Coalition for App Fairness, a group fighting for app store reforms, adds 20 new partners

The Coalition for App Fairness (CAF), a newly-formed advocacy group pushing for increased regulation over app stores, has more than doubled in size with today’s announcement of 20 new partners — just one month after its launch. The organization, led by top app publishers and critics including Epic Games, Deezer, Basecamp, Tile, Spotify and others, debuted in late September to fight back against Apple and Google’s control over app stores, and particularly the stores’ rules around in-app purchases and commissions.

The coalition claims both Apple and Google engage in anti-competitive behavior, as they require publishers to use the platforms’ own payment mechanisms, and charge 30% commission on these forced in-app purchases. In some cases, those commissions are collected from apps where Apple and Google offer a direct competitor. For example, the app stores commission Spotify, which competes with Google’s YouTube Music and Apple’s own Apple Music.

The group also calls out Apple more specifically for not allowing app publishers any other means of addressing the iOS user base except through the App Store that Apple controls. Google, however, allows apps to be sideloaded, so is less a concern on that platform.

The coalition launched last month with 13 app publishers as its initial members, and invited other interested parties to sign up to join.

Since then, CAF says “hundreds” of app developers expressed interest in the organization. It’s been working through applications to evaluate prospective members, and is today announcing its latest cohort of new partners.

This time, the app publishers aren’t necessarily big household names, like Spotify and Epic Games, but instead represent a wide variety of apps, ranging from studios to startups.

The apps also hail from a number of app store categories, including Business, Education, Entertainment, Developer Tools, Finance, Games, Health & Fitness, Lifestyle, Music, Navigation, News, Productivity, Shopping, Sport, and Travel.

The new partners include: development studio Beonex, health app Breath Ball, social app Challenge by Eristica, shopping app Cladwell, fitness app Down Dog Yoga, developer tool Gift Card Offerwall, game maker Green Heart Games, app studio Imagine BC, business app Passbase, music app Qobuz, lifestyle app QuackQuack and Qustodio, game Safari Forever, news app Schibsted, app studio Snappy Mob, education app SpanishDict, navigation app Sygic, app studio Vertical Motion, education app YARXI, and the Mobile Marketing Marketing Association.

With the additions, CAF now includes members from Austria, Australia, Canada, France, Germany, India, Israel, Malaysia, Norway, Singapore, Slovakia, Spain, United Kingdom, and the United States.

The new partners have a range of complaints against the app stores, and particularly Apple.

SpanishDict, for instance, was frustrated by weeks of rejections with no recourse and inconsistently applied policies, it says. It also didn’t want to use Apple’s new authentication system, Apple Sign-In, but Apple made this a requirement for being included on the App Store.

Passbase, a Sign In With Apple competitor, also argues that Apple applied its rules unfairly, denying its submission but allowing its competitors on the App Store.

While some of the app partners are speaking out against Apple for the first time, others have already detailed their struggles publicly.

Eristica posted on its own website how Apple shut down its seven-year old social app business, which allowed users to challenge each other to dares to raise money for charity. The company claims it pre-moderated the content to ensure dangerous and harmful content wasn’t published, and employed human moderators, but was still rejected over dangerous content.

Meanwhile, TikTok remained on the App Store, despite hosting harmful challenges, like the pass out challenge, cereal challenge, salt and ice challenge and others, Eristica says.

Apple, of course, tends to use its policies to shape what kind of apps it wants to host on its App Store — and an app that focused on users daring one another may have been seen as a potential liability.

That said, Eristica presents a case where it claims to have followed all the rules and made all the changes Apple said it wanted, and yet still couldn’t get back in.

Down Dog Yoga also recently made waves by calling out Apple for rejecting its app because it refused to auto-charge customers at the end of its free trial.

The issue, in this case, wasn’t just that Apple wants a cut of developers’ businesses, it also wanted to dictate how those businesses are run.

Another new CAF partner, Qustodio, was among the apps impacted by Apple’s 2018 parental control app ban, which arrived shortly after Apple introduced its own parental control software in iOS.

The app developer had then co-signed a letter asking Apple release a Screen Time API rather than banning parental control apps — a consideration that TechCrunch had earlier suggested should have been Apple’s course of action in the first place.

Under increased regulatory scrutiny, Apple eventually relented and allowed the apps back on the App Store last year.

Not all partners are some little guy getting crushed by App Store rules. Some may have run afoul of rules designed to protect consumers, like Apple’s crackdown on offerwalls. Gift Card Offerwall’s SDK, for example, was used to incentivize app monetization and in-app purchases, which isn’t something consumers tend to welcome.

Despite increased regulatory pressure and antitrust investigations in their business practices, both Apple and Google have modified their app store rules in recent weeks to ensure they’re clear about their right to collect in-app purchases from developers.

Meanwhile, Apple and CAF member Epic Games are engaged in a lawsuit over the Fortnite ban, as Epic chose to challenge the legality of the app store business model in the court system.

Other CAF members, including Spotify and Tile, have testified in antitrust investigations against Apple’s business practices, as well.

“Apple must be held accountable for its anticompetitive behavior. We’re committed to creating a level playing field and fair future, and we’re just getting started,” CAF said in an announcement about the new partners. It says it’s still open to new members.

Who regulates social media?

