Blackbird.AI grabs $10M to help brands counter disinformation

New York-based Blackbird.AI has closed a $10 million Series A as it prepares to launched the next version of its disinformation intelligence platform this fall.

The Series A is led by Dorilton Ventures, along with new investors including Generation Ventures, Trousdale Ventures, StartFast Ventures and Richard Clarke, former chief counter-terrorism advisor for the National Security Council. Existing investor NetX also participated.

Blackbird says it’ll be used to scale up to meet demand in new and existing markets, including by expanding its team and spending more on product dev.

The 2017-founded startup sells software as a service targeted at brands and enterprises managing risks related to malicious and manipulative information — touting the notion of defending the “authenticity” of corporate marketing.

It’s applying a range of AI technologies to tackle the challenge of filtering and interpreting emergent narratives from across the Internet to identify disinformation risks targeting its customers. (And, for the record, this Blackbird is no relation to an earlier NLP startup, called Blackbird, which was acquired by Etsy back in 2016.)

Blackbird AI is focused on applying automation technologies to detect malicious/manipulative narratives — so the service aims to surface emerging disinformation threats for its clients, rather than delving into the tricky task of attribution. On that front it’s only looking at what it calls “cohorts” (or “tribes”) of online users — who may be manipulating information collectively, for a shared interest or common goal (talking in terms of groups like antivaxxers or “bitcoin bros”). 

Blackbird CEO and co-founder Wasim Khaled says the team has chalked up five years of R&D and “granular model development” to get the product to where it is now. 

“In terms of technology the way we think about the company today is an AI-driven disinformation and narrative intelligence platform,” he tells TechCrunch. “This is essentially the efforts of five years of very in-depth, ears to the ground research and development that has really spanned people everywhere from the comms industry to national security to enterprise and Fortune 500,  psychologists, journalists.

“We’ve just been non-stop talking to the stakeholders, the people in the trenches — to understand where their problem sets really are. And, from a scientific empirical method, how do you break those down into its discrete parts? Automate pieces of it, empower and enable the individuals that are trying to make decisions out of all of the information disorder that we see happening.”

The first version of Blackbird’s SaaS was released in November 2020 but the startup isn’t disclosing customer numbers as yet. v2 of the platform will be launched this November, per Khaled. 

Also today it’s announcing a partnership with PR firm, Weber Shandwick, to provide support to customers on how to respond to specific malicious messaging that could impact their businesses and which its platform has flagged up as an emerging risk.

Disinformation has of course become a much labelled and discussed feature of online life in recent years, although it’s hardly a new (human) phenomenon. (See, for example, the orchestrated airbourne leaflet propaganda drops used during war to spread unease among enemy combatants and populations). However it’s fair to say that the Internet has supercharged the ability of intentionally bad/bogus content to spread and cause reputational and other types of harms.

Studies show the speed of online travel of ‘fake news’ (as this stuff is sometimes also called) is far greater than truthful information. And there the ad-funded business models of mainstream social media platforms are implicated since their commercial content-sorting algorithms are incentivized to amplify stuff that’s more engaging to eyeballs, which isn’t usually the grey and nuanced truth.

Stock and crypto trading is another growing incentive for spreading disinformation — just look at the recent example of Walmart targeted with a fake press release suggesting the retailer was about to accept litecoin.

All of which makes countering disinformation look like a growing business opportunity.

Earlier this summer, for example, another stealthy startup in this area, ActiveFence, uncloaked to announce a $100M funding round. Others in the space include Primer and Yonder (previously New Knowledge), to name a few.

 

While some other earlier players in the space got acquired by some of the tech giants wrestling with how to clean up their own disinformation-ridden platforms — such as UK-based Fabula AI, which was bought by Twitter in 2019.

Another — Bloomsbury AI — was acquired by Facebook. And the tech giant now routinely tries to put its own spin on its disinformation problem by publishing reports that contain a snapshot of what it dubs “coordinated inauthentic behavior” that it’s found happening on its platforms (although Facebook’s selective transparency often raises more questions than it answers.)

The problems created by bogus online narratives ripple far beyond key host and spreader platforms like Facebook — with the potential to impact scores of companies and organizations, as well as democratic processes.

But while disinformation is a problem that can now scale everywhere online and affect almost anything and anyone, Blackbird is concentrating on selling its counter tech to brands and enterprises — targeting entities with the resources to pay to shrink reputational risks posed by targeted disinformation.

Per Khaled, Blackbird’s product — which consists of an enterprise dashboard and an underlying data processing engine — is not just doing data aggregation, either; the startup is in the business of intelligently structuring the threat data its engine gathers, he says, arguing too that it goes further than some rival offerings that are doing NLP (natural language processing) plus maybe some “light sentiment analysis”, as he puts it.

Although NLP is also key area of focus for Blackbird, along with network analysis — and doing things like looking at the structure of botnets.

But the suggestion is Blackbird goes further than the competition by merit of considering a wider range of factors to help identify threats to the “integrity” of corporate messaging. (Or, at least, that’s its marketing pitch.)

Khaled says the platform focuses on five “signals” to help it deconstruct the flow of online chatter related to a particular client and their interests — which he breaks down thusly: Narratives, networks, cohorts, manipulation and deception. And for each area of focus Blackbird is applying a cluster of AI technologies, according to Khaled.

But while the aim is to leverage the power of automation to tackle the scale of the disinformation challenge that businesses now face, Blackbird isn’t able to do this purely with AI alone; expert human analysis remains a component of the service — and Khaled notes that, for example, it can offer customers (human) disinformation analysts to help them drill further into their disinformation threat landscape.

“What really differentiates our platform is we process all five of these signals in tandem and in near real-time to generate what you can think of almost as a composite risk index that our clients can weigh, based on what might be most important to them, to rank the most important action-oriented information for their organization,” he says.

“Really it’s this tandem processing — quantifying the attack on human perception that we see happening; what we think of as a cyber attack on human perception — how do you understand when someone is trying to shift the public’s perception? About a topic, a person, an idea. Or when we look at corporate risk, more and more, we see when is a group or an organization or a set of accounts trying to drive public scrutiny against a company for a particular topic.

“Sometimes those topics are already in the news but the property that we want our customers or anybody to understand is when is something being driven in a manipulative manner? Because that means there’s an incentive, a motive, or an unnatural set of forces… acting upon the narrative being spread far and fast.”

“We’ve been working on this, and only this, and early on decided to do a purpose-built system to look at this problem. And that’s one of the things that really set us apart,” he also suggests, adding: “There are a handful of companies that are in what is shaping up to be a new space — but often some of them were in some other line of work, like marketing or social and they’ve tried to build some models on top of it.

“For bots — and for all of the signals we talked about — I think the biggest challenge for many organizations if they haven’t completely purpose built from scratch like we have… you end up against certain problems down the road that prevent you from being scalable. Speed becomes one of the biggest issues.

“Some of the largest organizations we’ve talked to could in theory product the signals — some of the signals that I talked about before — but the lift might take them ten to 12 days. Which makes it really unsuited for anything but the most forensic reporting, after things have kinda gone south… What you really need it in is two minutes or two seconds. And that’s where — from day one — we’ve been looking to get.”

As well as brands and enterprises with reputational concerns — such as those whose activity intersects with the ESG space; aka ‘environmental, social and governance’ — Khaled claims investors are also interested in using the tool for decision support, adding: “They want to get the full picture and make sure they’re not being manipulated.”

At present, Blackbird’s analysis focuses on emergent disinformation threats — aka “nowcasting” — but the goal is also to push into disinformation threat predictive — to help prepare clients for information-related manipulation problems before they occur. Albeit there’s no timeframe for launching that component yet.

