Verified Startup Lawyer: Stephane Levy

Stephane Levy got his start in the days of Silicon Alley almost two decades ago, and built up his practice with New York startups and beyond through all the ups and downs since then.

Today, as a partner at Cooley LLP, he works with a wide range of companies, from company formation, seed and later stage rounds, all the way through to M&A transactions and IPOs. He also teaches at Cornell University Law School as an adjunct professor, on legal matters affecting emerging companies and venture capital transactions.

“We met him in the very early days, and his help on all things relating to the company, investors, corporate decisions, fundraising, and just simple strategy has been spot on. He’s always someone I can rely on to give me honest feedback that will eventually play out to be true.” Sachin Kamdar, New York City, CEO, Parsely


On the New York startup scene

“I was probably one of a handful of tech lawyers in NY, at least of my vintage, working with startups and venture funds in the early and mid 2000s, so I kind of grew up doing that stuff in New York when most of the other corporate lawyers in the city were focused on more traditional M&A, private equity, capital markets, etc.”

When a client is having a rough time

“I’m not going to drop a company just because they are going through hard times or treat them any different. It’s a mixed bag out there, and at the end of the day you’ll have some really successful companies and some that are having a tougher time, but you have to take a long view. If a company is going through a really tough time — for example, they’re having trouble raising money — them not getting any attention from their lawyer will really compound some of the issues.”

What makes startup lawyers good

“The key is to try to bring your judgment to bare and say, “Listen, there’s going to be some risk. I’m not going to advocate you do everything on my punch list of ideal things you can be doing from a legal perspective, but if you have to focus on a few things to stay out of trouble for now, these would be them.” Not every lawyer is able to give that type of guidance or has, I guess, the experience or the judgment to be able to do that, but that’s something that entrepreneurs really value.”

Sample horror story

“Let’s say three founders take a third each and they don’t impose vesting. A year later, one of the founders leaves to go get a job somewhere and doesn’t want to give a portion of the equity back. Those are potentially really significant errors that could cost the company and the founders.  I just feel bad because the reality is we’ve automated a lot of our formation processes up front such that it really doesn’t cost much for founders to get state of the art documents in place from the get go.”

Below, you’ll find the rest of the founder reviews, the full interview, and more details like pricing and fee structures. This article is part of our ongoing series covering great lawyers and other experts who founders love to work with. More details here.

Click here to register for Extra Crunch, or log in here.

Zoba raises $3 million to help mobility companies predict demand

Scooter-share, bike-share and ride-hailing are quickly becoming staple commodities in cities all over the world. As companies in those respective spaces try to improve their economics, Zoba is aiming to contribute to those goals by predicting demand for scooters, bikes and, eventually, rides in particular areas. To support Zoba’s mission, the company has raised $3 million seed round led by CRV with participation from Founder Collective, Mark Cuban and others.

Using spatial analytics, Zoba aims to better understand the relationships between different phenomena in order to improve the efficiency of cities. Mobility is Zoba’s first focus, Zoba co-founder Dan Brennan told TechCrunch. More specifically, Zoba looks to better understand the relationship between demand and environmental data (e.g. weather), as well as city layout. From there, Zoba helps mobility companies determine the best places to put their vehicles.

“The key is this type of spatial analytics and machine learning is very specific,” Brennan said. “You don’t see a lot of data scientists trained in this. What we do is say, ‘no matter what skill set of your data scientist, you can look at all this spatial and temporal stuff.’ We’ll make it like you have three really highly-trained spatial data scientists.” 

Zoba would not disclose which companies it’s working with, but just that it’s working with some of the industry leaders in bike, scooter and car share. Down the road, Zoba also envisions working with on-demand delivery companies, as well as urban logistics companies.

“The world is experiencing a Cambrian explosion of smart mobility and logistics services, all requiring geo-based forecasting and optimization,” CRV General Partner and Zoba board member Izhar Armony said in a statement. “We knew after meeting with the Zoba founders that they’re the best team to tackle this hard problem. What they’re doing will change the way we live and we’re excited for what’s to come.”