Social media platforms have repeatedly found themselves in the United States government’s crosshairs over the last few years, as it has been progressively revealed just how much power they really wield, and to what purposes they’ve chosen to wield it. But unlike, say, a firearm or drug manufacturer, there is no designated authority who says what these platforms can and can’t do. So who regulates them? You might say everyone and no one.

Now, it must be made clear at the outset that these companies are by no means “unregulated,” in that no legal business in this country is unregulated. For instance Facebook, certainly a social media company, received a record $5 billion fine last year for failure to comply with rules set by the FTC. But not because the company violated its social media regulations — there aren’t any.

Facebook and others are bound by the same rules that most companies must follow, such as generally agreed-upon definitions of fair business practices, truth in advertising, and so on. But industries like medicine, energy, alcohol, and automotive have additional rules, indeed entire agencies, specific to them; Not so social media companies.

I say “social media” rather than “tech” because the latter is much too broad a concept to have a single regulator. Although Google and Amazon (and Airbnb, and Uber, and so on) need new regulation as well, they may require a different specialist, like an algorithmic accountability office or online retail antitrust commission. (Inasmuch as tech companies act within regulated industries, such as Google in broadband, they are already regulated as such.)

Social media can roughly defined as platforms where people sign up to communicate and share messages and media, and that’s quite broad enough already without adding in things like ad marketplaces, competition quashing and other serious issues.

Who, then, regulates these social media companies? For the purposes of the U.S., there are four main directions from which meaningful limitations or policing may emerge, but each one has serious limitations, and none was actually created for the task.

1. Federal regulators

Image Credits: Andrew Harrer/Bloomberg

The Federal Communications Commission and Federal Trade Commission are what people tend to think of when “social media” and “regulation” are used in a sentence together. But one is a specialist — not the right kind, unfortunately — and the other a generalist.

The FCC, unsurprisingly, is primarily concerned with communication, but due to the laws that created it and grant it authority, it has almost no authority over what is being communicated. The sabotage of net neutrality has complicated this somewhat, but even the faction of the Commission dedicated to the backwards stance adopted during this administration has not argued that the messages and media you post are subject to their authority. They have indeed called for regulation of social media and big tech — but are for the most part unwilling and unable to do so themselves.

The Commission’s mandate is explicitly the cultivation of a robust and equitable communications infrastructure, which these days primarily means fixed and mobile broadband (though increasingly satellite services as well). The applications and businesses that use that broadband, though they may be affected by the FCC’s decisions, are generally speaking none of the agency’s business, and it has repeatedly said so.

The only potentially relevant exception is the much-discussed Section 230 of the Communications Decency Act (an amendment to the sprawling Communications Act), which waives liability for companies when illegal content is posted to their platforms, as long as those companies make a “good faith” effort to remove it in accordance with the law.

But this part of the law doesn’t actually grant the FCC authority over those companies or define good faith, and there’s an enormous risk of stepping into unconstitutional territory, because a government agency telling a company what content it must keep up or take down runs full speed into the First Amendment. That’s why although many think Section 230 ought to be revisited, few take Trump’s feeble executive actions along these lines seriously.

The agency did announce that it will be reviewing the prevailing interpretation of Section 230, but until there is some kind of established statutory authority or Congress-mandated mission for the FCC to look into social media companies, it simply can’t.

The FTC is a different story. As watchdog over business practices at large, it has a similar responsibility towards Twitter as it does towards Nabisco. It doesn’t have rules about what a social media company can or can’t do any more than it has rules about how many flavors of Cheez-It there should be. (There are industry-specific “guidelines” but these are more advisory about how general rules have been interpreted.)

On the other hand, the FTC is very much the force that comes into play should Facebook misrepresent how it shares user data, or Nabisco overstate the amount of real cheese in its crackers. The agency’s most relevant responsibility to the social media world is that of enforcing the truthfulness of material claims.

You can thank the FTC for the now-familiar, carefully worded statements that avoid any real claims or responsibilities: “We take security very seriously” and “we think we have the best method” and that sort of thing — so pretty much everything that Mark Zuckerberg says. Companies and executives are trained to do this to avoid tangling with the FTC: “Taking security seriously” isn’t enforceable, but saying “user data is never shared” certainly is.

In some cases this can still have an effect, as in the $5 billion fine recently dropped into Facebook’s lap (though for many reasons that was actually not very consequential). It’s important to understand that the fine was for breaking binding promises the company had made — not for violating some kind of social-media-specific regulations, because again, there really aren’t any.

The last point worth noting is that the FTC is a reactive agency. Although it certainly has guidelines on the limits of legal behavior, it doesn’t have rules that when violated result in a statutory fine or charges. Instead, complaints filter up through its many reporting systems and it builds a case against a company, often with the help of the Justice Department. That makes it slow to respond compared with the lightning-fast tech industry, and the companies or victims involved may have moved beyond the point of crisis while a complaint is being formalized there. Equifax’s historic breach and minimal consequences are an instructive case:

So: While the FCC and FTC do provide important guardrails for the social media industry, it would not be accurate to say they are its regulators.

2. State legislators

States are increasingly battlegrounds for the frontiers of tech, including social media companies. This is likely due to frustration with partisan gridlock in Congress that has left serious problems unaddressed for years or decades. Two good examples of states that lost their patience are California’s new privacy rules and Illinois’s Biometric Information Privacy Act (BIPA).

The California Consumer Privacy Act (CCPA) was arguably born out the ashes of other attempts at a national level to make companies more transparent about their data collection policies, like the ill-fated Broadband Privacy Act.