“In terms of counter measurement/mitigation, today we are by and large a detection platform, starting to bridge into predictive detection as well,” says Khaled, adding: “We don’t take the word predictive lightly. We don’t just throw it around so we’re slowly launching the pieces that really are going to be helpful as predictive.

“Our AI engine trying to tell [customers] where things are headed, rather than just telling them the moment it happens… based on — at least from our platform’s perspective — having ingested billions of posts and events and instances to then pattern match to something similar to that that might happen in the future.”

“A lot of people just plot a path based on timestamps — based on how quickly something is picking up. That’s not prediction for Blackbird,” he also argues. “We’ve seen other organizations call that predictive; we’re not going to call that predictive.”

In the nearer term, Blackbird has some “interesting” counter measurement tech to assist teams in its pipeline, coming in Q1 and Q2 of 2022, Khaled adds.

Apple and Google bow to pressure in Russia to remove Kremlin critic’s tactical voting app

Apple and Google have removed a tactical voting app created by the organization of jailed Kremlin critic, Alexei Navalny, from their respective mobile app stores in Russia.

Earlier this week Reuters reported that the Russian state had been amping up the pressure on foreign tech giants ahead of federal elections — appropriating the language of “election interference” to push US companies to censor the high profile political opponent to president Putin.

On Twitter today, a key Navalny ally, Ivan Zhdanov, tweeted that his organization is considering suing Apple and Google over removal of the apps — dubbing the act of censorship a “huge mistake”.

Zhdanov has also published what he says is Apple’s response to Team Navalny — in which the tech giant cites the Kremlin’s classification of a number of pro-Navalny organizations as “extremist” groups to justify its removal of the software.

(Image credit: Screengrab of detail from Apple’s notification to the developer, via Zhdanov’s tweet)

Apple and Google routinely say they comply with ‘all local laws’ in the countries where they operate.

However in Russia that stance means they have become complicit in acts of political censorship.

“We note that the Prosecutor’s Office of the Russian Federation and the Prosecutor’s Office of the City of Moscow have also determined that the app violates the legislation of the Russian Federation by enabling interference in elections,” Apple writes in the notification of takedown it sent to the developer of the tactical voting app.

“While your app has been removed from the Russia App Store, it is still available in the App Stores for the other territories you selected in App Store Connect,” Apple adds.

Apple and Google have been contacted for comment on the removal of Navalny’s app.

 

Also via Twitter, Zhdanov urged supporters to focus on the tactical voting mission — tweeting a link to a video hosted on Google-owned YouTube which contains recommendations to Russians on how to cast an anti-Putin vote in the parliamentary elections taking place today until Sunday.

Navalny’s supporters are hoping to mobilize voters across Russia to cast tactical ballots in a bid to unseat Putin by voting for whatever candidate has the best chance of defeating the ruling United Russia party.

Their tactical voting strategy has faced some criticism — given that many of the suggested alternatives are, at best, only very weakly opposed to Putin’s regime.

However Navalny’s supporters would surely point out they are having to operate within a flawed system.

After Apple and Google initially refused to remove Navalny’s ‘Smart Voting’ app, last month, the Russian state has been attempting to block access to his organization’s website.

It has even reportedly targeted Google docs — which supporters of Navalny have also been using to organize tactical voting efforts.

Screengrab of the Smart Voting app on the UK iOS app store (Image credits: Natasha Lomas/TechCrunch)

Earlier this month Reuters reported that Russia’s communications regulator, Roskomnadzor, had threatened Apple and Google with fines if they did not remove the Smart Voting app — warning that failure to comply could be interpreted as election meddling.

Russian press has also reported that Apple and Google were summoned to a meeting at the Federation Council on the eve of the election — as Putin’s regime sought to force them to do his anti-democratic bidding.

According to a report by Kommersant, the tech giants were warned the Russian Federation was preparing to tighten regulations on their businesses — and told to “come to their senses”, facing another warning that they were at a “red line”.

The last ditch effort to force the platforms to remove Navalny’s app did then pay off.

In recent weeks, Roskomnadzor has also been targeting VPN apps in the country for removal — making it hard for Russians to circumvent the local ban on Navalny’s app by accessing the software through the stores of other countries.

Local search giant, Yandex, has also reportedly been ordered not to display search results for the Smart Voting app.

Earlier this year, Putin’s regime also targeted Twitter — throttling the service for failing to remove content it wanted banned, although Roskomnadzor claimed the action was related to non-political content such as minors committing suicide, child sexual exploitation and drug use.

Tanso nabs $1.9M pre-seed to help industrial manufacturers do sustainability reporting

The climate crisis is creating massive demand for data capture as industries grapple with how to decarbonize. Put simply, you can’t cut your carbon emissions if don’t know what they are in the first place.

This need to gather data is a big opportunity for startups — and a wave of early companies have already been founded to try to plug the sustainability data gap, through things like APIs to assess emissions for carbon offsetting (which in turn has led to other startups trying to tackle the data gap around offsetting projects…).

One thing is clear: Requirements for sustainability reporting are only going to get broader and deeper from here on in.

Munich-based Tanso is an early stage startup (founded this year) that’s building software to support sustainability reporting for a particular sector (industrial manufacturers) — with the goal of creating a data management system that can automate data capture and sustainability reporting geared towards the specific needs of the sector.

The startup says it decided to focus on industrial manufacturing because it’s both an emissions-heavy sector and underserved with supportive digital tech vs many other industries.

The founders met during their studies at universities in Munich and Zurich — where they’d been researching the assessment of organizational climate impact. Their collective expertise crystalized into the realization of a business opportunity to build a data management system for a notoriously polluting sector that’s facing a mandate to change.

In the coming years, European regulations will expand sustainability reporting requirements — with the EU’s ‘Green Deal’ plan setting an overarching goal of Europe becoming the first “climate-neutral” continent by 2050.

Specific (existing) reporting requirements within the bloc include the EU Corporate Sustainability Reporting Directive (CSRD), which will apply to more than 50,000 companies — requiring they report on their sustainability metrics, starting in 2023.

The UK (now outside the EU) already introduced some reporting requirements for domestic companies, under the Streamlined Energy and Carbon Reporting (SECR) regulation, which has applied since 2019 and applies to over 12,000 businesses in the UK in varying degrees of detail depending on the size of the company.

So there is a clear direction of travel in the region requiring businesses to gather and report sustainability data.

Tanso has just closed a $1.9 million pre-seed raise with the aim of getting its data management support software to market in time for an expected surge in demand as sustainability regulations like CSRD start to bite.

The raise is led by German early stage b2b fund UVC Partners, with participation from Picus Capital, Possible Ventures, and a number of business angels.

Tanso is still in the R&D/product development phase, with co-founder Gyri Reiersen telling TechCrunch it’s currently working with a number of manufacturers to “figure out the sweet spot” for automating data gathering so it can come to market with a scalable product offering. She says the team raised a relatively large pre-seed exactly to see it through until it’s got something fit to launch (it’s hoping to have something “solid, verified and scalable” by the end of 2022, per Reiersen).

The goal for the product is a single platform that gathers and holds all the customer’s sustainability data and can automate the generation of reports to meet regulatory requirements — including auditing.

From 2025, Reiersen points out that CSRD reporting needs to be “auditable”, meaning that you have to have “some form of transparency and traceability”; and also that the “correctness” of sustainability reporting will be a C-Suite responsibility. So that must concentrate boardroom minds.

“Going beyond that it’s all about how can you use this data and the insights that the data gives you to make predictions and models going forward for how should we develop our products? What makes sense to do going forward to make?” she adds.

“What we’re prototyping currently is to streamline the workflow of information gathering,” Reiersen also tells us, discussing the product dev process. “Also to have really good, fundamental user-flow for the users to use our product. And then doing the deep dives on integrations over time.”

