Europe’s top court sets new line on policing illegal speech online

Europe’s top court has set a new line for the policing of illegal speech online. The ruling has implications for how speech is regulated on online platforms — and is likely to feed into wider planned reform of regional rules governing platforms’ liabilities.

Per the CJEU decision, platforms such as Facebook can be instructed to hunt for and remove illegal speech worldwide — including speech that’s “equivalent” to content already judged illegal.

Although any such takedowns remain within the framework of “relevant international law”.

So in practice it does not that mean a court order issued in one EU country will get universally applied in all jurisdictions as there’s no international agreement on what constitutes unlawful speech or even more narrowly defamatory speech.

Existing EU rules on the free flow of information on ecommerce platforms — aka the eCommerce Directive — which state that Member States cannot force a “general content monitoring obligation” on intermediaries, do not preclude courts from ordering platforms to remove or block illegal speech, the court has decided.

That decision worries free speech advocates who are concerned it could open the door to general monitoring obligations being placed on tech platforms in the region, with the risk of a chilling effect on freedom of expression.

Facebook has also expressed concern. Responding to the ruling in a statement, a spokesperson told us:

“This judgement raises critical questions around freedom of expression and the role that internet companies should play in monitoring, interpreting and removing speech that might be illegal in any particular country. At Facebook, we already have Community Standards which outline what people can and cannot share on our platform, and we have a process in place to restrict content if and when it violates local laws. This ruling goes much further. It undermines the long-standing principle that one country does not have the right to impose its laws on speech on another country. It also opens the door to obligations being imposed on internet companies to proactively monitor content and then interpret if it is “equivalent” to content that has been found to be illegal. In order to get this right national courts will have to set out very clear definitions on what ”identical” and ”equivalent” means in practice. We hope the courts take a proportionate and measured approach, to avoid having a chilling effect on freedom of expression.”

The legal questions were referred to the CJEU by a court in Austria, and stem from a defamation action brought by Austrian Green Party politician, Eva Glawischnig, who in 2016 filed suit against Facebook after the company refused to take down posts she claimed were defamatory against her.

In 2017 an Austrian court ruled Facebook should take the defamatory posts down and do so worldwide. However Glawischnig also wanted it to remove similar posts, not just identical reposts of the illegal speech, which she argued were equally defamatory.

The current situation where platforms require notice of illegal content before carrying out a takedown are problematic, from one perspective, given the scale and speed of content distribution on digital platforms — which can make it impossible to keep up with reporting re-postings.

Facebook’s platform also has closed groups where content can be shared out of sight of non-members, and where an individual could therefore have no ability to see unlawful content that’s targeted at them — making it essentially impossible for them to report it.

While the case concerns the scope of the application of defamation law on Facebook’s platform the ruling clearly has broader implications for regulating a range of “unlawful” content online.

Specifically the CJEU has ruled that an information society service “host provider” can be ordered to:

  • … remove information which it stores, the content of which is identical to the content of information which was previously declared to be unlawful, or to block access to that information, irrespective of who requested the storage of that information;
  • … remove information which it stores, the content of which is equivalent to the content of information which was previously declared to be unlawful, or to block access to that information, provided that the monitoring of and search for the information concerned by such an injunction are limited to information conveying a message the content of which remains essentially unchanged compared with the content which gave rise to the finding of illegality and containing the elements specified in the injunction, and provided that the differences in the wording of that equivalent content, compared with the wording characterising the information which was previously declared to be illegal, are not such as to require the host provider to carry out an independent assessment of that content;
  • … remove information covered by the injunction or to block access to that information worldwide within the framework of the relevant international law

The court has sought to balance the requirement under EU law of no general monitoring obligation on platforms with the ability of national courts to regulate information flow online in specific instances of illegal speech.

In the judgement the CJEU also invokes the idea of Member States being able to “apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities” — saying the eCommerce Direction does not stand in the way of states imposing such a requirement.

Some European countries are showing appetite for tighter regulation of online platforms. In the UK, for instance, the government laid out proposals for regulating a board range of online harms earlier this year. While, two years ago, Germany introduced a law to regulate hate speech takedowns on online platforms.

Over the past several years the European Commission has also kept up pressure on platforms to speed up takedowns of illegal content — signing tech companies up to a voluntary code of practice, back in 2016, and continuing to warn it could introduce legislation if targets are not met.

Today’s ruling is thus being interpreted in some quarters as opening the door to a wider reform of EU platform liability law by the incoming Commission — which could allow for imposing more general monitoring or content-filtering obligations, aligned with Member States’ security or safety priorities.

“We can trace worrying content blocking tendencies in Europe,” says Sebastian Felix Schwemer, a researcher in algorithmic content regulation and intermediary liability at the University of Copenhagen. “The legislator has earlier this year introduced proactive content filtering by platforms in the Copyright DSM Directive (“uploadfilters”) and similarly suggested in a Proposal for a Regulation on Terrorist Content as well as in a non-binding Recommendation from March last year.”

Critics of a controversial copyright reform — which was agreed by European legislators earlier this year — have warned consistently that it will result in tech platforms pre-filtering user generated content uploads. Although the full impact remains to be seen, as Member States have two years from April 2019 to pass legislation meeting the Directive’s requirements.

In 2018 the Commission also introduced a proposal for a regulation on preventing the dissemination of terrorist content online — which explicitly included a requirement for platforms to use filters to identify and block re-uploads of illegal terrorist content. Though the filter element was challenged in the EU parliament.