Californian officials decided that if the feds weren’t going to step up, there was no reason the state shouldn’t at least look after its own. By convention, state laws that offer consumer protections are generally given priority over weaker federal laws — this is so a state isn’t prohibited from taking measures for their citizens’ safety while the slower machinery of Congress grinds along.

The resulting law, very briefly stated, creates formal requirements for disclosures of data collection, methods for opting out of them, and also grants authority for enforcing those laws. The rules may seem like common sense when you read them, but they’re pretty far out there compared to the relative freedom tech and social media companies enjoyed previously. Unsurprisingly, they have vocally opposed the CCPA.

BIPA has a somewhat similar origin, in that a particularly far-sighted state legislature created a set of rules in 2008 limiting companies’ collection and use of biometric data like fingerprints and facial recognition. It has proven to be a huge thorn in the side of Facebook, Microsoft, Amazon, Google, and others that have taken for granted the ability to analyze a user’s biological metrics and use them for pretty much whatever they want.

Many lawsuits have been filed alleging violations of BIPA, and while few have produced notable punishments like this one, they have been invaluable in forcing the companies to admit on the record exactly what they’re doing, and how. Sometimes it’s quite surprising! The optics are terrible, and tech companies have lobbied (fortunately, with little success) to have the law replaced or weakened.

What’s crucially important about both of these laws is that they force companies to, in essence, choose between universally meeting a new, higher standard for something like privacy, or establishing a tiered system whereby some users get more privacy than others. The thing about the latter choice is that once people learn that users in Illinois and California are getting “special treatment,” they start asking why Mainers or Puerto Ricans aren’t getting it as well.

In this way state laws exert outsize influence, forcing companies to make changes nationally or globally because of decisions that technically only apply to a small subset of their users. You may think of these states as being activists (especially if their attorneys general are proactive), or simply ahead of the curve, but either way they are making their mark.

This is not ideal, however, because taken to the extreme, it produces a patchwork of state laws created by local authorities that may conflict with one another or embody different priorities. That, at least, is the doomsday scenario predicted almost universally by companies in a position to lose out.

State laws act as a test bed for new policies, but tend to only emerge when movement at the federal level is too slow. Although they may hit the bullseye now and again, like with BIPA, it would be unwise to rely on a single state or any combination among them to miraculously produce, like so many simian legislators banging on typewriters, a comprehensive regulatory structure for social media. Unfortunately, that leads us to Congress.

3. Congress

Image: Bryce Durbin/TechCrunch

What can be said about the ineffectiveness of Congress that has not already been said, again and again? Even in the best of times few would trust these people to establish reasonable, clear rules that reflect reality. Congress simply is not the right tool for the job, because of its stubborn and willful ignorance on almost all issues of technology and social media, its countless conflicts of interest, and its painful sluggishness — sorry, deliberation — in actually writing and passing any bills, let alone good ones.

Companies oppose state laws like the CCPA while calling for national rules because they know that it will take forever and there’s more opportunity to get their finger in the pie before it’s baked. National rules, in addition to coming far too late, are much more likely also be watered down and riddled with loopholes by industry lobbyists. (This is indicative of the influence these companies wield over their own regulation, but it’s hardly official.)

But Congress isn’t a total loss. In moments of clarity it has established expert agencies like those in the first item, which have Congressional oversight but are otherwise independent, empowered to make rules, and kept technically — if somewhat limply — nonpartisan.

Unfortunately, the question of social media regulation is too recent for Congress to have empowered a specialist agency to address it. Social media companies don’t fit neatly into any of the categories that existing specialists regulate, something that is plainly evident by the present attempt to stretch Section 230 beyond the breaking point just to put someone on the beat.

Laws at the federal level are not to be relied on for regulation of this fast-moving industry, as the current state of things shows more than adequately. And until a dedicated expert agency or something like it is formed, it’s unlikely that anything spawned on Capitol Hill will do much to hold back the Facebooks of the world.

4. European regulators

eu gdpr 1Of course, however central it considers itself to be, the U.S. is only a part of a global ecosystem of various and shifting priorities, leaders, and legal systems. But in a sort of inside-out version of state laws punching above their weight, laws that affect a huge part of the world except the U.S. can still have a major effect on how companies operate here.

The most obvious example is the General Data Protection Regulation or GDPR, a set of rules, or rather augmentation of existing rules dating to 1995, that has begun to change the way some social media companies do business.

But this is only the latest step in a fantastically complex, decades-long process that must harmonize the national laws and needs of the E.U. member states in order to provide the clout it needs to compel adherence to the international rules. Red tape seldom bothers tech companies, which rely on bottomless pockets to plow through or in-born agility to dance away.

Although the tortoise may eventually in this case overtake the hare in some ways, at present the GDPR’s primary hindrance is not merely the complexity of its rules, but the lack of decisive enforcement of them. Each country’s Data Protection Agency acts as a node in a network that must reach consensus in order to bring the hammer down, a process that grinds slow and exceedingly fine.

When the blow finally lands, though, it may be a heavy one, outlawing entire practices at an industry-wide level rather than simply extracting pecuniary penalties these immensely rich entities can shrug off. There is space for optimism as cases escalate and involve heavy hitters like antitrust laws in efforts that grow to encompass the entire “big tech” ecosystem.