She says the challenge is finding the trade-off between usability and “digging into the data”. “For us it’s very important to have a scalable product, especially having it fully scalable from 2023 when the CSRD are started because then there will be desperation on the market. Companies will need to have something,” she adds.

“We need to have these solutions… that take one step in the right direction for all companies and not just have a couple of carbon neutral companies… So for us it’s more about finding the productizable use-cases in the beginning to make this a scalable product.”

But she also warns over a proliferation of overly “shallow” offerings in the space — driven by marketing-led ‘greenwashing’ (and bogus carbon offsetting) rather than a genuine desire to correctly identify the problem and course-correct which is what’s actually needed for humanity to avert climate disaster.

Reiersen adds that she got really interested in this space through her university work researching the overestimation of carbon offsets through deep learning.

“There is such a need for accountability and making sure that the product that is being developed actually do their job correctly. Because it’s so easy to just have a black box and trust it. We can’t afford having systems that overestimate or underestimate. It needs to be accurate and it needs to be validated,” she says.

“Going forward accuracy will mean more and more and then you need to access the ‘real data’ and not just ‘guestimations’,” she predicts. “And that’s where we see that of course we need to be very front-end/UX-friendly, and making it easy for people to enter the right data and have a very user-friendly, usable product and that people are guided through the process of gathering the right data… but also over time really focusing on how do you integrate and get access to the data at the data-base level?”

 

Europe plans a Chips Act to boost semiconductor sovereignty

The EU will use legislation to push for greater resilience and sovereignty in regional semiconductor supply chains.

The bloc’s president trailed a forthcoming ‘European Chips Act’ in a state of the union speech today. Ursula von der Leyen suggested that gaining greater autonomy in chipmaking is now a key component of the EU’s overarching digital strategy.

She flagged the global shortage of semiconductors, which has led to slow downs in production for a range of products that rely on chips to drive data processing — from cars and trains to smartphones and other consumer electronics — as driving EU lawmakers’ concern about European capacity in this area.

“There is no digital without chips,” said von der Leyen. “While we speak, whole production lines are already working at reduced speed — despite growing demand — because of a shortage of semi-conductors.

“But while global demand has exploded, Europe’s share across the entire value chain, from design to manufacturing capacity has shrunk. We depend on state-of-the-art chips manufactured in Asia. So this is not just a matter of our competitiveness. This is also a matter of tech sovereignty. So let’s put all of our focus on it.”

The Chips Act will aim to link together the EU’s semiconductor research, design and testing capacities, she said, calling for “coordination” between EU and national investments in this area to help boost the bloc’s self-sufficiency.

“The aim is to jointly create a state-of-the-art European chip ecosystem, including production. That ensures our security of supply and will develop new markets for ground-breaking European tech,” she added.

The EU president couched the ambition for bolstering European chip capacity as a “daunting task” but likened the mission to what the bloc did with its Galileo satellite navigation system two decades ago.

“Today European satellites provide the navigation system for more than 2 billion smartphones worldwide. We are world leaders. So let’s be bold again, this time with semi-conductors.”

In follow up remarks, the EU’s internal market commissioner, Thierry Breton, put a little more meat on the bones of the legislative plan — saying the Commission wants to integrate Member State efforts into a “coherent” pan-EU semiconductor strategy and also create a framework “to avoid a race to national public subsidies fragmenting the single market”.

The aim will be to “set conditions to protect European interests and place Europe firmly in the global geopolitical landscape”, he added.

Per Breton, the Chip Act will comprise three elements: Firstly, a semiconductor research strategy that will aim to build on work being done by institutions such as IMEC in Belgium, LETI/CEA in France and Fraunhofer in Germany.

“Building on the existing research partnership (the KDT Joint Undertaking), we need to up our game, and design a strategy to push the research ambitions of Europe to the next level while preserving our strategic interests,” he noted.

The second component will consist of a collective plan to boost European chipmaking capacity.

He said the planned legislation will aim to support chip supply chain monitoring and resilience across design, production, packaging, equipment and suppliers (e.g. producers of wafers).

The goal will be to support the development of European “mega fabs” that are able to produce high volumes of the most advanced (towards 2nm and below) and energy-efficient semiconductors.

However the EU isn’t planning for a future when it can make all the chips it needs itself.

The last plank of the European Chip Act will set out a framework for international co-operation and partnership.

“The idea is not to produce everything on our own here in Europe. In addition to making our local production more resilient, we need to design a strategy to diversify our supply chains in order to decrease over-dependence on a single country or region,” Breton went on. “And while the EU aims to remain the top global destination of foreign investment and we welcome foreign investment to help increase our production capacity especially in high-end technology, through the European Chips Act we will also put the right conditions in place to preserve Europe’s security of supply.”

“The US are now discussing a massive investment under the American Chips Act designed to finance the creation of an American research centre and to help open up advanced production factories. The objective is clear: to increase the resilience of US semiconductor supply chains,” he added.

“Taiwan is positioning itself to ensure its primacy on semiconductor manufacturing. China, too, is trying to close the technological gap as it is constrained by export control rules to avoid technological transfers. Europe cannot and will not lag behind.”

In additional documentation released today, the EU said the Chips Act will build on other digital initiatives already presented by the Von der Leyen Commission — such as moves to contain the power of “gatekeeper” Internet giants and increase platforms’ accountability (the Digital Markets Act and Digital Services Act); regulate high risk applications of AI (the Artificial Intelligence Act); tackle online disinformation (via a beefed up code of practice); and boost investment in regional digital infrastructure and skills.

Ireland probes TikTok’s handling of kids’ data and transfers to China

Ireland’s Data Protection Commission (DPC) has yet another ‘Big Tech’ GDPR probe to add to its pile: The regulator said yesterday it has opened two investigations into video sharing platform TikTok.

The first covers how TikTok handles children’s data, and whether it complies with Europe’s General Data Protection Regulation.

The DPC also said it will examine TikTok’s transfers of personal data to China, where its parent entity is based — looking to see if the company meets requirements set out in the regulation covering personal data transfers to third countries.

TikTok was contacted for comment on the DPC’s investigation.

A spokesperson told us:

“The privacy and safety of the TikTok community, particularly our youngest members, is a top priority. We’ve implemented extensive policies and controls to safeguard user data and rely on approved methods for data being transferred from Europe, such as standard contractual clauses. We intend to fully cooperate with the DPC.”

The Irish regulator’s announcement of two “own volition” enquiries follows pressure from other EU data protection authorities and consumers protection groups which have raised concerns about how TikTok handles’ user data generally and children’s information specifically.

In Italy this January, TikTok was ordered to recheck the age of every user in the country after the data protection watchdog instigated an emergency procedure, using GDPR powers, following child safety concerns.

TikTok went on to comply with the order — removing more than half a million accounts where it could not verify the users were not children.

This year European consumer protection groups have also raised a number of child safety and privacy concerns about the platform. And, in May, EU lawmakers said they would review the company’s terms of service.

On children’s data, the GDPR sets limits on how kids’ information can be processed, putting an age cap on the ability of children to consent to their data being used. The age limit varies per EU Member State but there’s a hard cap for kids’ ability to consent at 13 years old (some EU countries set the age limit at 16).

In response to the announcement of the DPC’s enquiry, TikTok pointed to its use of age gating technology and other strategies it said it uses to detect and remove underage users from its platform.

It also flagged a number of recent changes it’s made around children’s accounts and data — such as flipping the default settings to make their accounts privacy by default and limiting their exposure to certain features that intentionally encourage interaction with other TikTok users if those users are over 16.