“There is little case law on the question of general monitoring (prohibited according to Article 15 of the E-Commerce Directive), but the question is highly topical,” says Schwemer. “Both towards the trend towards proactive content filtering by platforms and the legislator’s push for these measures (Article 17 in the Copyright DSM Directive, Terrorist Content Proposal, the Commission’s non-binding Recommendation from last year).”

Schwemer agrees the CJEU ruling will have “a broad impact” on the behavior of online platforms — going beyond Facebook and the application of defamation law.

“The incoming Commission is likely to open up the E-Commerce Directive (there is a leaked concept note by DG Connect from before the summer),” he suggests. “Something that has previously been perceived as opening Pandora’s Box. The decision will also play into the coming lawmaking process.”

The ruling also naturally raises the question of what constitutes “equivalent” unlawful content? And who and how will they be the judge of that?

The CJEU goes into some detail on “specific elements” it says are needed for non-identical illegal speech to be judged equivalently unlawful, and also on the limits of the burden that should be placed on platforms so they are not under a general obligation to monitor content — ultimately implying that technology filters, not human assessments, should be used to identify equivalent speech.

From the judgement:

… it is important that the equivalent information referred to in paragraph 41 above contains specific elements which are properly identified in the injunction, such as the name of the person concerned by the infringement determined previously, the circumstances in which that infringement was determined and equivalent content to that which was declared to be illegal. Differences in the wording of that equivalent content, compared with the content which was declared to be illegal, must not, in any event, be such as to require the host provider concerned to carry out an independent assessment of that content.

In those circumstances, an obligation such as the one described in paragraphs 41 and 45 above, on the one hand — in so far as it also extends to information with equivalent content — appears to be sufficiently effective for ensuring that the person targeted by the defamatory statements is protected. On the other hand, that protection is not provided by means of an excessive obligation being imposed on the host provider, in so far as the monitoring of and search for information which it requires are limited to information containing the elements specified in the injunction, and its defamatory content of an equivalent nature does not require the host provider to carry out an independent assessment, since the latter has recourse to automated search tools and technologies.

“The Court’s thoughts on the filtering of ‘equivalent’ information are interesting,” Schwemer continues. “It boils down to that platforms can be ordered to track down illegal content, but only under specific circumstances.

“In its rather short judgement, the Court comes to the conclusion… that it is no general monitoring obligation on hosting providers to remove or block equivalent content. That is provided that the search of information is limited to essentially unchanged content and that the hosting provider does not have to carry out an independent assessment but can rely on automated technologies to detect that content.”

While he says the court’s intentions — to “limit defamation” — are “good” he points out that “relying on filtering technologies is far from unproblematic”.

Filters can indeed be an extremely blunt tool. Even basic text filters can be triggered by words that contain a prohibited spelling. While applying filters to block defamatory speech could lead to — for example — inadvertently blocking lawful reactions that quote the unlawful speech.

The ruling also means platforms and/or their technology tools are being compelled to define the limits of free expression under threat of liability. Which pushes them towards setting a more conservative line on what’s acceptable expression on their platforms — in order to shrink their legal risk.

Although definitions of what is unlawful speech and equivalently unlawful will ultimately rest with courts.

It’s worth pointing out that platforms are already defining speech limits — just driven by their own economic incentives.

For ad supported platforms, these incentives typically demand maximizing engagement and time spent on the platform — which tends to encourage users to spread provocative/outrageous content.

That can sum to clickbait and junk news. Equally it can mean the most hateful stuff under the sun.

Without a new online business model paradigm that radically shifts the economic incentives around content creation on platforms the tension between freedom of expression and illegal hate speech will remain. As will the general content monitoring obligation such platforms place on society.

Google brings its Jacquard wearables tech to Levi’s Trucker Jacket

Back in 2015, Google’s ATAP team demoed a new kind of wearable tech at Google I/O that used functional fabrics and conductive yarns to allow you to interact with your clothing and, by extension, the phone in your pocket. The company then released a jacket with Levi’s in 2017, but that was expensive, at $350, and never really quite caught on. Now, however, Jacquard is back. A few weeks ago, Saint Laurent launched a backpack with Jacquard support, but at $1,000, that was very much a luxury product. Today, however, Google and Levi’s are announcing their latest collaboration: Jacquard-enabled versions of Levi’s Trucker Jacket.

These jackets, which will come in different styles, including the Classic Trucker and the Sherpa Trucker, and in men’s and women’s versions, will retail for $198 for the Classic Trucker and $248 for the Sherpa Trucker. In addition to the U.S., it’ll be available in Australia, France, Germany, Italy, Japan and the U.K.

The idea here is simple and hasn’t changed since the original launch: a dongle in your jacket’s cuff connects to conductive yarns in your jacket. You can then swipe over your cuff, tap it or hold your hand over it to issue commands to your phone. You use the Jacquard phone app for iOS or Android to set up what each gesture does, with commands ranging from saving your location to bringing up the Google Assistant in your headphones, from skipping to the next song to controlling your camera for selfies or simply counting things during the day, like the coffees you drink on the go. If you have Bose noise-canceling headphones, the app also lets you set a gesture to turn your noise cancellation on or off. In total, there are currently 19 abilities available, and the dongle also includes a vibration motor for notifications.

2019 09 30 0946 1

What’s maybe most important, though, is that this (re-)launch sets up Jacquard as a more modular technology that Google and its partners hope will take it from a bit of a gimmick to something you’ll see in more places over the next few months and years.