The rich tapestry of European regulations is really too complex of a topic to address here in the detail it deserves, and also reaches beyond the question of who exactly regulates social media. Europe’s role in that question of, if you will, speaking slowly and carrying a big stick promises to produce results on a grand scale, but for the purposes of this article it cannot really be considered an effective policing body.

(TechCrunch’s E.U. regulatory maven Natasha Lomas contributed to this section.)

5. No one? Really?

As you can see, the regulatory ecosystem in which social media swims is more or less free of predators. The most dangerous are the small, agile ones — state legislatures — that can take a bite before the platforms have had a chance to brace for it. The other regulators are either too slow, too compromised, or too involved (or some combination of the three) to pose a real threat. For this reason it may be necessary to introduce a new, but familiar, species: the expert agency.

As noted above, the FCC is the most familiar example of one of these, though its role is so fragmented that one could be forgiven for forgetting that it was originally created to ensure the integrity of the telephone and telegraph system. Why, then, is it the expert agency for orbital debris? That’s a story for another time.

Capitol building

Image Credit: Bryce Durbin/TechCrunch

What is clearly needed is the establishment of an independent expert agency or commission in the U.S., at the federal level, that has statutory authority to create and enforce rules pertaining to the handling of consumer data by social media platforms.

Like the FCC (and somewhat like the E.U.’s DPAs), this should be officially nonpartisan — though like the FCC it will almost certainly vacillate in its allegiance — and should have specific mandates on what it can and can’t do. For instance, it would be improper and unconstitutional for such an agency to say this or that topic of speech should be disallowed from Facebook or Twitter. But it would be able to say that companies need to have a reasonable and accessible definition of the speech they forbid, and likewise a process for auditing and contesting takedowns. (The details of how such an agency would be formed and shaped is well beyond the scope of this article.)

Even the likes of the FAA lags behind industry changes, such as the upsurge in drones that necessitated a hasty revisit of existing rules, or the huge increase in commercial space launches. But that’s a feature, not a bug. These agencies are designed not to act unilaterally based on the wisdom and experience of their leaders, but are required to perform or solicit research, consult with the public and industry alike, and create evidence-based policies involving, or at least addressing, a minimum of sufficiently objective data.

Sure, that didn’t really work with net neutrality, but I think you’ll find that industries have been unwilling to capitalize on this temporary abdication of authority by the FCC because they see that the Commission’s current makeup is fighting a losing battle against voluminous evidence, public opinion, and common sense. They see the writing on the wall and understand that under this system it can no longer be ignored.

With an analogous authority for social media, the evidence could be made public, the intentions for regulation plain, and the shareholders — that is to say, users — could make their opinions known in a public forum that isn’t owned and operated by the very companies they aim to rein in.

Without such an authority these companies and their activities — the scope of which we have only the faintest clue to — will remain in a blissful limbo, picking and choosing by which rules to abide and against which to fulminate and lobby. We must help them decide, and weigh our own priorities against theirs. They have already abused the naive trust of their users across the globe — perhaps it’s time we asked them to trust us for once.

Twitter hack probe leads to call for cybersecurity rules for social media giants

An investigation into this summer’s Twitter hack by the New York State Department of Financial Services (NYSDFS) has ended with a stinging rebuke for how easily Twitter let itself be duped by a “simple” social engineering technique — and with a wider call for key social media platforms to be regulated on security.

In the report, the NYSDFS points, by way of contrasting example, to how quickly regulated cryptocurrency companies acted to prevent the Twitter hackers scamming even more people — arguing this demonstrates that tech innovation and regulation aren’t mutually exclusive.

Its point is that the biggest social media platforms have huge societal power (with all the associated consumer risk) but no regulated responsibilities to protect users.

The report concludes this is a problem U.S. lawmakers need to get on and tackle stat — recommending that an oversight council be established (to “designate systemically important social media companies”) and an “appropriate” regulator appointed to ‘monitor and supervise’ the security practices of mainstream social media platforms.

“Social media companies have evolved into an indispensable means of communications: more than half of Americans use social media to get news, and connect with colleagues, family, and friends. This evolution calls for a regulatory regime that reflects social media as critical infrastructure,” the NYSDFS writes, before going on to point out there is still “no dedicated state or federal regulator empowered to ensure adequate cybersecurity practices to prevent fraud, disinformation, and other systemic threats to social media giants”.

“The Twitter Hack demonstrates, more than anything, the risk to society when systemically important institutions are left to regulate themselves,” it adds. “Protecting systemically important social media against misuse is crucial for all of us — consumers, voters, government, and industry. The time for government action is now.”

We’ve reached out to Twitter for comment on the report

Among the key findings from the Department’s investigation are that the hackers broke into Twitter’s systems by calling employees and claiming to be from Twitter’s IT department — through which simple social engineering method they were able to trick four employees into handing over their log-in credentials. From there they were able to access the Twitter accounts of high profile politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and a number of cryptocurrency companies — using the hijacked accounts to tweet out a crypto scam to millions of users.

Twitter has previously confirmed that a “phone spear phishing” attack was used to gain credentials.

Per the report, the hackers’ “double your bitcoin” scam messages, which contained links to make a payment in bitcoins, enabled them to steal more than $118,000 worth of bitcoins from Twitter users.

Although a considerably larger sum was prevented from being stolen as a result of swift action taken by regulated crypto companies — namely: Coinbase, Square, Gemini Trust Company and Bitstamp — who the Department said blocked scores of attempted transfers by the fraudsters.