About.me acquired by mobile-first small business startup Broadly

Personal homepage startup About.me has been acquired. Again! The company, once bought by Aol for a reported $35 million, decided a couple years after the deal to go it alone, and spun About.me back out to become an independent company. Today, About.me announced it’s being acquired by the Oakland-based startup Broadly.

About.me founder and True Ventures partner Tony Conrad called the deal “definitely a meeting of the minds,” as About.me has been more recently focused on helping people and companies showcase their professional talents and skills, while Broadly creates tools that help small businesses stay connected to their customers.

Today Broadly offers web chat, text, email, online review collection, and team messaging – all in its own mobile app.

However, it’s biggest draw is its online review platform that makes it easier for happy customers to quickly leave the business a positive review on any review site, including Google, Facebook, TripAdvisor, and others.

Last September, Broadly raised $10 million in Series B funding co-led by original investor Foundry Group and new partner Calibrate Ventures. The funding was allocated towards further product development and hiring – both things which an About.me acquisition can now help to speed up. The company also last year launched its small business-focused web chat feature in its app, and snagged the #107 spot on the 2018 Inc. 500 list of fastest-growing private companies in the U.S., which cited its 2017 revenue as $4.7 million.

Terms of the About.me deal were not disclosed, but it is an all-stock acquisition we understand and one Conrad feels positive about.

In addition, the majority of About.me’s team is joining Broadly as a result of the acquisition which will bring Broadly’s total team to over 75. This includes About.me’s CEO Mindy Lauck, whose background includes time at Adobe Systems, NBC-Universal, and E*Trade Financial. She becomes Broadly’s Vice President of Product following the deal’s closure.

Conrad said he wanted to find About.me a new home with a company that was a good fit.

“It was important to the About.me leadership team to join forces with a company that had a strong go-to-market strategy and a similar level of passion for serving small business owners, who are an integral part of
keeping our economy strong and vibrant,” said Conrad. “We found that in Broadly and see the very real potential for powerful future growth as a result of this alignment,” he added.

At Broadly, Lauck will be focused on expanding the company’s existing product suite to support the full range of the small business owners’ needs – that will include About.me’s technology. The plan is to offer the About.me pages to Broadly’s small business user base going forward.

“The About.me product is another frictionless mechanism for helping small businesses promote themselves and start capturing leads, which aligns well with our mission and brand,” said Josh Melick, CEO and Co-founder of Broadly, in a statement. “More personally, we’re thrilled to welcome the About.me team to the Broadly family – we’re even stronger together,” he added.

Trump calls for 6G cellular technology, because why the heck not

We’ve been covering the battle for 5G between the U.S. and China for some time. The White House has made 5G technology a national security priority, and industry leaders have followed up that charge with additional investment in the fledgling technology.

What 5G exactly is though remains mostly a mystery. Is it new bandwidth? Edge computing? Decentralized cloud processing technology? Autonomous vehicles? Something else? I get pitched a dozen stories a day about the “5G revolution” and no one can tell me exactly what’s in it for me other than long presentations in hotel ballrooms about bandwidth (ironically, often without any cell reception).

So imagine my surprise this morning when Trump tweeted that U.S. companies need to work harder and faster on building out the tech behind 5G, but also in the process called for …. 6G technology.

I want to just say that no, 6G isn’t a thing. I have only received one PR pitch for 6G in the last few months, which said: “Waveguide over copper runs at millimeter frequencies(about30 GHz to 1 THz) and is synergistic with 5G/6G wireless. A type of vectoring is applied to effective separate the many modes that can propagate within a telephone cable.” No, not a thing.

But it could be a thing. Maybe the government is secretly pioneering the next generation of the next generation of telecom technology. Or maybe, just maybe, our president, branding expert that he is, realized that if you are going to sell 5G, you might as well inflate the number to 6G and really get people’s taste buds salivating.

No comment from cleaning supplies company Seventh Generation, but if I were them, I’d be getting worried.

JFrog acquires Shippable, adding continuous integration and delivery to its DevOps platform

JFrog, the popular DevOps startup now valued at over $1 billion after raising $165 million last October, is making a move to expand the tools and services it provides to developers on its software operations platform: it has acquired Shippable, a cloud-based continuous integration and delivery platform (CI/CD) that developers use to ship code and deliver app and microservices updates, and plans to integrate it into its Enterprise+ platform.