“Since we launched the first product with Levi’s at the end of 2017, we were focused on trying to understand and working really hard on how we can take the technology from a single product […] to create a real technology platform that can be used by multiple brands and by multiple collaborators,” Ivan Poupyrev, the head of Jacquard by Google told me. He noted that the idea behind projects like Jacquard is to take things we use every day, like backpacks, jackets and shoes, and make them better with technology. He argued that, for the most part, technology hasn’t really been added to these things that we use every day. He wants to work with companies like Levi’s to “give people the opportunity to create new digital touchpoints to their digital life through things they already have and own and use every day.”

What’s also important about Jacquard 2.0 is that you can take the dongle from garment to garment. For the original jacket, the dongle only worked with this one specific type of jacket; now, you’ll be able to take it with you and use it in other wearables as well. The dongle, too, is significantly smaller and more powerful. It also now has more memory to support multiple products. Yet, in my own testing, its battery still lasts for a few days of occasional use, with plenty of standby time.

jacquard dongle

Poupyrev also noted that the team focused on reducing cost, “in order to bring the technology into a price range where it’s more attractive to consumers.” The team also made lots of changes to the software that runs on the device and, more importantly, in the cloud to allow it to configure itself for every product it’s being used in and to make it easier for the team to add new functionality over time (when was the last time your jacket got a software upgrade?).

He actually hopes that over time, people will forget that Google was involved in this. He wants the technology to fade into the background. Levi’s, on the other hand, obviously hopes that this technology will enable it to reach a new market. The 2017 version only included the Levi’s Commuter Trucker Jacket. Now, the company is going broader with different styles.

“We had gone out with a really sharp focus on trying to adapt the technology to meet the needs of our commuter customer, which a collection of Levi’s focused on urban cyclists,” Paul Dillinger, the VP of Global Product Innovation at Levi’s, told me when I asked him about the company’s original efforts around Jacquard. But there was a lot of interest beyond that community, he said, yet the built-in features were very much meant to serve the needs of this specific audience and not necessarily relevant to the lifestyles of other users. The jackets, of course, were also pretty expensive. “There was an appetite for the technology to do more and be more accessible,” he said — and the results of that work are these new jackets.

IMG 20190930 102524

Dillinger also noted that this changes the relationship his company has with the consumer, because Levi’s can now upgrade the technology in your jacket after you bought it. “This is a really new experience,” he said. “And it’s a completely different approach to fashion. The normal fashion promise from other companies really is that we promise that in six months, we’re going to try to sell you something else. Levi’s prides itself on creating enduring, lasting value in style and we are able to actually improve the value of the garment that was already in the consumer’s closet.”

I spent about a week with the Sherpa jacket before today’s launch. It does exactly what it promises to do. Pairing my phone and jacket took less than a minute and the connection between the two has been perfectly stable. The gesture recognition worked very well — maybe better than I expected. What it can do, it does well, and I appreciate that the team kept the functionality pretty narrow.

Whether Jacquard is for you may depend on your lifestyle, though. I think the ideal user is somebody who is out and about a lot, wearing headphones, given that music controls are one of the main features here. But you don’t have to be wearing headphones to get value out of Jacquard. I almost never wear headphones in public, but I used it to quickly tag where I parked my car, for example, and when I used it with headphones, I found using my jacket’s cuffs easier to forward to the next song than doing the same on my headphones. Your mileage may vary, of course, and while I like the idea of using this kind of tech so you need to take out your phone less often, I wonder if that ship hasn’t sailed at this point — and whether the controls on your headphones can’t do most of the things Jacquard can. Google surely wants Jacquard to be more than a gimmick, but at this stage, it kind of still is.

IMG 20190930 104137IMG 20190930 104137

‘We are seeing volume and interest in Peloton explode,’ says company president on listing day

This morning, Peloton (NASDAQ: PTON), the tech-enabled stationary bicycle and fitness content streaming company, raised $1.2 billion in its NASDAQ initial public offering. Despite dropping more than 10% in its first day of trading — ultimately closing down 11% at $25.84 per share — the IPO was a bona fide success. Peloton, once denied (over and over again) by VC skeptics, now has hundreds of millions of dollars to take its business into a new era. One in which, the media, hardware, software, logistics and social company attempts to become a generation-defining company akin to Apple.

Founded in 2012 — six years after Soul Cycle opened its first cycling studio in New York’s Upper East Side and two years before a Soul Cycle founder, Ruth Zukerman, jumped ship to launch her own indoor cycling business, Flywheel Sports — a man by the name of John Foley made the ambitious, some might say foolish, decision to start a company that would sell these exercise bikes direct-to-consumer. That way, you could take a Soul Cycle class, in essence, in the comfort of your own home. Even better, technology would improve the experience.

As my colleague Josh Constine recently described it, these bikes come outfitted with a 22-inch Android screen, transforming an outdated exercising experience and bringing it into 2019: “It makes lazy people like me work out. That’s the genius of the Peloton bicycle. All you have to do is Velcro on the shoes and you’re trapped. You’ve eliminated choice and you will exercise,” Constine writes.

Peloton’s ability to get people exercise — a feature driven by its talented instructors (some of whom were poached from competitor Flywheel Sports) — ultimately had venture capital investors funneling $1 billion, roughly, into the business. Today, Peloton operates dozens of showrooms across the U.S., counts 1.4 million total community members — defined as any individual who has a Peloton account — and over 500,000 paying subscribers. Why? Because the company, as stated in its IPO prospectus, “sells happiness.”

“Peloton is so much more than a Bike — we believe we have the opportunity to create one of the most innovative global technology platforms of our time,” writes Foley. “It is an opportunity to create one of the most important and influential interactive media companies in the world; a media company that changes lives, inspires greatness, and unites people.”