“This swift action blocked over 6,000 attempted transfers worth approximately $1.5 million to the Hackers’ bitcoin addresses,” the report notes.

Twitter is also called out for not having a cybersecurity chief in post at the time of the hack — after failing to replace Michael Coates, who left in March. (Last month it announced Rinki Sethi had been hired as CISO).

“Despite being a global social media platform boasting over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection,” the NYSDFS writes. “At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring — some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation.”

European Union data protection law already bakes in security requirements as part of a comprehensive privacy and security framework (with major penalties possible for security breaches). However an investigation by the Irish DPC of a 2018 Twitter security incident is still yet to conclude after a draft decision failed to gain the backing of the other EU data watchdogs this August — triggering a further delay to the pan-EU regulatory process.

The next big tech hearing is scheduled for October 28

A day after the Senate Commerce Committee moved forward with plans to subpoena the CEOs of Twitter, Facebook and Google, it looks like some of the most powerful leaders in tech will testify willingly.

Twitter announced late Friday that Jack Dorsey would appear virtually before the committee on October 28, just days before the U.S. election. While Twitter is the only company that’s openly agreed to the hearing so far, Politico reports that Sundar Pichai and Mark Zuckerberg also plan to appear.

Members of both parties on the committee planned to use the hearings to examine Section 230, the key legal shield that protects online platforms from liability from the content their users create.

As we’ve discussed previously, the political parties are approaching Section 230 from very different perspectives. Democrats see threatening changes to Section 230 as a way to force platforms to take more seriously toxic content like misinformation and harassment.

Many Republicans believe tech companies should be stripped of Section 230 protections because platforms have an anti-conservative bias — a claim that the facts don’t bear out.

Twitter had some choice words about that perspective, calling claims of political bias an “unsubstantiated allegation that we have refuted on many occasions to Congress,” and noting that those accusations have been “widely disproven” by researchers.

“We do not enforce our policies on the basis of political ideology,” the company added.

It sounds like the company and members of the Senate have very different agendas. Twitter indicated that it plans to use the hearing’s timing to steer the conversation toward the election. Politico also reports that the scope of the hearing will be broadened to include “data privacy and media consolidation” — not just Section 230.

A spokesperson tweeting on the company’s public policy account insisted that the hearing “must be constructive,” addressing how tech companies can protect the integrity of the vote.

“At this critical time, we’re committed to keeping our focus squarely on what matters the most to our company: joint efforts to protect our shared democratic conversation from harm — from both foreign and domestic threats,” a Twitter spokesperson wrote.

Regardless of the approach, dismantling Section 230 could prove potentially catastrophic for the way the internet as we know it works, so the stakes are high, both for tech companies and for regular internet users.

Uber wins latest London licence appeal

Uber has won its appeal against having its licence to operate withdrawn in London.

In today’s judgement the court decided it was satisfied with process improvements made by the ride-hailing company, including around its communication with the city’s transport regulator.

However it’s still not clear how long Uber will be granted a licence for — with the judge wanting to hear more evidence before taking a decision.

We’ve reached out to Uber and TfL for comment.

The ride-sharing giant has faced a multi-year battle to have its licence reinstated after TfL, the city’s transport regulator, took the shock decision not to issue a renewal in 2017 — citing safety concerns and deeming the company not “fit and proper” to hold a private hire operator licence.

It won a provisional appeal back in 2018 — when a UK court granted it a 15-month licence to give it time to continue working on meeting TfL’s requirements. However last November the regulator once again denied a full licence renewal — raising a range of new safety issues.

Despite that Uber has been able to continue operating in London throughout the legal process — but with ongoing uncertainty over the future of its licence. Now it will be hoping this is in the past.

In the appeal, Uber’s key argument was it is now “fit and proper” to hold a licence — claiming it’s listened to the regulator’s concerns and learnt from errors, making major changes to address issues related to passenger safety.

For example Uber pointed to improvements in its governance and document review systems, including a freeze on drivers who had not taken a trip for an extended period; real-time driver ID verification; and new scrutiny teams and processes; as well as the launch of ‘Programme Zero’ — which aims to prevent all breaches of licence conditions.

It also argued system flaws were not widespread — claiming only 24 of the 45,000 drivers using the app had exploited its system to its knowledge.

It also argued it now cooperates effectively and proactively with TfL and police forces, denying it conceals any failures. Furthermore, it claimed denying its licence would have a “profound effect” on groups at risk of street harassment — such as women and ethnic minorities, as well as disabled people.

It’s certainly fair to say the Uber of 2020 has travelled some distance from the company whose toxic internal culture included developing proprietary software to try to thwart regulatory oversight and eventually led to a major change of guard of its senior management.

However it’s interesting the court has taken the step of choosing to debate what length of licence Uber should receive. So while it’s a win for Uber, there are still some watchful caveats.

Offering commentary on today’s ruling, Anna McCaffrey, a senior counsel for the law firm Taylor Wessing, highlighted this element of the judgement. “The Magistrates Court agreed that Uber had made improvements and addressed TfL safety concerns. However, the fact that the length of extension is up for debate, rather than securing Uber’s preferred five year licence, demonstrates that Uber will have to work hard to continue to prove to TfL and the Court that it has really changed. If not, Uber is likely to find itself back in Court facing the same battle next year,” she noted in a statement.

