their data privacy practices, suggesting they are violating Europe’s General Data Protection Regulation (GDPR).

Through a filing with the Austrian Data Protection Authority, by Schrem’s non-profit NOYB, the complaints focus on the ‘right to access’ enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights. Amazon, Apple, DAZN, Filmmit, Netflix, Sound Cloud, Spotify and YouTube are on the receiving end of the lawsuit, with the potential penalties ranging from €20 million through to €8 billion.

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” said Schrems. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

GDPR is supposed to hand control of personal data back to said individual. Its aim is to hold the digital society accountable to their actions and provide a certain level of justification for holding onto, and potentially monetizing, an individual’s personal information. Several clauses are also aimed at transparency to ensure the user is fully informed, or at least offering the user the opportunity to be, about how these software and services providers commercialise data.

In addition to what raw data is being stored, individuals do now also have the right to know where this data was sourced, the recipients and also the purpose. This is where a few of the complaints are focusing specifically, as this is the information which was absent from some of the responses.

If privacy is an alien concept, then transparency is a dirty, inconceivable word to the internet players. It seems former habits have been hard to shake.

NOYB Snip

As you can see from the table above, Schrems has tested out how some of the internet players have reacted to the introduction of GDPR. Progress has been made, except in the case of Sound Cloud and DAZN, but that is irrelevant. The introduction of GDPR on May 25 2018 was not the starting line to gradually move yourself through to compliance, day one was a hard introduction of the rules. There are some circumstances where companies can avoid penalties, but these are scenarios where non-compliance would be seen as out of the control of the company, or best efforts have been made.

This is where these firms might find themselves in a bit of hot water. An automated response which offers up some information but not all which is required through the new regulation should not be considered good enough. The pair ignoring the requests completely should be very worried about the repercussions. And finally, the Austrian regulator will also have to decide whether four weeks is an appropriate response time or too long. None of these firms are in a safe place right now.

Another interesting aspect will be the readability of the data. In the complaint, Schrems notes the raw data was provided in what would be considered cryptic form for the general public. Users would not be able to read the data therefore it is not being made accessible by the company. Whether this is taken as a violation of GDPR remains to be seen, though Austria could set precedent.

Many of the internet giants have resisted the calls from data privacy advocates and governments around the world, but GDPR is supposed to be a stick to keep the segment in line. These are companies which will want to avoid giving too many details away as the power and depth of the data sharing economy has the potential to spook large swathes of the general public. Too much light shed on data processing and exchanging practices would also offer more ammunition to the blood-thirsty politicians, many of whom are on a PR crusade to make heads roll.

Ultimately this will give us a good indication as to how sharp European regulators’ teeth actually are. In passing GDPR, the European Commission has offered a stick to the pro-privacy regulators, but how hard they swing it remains to be seen. The dreaded ‘up to’ phrase is present when looking at potential fines, so let’s see whether these regulations have the stones to dish out appropriate punishments.

Huawei facing US trade secret theft indictment and ZTE-style ban

The US Department of Justice is rumoured to be pursuing charges relating to trade secrets theft against Huawei, while four politicians have tabled a bill for a ban similar to what ZTE faced last year.

Leaving the Department of Justice for the moment, a bi-partisan collection of politicians have tabled the so-called ‘Telecommunications Denial Order Enforcement Act’, a proposed bill which would compel the White House to ban Huawei from using US components and IP within its supply chain. The ban would be the same punishment ZTE faced early last year.

“Huawei and ZTE are two sides of the same coin,” said Democratic Senator Chris Van Hollen. “Both companies have repeatedly violated US laws, represent a significant risk to American national security interests, and need to be held accountable. Moving forward, we must combat China’s theft of advanced US technology and their brazen violation of US law.”

Aside from Van Hollen, Republican Senator Tom Cotton, as well as Representatives Mike Gallagher (Republican) and Ruben Gallego (Democrat) are also supporting the proposed bill. This should hardly come as a surprise as the ZTE ban was imposed for violating the exact same trade sanctions which Huawei has allegedly ignored.

The saga surrounding the ZTE ban was short-lived, incredibly volatile and almost fatal. After being found violating trade sanctions, US Department of Commerce’s Bureau of Industry and Security (BIS) imposed a denial of export privileges order against the firm, denying it access to any US suppliers. President Trump stepped in to save the firm, which looked doomed as a result of the ban, before Congress blocked his efforts. Eventually a resolution was reached, though ZTE has been skating on thin ice since.

If precedent is anything to go by, Huawei should face the same punishment should it be found guilty of the same activities. Last month, Huawei CFO Meng Wanzhou was arrested in Canada, accused of violating the same trade sanctions with Iran using a suspect firm known as Skycom. Meng has been released on bail and awaits trial, though it appears the four politicians are already presuming guilt. Or maybe they are just being prepared.