Peloton Bike Lifestyle 04

Peloton’s flagship product, a tech-enabled stationary bike.

Peloton’s community coupled with the high margins on sales of its $2,245 bikes had the company reporting $915 million in total revenue for the year ending June 30, 2019, an increase of 110% from $435 million in fiscal 2018 and $218.6 million in 2017. Its losses, meanwhile, hit $245.7 million in 2019, up significantly from a reported net loss of $47.9 million last year.

What’s next for Peloton? The opportunities are endless, given the company’s firm seat at the intersection of hardware, software, media content and more. A third product may be in the works, expansion to international markets or new instructors. Peloton is going after a massive market ripe for disruption. What’s certain is that we’ll see a whole lot of cash flowing into fitness tech copycats in the next couple of years.

Peloton, following a number of lukewarm consumer IPOs (Uber), nearly doubled its valuation to $8.1 billion this morning after pricing its IPO at the top of its range, $29 per share. To answer some of our most burning questions, we chatted with Peloton’s president William Lynch, the former CEO of Barnes & Noble, about the float.

The following conversation has been edited for length and clarity.

William Lynch

Peloton president and former Barnes & Noble CEO William Lynch.


Kate Clark: What’s next for Peloton?
William Lynch: We now have over a billion in capital to fuel more growth, especially in the area of product innovation.

Remagine secures $35M fund backed by media giants to focus on entertainment and media tech

Remagine Ventures is a relatively new European VC fund which focuses on investments in entertainment tech, including AI, gaming, sports & eSports, AR/VR, consumer and commerce. It’s now completed $35 million in funding from a number of entertainment and media corporations, including Axel Springer and ProsiebenSat1, Japanese Adways and American Liontree LLC. Last year global media group Sky put $4 million into the fund as part of the launch of its new innovation office in Berlin.

To date, the fund has invested in six entertainment start-ups, including: Minute Media, a user-generated content platform for sports, Syte.ai a visual search startup, Novos, a gamer training platform, HourOne, which operates in the world of synthetic media, Vault-ai.com, predictive analytics for film and television and Madskil, an eSports company in stealth.

Started by investor/entrepreneurs Kevin Baxpehler and Eze Vidra, Remagine focuses on early-stage (seed and pre-seed) investments in Israel and UK, with synergies between the two territories.
Traditionally, Israel has been better know for it’s ‘deep tech’capabilities but there’s a growing ecosystem of entertainment tech and consumer startups looking to disrupt traditional traditional industries.

Vidra established Campus London, Google’s first physical hubs for startups and later expanded the Campus model internationally. He was also a general partner Google Ventures (GV), the company’s investment arm in Europe.

Baxpehler, is a former entrepreneur and investment banker from in Germany. He most recently led the investment activity of German entertainment giant ProSiebenSat.1 in Israel, investing in Dynamic Yield (which recently sold for $300 million to McDonalds) and Magisto, which was acquired by Vimeo for $200 million.

Vidra said: “We operate in a relatively new market in the Israeli ecosystem. The Entertainment-tech sector has tremendous momentum, and Israeli founders are expanding at a rapid pace in this world and we recognize huge potential in it.” Baxpehler added: “Eze and I have experience in the investment world, the entrepreneurial world and the corporate world. We want to meet startups very early, to accompany and guide them even before investing.”

Wikipedia blames malicious DDOS attack after site goes down across Europe, Middle East

Wikipedia was forced offline in several countries Friday after a cyber attack hit the global encyclopedia.

Users across Europe and parts of the Middle East experienced outages shortly before 7pm, BST, according to downdetector.com.

Wikimedia’s German Twitter account posted: “The Wikimedia server…is currently being paralysed by a massive and very broad DDOS [distributed denial of service] attack.”

The site issued the following statement:

Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site.

As one of the world’s most popular sites, Wikipedia sometimes attracts “bad faith” actors. Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving. Because of this, the Wikimedia communities and Wikimedia Foundation have created dedicated systems and staff to regularly monitor and address risks. If a problem occurs, we learn, we improve, and we prepare to be better for next time.

We condemn these sorts of attacks. They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone’s fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone.

Right now, we’re continuing to work to restore access wherever you might be reading Wikipedia in the world. We’ll keep you posted.”

The site was reported to be down in large parts of the UK as well as Poland, France, Germany and Italy.

SoftBank-backed Getaround is raising $200M at a $1.5B+ valuation

Getaround, a used car marketplace and winner of TechCrunch Disrupt New York Battlefield 2011, will enter the unicorn club with a roughly $200 million equity financing.

The deal values Getaround, founded in 2009, at $1.7 billion, according to an estimate provided by PitchBook. Getaround declined to comment, citing internal policy on “funding speculation.”

“Getaround and our investors work closely together on our growth strategy, and we’ll definitely plan to share more when we’re ready,” a spokesperson said in response to TechCrunch’s inquiry Thursday morning.

The news follows the company’s $300 million acquisition of Drivy, a Paris-headquartered car-sharing startup that operates in 170 European cities.

Getaround closed a Series D funding of $300 million last year, a round led by SoftBank with participation from Toyota Motor Corporation. Existing investors in the business, which allows its some 200,000 members to rent and unlock vehicles from their mobile phones at $5 per hour, include Menlo Ventures and SOSV.

Assuming an upcoming $200 million infusion, Getaround has raised more than $600 million in equity funding to date.