While on international data transfers it claims to use “approved methods”. However the picture is rather more complicated than TikTok’s statement implies. Transfers of Europeans’ data to China are complicated by there being no EU data adequacy agreement in place with China.

In TikTok’s case, that means, for any personal data transfers to China to be lawful, it needs to have additional “appropriate safeguards” in place to protect the information to the required EU standard.

When there is no adequacy arrangement in place, data controllers can, potentially, rely on mechanisms like Standard Contractual Clauses (SCCs) or binding corporate rules (BCRs) — and TikTok’s statement notes it uses SCCs.

But — crucially — personal data transfers out of the EU to third countries have faced significant legal uncertainty and added scrutiny since a landmark ruling by the CJEU last year which invalidated a flagship data transfer arrangement between the US and the EU and made it clear that DPAs (such as Ireland’s DPC) have a duty to step in and suspend transfers if they suspect people’s data is flowing to a third country where it might be at risk.

So while the CJEU did not invalidate mechanisms like SCCs entirely they essentially said all international transfers to third countries must be assessed on a case-by-case basis and, where a DPA has concerns, it must step in and suspend those non-secure data flows.

The CJEU ruling means just the fact of using a mechanism like SCCs doesn’t mean anything on its own re: the legality of a particular data transfer. It also amps up the pressure on EU agencies like Ireland’s DPC to be pro-active about assessing risky data flows.

Final guidance put out by the European Data Protection Board, earlier this year, provides details on the so-called ‘special measures’ that a data controller may be able to apply in order to increase the level of protection around their specific transfer so the information can be legally taken to a third country.

But these steps can include technical measures like strong encryption — and it’s not clear how a social media company like TikTok would be able to apply such a fix, given how its platform and algorithms are continuously mining users’ data to customize the content they see and in order to keep them engaged with TikTok’s ad platform.

In another recent development, China has just passed its first data protection law.

But, again, this is unlikely to change much for EU transfers. The Communist Party regime’s ongoing appropriation of personal data, through the application of sweeping digital surveillance laws, means it would be all but impossible for China to meet the EU’s stringent requirements for data adequacy. (And if the US can’t get EU adequacy it would be ‘interesting’ geopolitical optics, to put it politely, were the coveted status to be granted to China…)

One factor TikTok can take heart from is that it does likely have time on its side when it comes to the’s EU enforcement of its data protection rules.

The Irish DPC has a huge backlog of cross-border GDPR investigations into a number of tech giants.

It was only earlier this month that Irish regulator finally issued its first decision against a Facebook-owned company — announcing a $267M fine against WhatsApp for breaching GDPR transparency rules (but only doing so years after the first complaints had been lodged).

The DPC’s first decision in a cross-border GDPR case pertaining to Big Tech came at the end of last year — when it fined Twitter $550k over a data breach dating back to 2018, the year GDPR technically begun applying.

The Irish regulator still has scores of undecided cases on its desk — against tech giants including Apple and Facebook. That means that the new TikTok probes join the back of a much criticized bottleneck. And a decision on these probes isn’t likely for years.

On children’s data, TikTok may face swifter scrutiny elsewhere in Europe: The UK added some ‘gold-plaiting’ to its version of the EU GDPR in the area of children’s data — and, from this month, has said it expects platforms meet its recommended standards.

It has warned that platforms that don’t fully engage with its Age Appropriate Design Code could face penalties under the UK’s GDPR. The UK’s code has been credited with encouraging a number of recent changes by social media platforms over how they handle kids’ data and accounts.

Onin is trying to fix event planning by combining calendar and chat

What would happened if your go-to calendar and messaging apps were in fact one and the same thing? That’s the thinking behind Onin — a UK startup that wants to simplify event planning by, well, making a more organized app for organizing stuff.

If that sounds a little niche, it pays to remember that calendars have been having a bit of a moment (ha!) of late (ho!) — what with the pandemic parceling our work lives into endless virtual meeting slots. Aka: How many Zoom calls can one human survive in a single day?

Certainly the limitations of digital calendars, these rather unlovely (yet ever more essential) time-management tools, have had faced closer scrutiny since COVID-19 popped up on the scene. Flaws? Yes they have a few.

And so we’ve seen a burst of startup attention to the space in recent years. Think stuff like Calendly and Reclaim.ai for more efficiently managing meeting scheduling (aka ‘smart calendar assistants’) — or, more recently, Magical — which is trying to push the (invite) envelope a little further by trying to make calendars more collaborative.

Onin is taking a similarly collaborative tack — but with, initially, more of a consumer focus: It wants to be your new go-to app to arrange stuff like drinks or trips with your friends. (If it can take off with twentysomething socialites and worm its way from B2C into work settings via a consumerization backdoor then great, is the founder’s thinking there.)

But why do you need a whole new app for organizing birthday drinks, I hear you cry!?

Because the experience of using a digital tool to arrange multi-person events is frustratingly un-social and friction-filled is Onin’s argument.

With a typical calendar, an event creator owns the event (and therefore the planning process) so only they can make changes that sync to all participants. Hence those endless emails discussion threads that spring up around nascent group events as people try to hash out the details of a plan — who’s free when and which location works for everyone and so on — and then nag the self appointed organizer to update the invite so everyone stays on the same page.

Onin’s alternative approach avoids this planning asymmetry by collapsing and combining chat and calendar into a one-stop scheduling dream: “One place to find time and plan events without leaving the chat.” Or, well, that’s the promise.

(And — yes — it will still integrate with your existing calendar software so that events planned in Onin get synced back there.)

Here’s founder Ryan Brodie laying it out: “We want to be the aggregation layer for events, contextualising the process & third party integrations so there’s zero fragmentation between them and the discussion that forms them (right now the event in our diaries is always one step behind the convo and every step is duplicated)

“To do this we want to replace your calendar app/web app and act as a client for whatever calendar provider you use (‘bring your own calendar’).”

“We’re starting from the consumer and consumer meet-up side however we strongly believe (and have already proven) Onin’s usefulness across sectors,” he also argues. “The key thing is we’re chat first not event first; 95% of the planning is happening by chat and not by editing the event’s details, thus our hard work on bringing the event into the conversation itself (you can @mention the group in any of its sub-groups too making referring to an upcoming event delightful).”

Per Brodie, the problem Onin is focused on stems from fragmentation related to the long-standing iCalendar standard —  aka the Internet Calendaring and Scheduling Core Object Specification format (RFC 5545), which allows different scheduling services to understand and process calendaring items (and was first created in 1998) — which is really why, as he tells it, trying to do group scheduling with existing calendar apps is such a frustrating mess.

Onin’s answer to this legacy fragmentation takes the form of a patent-pending “architectural solution” — which means the software always ‘organizes’ the event “from a calendaring perspective, not a specific user”, as Brodie puts it. (Or, more simply: “The organiser is the group email address and we control its sync.”)

The effect of that is to circumvent the fragmentation between an event and its communication channels — thereby removing unnecessary friction from the event planning process by letting groups plan stuff together more spontaneously.

“No one has solved this problem before,” claims Brodie (who’s name may be familiar as he co-founded YC-backed Muslim dating app Muzmatch, before moving on to his next app challenge).

“It’s incredibly hard to as the calendaring standards are decentralised and non-canonical (our tech made our events centralised and canonical). Everything you can do in our native apps you can do with very low friction web experience first (every Onin group is a rapidly shareable link).”

Asked about other software solutions, he suggests Onin is shooting to be “Microsoft Teams, just done right”. So, er, touché. (“An easy to use product and one that’s simple to understand, isn’t locked into the Microsoft ecosystem, and yet is incredibly powerful and versatile, scaling from 1:1 conversations to groups of hundreds of people, all the time seamlessly syncing event information into participant’s diaries,” is the ambition.)