She also pointed out that a decision is still pending from the Supreme Court to “finally settle” the question as to whether Uber’s drivers are workers or self-employed — another long-running legal saga for Uber in the UK.

It is also now facing fresh legal challenges related to its algorithmic management of drivers. So there’s still plenty of work for its lawyers.

The App Drivers and Couriers Union (ADCU), meanwhile, offered a cautious welcome of the court’s decision to grant Uber’s licence renewal — given how many of its members are picking up jobs via the platform.

However the union also called for the major of London to break up what it dubbed Uber’s “monopoly” by imposing limits on the numbers of drivers who can register on its platform. In a statement, ADCU president, Yaseen Aslam, argued: “The reduced scale will give both Uber and Transport for London the breathing space necessary to ensure all compliance obligations -– including worker rights — are met in future.”

Apple iCloud, Google Drive and Dropbox probed over ‘unfair’ T&Cs in Italy

Italy’s competition authority has opened an investigation into cloud storage services operated by Apple, Dropbox and Google, in response to a number of complaints alleging unfair commercial practices.

In a press release announcing the probe, the AGCM says it’s opened six investigations in all. The services of concern are Google’s Drive, Apple iCloud and the eponymous Dropbox cloud storage service.

As well as allegations of unfair commercial practices, the regulator said it’s looking into complaints of violations of Italy’s Consumer Rights Directive.

A further complaint alleges the presence of vexatious clauses in the contract.

We’ve reached out to the three tech giants for comment.

All three cloud storage services are being investigated over complaints of unfair practices related to the collection of user data for commercial purposes — such as a lack of proper information or valid consent for such commercial data collection — per the press release.

Dropbox is also being accused of failing to clearly communicate contractual conditions such as procedures for withdrawing from a contract or exercising a right to reconsider. Access to out-of-court dispute settlement mechanisms is also being looked at by the regulator.

Other contractual conditions probed over concerns of unfairness include clauses with sweeping rights for providers to suspend and interrupt the service; liability exemptions even in the event of loss of documents stored in the user’s cloud space; the possibility of unilateral modification of the contractual conditions; and the prevalence of the English version of the contract text over the Italian version.

In recent years the European Commission has made a pan-EU push for social media firms to clarify their T&Cs — which led to Facebook agreeing to plainer worded T&Cs last year, as well as making some additional tweaks, such as amending its power to unilaterally amend contracts.

Google pushes Europe to limit ‘gatekeeper’ platform rules

Google has made its pitch to shape the next decades of digital regulation across the European Union, submitting a 135-page response yesterday to the consultation on the forthcoming Digital Services Act (DSA) — which will update the bloc’s long-standing rules around ecommerce.

The package also looks set to introduce specific rules for so-called “gatekeeper platforms” which wield outsized market power thanks to digital network effects. Hence Mountain View’s dialled-up attention to detail.

The lion’s share of Google’s submission focuses on lobbying against the prospect of ex ante regulation for such platform giants — something the European Commission has nonetheless signalled is front of mind as it looks at how to rein in platform power.

This type of regulation intervention aims to identify competitive problems and shape responses ‘before the event’ via the application of obligations on players who hold significant market power vs after the fact competition enforcement when market harm has been established.

“A blanket approach to ex ante competition regulation could have unintended consequences on user experience as well as multiplying costs for European businesses,” it writes, urging lawmakers to take a long, hard look at existing regulation to see if it’s not able to do the job of ensuring markets are “working properly”.

“Where the evidence shows meaningful gaps, the next step ought to be to consider how one can modernise those existing rules and procedures to address the underlying concerns before turning to consideration of new and distinct regulatory frameworks,” it adds.

If EU lawmakers must go ahead with ex ante regulation of platforms giants, Google — an adtech giant — is especially keen that they do not single out any specific business models. So it definitely wouldn’t be a fan of ex ante regs applied only to surveillance-fuelled ad-targeting platforms. Funny that. 

“The criteria for identifying ‘gatekeeper power’ should be independent of the particular business model that a platform uses, making no distinction as between platforms that operate business models based on advertising, subscriptions, sales commissions, or sales of hardware,” Google writes.

“Digital platforms often operate using different business and monetization strategies, across multiple markets, geographies, and sectors, with varying degrees of competitive strength in each. Regulators should not favor or discriminate against any business, business model, or technology from the outset,” it goes on.

“In certain sectors, the platform may have market power; in others, it may be a new entrant or marginal player. The digital ecosystem is extremely diverse and evolving rapidly and it would be misguided for gatekeeper designations to be evaluated by reference to the position of an entire company or corporate group.”

Nor should lawmakers opt for what Google dubs “an overly simplistic” assessment of what constitutes a gatekeeper — giving the example of number of users as an inadequate way to determine whether a platform giant has significant market power in a given moment. (Relevant: Google market share of search in Europe exceeds 90%.)

“Recent competition enforcement demonstrates the range of platforms that have been found to have market power (e.g., Microsoft, Google, Facebook, Amazon, and Apple) and other platforms may be found to have market power in the future (borne out, for example, by the UK CMA’s investigation into online auction platform services),” it writes. “The gatekeeper assessment should therefore recognize that a range of platforms — operating a range of different business models (e.g., ad-funded, subscription-based, commission-based, hardware sales) — may hold ‘market power’ in different circumstances and vis-à-vis different platform participants.”