Whether SoftBank has participated in Getaround’s latest financing is unknown. The business is an active investor in the carsharing market, with investments in Chinese ride-hailing business Didi Chuxing, Uber and autonomous driving company Cruise. We’ve reached out to SoftBank for comment.

In conversation with TechCrunch last year, Getaround co-founder Sam Zaid emphasized SoftBank’s capabilities as a mobility investor: “What we really liked about [SoftBank] was they take a really long view on things,” he said. “So they were very good about thinking about the future of mobility, and we have a common kind of vision of every car becoming a shared car.”

Getaround was expected to expand into international markets with its previous fundraise. Indeed, the company has moved into France, Germany, Spain, Austria, Belgium and the U.K. where it operates under the brand “Drivy by Getaround,” and in Norway under the “Nabobil” brand.

The business initially launched its car-sharing service in 2011, relying on gig workers, who can list their car on the Getaround marketplace for $500 to $1,000 a month in payments, depending on how often their car is rented.

Since Getaround entered the market, however, a number of competitors have entered the space with similar business models. Turo and Maven, for example, have both emerged to facilitate car rental with backing from top venture capital funds.

Mental health websites in Europe found sharing user data for ads

Research by a privacy rights advocacy group has found popular mental health websites in the EU are sharing users’ sensitive personal data with advertisers.

Europeans going online to seek support with mental health issues are having sensitive health data tracked and passed to third parties, according to Privacy International’s findings — including depression websites passing answers and results of mental health check tests direct to third parties for ad targeting purposes.

The charity used the open source Webxray tool to analyze the data gathering habits of 136 popular mental health web pages in France, Germany and the UK, as well as looking at a small sub-set of online depression tests (the top three Google search results for the phrase per country).

It has compiled its findings into a report called Your mental health for sale.

“Our findings show that many mental health websites don’t take the privacy of their visitors as seriously as they should,” Privacy International writes. “This research also shows that some mental health websites treat the personal data of their visitors as a commodity, while failing to meet their obligations under European data protection and privacy laws.”

Under Europe’s General Data Protection Regulation (GDPR), there are strict rules governing the processing of health data — which is classified as special category personal data.

If consent is being used as the legal basis to gather this type of data the standard that must be obtained from the user is “explicit” consent.

In practice that might mean a pop-up before you take a depression test which asks whether you’d like to share your mental health with a laundry list of advertisers so they can use it to sell you stuff when you’re feeling low — also offering a clear ‘hell no’ penalty-free choice not to consent (but still get to take the test).

Safe to say, such unvarnished consent screens are as rare as hen’s teeth on the modern Internet.

But, in Europe, beefed up privacy laws are now being used to challenge the ‘data industrial complex’s systemic abuses and help individuals enforce their rights against a behavior-tracking adtech industry that regulators have warned is out of control.

Among Privacy International’s key findings are that —

  • 76.04% of the mental health web pages contained third-party trackers for marketing purposes
  • Google trackers are almost impossible to avoid, with 87.8% of the web pages in France having a Google tracker, 84.09% in Germany and 92.16% in the UK
  •  Facebook is the second most common third-party tracker after Google, with 48.78% of all French web pages analysed sharing data with Facebook; 22.73% for Germany; and 49.02 % for the UK.
  • Amazon Marketing Services were also used by many of the mental health web pages analysed (24.39% of analyzed web pages in France; 13.64 % in Germany; and 11.76% in the UK)
  • Depression-related web pages used a large number of third-party tracking cookies which were placed before users were able to express (or deny) consent. On average, PI found the mental health web pages placed 44.49 cookies in France; 7.82 for Germany; and 12.24 for the UK

European law around consent as a legal basis for processing (general) personal data — including for dropping tracking cookies — requires it to be informed, specific and freely given. This means websites that wish to gather user data must clearly state what data they intend to collect for what purpose, and do so before doing it, providing visitors with a free choice to accept or decline the tracking.

Dropping tracking cookies without even asking clearly falls foul of that legal standard. And very far foul when you consider the personal data being handled by these mental health websites is highly sensitive special category health data.

It is exceedingly difficult for people to seek mental health information and for example take a depression test without countless of third parties watching,” said Privacy International technologist Eliot Bendinelli in a statement. “All website providers have a responsibility to protect the privacy of their users and comply with existing laws, but this is particularly the case for websites that share unusually granular or sensitive data with third parties. Such is the case for mental health websites.”

Additionally, the group’s analysis found some of the trackers embedded on mental health websites are used to enable a programmatic advertising practice known as Real Time Bidding (RTB). 

This is important because RTB is subject to multiple complaints under GDPR.

These complaints argue that the systematic, high velocity trading of personal data is, by nature, inherently insecure — with no way for people’s information to be secured after it’s shared with hundreds or even thousands of entities involved in the programmatic chain, because there’s no way to control it once it’s been passed. And, therefore, that RTB fails to comply with the GDPR’s requirement that personal data be processed securely.

Complaints are being considered by regulators across multiple Member States. But this summer the UK’s data watchdog, the ICO, essentially signalled it is in agreement with the crux of the argument — putting the adtech industry on watch in an update report in which it warns that behavioral advertising is out of control and instructs the industry it must reform.

However the regulator also said it would give players “an appropriate period of time to adjust their practices”, rather than wade in with a decision and banhammers to enforce the law now.

The ICO’s decision to opt for an implied threat of future enforcement to push for reform of non-compliant adtech practices, rather than taking immediate action to end privacy breaches, drew criticism from privacy campaigners.