Terms of the deal — JFrog’s fifth acquisition — are not being disclosed, said Shlomi Ben Haim, JFrog’s co-founder and CEO, in an interview. From what I understand, though, it was in the ballpark of Shippable’s most recent valuation, which was $42.6 million back in 2014 when it raised $8 million, according to PitchBook data.  (And that was the last time it had raised money.)

Shippable employees are joining JFrog and plan to release the first integrations with Enterprise+ this coming summer, and a full integration by Q3 of this year.

Shippable, founded in 2013, made its name early on as a provider of a containerized continuous integration and delivery platform based on Docker containers, but as Kubernetes has overtaken Docker in containerized deployments, the startup had also shifted its focus beyond Docker containers.

The acquisition speaks to the consolidation that is afoot in the world of DevOps, where developers and organizations are looking for more end-to-end toolkits not just to help develop, update, and run their apps and microservices, but to provide security and more — or at least, makers of DevOps tools hope they will be, as they themselves look to grow their margins and business.

As more organizations run ever more of their opertions as apps and microservices, DevOps have risen in prominence and are offered both toolkits from standalone businesses as well as those whose infrastructure is touched and used by DevOps tools. That means a company like JFrog has an expanding pool of competitors that include not just the likes of Docker, Sonatype and GitLab, but also AWS, Google Cloud Platform and Azure and “the Red Hats of the world,” in the words of Ben Haim.

For Shippable customers, the integration will give them access to security, binary management and other enterprise development tools.

“We’re thrilled to join the JFrog family and further the vision around Liquid Software,” said Avi Cavale, founder and CEO of Shippable, in a statement. “Shippable users and customers have long enjoyed our next-generation technology, but now will have access to leading security, binary management and other high-powered enterprise tools in the end-to-end JFrog Platform. This is truly exciting, as the combined forces of JFrog and Shippable can make full DevOps automation from code to production a reality.”

On the part of JFrog, the company will be using Shippable to provide a native CI/CD tool directly within JFrog.

“Before most of our users would use Jenkins, Circle CI and other CI/CD automation tools,” Ben Haim said. “But what you are starting to see in the wider market is a gradual consolidation of CI tools into code repository.”

He emphasized that this will not mean any changes for developers who are already happy using Jenkins or other integrations: just that it will now be offering a native solution that will be offered alongside these (presumably both with easier functionality and with competitive pricing).

JFrog today has 5,000 paying customers, up from 4,500 in October, including “most of the Fortune 500,” with marquee customers including the likes of Apple and Adobe, but also banks, healthcare organizations and insurance companies — “conservative businesses,” said Ben Haim, that are also now realizing the importance of using DevOps.

Even the IAB warned adtech risks EU privacy rules

A privacy complaint targeting the behavioral advertising industry has a new piece of evidence that shows the Internet Advertising Bureau (IAB) shedding doubt on whether it’s possible to obtain informed consent from web users for the programmatic ad industry’s real-time bidding (RTB) system to broadcast their personal data.

The adtech industry functions by harvesting web users’ data, packaging individual identifiers and browsing data in bid requests that are systematically shared with third parties in order to solicit and scale advertiser bids for the user’s attention.

However a series of RTB complaints — filed last fall by Jim Killock, director of the Open Rights Group; Dr Johnny Ryan of private browser Brave; and Michael Veale, a data and policy researcher at University College London — allege this causes “wide-scale and systemic breaches” of European Union data protection rules.

So far complaints have been filed with data protection agencies in Ireland, the UK and Poland, though the intent is for the action to expand across the EU given that behavioral advertising isn’t region specific.

Google and the IAB set the RTB specifications used by the online ad industry and are thus the main targets here, with complainants advocating for amendments to the specification to bring the system into compliance with the bloc’s data protection regime.