The tech giant can also be seen pushing a familiar talking point when its business is accused of profiting, parasitically, off of others’ content — by suggesting that when regulators are assessing whether a platform is a gatekeeper or not by considering the economic dependence of traditional businesses on a limited number of online platforms they should look favorably on those platforms “through which a materially significant proportion of business (e.g. in the form of highly valuable traffic) is channeled”.

But of course it would say that clicks are just as good as all the ad dollars it’s making.

Google is also pushing for regular review of any gatekeeper designations to ensure any obligations keep pace with fast-moving markets and competition shifts (it points to the recent rise of TikTok by way of example).

It also doesn’t want gatekeeper designations to apply universally across all markets — arguing instead they should only apply in the specific market where a platform is “found to have ‘gatekeeper’ power”.

“Large digital platforms tend to operate across multiple markets and sectors, with varying degrees of competitive strength in each,” Google argues, adding that: “Applying ex ante rules outside these markets would create a risk of deterring pro-competitive market entry through excessive regulation, thereby depriving SMEs and consumers of attractive new products.”

That would stand in contrast to the EU’s modus operandi around competition law enforcement — where a business that’s been judged to be dominant in one market (like Google is in search) has what competition chief Margrethe Vestager likes to refer to as a “special responsibility” not to abuse its market power to leverage that advantage in any other market, not only the one it’s been found to hold most of the market power.

At the same time as Google is lobbying for limits on any gatekeeper designations, the tech giant wants to see certain types of rules applied universally to all players. Here it gives the examples of privacy, transparency (such as for fees) and ranking decisions.

Data portability is another area it’s urging rules to be applied industry-wide.

It also wants to see any online ad rules applied universally, not just to gatekeeper platforms. But it’s also very keen for hard limits on any such rules.

“It will be important that any interventions seeking to achieve more transparency and accountability are carefully designed to avoid inadvertently hampering the ability of online advertising tools to deliver the value that publishers and advertisers have come to expect,” the adtech giant writes, lobbying to reduce the amount of transparency and accountability set down in law by invoking claims of privacy risks to user data; threats to commercial IP; and ‘bad actors’ gaming the system if it’s not allowed to continue being (an ad-fraud-tastic) blackbox.

“Consideration of these measures will therefore require the balancing of factors including protection of users’ personal data and partners’ commercially sensitive information, and potential harm to users and competition through disclosure of data signals that allow ‘bad actors’ to game the system, or rivals to copy innovations. We stand ready to engage with the Commission on these issues,” Google intones.

On updating ecommerce rules and liability — which is a stated aim of the DSA plan — Google is cautiously supportive of regulatory changes to reflect what it describes as “the digital transformation of the last two decades”. While pushing to retain core elements of the current e-Commerce Directive regime, including the country-of-origin principle and freedom to provide cross-border digital services. 

For example it wants to see more expansive definitions of digital services, to allow for more specific rules for certain types of businesses — pushing for a move away from the ‘active’ and ‘passive’ hosts distinction for platforms, to enable them to respond more proactively in a content moderation context without inviting liability by doing so, but suggesting hosting services may be better served by retaining the current regime (Article 14 of the e-Commerce Directive).

On liability for illegal content it is lobbying for see clear lines between illegal material and what’s “lawful-but-harmful”.

“Where Member States believe a category of content is sufficiently harmful, their governments may make that content illegal directly, through democratic processes, in a clear and proportionate manner, rather than through back-door regulation of amorphously-defined harms,” it writes.

It also wants the updated law to retain the general prohibition on content monitoring obligations — and downplays the potential of AI to offer any ‘third way’ there.

“While breakthroughs in machine learning and other technology are impressive, the technology is far from perfect, and less accurate on more nuanced or context-dependent content. Their mandated use would be inappropriate, and could lead to restrictions on lawful content and on citizens’ fundamental rights,” Google warns. “The DSA can help prevent risks to fundamental rights by ensuring that companies are not forced to prioritise speed of removal over careful decision-making,” it adds, saying it encounters “many grey-area cases that require appropriate time to evaluate the law and context”.

“We remain concerned about recent laws that enable imposition of large penalties if short, fixed turn-around times are not met,” it goes on, pointing to a recent ruling by the French Constitutional Council which struck down an online hate speech law on freedom of expression grounds.

“Any new standard should safeguard fundamental rights by ensuring an appropriate balance between speed and accuracy of removal,” Google adds.

You can read its full submission — including answers to the Commission’s questionnaire — here.

The Commission’s DSA consultation closes on September 8. EU lawmakers have previously said they will come forward with a draft proposal for the new rules by the end of the year.

With pandemic-era acquisitions, big tech is back in the antitrust crosshairs

With many major sectors totally frozen and reeling from losses, tech’s biggest players are proving themselves to be the exception to the rule yet again. On Friday, Facebook confirmed its plans to buy Giphy, a popular gif search engine, in a deal believed to be worth $400 million.

Facebook has indicated it wants to forge new developer and content relationships for Giphy, but what the world’s largest social network really wants with the popular gif platform might be more than meets the eye. As Bloomberg and other outlets have suggested, it’s possible that Facebook really wants the company as a lens into how users engage with its competitors’ social platforms. Giphy’s gif search tools are currently integrated into a number of messaging platforms, including TikTok, Twitter and Apple’s iMessage.