And it does look problematic now, given Privacy International’s findings suggest sensitive mental health data is being sucked up into bid requests and put about at insecure scale — where it could pose a serious risk to individuals’ rights and freedoms.

Privacy International says it found “numerous” mental health websites including trackers from known data brokers and AdTech companies — some of which engage in programmatic advertising. It also found some depression test websites (namely: netdoktor.de, passeportsante.net and doctissimo.fr, out of those it looked at) are using programmatic advertising with RTB.

“The findings of this study are part of a broader, much more systemic problem: The ways in which companies exploit people’s data to target ads with ever more precision is fundamentally broken,” adds Bendinelli. “We’re hopeful that the UK regulator is currently probing the AdTech industry and the many ways it uses special category data in ways that are neither transparent nor fair and often lack a clear legal basis.”

We’ve reached out to the ICO with questions.

We also asked the Internet Advertising Bureau Europe what steps it is taking to encourage reform of RTB to bring the system into compliance with EU privacy law. At the time of writing the industry association had not responded.

The IAB recently released a new version of what it refers to as a “transparency and consent management framework” intended for websites to embed to collect consent from visitors to processing their data including for ad targeting purposes — legally, the IAB contends.

However critics argue this is just another dose of business as usual ‘compliance theatre’ from the adtech industry — with users offered only phoney choices as there’s no real control over how their personal data gets used or where it ends up.

Earlier this year Google’s lead privacy regulator in Europe, the Irish DPC, opened a formal investigation into the company’s processing of personal data in the context of its online Ad Exchange — also as a result of a RTB complaint filed in Ireland.

The DPC said it will look at each stage of an ad transaction to establish whether the ad exchange is processing personal data in compliance with GDPR — including looking at the lawful basis for processing; the principles of transparency and data minimisation; and its data retention practices.

The outcome of that investigation remains to be seen. (Fresh fuel has just today been poured on with the complainant submitting new evidence of their personal data being shared in a way they allege infringes the GDPR.)

Increased regulatory attention on adtech practices is certainly highlighting plenty of legally questionable and ethically dubious stuff — like embedded tracking infrastructure that’s taking liberal notes on people’s mental health condition for ad targeting purposes. And it’s clear that EU regulators have a lot more work to do to deliver on the promise of GDPR.

Porsche Taycan sets fastest 4-door electric car record at Nürburgring Nordschleife

Porsche’s upcoming all-electric Taycan has set a narrow, yet notable record lap time at the famous Nürburgring Nordschleife test track in Germany.

The company said Monday the Porsche Taycan, which will debut Sept, 4., completed the 12.8-mile course in 7 minutes and 42 seconds. This is the fastest lap for a four-door electric vehicle. The record time was set in a pre-series Taycan driven by Lars Kern.

But it’s not the fastest lap for any electric vehicle. That honor goes to Volkswagen’s ID R electric race car, which completed the course in 6:05.336 minutes. The previous record was set in 2017 by Peter Dumbreck, who was driving a Nio electric vehicle.

Still, it’s a zippy time for any vehicle. Porsche has set out to show the speed and endurance of its first electric vehicle ahead of its debut. Porsche says its record run at Nürburgring-Nordschleife and an endurance test the Nardò high-speed track show the Taycan can both.

Earlier this year, Porsche tested the Taycan’s ability to do successive acceleration runs from zero to 62 miles per hour. A video shows 26 successive starts without losses in performance. The average acceleration figure from the timed runs was under 10 seconds, according to Porsche. The difference between the fastest and slowest acceleration runs was 0.8 seconds, the company said.

The German automaker also drove 2,128 miles at speeds between 128 and 133 mph within 24 hours, only stopping to charge the battery and change drivers, at the Nardò track in Italy.

At Nürburgring-Nordschleife, development engineers started driving a Taycan around in a simulator to test and evaluate its performance on a virtual race track. Porsche said one of the main goals was determining electric energy with thermal management, which form an important contribution to achieving the lap time.

Porsche is aiming to prove to its existing customers, many of whom have never driven or owned an electric vehicle, that the Taycan will meet the same performance standards as its gas-powered cars and SUVs. It also hopes to attract new customers to the Porsche brand.

It appears the company is on the right track, if the thousands of reservations for the Taycan convert into actual purchases.

Facebook succeeds in blocking German FCO’s privacy-minded order against combining user data

Facebook has succeeded in blocking a pioneering order by Germany’s Federal Cartel Office earlier this year that would have banned it from combining data on users across its own suite of social platforms — Facebook, Instagram and WhatsApp — without their consent.

Pioneering because the antitrust regulator had liaised with EU privacy authorities during a long-running investigation of Facebook’s data-gathering activities — leading it to conclude that Facebook’s conduct in the German market where it also deemed it to hold a monopoly position amounted to “exploitative abuse”.

The Bundeskartellamt (FCO) order had been likened to a structural separation of Facebook’s businesses at the data level.

Facebook appealed, delaying application of the order, and today’s ruling by the Dusseldorf court grants a suspension (press release in German) — essentially kicking the matter into very long legal grass.

The FCO has a month to lodge an appeal. A spokeswoman confirmed to TechCrunch is will do so. But with the order suspended pending what could be years of appeals there’s little near-term prospect of any change to how Facebook does business based on this particular regulatory intervention.

It’s undoubtedly a major victory for Facebook — to win at the very first appeals layer — and a major blow for regulatory ‘innovation’ (for what of a better word) which sought to evolve the interpretation of current competition law to respond to the outgrowth and dominance of surveillance-based digital business model via applying privacy-focused conditions to data processing.