“We send the invites to all users vs using their own calendar like say Calendly does,” Brodie also tells us, going into more detail on how exactly Onin does things differently vs rivals. “Therefore events are fully collaborative and provide a history of changes inside Onin but in your external calendar all you can do is change your attending status as a regular participant. This makes Onin very sticky!”

For now, it’s still super early for the product — which bagged some attention after launching on Product Hunt in August — and is just now launching as an MVP. But Onin has already turned investor heads, raising a $1M pre-seed round (“with just the idea”) last summer — which looks like a notable vote of confidence at such an early stage.

Backers in the pre-seed include Entrepreneur First’s Matt Clifford and Hambro Perks (on angel terms), plus a number of others who aren’t up for going public just yet.

“We’ve had over 400 people join the early access program in 48 hours which involved an 8-step form detailing their calendar woes, I’m very confident there is serious demand simply in combining chat and calendar,” adds Brodie, before segueing into reeling off a list of integrations and features the team is working on adding.

“We already have an official Zoom integration and are working on Typeform & Calendly integrations (Notion, Google Workspace, etc. all targeted). We then want to take over the event based discussions you have in other apps as a result, with you thinking of the event as living in Onin (‘zero switching cost’). For example, when you join the Zoom call a contextual message is sent into the group — “[Ryan] joined Zoom” — no one has done this before!

“We own the event that is synced to everyone’s diaries, it all links back to Onin. We have a unique, patent pending Talk around time chat UI that makes all of this possible. We have a very Notion-y style group/sub-group system, it’s a) extremely easy to create follow up events and b) easy to create sub-plans too (e.g. a holiday with lots of activities or a product launch with TechCrunch interviews…).”

Index leads $12.2M seed in Sourceful, a data play to make supply chains greener

Supply chains can be a complex logistical challenge. But they pose an even greater environmental challenge. And it’s that latter problem — global supply-chain sustainability — where UK startup Sourceful is fully focused, although it argues its approach can boost efficiency as well as shrink environmental impact. So it’s a win-win, per the pitch.

Early investors look impressed: Sourceful is announcing a $12.2 million seed funding round today, led by Europe’s Index Ventures (partner, Danny Rimer, is joining the board). Eka Ventures, Venrex and Dylan Field (Figma founder), also participated in the chunky raise.

The June 2020-founded startup says it will use the new funding to scale its operations and build out its platform for sustainable sourcing, with a plan to hire more staff across technology, sustainability, marketing and ops.

Its team has already grown fivefold since the start of 2021 — and it’s now aiming to reach 60 employees by the end of the year.

And all this is ahead of a public launch that’s programmed for early next year.

Sourceful’s platform is in pre-launch beta for now, with around 20 customers across a number of categories — such as food & beverages (Foundation Coffee House), fashion and accessories (Fenton), healthcare (Elder), and online marketplaces (Floom and Stitched) — kicking the tyres in the hopes of making better supply chain decisions.

Startup watchers will know that supply chain logistics and freight forwarding has been a hotbed of activity — with entrepreneurs making waves for years now, promising efficiency gains by digitizing legacy (and often still pretty manual) legacy processes.

Sustainability-focused supply chain startups are a bit more of a recent development (with some category-pioneering exceptions) but could be set for major uplift as the world’s attention spins toward decarbonizing. (Just this month we’ve also covered Portcast and Responsibly, for example.)

Sourceful joins the fray with a dual-sided promise to tackle sustainability and efficiency by mapping client requirements to vetted suppliers on its marketplace — handling the buying and shipping logistics piece (including a little warehousing) — and taking a commission on the overall price as its cut of the action.

At first glance it’s a curious choice of name for a sustainability startup, given the fact that sourcing (a whole lot) less is what’s ultimately going to be needed for humanity to cut its global carbon emissions enough to avert climate disaster. But maybe the intended wordplay here is ‘full’ — in the sense of ‘fully optimized’.

The UK startup is attacking the supply chain sustainability problem from the perspective of doing something right now, arguing that making a dent in consumer-driven environmental impacts of sourcing stuff (packaging, merchansize, components etc) is a lot better than letting the same old polluting status quo roll on. 

However, given all the unverifiable ‘eco’ marketing claims being attached to products nowadays — or, indeed, other forms of flagrant ‘greenwashing’ (like bogus carbon offsets) that are cynically trying to convince consumers it’s okay to keep consuming as much as ever — there are clearly pitfalls to avoid too.

If you’re talking about packaging — which is one of the products that Sourceful is deeply focused on, with a forthcoming design capability offering that will help businesses to customize packaging designs, pick materials, size etc based on real-time data, all with the goal of encouraging ‘greener’ choices — less really is more.

Ideally, zero packaging is what your business should be aiming for (where practical, ofc). Yet Sourceful’s service will, inevitably, support demand for packaging supply and manufacture. At least in the first blush. So there’s a bit of a conundrum.

“You can put a carbon footprint score on packaging in general. So you could say packaging overall is this amount so the best thing you could do is not use any packaging. But the reality is, for most brands right now, especially for ecommerce, if you’re trying to deliver your product to the customer there needs to be some packaging — and so if packaging is unavoidable in its current form or in another form then the best thing you can then do is optimize that packaging,” argues CEO and co-founder Wing Chan, when we make the point that zero packaging is the most sustainable option.

“Right now we think the best solution is to help you optimize your packaging — the next wave will be around circular forms of packaging. Packaging that you can return back to your courier, packaging that you can reuse in another form. But we wanted to start with what is the current pain point. And the pain point is: I’m buying packaging, it’s very expensive, it’s very time-consuming and if I try and get it to be ‘green’ I either put a marketing spin on it or I don’t know how to actually make it more sustainable.

“But I definitely agree with you that long term we’ve got to think about how do I get the supply chain number as close to zero and then offset whatever’s remaining.”

For now, then, Sourceful is using data — combined with its marketplace of vetted suppliers (~40 at this stage) in the UK and China — to help companies optimize sourcing logistics and shrink their supply chains’ environmental impact.

It does this by putting a “carbon footprint score” on the product choices its brand clients are making.

This means that instead of only being able to claim “qualitative things” — such as that a product uses less plastic or a different type of plastic — Sourceful’s customers can display an actual benchmarked carbon footprint score (in the form of a number), based on its lifecycle assessment of the stuff involved in making up the finished product.

“It’s a lifecycle view,” says Chan. “For example if you take packaging we look at the box, we look at what is the cardboard material, where does it come from, how far has it travelled, what type of material is it, how much material gets used, how is then transported — for example is it a manufacturer in Asia all the way to the UK — so we get an overall score. So rather than it just being comparing paper and plastic we actually help the brands to see an overall quantitive outcome.”

“We’ve built the [software] engine that allows you to make choices and see the actual output — so, for example, if you make your box bigger what does that actually do to your carbon footprint score?” he adds.

Sourceful has an internal climate science team to do this work. It is also building on publicly available data sources, per Chan — such as ecoinvent (“the market standard based data”) — but he says the public data available isn’t up-to-date, saying it’s also therefore working with researchers to update these key sources with the last five years of data.

It wants the protocol it’s devised for scoring carbon footprint via this lifecycle assessment to become a universal standard. Hence it’s currently going through an ISO certification process — hoping to have that in place before the planned public launch of its platform in Q1 next year.

“There’s two ISO standards for doing a lifecycle assessment and normally you’d get ISO approval for a specific product but we’re getting ISO approval for the whole methodology — essentially the platform that we’ve built,” explains Chan. “There’s an independent panel of people, from universities, from other consultancies, who will be reviewing this as part of that ISO review — that’s why it’s so important to us that we’re doing that.”