We’ve covered the complaint before, including an earlier submission showing the highly sensitive inferences that can be included in bid requests. But documents obtained by the complainants via freedom of information request and newly published this week show the IAB itself warned in 2017 that the RTB system risks falling foul of the bloc’s privacy rules, and specifically the rules around consent under the EU’s General Data Protection Regulation (GDPR), which came into force last May.

The complainants have published the latest evidence on a new campaign website.

At the very least the admission looks awkward for online ad industry body.

“incompatible with consent under GDPR “

In an email sent to senior personnel at the European Commission in June 2017 by Townsend Feehan, the CEO of IAB Europe — and now being used as evidence in the complaints — she writes that she wants to expand on concerns voiced at a roundtable session about the Commission’s ePrivacy proposals that she claims could “mean the end of the online advertising business model”.

Feehan attached an 18-page document to the email in which the IAB can be seen lobbying against the Commission’s ePrivacy proposal — claiming it will have “serious negative impacts on the digital advertising industry, on European media, and ultimately on European citizens’ access to information and other online content and services”.

The IAB goes on to push for specific amendments to the proposed text of the regulation. (As we’ve written before a major lobbying effort has blow up since GDPR was agreed to try to block updating the ePrivacy rules which operate alongside, covering marketing and electronic communications and cookies and other online tracking technologies.)

As it lobbies to water down ePrivacy rules, the IAB suggests it’s “technically impossible” for informed consent to function in a real-time bidding scenario — writing the following, in a segment entitled ‘Prior information requirement will “break” programmatic trading’:

As it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario, programmatic trading, the area of fastest growth in digital advertising spend, would seem, at least prima facie, to be incompatible with consent under GDPR – and, as noted above, if a future ePrivacy Regulation makes virtually all interactions with the Internet subject solely to the consent legal basis, and consent is unavailable, then there will be no legal be no basis for such processing to take place or for media to monetise their content in this way.

The notion that it’s impossible to obtain informed consent from web users for processing their personal data prior to doing so is important because the behavioral ad industry, as it currently functions, includes personal data in bid requests that it systematically broadcasts to what can be thousands of third party companies.

Indeed, the crux of the RTB complaints are that personal data should be stripped out of these requests — and only contextual information broadcast for targeting ads, exactly because the current system is systematically breaching the rights of European web users by failing to obtain their consent for personal data to be sucked out and handed over to scores of unknown entities.

In its lobbying efforts to knock the teeth out of the ePrivacy Regulation the IAB can here be seen making a similar point — when it writes that programmatic trading “would seem, at least prima facie, to be incompatible with consent under GDPR”. (Albeit, injecting some of its own qualifiers into the sentence.)

The IAB is certainly seeking to deploy pro-privacy arguments to try to dilute Europeans’ privacy rights.

Despite it’s own claimed reservations about there being no technical fix to get consent for programmatic trading under GDPR the IAB nonetheless went on to launch a technical mechanism for managing — and, it claimed — complying with GDPR consent requirements in April 2018, when it urged the industry to use its GDPR “Consent & Transparency Framework”.

But in another piece of evidence obtained by the group of individuals behind the RTB complaints — an IAB document, dated May 2018, intended for publishers making use of this framework — the IAB also acknowledges that: “Publishers recognize there is no technical way to limit the way data is used after the data is received by a vendor for decisioning/bidding on/after delivery of an ad”.

In a section on liability, the IAB document lays out other publisher concerns that each bid request assumes “indiscriminate rights for vendors” — and that “surfacing thousands of vendors with broad rights to use data without tailoring those rights may be too many vendors/permissions”.

So again, er, awkward.

Another piece of evidence now attached to the RTB complaints shows a set of sample bid requests from the IAB and Google’s documentation for users of their systems — with annotations by the complainants showing exactly how much personal data gets packaged up and systematically shared.

This can include a person’s latitude and longitude GPS coordinates; IP address; device specific identifiers; various ID codes; inferred interests (which could include highly sensitive personal data); and the current webpage they’re looking at;

“The fourteen sample bid requests further prove that very personal data are contained in bid requests,” the complainants argue.