In 2018, Facebook famously got into hot water over its use of a mobile app called Onavo, which gave the company a peek into mobile usage beyond Facebook’s own suite of apps—and violated Apple’s policies around data collection in the process. After that loophole closed, Facebook was so desperate for this kind of insight on the competition that it paid people—including teens—to sideload an app granting the company root access and allowing Facebook to view all of their mobile activity, as TechCrunch revealed last year.

For lawmakers and other regulatory powers, the Giphy buy could ring two separate sets of alarm bells: one for the further evidence of anti-competitive behavior stacking the deck in the tech industry and another for the deal’s potential consumer privacy implications.

“The Department of Justice or the Federal Trade Commission must investigate this proposed deal,” Minnesota Senator Amy Klobuchar said in a statement provided to TechCrunch. “Many companies, including some of Facebook’s rivals, rely on Giphy’s library of sharable content and other services, so I am very concerned about this proposed acquisition.”

In proposed legislation late last month, Sen. Elizabeth Warren (D-MA) and Rep. Alexandria Ocasio-Cortez (D-NY) called for a freeze on big mergers, warning that huge companies might view the pandemic as a chance to consolidate power by buying smaller businesses at fire sale rates.

In a statement, a spokesperson for Sen. Warren called the Facebook news “yet another example of a giant company using the pandemic to further consolidate power,” noting the company’s “history of privacy violations.”

“We need Senator Warren’s plan for a moratorium on large mergers during this crisis, and we need enforcers who will break up Big Tech,” the spokesperson said.

News of Facebook’s latest moves come just days after a Wall Street Journal report revealed that Uber is looking at buying Grubhub, the food delivery service it competes with directly through Uber Eats.

That news also raised eyebrows among pro-regulation lawmakers who’ve been looking to break up big tech. Rep. David Cicilline (D-RI), who chairs the House’s antitrust subcommittee, called that deal “a new low in pandemic profiteering.”

“This deal underscores the urgency for a merger moratorium, which I and several of my colleagues have been urging our caucus to support,” Cicilline said in a statement on the Grubhub acquisition.

The early days of the pandemic may have taken some of the antitrust attention off of tech’s biggest companies, but as the government and the American people fall into a rhythm during the coronavirus crisis, that’s unlikely to last. On Friday, the Wall Street Journal reported that the Department of Justice and a collection of state attorneys general are in the process of filing antitrust lawsuits against Google, with the case expected to hit in the summer months.

Powerful House committee demands Jeff Bezos testify after ‘misleading’ statements

Amazon is in hot water with a powerful congressional committee interested in the company’s potentially anticompetitive business practices.

In a bipartisan letter sent Friday to Jeff Bezos, the House Judiciary committee demanded that the Amazon CEO explain discrepancies between his own prior statements and recent reporting from the Wall Street Journal. Specifically, the letter addressed Amazon’s apparent practice of diving into its trove of data on products and third-party sellers to come up with its own Amazon-branded competing products.

As the Journal notes, Amazon “has long asserted, including to Congress, that when it makes and sells its own products, it doesn’t use information it collects from the site’s individual third-party sellers—data those sellers view as proprietary.”

In documents and interviews with many former employees, the Journal found that Amazon does indeed consult that information when making decisions about pricing, product features and the kinds of products with the most potential to make the company money.

In the letter, the House Judiciary Committee accuses Bezos of making “misleading, and possibly criminally false or perjurious” statements to the committee when asked about the practice in the past.

“It is vital to the Committee, as part of its critical work investigating and understanding competition issues in the digital market, that Amazon respond to these and other critical questions concerning competition issues in digital markets,” the committee wrote, adding that it would subpoena the tech CEO if necessary.

While the coronavirus crisis has taken some of the heat off of tech’s mounting regulatory worries in the U.S., the committee’s actions make it clear that plenty of lawmakers are still interested in taking tech companies to task, even with so many aspects of life still up in the air.

Labor leaders and startup founders talk how to build a sustainable gig economy

Over the past few years, gig economy companies and the treatment of their labor force has become a hot button issue for public and private sector debate.

At our recent annual Disrupt event in San Francisco, we dug into how founders, companies and the broader community can play a positive role in the gig economy, with help from Derecka Mehrens, an executive director at Working Partnerships USA and co-founder of Silicon Valley Rising — an advocacy campaign focused on fighting for tech worker rights and creating an inclusive tech economy — and Amanda de Cadenet, founder of Girlgaze, a platform that connects advertisers with a network of 200,000 female-identifying and non-binary creatives.

Derecka and Amanda dove deep into where incumbent gig companies have fallen short, what they’re doing to right the ship, whether VC and hyper-growth mentalities fit into a sustainable gig economy, as well as thoughts on Uber’s new ‘Uber Works’ platform and CA AB-5. The following has been lightly edited for length and clarity.

Where current gig companies are failing

Arman Tabatabai: What was the original promise and value proposition of the gig economy? What went wrong?

Derecka Mehrens: The gig economy exists in a larger context, which is one in which neoliberalism is failing, trickle-down economics is proven wrong, and every day working people aren’t surviving and are looking for something more.

And so you have a situation in which the system we put together to create employment, to create our communities, to build our housing, to give us jobs is dysfunctional. And within that, folks are going to come up with disruptive solutions to pieces of it with a promise in mind to solve a problem. But without a larger solution, that will end up, in our view, exacerbating existing inequalities.