The vetting of the suppliers on its marketplace is something Sourceful is doing entirely by itself, though — without any outside help. So its customers still need to trust that it’s doing a proper job of monitoring all the third parties on its marketplace.

But, on this, Chan argues that’s since sustainability is core to its value proposition it is incentivized to do the vetting in a more thorough and comprehensive way than any other individual player would be.

“The key thing for us is we combine both the data capture you would do when you’re understanding a supplier — asking all the questions about how their supply chain works and all of the laws entered by the new country — but we’re coupling that with a human visit as well. So we have a team in the UK as well as a team in Asia who actually go and visit the manufacturers. So it’s an extra layer of comfort for the brands that we’ve actually spent the time to go and meet them,” he suggests.

“The second thing is, as part of our marketplace build, we’re understanding how their supply chain works — in order to build the lifecycle assessment we actually understand each stage of their manufacturing process. So we have a much deeper understanding of their way of operating than all of the other platforms would have. So, yes it’s more involved, but we think that gives better accountability and a more accurate outcome.”

“We’re taking [the vetting process] to another level,” he adds. “We didn’t find anyone that was going into the same level of depth as us — so that’s why we’ve done it ourselves.”

Pressed a little more, Chan also tells TechCrunch: “Supply chain risks never disappear but the thing is how much investment are you making to learn more about it? And for us because we’re capturing this data on lifecycle assessment it’s part of that process of understanding the supplier. So rather than it being another cost that we pay to go visit the manufacturer, we see it as part of our data gathering — a key part of the platform.

“So rather than it being a cost to minimize, which is why a lot of companies end up in trouble because they don’t visit [their suppliers] enough, we’re invested in making sure that data is as accurate and up-to-date as possible. And the manufacturers see that because they want to have a score that’s good, they also want to understand where their footprint could be improved. So it’s a partnership, rather than it just being a bunch of tick boxes to check — which is what a lot of the audits are… We’re here to try and understand their process better.”

Zooming out to look at the driving forces pressing for supply chain sustainability, Chan suggests demand for greener sourcing by businesses is being driven by consumers themselves — who are certainly more aware than ever of environmental concerns. And can, to a degree, vote with their wallet by choosing more eco products (and/or by putting direct reputational pressure on businesses, such as via social media channels).

There is some regulatory pressure, too — such as existing sustainability and carbon reporting requirements (typically for larger businesses). Along with the overarching ‘net zero’ targets which governments in Europe and elsewhere have signed up for. So there should be increasing ‘top down’ pressure on businesses to decarbonize.

Chan also points to another swathe of environmental laws coming in — such as those banning things like single use plastics — which he says are creating further momentum for businesses to re-evaluate their supply chains.

Nonetheless, he believes the biggest source of pressure for companies to decarbonize is coming from consumers themselves. So — the premise is — brands that can present the strongest story to people about what they’re doing to reduce their environmental impact — backed up by a certified lifecycle assessment (assuming Sourceful gets its ISO stamp) — stand to win the business of growing numbers of eco-minded buyers, at the same time as netting cost efficiencies by optimizing their supply chains.

(And, indeed, part of the team’s inspiration for Sourceful’s business was to challenge the idea that consumers are to blame for the world’s environmental problems — given the lack of choice people so often have over what they can buy, not to mention the paucity of information to inform purchasing choices.)

“In the absence of government regulation on [lifecycle assessment] we’re actually saying to the brand, you’ve got existing products, we’ve measured the material, production, transport, all of these things — given you a carbon footprint score, and actually when you go and look at alternatives we can quantitatively assess the difference between those options. So rather than just pandering to the latest marketing buzzword you get a quantitive view on that,” he says.

“So what we’ve been showing is you can move to a more sustainable outcome — from a quantitative point of view — but also save money. So we’re tackling both problems. The supply chain itself is not very efficient so we can save money and the supply chain is not very transparent so we can give them better visibility into their actual carbon footprint.”

“Every brand that we’ve met that has been started in the last two years, their founder or their premise of the brand had sustainability involved — it’s such a hot topic that if you start a fashion brand or a beauty brand or food brand you have to have somewhere in your mission statement/founder story about your commitment to sustainability. So we thought that’s where the market is going to be. But actually we saw more established companies had the same view — that their consumers are also asking for there to be change in how they talk about their products, how they understand their lifecycle journey. So actually I think the government drive on regulation is of course important but it’s still far behind and actually consumers are driving more of a change,” he adds.

Sourceful’s offering includes a warehousing ‘managed service’ component — where it’s using a predictive algorithm to power auto-stocking so that brands can store (non-current) inventory in its warehouses (to save space etc) and have the goods shipped to them as they need them.

Being able to source supplies like components or packaging in bulk obviously reduces purchasing costs. But depending on how it’s done, it may also mean you can optimize things like transportation requirements, which could limit shipping emissions, so there are potentially efficiency and sustainability strands here too.

“Sea freight is several times more energy efficient than air freight so if we can organize more shipments to go via sea freight than air then that’s a major win. The[n] if we can fill the container up with different client orders so that you end up with one very full container, rather than lots of containers with half of it empty, you’re also going to save a lot of energy too. And so that’s another part of the journey that we do,” says Chan. “The other thing is because were aggregating orders with the manufacturer — they actually have better utilization as well, which is more efficient for them. So all of these things are really important to driving the overall cost as well sustainability score down.”

“The more we thought about it, the more there are so many parts of the supply chain which haven’t been optimzied,” he adds. “So many times you order 2,000 boxes it comes in these air freight shipments and someone has to courier it to you in one trip — there’s so many places where aggregating and being smarter about data you can save so much footprint.”

 

Glovo bags two grocery picking and delivery startups

More startup swapping in the food delivery space: Spain’s Glovo, an on-demand delivery platform which operates a network of dark stores focused on urban convenience shopping, is pushing deeper into planned grocery shopping — announcing the acquisition of two regional ‘Instacart-style’ grocery picking and delivery startups, Madrid-based Lola Market and Portugal’s Mercadão.

Terms of the acquisitions are not being disclosed.

2015-founded Lola Market had raised around €3M, per Crunchbase. It’s not clear how much Portugal’s Mercadão — which was founded in 2018 — had raised over its shorter run.

Glovo, meanwhile, raised a meaty $528M Series F back in April — but quickly splurged $208M to pick up three food delivery brands from rival Delivery Hero in Central and Eastern Europe.

The Spanish on-demand delivery platform is facing challenges to its model on home turf where the government has applied a labor reform aimed at delivery workers in the gig economy.

The reform, agreed earlier this year, came into application last month — recognizing delivery platform riders as employees, or at least on paper.

Glovo responded by imposing a new self-employment model on the vast majority of riders on its platform, hiring only around a fifth. So the scene looks set for legal challenges in its home market.

At the European Union level, lawmakers are also eyeing how to improve conditions for platform workers — and could come with pan-EU legislation that has wider implications for the business models of regional players like Glovo.

Ongoing regulatory challenges over employment classification and algorithmic management of workers in the gig economy may offer some context for Glovo’s expanding interest in grocery purchasing in Europe, where it has been building out a network of dark stores to power what it calls ‘Q-commerce’ (aka, quick urban convenience shopping).

As well as for its recently announced international expansion in Africa, where it has said it will be doubling down investment over the next 12 months.

But also the challenge of hitting profitability for pure on-demand food delivery looks like a sizeable piece of the puzzle here driving consolidation.

By adding players in the supermarket and retail outlet picking delivery space, Glovo expands its coverage of shoppers’ needs — and can nudge users to spend more by being able to cross-sell them on planned purchases (such as the weekly grocery shop), as well as what it bills as “emergency essentials” and “fast action convenience” powered by the more limited inventory it can offer in its city center dark stores.