They have also included an estimated breakdown of seven major ad exchanges’ daily bid requests — Index Exchange, OpenX, Rubicon Project, Oath/AOL*, AppNexus, Smaato, Google DoubleClick — showing they collectively broadcast “hundreds of billions of bid requests per day”, to illustrate the scale of data being systematically broadcast by the ad industry.

“This suggests that the New Economics Foundation’s estimate in December that bid requests broadcast data about the average UK internet user 164 times a day was a conservative estimate,” they add.

The IAB has responded to the new evidence by couching the complainants’ claims as “false” and “intentionally damaging to the digital advertising industry and to European digital media”.

Regarding its 2017 document, in which it wrote that it was “technically impossible” for an Internet user to have prior information about every data controller involved in a RTB “scenario”, the IAB responds that “that was true at the time, but has changed since” — pointing to its Transparency & Consent framework (TCF) as the claimed fix for that, and further claiming it “demonstrates that real-time bidding is certainly not ‘incompatible with consent under GDPR'”.

Here are the relevant paras of IAB rebuttal on that:

The TCF provides a way to provide transparency to users about how, and by whom, their personal data is processed. It also enables users to express choices. Moreover, the TCF enables vendors engaged in programmatic advertising to know ahead of time whether their own and/or their partners’ transparency and consent status allows them to lawfully process personal data for online advertising and related purposes. IAB Europe’s submission to the European Commission in April 2017 showed that the industry needed to adapt to meet higher standards for transparency and consent under the GDPR. The TCF demonstrates how complex challenges can be overcome when industry players come together. But most importantly, the TCF demonstrates that real-time bidding is certainly not “incompatible with consent under GDPR”.

The OpenRTB protocol is a tool that can be used to determine which advertisement should be served on a given web page at a given time. Data can inform that determination. Like all technology, OpenRTB must be used in a way that complies with the law. Doing so is entirely possible and greatly facilitated by the IAB Europe Transparency & Consent Framework, whose whole raison d’être is to help ensure that the collection and processing of user data is done in full compliance with EU privacy and data protection rules.

The IAB goes on to couch the complaints as stemming from a “hypothetical possibility for personal data to be processed unlawfully in the course of programmatic advertising processes”.

“This hypothetical possibility arises because neither OpenRTB nor the TCF are capable of physically preventing companies using the protocol to unlawfully process personal data. But the law does not require them to,” the IAB claims.

However the crux of the RTB complaint is that programmatic advertising’s processing of personal data is not adequately secure — and they have GDPR Article 5, paragraph 1, point f to point to; which requires that personal data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss”.

So it will be down to data protection authorities to determine what “appropriate security of personal data” means in this context. And whether behavioral advertising is inherently hostile to data protection law (not forgetting that other forms of non-personal-data-based advertising remain available, e.g. contextual advertising).

Discussing the complaint with TechCrunch late last year, Brave’s Ryan likened the programmatic ad system to dumping truck-loads of briefcases in the middle of a busy railway station in “the full knowledge that… business partners will all scramble around and try and grab them” — arguing that such a dysfunctional and systematic breaching of people’s data is lurking at the core of the online ad industry.

The solution Ryan and the other complainants are advocating for is not pulling the plug on the online ad industry entirely — but rather an update to the RTB spec to strip out personal data so that it respects Internet users’ rights. Ads can still be targeted contextually and successfully without Internet users having to be surveilled 24/7 online, is the claim.

They also argue that this would lead to a much better situation for quality online publishers because it would make it harder for their high value audiences to be arbitraged and commodified by privacy-hostile tracking technologies which — as it stands — trail Internet users everywhere they go. Albeit they freely concede that purveyors of low quality clickbait might fair less well.

*Disclosure: TechCrunch is owned by Verizon Media Group, aka Oath/AOL . We also don’t consider ourselves to be purveyors of low quality clickbait  

Legal Capsule: Angel Tax by Economic Laws Practice

DPIIT issues notification to revise exemptions for start-ups under Section 56(2)(viib) Given its direct impact on availability of capital, taxation of start-ups on account of issuance of shares at a premium above the fair market value under Section 56(2)(viib) of the Income-tax Act, 1961 (“IT Act”) – also referred to as Angel Tax – has been an issue of concern for the start-up sector for