Perhaps this is a sign the politicians do not believe President Trump is committed to precedent and appropriate action. The actions against ZTE smelt suspiciously like one of Trump’s strategic moves in the on-going trade war with China, though perhaps he did not realise he would have to do the same 12 months later, potentially antagonising the Chinese government with a move which is not in the grand plan.

The politicians might be tabling this bill to make sure Trump can’t find a reason not to ban Huawei. Following the arrest, Trump seemed to suggest in an interview with Reuters that he would be willing to make the Canadian charges go away if it would help him the US in its dispute with China.

“If I think it’s good for the country, if I think it’s good for what will be certainly the largest trade deal ever made – which is a very important thing – what’s good for national security – I would certainly intervene if I thought it was necessary,” Trump stated.

Not only does this completely undermine the standing of the Canadian judicial system, but also suggests Trump is willing to bend (or break) rules to bring the Chinese government to its knees. Perhaps Congress does need to be proactive to make sure the President follows the rules, taking appropriate action instead of whatever ludicrous idea floats in the breadth between his ears.

What is worth noting is the stance of Huawei executives. Clearly, they do not agree with anything which is going on, but both Rotating Chairman Guo Ping and Rotating CEO Ken Hu put across messages stating the resilience of the business. Ping and Hu suggested a ban would not impact the Huawei supply chain in the same manner as it did ZTE.

Heading back to the Department of Justice, the Wall Street Journal has reported the agency is pursing charges against Huawei concerning theft of trade secrets.

An indictment should be heading over to the Huawei offices in the near future, focusing on allegations the firm stole robotic mobile-testing technology from T-Mobile. The technology, known as Tappy, mimics human fingers and is used to test smartphones. A civil case between T-Mobile and Huawei over the technology was filed in 2014, though after a criminal investigation the Department of Justice feels it is appropriate to step in and raise criminal charges.

This case is a separate concern from all the other chaos which has surrounded the firm in recent months, though it will be just as concerning as the punishments can be incredibly severe.

The primary federal law that prohibits trade secret theft is the Economic Espionage Act of 1996, which allows the US the U.S. Attorney General to prosecute a person, organization, or company that intentionally steals, copies, or receives trade secrets. If the case if brought against an individual, the punishment could be as much as 10 years in prison or a $500,000 fine. However, we suspect the government would want to punish the firm not an individual, as Huawei would simply claim that person did not represent the company culture, in-line with White House aggression against China.

If a conviction is made against a company the fine can be increased to $5 million. However, if the Attorney General can prove the theft was made on behalf of a foreign government, this would be considered the silver bullet for the White House, corporate fines can be doubled, imprisonment could be 15 years and proceeds derived from the theft can be seized.

In short, Huawei has found itself in another uncomfortable position in the US. It does not appear 2019 is going to be any better than 2018 on the US side of the pond for Huawei.

Apple draws level with Qualcomm after Germany win

A German court has dismissed Qualcomm’s efforts to block iPhone sales in the country as ‘groundless’ as Apple hit back in the on-going global patent dispute.

According to Reuters, the regional court in the city of Mannheim threw out the case stating the patent in question was not violated by Apple’s installation of Qualcomm chips in its smartphones. Qualcomm has already said it will appeal the decision, as the pair trade blows in various courts throughout across the world.

This case focuses on the use of Intel-chips in certain Apple devices, with Qualcomm suggesting one of its patents had been infringed. The patent in question relates to power management.

Back in September, Qualcomm effectively accused Apple of corporate espionage, questioning how the gulf in performance when measuring its own chips against Intel’s could have been bridged so quickly. However, this argument clearly wasn’t enough to convince the Mannheim judge of wrong-doing.

Having already secured an order to block the sale of certain iPhones through a ruling in Munich, as well as a similar decision in China, Apple needed a win to halt the Qualcomm momentum. The pair have been trading blows over patents and royalties for years now, though the on-going case in the US could prove to be the most significant battle of the dispute.

The chipmaker is currently facing a FTC antitrust investigation, which has escalated to trial, currently being heard in the US District Court in San Jose, California. As you can imagine, Apple, Intel and various others have been playing the part of very proactive cheerleaders, urging on the FTC from the side-lines.

This trial has now concluded for the sixth day, with the FTC calling various witnesses from tech companies such as Apple, Samsung and Ericsson, as well as IP experts from consultancies and universities. The aim is to prove Qualcomm is effectively a monopoly, abusing this prominent position through excessive royalty payments and unreasonable licensing agreements for years.

With the FTC now taking a seat, the next couple of days will see the Qualcomm lawyers preach their case. Here, the team will aim to prove the royalty payments are justified, such is leadership position Qualcomm has worked up in the segment, and the licensing arrangement is the most beneficial and simplistic way to do business. The Qualcomm lawyers are certainly well practised in the art of arguing against antitrust accusations, so it will be interesting to see which way this trial heads.