Both Lola Market and Mercadão’s brand identities will be retained, per Glovo, which also says they will operate independently — led by Gonçalo Soares da Costa, CEO of Mercadão.

It touts the acquisitions as strengthening its competitive position in Europe in “key markets” — going on to suggest it will add grocery picking and delivery across its entire market footprint, with an initial expansion planned for Poland and Italy.

Also today it said its Q-Commerce division is “on track” to reach an annual Gross Transaction Value (GTV) of more than €300M this year — adding that it expects that to more than triple by the end of 2022, projecting it will surpass a run rate of €1BN.

Commenting on its latest acquisitions in a statement, Oscar Pierre, CEO and co-founder of Glovo, added: “We see huge potential in the on-demand groceries marketplace and both companies are strong local players in their respective markets, and further strengthen our Q-Commerce offering.

“With Lola Market and Mercadão on board, we can build stronger partnerships with retailers, offer our users big-basket purchases and provide a more complete service. These acquisitions represent a significant step forward for us, as we’re now able to cover all of the main purchasing considerations for groceries customers, making Glovo a one-stop-shop for e-groceries.”

PassFort, a RegTech SaaS for KYC and AML, nets $16.2M

London-based PassFort, a SaaS provider that helps business meet compliance requirements such as KYC (Know Your Customer) and AML (Anti-Money Laundering) reporting, has closed a $16.2 million Series A led by US growth equity fund, Level Equity.

The 2015-founded startup‘s existing investors OpenOcean, Episode 1 and Entrepreneur First also participated in the round. The Series A is a mix of equity and debt, with $4.89M worth of venture debt being provided by Shard Credit Partners.

PassFort tells TechCrunch it now has 54 customers in total, saying the majority are in the digital payments space. It’s also selling its SaaS to customers in foreign exchange, banking and (ofc) crypto. It also touts some “major” customer wins preceding this raise — name-checking the likes of Curve and WorldRemit.

The new funding will be put towards stepping up its growth globally — with PassFort noting it’s hired a new C-suite for its growth team to lead the planned global push.

It’s also hiring more staff in business development and marketing, and plans to significantly bump spending across marketing, sales and customer support roles as it gears up to scale up.

“On the product side we are developing the solution to meet the demands of the changing digital economy and the threats it faces,” says CEO and co-founder Donald Gillies. “This means investing heavily into our new compliance policy cloud, system-to-system integrations with market-leading CRM and transaction monitoring systems as well as building a data team capable of deriving valuable real-time insights across our customer network.”

PassFort says its revenues grew ~2.5x over the past 12 months.

Gillies credits COVID-19 with really hitting the digital “accelerator” and driving adoption for compliance tools, as fintechs and regulated businesses look to streamline their approach to customer on-boarding and risk monitoring.

Alongside this accelerated digital transformation, he also points to a rise in cyber crime and increasingly sophisticated financial crime driving demand for compliance tools, and a “huge” rise in the number of regulations announced since COVID-19, noting: “Estimates from those who track regulatory changes stated that by August 2020, more than 1,330 COVID-19 related regulatory announcements had been made globally by regulators.”

As well as serving up an “always-on picture of risk”, as PassFort’s marketing puts it, the platform offers a single place to access and manage customer profiles, while also centralizing records for audit purposes.

PassFort’s SaaS also tracks efficiency — supporting customers to see where holdups in the onboarding process might be, to help with customer experience as well as the wider support it offers to compliance teams.

The startup says its integration model is such that it can “ingest datasets from any provider and interoperate with any system”, so — for example — it has pre-built connectors to more than 25 data providers at this stage.

It also offers a single API to integrate with a customer’s existing back-office system.

Another feature of the SaaS it flags is a focus on “low to no-code” — to increase accessibility and help customers with high complexity in their compliance needs (such as multiple customer types, multiple product lines and multi-jurisdictions. This includes a smart policy builder with a ‘drag and drop’ interface to help customers configure complex workflows.

On the competitive side, PassFort names Dublin-based Fenergo as its closest competitor but says it’s targeting a broader market — likening its own product to ‘Salesforce for compliance teams’ and saying its goal is to get the SaaS into the hands of “every financial crime and compliance team in the world”.

Commenting in a statement, Charles Chen, partner at Level Equity — who’s now joining PassFort’s board of directors — added: “Over the last few years, financial institutions and organisations have experienced exponential growth in business volumes and data, which has only increased the complexity in staying compliant with ever-evolving regulatory laws. In parallel, we’ve experienced an unprecedented rise in sophisticated financial crime activity as channels into financial systems have been digitized.

“This has underscored the importance of compliance matters such as AML/KYC, yet companies often have to weigh the trade-offs between speed, compliance and automation. PassFort has solved this challenge by providing a next-generation RegTech software solution that enables customers to offer a seamless customer onboarding experience, maintain best-in-class monitoring capabilities, and balance automation vs. human touch via its intelligent orchestration engine. We are thrilled to partner with the industry thought leader in this space and look forward to supporting the company’s future growth initiatives.”

UK dials up the spin on data reform, claiming ‘simplified’ rules will drive ‘responsible’ data sharing

The U.K. government has announced a consultation on plans to shake up the national data protection regime, as it looks at how to diverge from European Union rules following Brexit.

It’s also a year since the U.K. published a national data strategy in which said it wanted pandemic levels of data sharing to become Britain’s new normal.

The Department for Digital, Culture, Media and Sport (DCPS) has today trailed an incoming reform of the information commissioner’s office — saying it wants to broaden the ICO’s remit to “champion sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people’s lives”; and promising “simplified” rules to encourage the use of data for research which “benefit’s people’s lives”, such as in the field of healthcare.

It also wants a new structure for the regulator — including the creation of an independent board and chief executive for the ICO, to mirror the governance structures of other regulators such as the Competition and Markets Authority, Financial Conduct Authority and Ofcom.

Additionally, it said the data reform consultation will consider how the new regime can help mitigate the risks around algorithmic bias — something the EU is already moving to legislate on, setting out a risk-based proposal for regulating applications of AI back in April.

Which means the U.K. risks being left lagging if it’s only going to concern itself with a narrow focus on “bias mitigation”, rather than considering the wider sweep of how AI is intersecting with and influencing its citizens’ lives.

In a press release announcing the consultation, DCMS highlights an artificial intelligence partnership involving Moorfields Eye Hospital and the University College London Institute of Ophthalmology, which kicked off back in 2016, as an example of the kinds of beneficial data sharing it wants to encourage. Last year the researchers reported that their AI had been able to predict the development of wet age-related macular degeneration more accurately than clinicians.

The partnership also involved (Google-owned) DeepMind and now Google Health — although the government’s PR doesn’t make mention of the tech giant’s involvement. It’s an interesting omission, given that DeepMind’s name is also attached to a notorious U.K. patient data-sharing scandal, which saw another London-based NHS Trust (the Royal Free) sanctioned by the ICO, in 2017, for improperly sharing patient data with the Google-owned company during the development phase of a clinician support app (which Google is now in the process of discontinuing).

DCMS may be keen to avoid spelling out that its goal for the data reforms — aka to “remove unnecessary barriers to responsible data use” — could end up making it easier for commercial entities like Google to get their hands on U.K. citizens’ medical records.

The sizeable public backlash over the most recent government attempt to requisition NHS users’ medical records — for vaguely defined “research” purposes (aka the “General Practice Data for Planning and Research”, or GPDPR, scheme) — suggests that a government-enabled big-health-data-free-for-all might not be so popular with U.K. voters.

“The government’s data reforms will provide clarity around the rules for the use of personal data for research purposes, laying the groundwork for more scientific and medical breakthroughs,” is how DCMS’ PR skirts the sensitive health data sharing topic.