Europe’s data protection regulators do have the power to order the suspension of infringing data processing, under the bloc’s updated privacy framework (GDPR).

But so far very such orders are as rare as hen’s teeth — barring a recent threat to Google also by a German privacy regulator. (Just the threat of an order in that case triggered a voluntary suspension of the data processing in question.)

This made the FCO’s order against Facebook all the more notable for boldness and forethought. And means Facebook’s success in cutting it down at the first legal hurdle is a depressing result for those in the EU hoping platform power linked to privacy-hostile surveillance of Internet users might be regulated in a meaningful timeframe via an existing antitrust lens.

The European Commission’s own ‘big tech’ antitrust interventions have so far focused their attention elsewhere, in addition to taking years to conclude.

Commenting on the Düsseldorf Higher Regional Court’s decision today in a statement, FCO president Andreas Mundt said: “Data and data handling are decisive factors for competition in the digital economy. The Higher Regional Court of Düsseldorf has today responded differently than the Bundeskartellamt to key legal issues. These legal issues are highly significant for the future state of competition in the digital economy. We are convinced that we can act in this area based on the existing antitrust law. For this reason, we are going to appeal on points of law to the Federal Court of Justice to clarify these issues.”

We’ve also reached out to Facebook for comment.

Professor Rupprecht Podszun, a chair for civil law, German and European competition law at Heinrich Heine University, who has been following the FCO’s intervention, dubs the court ruling a “major blow” for the regulator.

“The FCO had accused Facebook of abusing its dominant position by unlawfully gathering and combining user data. Thus it had ordered Facebook to change its Terms & Conditions within a year. The judges from Düsseldorf have stopped enforcement of this decision now. They have serious doubts as to the lawfulness of the decision,” he said via email. “The case is regarded as a landmark case against the digital giants and it had gained worldwide recognition. To fail at the Düsseldorf court, at the very first step, is a bitter result.”

Podszun said the Düsseldorf court did not accept it follows from a possible violation of privacy rules that it is automatically a violation of antitrust rules if a dominant company is acting. That would require the court to see competitive damage — which it did not in this case.

Additionally, the court took the view that users decide autonomously whether they agree with Facebook’s T&Cs when signing up for the service. It also did not agree that consumers are exploited by Facebook’s data collection since they could continue to make the same data available to other companies.

From here on in he believes legal back and forth is likely to take years — hence, even if the FCO were to prevail at a higher court in future the impact on Facebook’s business at that point would likely be long out of date. (Meanwhile, earlier this year it emerged that Facebook is working on merging the back-end infrastructure of its three social networks — seeking to further collapse cross-platform user privacy, even as its scrambles discrete business units in a way that would complicate any regulatory order to break apart its business.)

“The Cartel Office had shown courage in its decision and had explored new paths. The Higher Regional
Court did not follow this reasoning. The FCO took a long shot by integrating a privacy investigation into the competition assessment. I have a lot of sympathy for that, because data has become a crucial competitive factor. Thus, I think that data collection must be a topic for antitrust law,” said Podszun.

“The law is at its limits with the internet giants. It is too slow. A final decision in a few years on the privacy terms of Facebook is too late either way. Before taking the decision, the FCO had investigated the case for three years. The Google Shopping procedure of the European Commission took seven years. You cannot tame these companies with such proceedings and lengthy litigation in court.”

“The decision is a wake-up call to legislators: If you want to regulate Google, Amazon, Facebook & Co., the existing tools are not enough,” he added. “A new version of the Antitrust Act is currently pending in Germany. This is an opportunity to change the legal bases. Also, the authorities for data protection need to step up their efforts – they seem to lack the bravery of the antitrust watchdog.”

Asked how legal bases need to change to enable local antitrust law to respond intelligently to data-mining platform giants, Podszun suggested four areas of focus — telling TechCrunch:

  • Competition law needs to get away from traditional market definition. There should be a rule that the authorities can interfere with companies like GAFA [Google, Apple, Facebook, Amazon] in cases where they move into new markets where they are not yet dominant but can easily tip the market. Conglomerate effects and digital ecosystems currently are a blind spot in competition law
  • There may be room for a new example of what constitutes an abuse in digital markets
  • The German Competition Office should have powers in consumer law fields (currently, there is no public enforcement of economic consumer protection issues in Germany). An integrated approach with consumer and competition issues could be helpful (including privacy, possibly). Privacy enforcers are particularly weak in Germany
  • Procedures need to be speeded up, e.g. by stricter time limits, less haggling over access to file, more technically savvy staff and more priority-setting by the authorities

“All very difficult – but it’s vital to have some fresh air here,” he added. “Whether this would have helped in the case under debate is a different question.”

Mobile gaming is a $68.5 billion global business, and investors are buying in

By the end of 2019, the global gaming market is estimated to be worth $152 billion with 45% of that, $68.5 billion, coming directly from mobile games. With this tremendous growth (10.2% YoY to be precise) has come a flurry of investments and acquisitions, everyone wanting a cut of the pie. In fact, over the last 18 months, the global gaming industry has seen $9.6 billion in investments and if investments continue at this current pace, the amount of investment generated in 2018-19 will be higher than the 8 previous years combined.

What’s interesting is why everyone is talking about games and who in the market is responding to this and how.

The gaming phenomenon 

Today, mobile games account for 33% of all app downloads, 74% of consumer spend, and 10% of all time spent in-app. It’s predicted that in 2019, 2.4 billion people will play mobile games around the world – that’s almost one third of the global population. In fact, 50% of mobile app users play games, making this app category as popular as music apps like Spotify and Apple Music and second only to social media and communications apps in terms of time spent.