While the win in Germany is certainly a positive for Apple, which has been on the losing side of a few of the recent skirmishes, the FTC trial is the big one for both parties.

Judge says no to police forcing phone unlocks with face

A judge in the District Court for the Northern District of California has denied the police a warrant which would force suspects to open their phones through biometric authentication.

While it might seem like somewhat of an unusual scenario, we’re sure many of you are imagining a man pinned to the ground with a phone being waved in his face, it is important to set precedent in these matters. Just as law enforcement agencies cannot be granted a warrant forcing an individual to hand over his/her password, suspects or criminals cannot be forced to open devices through the biometric sensors according to the ruling.

The case itself focuses on two individuals, who are suspected of attempting to extort money from a third person through Facebook Messenger. The pair are threatening to release an embarrassing video of the third person should the funds not be transferred.

Northern California Federal District Judge Kandis Westmore ruled the authorities did not have probable cause for the warrant, perhaps due to the reason said messages and threats could be read through the third persons account, and the request was too broad. This is another example of authorities over reaching and not being specific, leaving too much room for potential abuse.

While this case might sound odd, the world should be prepared for more such rulings in the future.

“The challenge facing the courts is that technology is far outpacing the law,” the ruling from Judge Westmore states. “In recognition of this reality, the United States Supreme Court recently instructed courts to adopt rules that ‘take account of more sophisticated systems that are already in use or in development’.

“Courts have an obligation to safeguard constitutional rights and cannot permit those rights to be diminished due to the advancement of technology.”

In short, the rules and regulations of the land are not in fitting with today’s technology and society, but this does not mean law enforcement authorities can take advantage of the grey areas. This is perhaps an obvious statement to make, but it does hammer home the need for reform to ensure rules and regulations are contextually relevant.

While progress has been slow, there have been a few breakthroughs for privacy advocates in recent months. Last June, the US Supreme Court ruled in Carpenter versus US case that the collection of mobile location data on individuals without a warrant was a violation of data privacy and the Fourth Amendment of the US constitution.

The issue which many courts are facing is precedent. Lawyers are arguing for certain cases and warrants using precedent which is from another era. Theoretically, these rules can be applied, but when you consider the drastic and fundamental changes which have occurred in the communications world, you have to wonder whether anything from previous decades is relevant anymore.

As Judge Westmore points out, technology is vastly outpacing the pace of change in public sector institutions. This presents a massive risk of abuse, but slowing innovation is not a reasonable option. A tricky catch-22.

58% of UK business can’t detect IoT security breach – study

Digital security vendor Gemalto claims the IoT euphoria might be hitting the UK before its ready, as research shows 58% of businesses are not able to detect a breach.

First and foremost, we need to put a disclaimer on this report. Gemalto is a security company and is thus incentivised do its best scaremongering to drive revenues. The more scared companies are about potential data breaches, and the punishments which follow the incidents, the more likely they are to buy security software. Making the world a big, bad, horrible place is an effective marketing strategy for security vendors.

That said, considering the lax approach most of the industry takes towards security and data protection, we suspect many of the statistics being discussed are pretty accurate.

“The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices,” said Jason Hart, CTO of Data Protection at Gemalto. “At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.”

The most shocking figure from the report is the 42% of UK companies who are capable of detecting an IoT breach, with only France worse off at 36%. Considering the role IoT has been touted to play over the next few years as 5G hits the streets, this is an incredibly worrying statistic.

While spending on IoT security has increased from 11% of the overall IoT budget to 13%, you have to wonder what direction this money is heading. Perhaps even more concerning for those companies involved, is that 90% of them accept this will be a major buying motivator for customers. At least they are aware that security can have a direct impact on the revenues of the business now, a concept which has taken years to hammer home.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Hart. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

IoT is set to be one of the biggest winner of the 5G bonanza, while the segment is also predicted to be the major catalyst of 6G. If predictions are anywhere near accurate, 5G networks will soon not be able to cope with the strain of IoT, driving the case for 6G due to the sheer number of ‘things’ connected to the network.

Looking at the predictions, IDC believes the IoT market will grow to be worth more than $1.2 trillion by 2022, with consumer devices expected to account for the largest share at 19%. Ericsson has forecasted the number of cellular IoT connections to reach 3.5 billion in 2023, increasing at a CAGR of 30%.

Security remains a major challenge for the industry, though the buzz around blockchain could provide a suitable means to meet the expectations of the consumer. In the absence of regulation, Gemalto notes the adoption of blockchain technologies has doubled from 9% to 19% in the last 12 months, with 23% of the respondents to this survey believe the technology would be an ideal solution to use for securing IoT devices. 91% who are not using blockchain are considering it for the future.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” said Hart.