Elsewhere there’s talk of “reinforc[ing] the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate” — so that sounds like a yes to data security but what about individual privacy and control over what happens to your information?

The government seems to be saying that will depend on other aims — principally economic interests attached to the U.K.’s ability to conduct data-driven research or secure trade deals with other countries that don’t have the same (current) high U.K. standards of data protection.

There are some purely populist flourishes here too — with DCMS couching its ambition for a data regime “based on common sense, not box ticking” — and flagging up plans to beef up penalties for nuisance calls and text messages. Because, sure, who doesn’t like the sound of a crackdown on spam?

Except spam text messages and nuisance calls are a pretty quaint concern to zero in on in an era of apps and data-driven, democracy-disrupting mass surveillance — which was something the outgoing information commissioner raised as a major issue of concern during her tenure at the ICO.

The same populist anti-spam messaging has already been deployed by ministers to attack the need to obtain internet users’ consent for dropping tracking cookies — which the digital minister Oliver Dowden recently suggested he wants to do away with — for all but “high risk” purposes.

Having a system of rights wrapping people’s data that gives them a say over (and a stake in) how it can be used appears to be being reframed in the government’s messaging as irresponsible or even non-patriotic — with DCMS pushing the notion that such rights stand in the way of more important economic or highly generalized “social” goals.

Not that it has presented any evidence for that — or even that the U.K.’s current data protection regime got in the way of (the very ample) data sharing during COVID-19… While negative uses of people’s information are being condensed in DCMS’ messaging to the narrowest possible definition — of spam that’s visible to an individual — never mind how that person got targeted with the nuisance calls/spam texts in the first place.

The government is taking its customary “cake and eat it” approach to spinning its reform plan — claiming it will both “protect” people’s data while also trumpeting the importance of making it really easy for citizens’ information to be handed off to anyone who wants it, so long as they can claim they’re doing some kind of “innovation”, while also larding its PR with canned quotes dubbing the plan “bold” and “ambitious”.

So while DCMS’ announcement says the reform will “maintain” the U.K.’s (currently) world-leading data protection standards, it directly rows back — saying the new regime will (merely) “build on” a few broad-brush “key elements” of the current rules (specifically it says it will keep “principles around data processing, people’s data rights and mechanisms for supervision and enforcement”).

Clearly the devil will be in the detail of the proposals which are due to be published tomorrow morning. So expect more analysis to debunk the spin soon.

But in one specific trailed change DCMS says it wants to move away from a “one-size-fits-all” approach to data protection compliance — and “allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard”.

That implies that smaller data-mining operations — DCMS’s PR uses the example of a hairdresser’s but plenty of startups can employ fewer staff than the average barber’s shop — may be able to expect to get a pass to ignore those ‘high standards’ in the future.

Which suggests the U.K.’s “high standards” may, under Dowden’s watch, end up resembling more of a Swiss Cheese…

Data protection is a “how to, not a don’t do”…

The man who is likely to become the U.K.’s next information commissioner, New Zealand’s privacy commissioner John Edwards, was taking questions from a parliamentary committee earlier today, as MPs considered whether to support his appointment to the role.

If he’s confirmed in the job, Edwards will be responsible for implementing whatever new data regime the government cooks up.

Under questioning, he rejected the notion that the U.K.’s current data protection regime presents a barrier to data sharing — arguing that laws like GDPR should rather be seen as a “how to” and an “enabler” for innovation.

“I would take issue with the dichotomy that you presented [about privacy vs data-sharing],” he told the committee chair. “I don’t believe that policymakers and businesses and governments are faced with a choice of share or keep faith with data protection. Data protection laws and privacy laws would not be necessary if it wasn’t necessary to share information. These are two sides of the same coin.

“The UK DPA [data protection act] and UK GDPR they are a ‘how to’ — not a ‘don’t do’. And I think the UK and many jurisdictions have really finally learned that lesson through the COVID-19 crisis. It has been absolutely necessary to have good quality information available, minute by minute. And to move across different organizations where it needs to go, without friction. And there are times when data protection laws and privacy laws introduce friction and I think that what you’ve seen in the UK is that when it needs to things can happen quickly.”

He also suggested that plenty of economic gains could be achieved for the U.K. with some minor tweaks to current rules, rather than a more radical reboot being necessary. (Though clearly setting the rules won’t be up to him; his job will be enforcing whatever new regime is decided.)

“If we can, in the administration of a law which at the moment looks very much like the UK GDPR, that gives great latitude for different regulatory approaches — if I can turn that dial just a couple of points that can make the difference of billions of pounds to the UK economy and thousands of jobs so we don’t need to be throwing out the statute book and starting again — there is plenty of scope to be making improvements under the current regime,” he told MPs. “Let alone when we start with a fresh sheet of paper if that’s what the government chooses to do.”

TechCrunch asked another Edwards (no relation) — Newcastle University’s Lilian Edwards, professor of law, innovation and society — for her thoughts on the government’s direction of travel, as signalled by DCMS’ pre-proposal-publication spin, and she expressed similar concerns about the logic driving the government to argue it needs to rip up the existing standards.

“The entire scheme of data protection is to balance fundamental rights with the free flow of data. Economic concerns have never been ignored, and the current scheme, which we’ve had in essence since 1998, has struck a good balance. The great things we did with data during COVID-19 were done completely legally — and with no great difficulty under the existing rules — so that isn’t a reason to change them,” she told us.

She also took issue with the plan to reshape the ICO “as a quango whose primary job is to ‘drive economic growth’ ” — pointing out that DCMS’ PR fails to include any mention of privacy or fundamental rights, and arguing that “creating an entirely new regulator isn’t likely to do much for the ‘public trust’ that’s seen as declining in almost every poll.”

She also suggested the government is glossing over the real economic damage that would hit the U.K. if the EU decides its “reformed” standards are no longer essentially equivalent to the bloc’s. “[It’s] hard to see much concern for adequacy here; which will, for sure, be reviewed, to our detriment — prejudicing 43% of our trade for a few low value trade deals and some hopeful sell offs of NHS data (again, likely to take a wrecking ball to trust judging by the GPDPR scandal).”

She described the goal of regulating algorithmic bias as “applaudable” — but also flagged the risk of the U.K. falling behind other jurisdictions which are taking a broader look at how to regulate artificial intelligence.

Per DCMS’ press release, the government seems to be intending for an existing advisory body, called the Centre for Data Ethics and Innovation (CDEI), to have a key role in supporting its policymaking in this area — saying that the body will focus on “enabling trustworthy use of data and AI in the real-world”. However it has still not appointed a new CDEI chair to replace Roger Taylor — with only an interim chair appointment (and some new advisors) announced today.

“The world has moved on since CDEI’s work in this area,” argued Edwards. “We realise now that regulating the harmful effects of AI has to be considered in the round with other regulatory tools not just data protection. The proposed EU AI Regulation is not without flaw but goes far further than data protection in mandating better quality training sets, and more transparent systems to be built from scratch. If the UK is serious about regulating it has to look at the global models being floated but right now it looks like its main concerns are insular, short-sighted and populist.”

Patient data privacy advocacy group MedConfidential, which has frequently locked horns with the government over its approach to data protection, also queried DCMS’ continued attachment to the CDEI for shaping policymaking in such a crucial area — pointing to last year’s biased algorithm exam grading scandal, which happened under Taylor’s watch.

(NB: Taylor was also the Ofqual chair, and his resignation from that post in December cited a “difficult summer”, even as his departure from the CDEI leaves an awkward hole now… )

“The culture and leadership of CDEI led to the A-Levels algorithm, why should anyone in government have any confidence in what they say next?” said MedConfidential’s Sam Smith.