In the US, time spent on mobile devices has also officially outpaced that of television – with users spending 8 more minutes per day on their mobile devices. By 2021, this number is predicted to increase to over 30 minutes. Apps are the new primetime and games have grabbed the lion’s share.

Accessibility is the highest it’s ever been as barriers to entry are virtually non-existent. From casual games to the recent rise of the wildly popular hyper-casual genre of games which are quick to download, easy to play, and lend themselves to being played in short sessions throughout the day, games are played by almost every demographic stratum of society. Today, the average age of a mobile gamer is 36.3 (compared with 27.7 in 2014), the gender split is 51% female, 49% male, and one-third of all gamers are between the ages of 36-50. A far cry from the traditional stereotype of a ‘gamer’.

With these demographic, geographic, and consumption sea-changes in the mobile ecosystem and entertainment landscape, it’s no surprise that the game space is getting increased attention and investment, not just from within the industry, but more recently from traditional financial markets and even governments. Let’s look at how the markets have responded to the rise of gaming.

Image courtesy of David Maung/Bloomberg via Getty Images

Games on Games 

The first substantial investments in mobile gaming came from those who already had a stake in the industry. Tencent invested $90M in Pocket Gems and$126M in Glu Mobile (for a 14.6% stake), gaming powerhouse Supercell invested $5M in mobile game studio Redemption Games, Boom Fantasy raised $2M from ESPN and the MLB and Gamelynx raised $1.2M from several investors – one of which was Riot Games. Most recently, Ubisoft acquired a 70% stake in Green Panda Games to bolster its foot in the hyper-casual gaming market.

Additionally, bigger gaming studios began to acquire smaller ones. Zynga bought Gram Games, Ubisoft acquired Ketchapp, Niantic purchased Seismic Games, and Tencent bought Supercell (as well as a 40% stake in Epic Games). And the list goes on.

Wall Street wakes up

Beyond the flurry of investments and acquisitions from within the game industry, games are also generating huge amounts of revenue. Since launch, Pokemon Go has generated $2.3B in revenue and Fortnite has amassed some 250M players. This is catching the attention of more traditional financial institutions, like private equity firms and VCs, who are now looking at a variety of investment options in gaming – not just of gaming studios, but all those who had a stake in or support the industry.

In May 2018, hyper-casual mobile gaming studio Voodoo announced a $200M investment from Goldman Sachs’ private equity investment arm. For the first time ever, a mobile gaming studio attracted the attention of a venerable old financial institution. The explosion of the hyper-casual genre and the scale its titles are capable of achieving, together with the intensely iterative, data-driven business model afforded by the low production costs of games like this, were catching the attention of investors outside of the gaming world, looking for the next big growth opportunity.

The trend continued. In July 2018, private equity firm KKR bought a $400M minority stake in AppLovin and now, exactly one year later Blackstone announced their plan to acquire mobile ad-network Vungle for a reported $750M. Not only is money going into gaming studios, but investments are being made into companies whose technology supports the mobile gaming space. Traditional investors are finally taking notice of the mobile gaming ecosystem as a whole and the explosive growth it has produced in recent years. This year alone mobile games are expected to generate $55B in revenue so this new wave of investment interest should really come as no surprise.

A woman holds up her cell phone as she plays the Pokemon Go game in Lafayette Park in front of the White House in Washington, DC, July 12, 2016. (Photo: JIM WATSON/AFP/Getty Images)

Government intervention

Most recently, governments are realizing the potential and reach of the gaming industry and making their own investment moves. We’re seeing governments establish funds that support local gaming businesses – providing incentives for gaming studios to develop and retain their creatives, technology, and employees locally – as well as programs that aim to attract foreign talent.

As uncertainty looms in England surrounding Brexit, France has jumped on the opportunity with “Join the Game”. They’re painting France as an international hub that is already home to many successful gaming studios, and they’re offering tax breaks and plenty of funding options – for everything from R&D to the production of community events. Their website even has an entire page dedicated to “getting settled in France”, in English, with a step-by-step guide on how game developers should prepare for their arrival.

The UK Department for International Trade used this year’s Game Developers Conference as a backdrop for the promotion of their games fund – calling the UK “one of the most flourishing game developing ecosystems in the world.” The UK Games Fund allows for both local and foreign-owned gaming companies with a presence in the UK to apply for tax breaks. And ever since France announced their fund, more and more people have begun encouraging the British government to expand their program saying that the UK gaming ecosystem should be “retained and enhanced”. But, not only does the government take gaming seriously, the Queen does as well. In 2008, David Darling the CEO of hyper-casual game studio Kwalee was made a Commander of the Order of the British Empire (CBE) for his services to the games industry. CBE is the third-highest honor the Queen can bestow on a British citizen.

Over to Germany, and the government has allocated 50M euros of its 2019 budget for the creation of a games fund. In Sweden, the Sweden Game Arena is a public-private partnership that helps students develop games using government-funded offices and equipment. It also links students and startups with established companies and investors. While these numbers dwarf the investment of more commercial or financial players, the sudden uptick in interest governments are paying to the game space indicate just how exciting and lucrative gaming has become.

Support is coming from all levels

The evolution of investment in the gaming space is indicative of the stratospheric growth, massive revenue, strong user engagement, and extensive demographic and geographic reach of mobile gaming. With the global games industry projected to be worth a quarter of a trillion dollars by 2023, it comes as no surprise that the diverse players globally have finally realized its true potential and have embraced the gaming ecosystem as a whole.