“But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

While research like this does indicate security is becoming a more serious topic in the world of telecoms and technology, it also confirms there is a very wide gap to close. Security has long been the ugly duckling of the industry, many seemingly choosing to ignore the challenges because they are too difficult to solve, though new regulations such as GDPR has perhaps forced the issue up the agenda.

Interestingly enough, should the telcos get serious about security there would certainly be a revenue generating opportunity to capitalise on. With cyber security incidents and data breaches becoming more prominent in the news, consumers are gradually becoming more aware of the risks of the internet and the emerging digital society. While the industry has played down the risk in recent years, the incidents speak for themselves.

An excellent example of turning this scenario into a business opportunity lies with Orange, the master of the convergence strategy. Here, the team have invested heavily in cyber security capabilities and are now offering security services to customers as a bolt on to other connectivity packages. The move has proven to be a success as while it is generally becoming accepted that 100% secure is impossible nowadays, more people are willing to do something about it.

Security is a topic which has always been in and around the news, but few want to do anything proactive about it. Unfortunately, with the perimeter expanding so rapidly as IoT penetration grows, these statistics are incredibly worrying. Perhaps regulators will get the chance to swing the GDPR stick before too long after all.

US operators belatedly act to protect user location data

AT&T and Verizon announced that they will terminate all remaining commercial agreements that involve sharing customer location data, following a report exposing the country’s mobile carriers’ failure to control data sharing flow.

Jim Greer, a spokesman for AT&T, said in a standard email to media: “Last year, we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention.” Referring to the Motherboard exposé, Greer continued, “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services — even those with clear consumer benefits.”

This is similar to the position T-Mobile’s CEO John Legere adopted when responding to the criticism from the US Senator Ron Wyden (D-Ore.). Verizon also announced that the company will sever four remaining contracts to share location data with roadside assistance services. After this Version will need to get customers’ explicit agreement to share their data with these third-party assistance companies. Sprint, which was also caught out by the Motherboard report, is the only remaining nation-wide carrier that has not announced its plan on the issue.

This is all good news for the American consumers who are concerned with the safety of their private data. On the other hand, mobile operators have hardly been the worst offenders when it comes to compromising the privacy and security of customer data. Earlier, Google was exposed to have continued tracking users’ location even after the feature had been switched off, while Facebook has been mired in endless privacy controversies.

Monetising user data is only a side and most likely insignificant “value-add” business for the mobile operators, because they live on the service fees subscrbers pay. But it is the internet heavyweights’ lifeline. This may sound fatalistic but it should not surprise anyone if the Facebooks and the Googles of the world come up with more innovative measures to finance the “free” services we have benn used to.

EU Advisor tells France to forget about global ‘right to be forgotten’

The Advocate General of the European Court of Justice has given his opinion on the ‘right to be forgotten’ conflict between France and Google, and its good news for the ‘do no evilers’.

Advocate General, Maciej Szpunar, has been pondering the implications of the ‘right to be forgotten’ saga for some months now, and the opinion is relatively simple; France does not have the right to impose its own considerations on a company which operates outside its jurisdiction.

The French regulator can force Google to de-list search results on the grounds of privacy in France, and generally across the EU, though it does not have the authority to impose itself on the companies worldwide footprint. As the Advocate General notes, the repercussions of such a ruling would have too much potential to cause damage in various other scenarios.

The case is somewhat of a tricky one, as it does have implications in the contentious world of privacy/free speech/accountability. And while the European Court of Justice does not have to follow the opinion of the Advocate General, it generally does.

“This is a really important case pitting fundamental rights to privacy against freedom of expression,” said Richard Cumbley, Partner and Global Head of Technology at law firm Linklaters. “The case highlights the continuing conflict between national laws and the Internet which does not respect national boundaries.

“The opinion contains a clear recommendation that the right to remove search results from Google should not have global effect. There are a number of good reasons for this, including the risk other states would also try and supress search results on a global basis. This would seriously affect people’s right to access information.”

The case dates back to the early months of 2018, with the CNIL, France’s data protection watchdog, suggesting the search giant should have to enforce any ‘right to be forgotten’ rulings to all of its domains instead of just that of the home nation of the challenging regulator. Google, and various other free speech advocacy groups, have been suggesting France and the European Union are attempting to impose their own data privacy position on the rest of the world.

Looking at the ramifications, those of us who have more long-term considerations would certainly be thankful of Szpunar’s opinion. As Cumbley points out above, this case could be used as evidence by other nations to supress free speech or opinions which are not in-line with the political climate. Precedent is everything in the legal community, and while it hopefully does not intend to, France may be aiding more authoritarian governments in trying to impose its privacy demands on Google.

What is worth noting is that this opinion is not an official ruling from the European Court of Justice, though it does generally head in the same direction as the Advocate General.