Under new guidance issued by the Small Business Administration it seems non-profits and faith-based groups can apply for the Paycheck Protection Program loans designed to keep small business afloat during the COVID-19 epidemic, but most venture-backed companies are still not covered.
Late Friday night, the Treasury Department updated its rules regarding the “affiliation” of private entities to include religious organizations but keep in place the same rules that would deny most startups from receiving loans.
(b) If you are a faith-based organization, *no affiliation rules apply to you,* because the SBA just said so. Out of nowhere. At like 10pm on a Friday night.
— Doug Rand (@doug_rand) April 4, 2020
The NVCA and other organizations had pushed Treasury Secretary Steve Mnuchin to clarify the rules regarding startups and their potential eligibility for loans last week. And House Republican leader Kevin McCarthy even told Axios that startups would be covered under the revised regulations.
2/ There are rumors that the PPP Loan program may still fix the Affiliate Rule next week. Until fixed, it's nearly impossible for most VC-backed startups to apply because it would require huge legal lift to amend all of the charters of these companies to change control provisions
— Mark Suster (@msuster) April 4, 2020
At its essence, the issue for startups seems to be centered on the board rights that venture investors have when they take an equity stake in a company. For startups with investors on the board of directors, the decision-making powers that those investors hold means the startup is affiliated with other companies that the partner’s venture firm has invested in — which could mean that they’re considered an entity with more than 500 employees.
“[If] there’s a startup that’s going gangbusters right now, they shouldn’t apply for a PPP loan,” wrote Doug Rand, the co-founder of Seattle-based startup Boundless Immigration, and a former Assistant Director for Entrepreneurship in the Office of Science and Technology Policy during the Obama administration, in a direct message. “But most startups are getting killed because, you know, the economy is mostly dead.”
The $2 trillion CARES Act passed by Congress and signed by President Trump was designed to help companies that are adversely affected by the economic fallout resulting from the COVID-19 outbreak in the US and their employees — whether those businesses are directly affected because their employees can’t leave home to do their jobs or indirectly, because demand for goods and services has flatlined.
While some tech startups have seen demand for their products actually rise during these quarantined days, many companies have watched as their businesses have gone from one to zero.
The sense frustration among investors across the country is palpable. As the Birmingham-based investor, Matt Hottle, wrote, “After 4 days of trying to help 7 small businesses navigate the SBA PPP program, the program went to shit on launch. I’m contemplating how many small businesses, counting on this money, are probably locked out. I feel like I/ we failed them.”
After 4 days of trying to help 7 small businesses navigate the @SBAgov PPP program, the program went to shit on launch. I’m contemplating how many small businesses, counting on this money, are probably locked out. I feel like I/ we failed them.
— Matt Hottle (@MattRedhawk) April 4, 2020
And although the rules around whether or not many startups are eligible remain unclear, it’s probably wise for companies to file an application, because, as the program is currently structured, the $349 billion in loans are going to be issued on a first-come, first-served basis, as Suster flagged in his tweets on the subject.
General Catalyst is advising its companies that are also backed by SBIC investors to apply for the loans, because that trumps any other rules regarding affiliation, according to an interview with Holly Maloney Burbeck, a managing director at the firm.
And there’s already concerns that the money could run out. In a tweet, the President announced that he would request more money from Congress “if the allocated money runs out.”
I will immediately ask Congress for more money to support small businesses under the #PPPloan if the allocated money runs out. So far, way ahead of schedule. @BankofAmerica & community banks are rocking! @SBAgov @USTreasury
— Donald J. Trump (@realDonaldTrump) April 4, 2020
“Congress saw fit to allow Darden to get a forgivable small business loan—actually a taxpayer-funded grant—for like every Olive Garden in America. But Congress somehow neglected to provide comparable rescue measures for actual small businesses that have committed the sin of convincing investors that they have the potential to employ a huge number of people if they can only survive,” Rand wrote in a direct message. “The Trump administration has full authority to ride to the rescue, and they did… but only for large religious organizations.”
GM and Honda will jointly develop two new electric vehicles slated for 2024, the latest move by the two automakers to deepen their existing partnership.
Under the plan, the automakers will focus on their respective areas of expertise. Honda will design the exterior and interiors of the new electric vehicles; GM will contribute its new electric vehicle architecture and Ultium batteries. This new architecture, which GM unveiled last month to showcase its own EV plans, is capable of 19 different battery and drive-unit configurations. The architecture includes large-format pouch battery cells manufactured as part of a joint venture between LG Chem and GM.
The vehicles, which will have a Honda nameplate, will incorporate GM’s OnStar safety and security services. GM’s hands-free advanced driver assistance technology, known as Super Cruise, will also be available in the new vehicles.
The vehicles will be produced at GM plants in North America. Sales are expected to begin in the 2024 model year in Honda’s U.S. and Canadian markets.
The aim is to pull the strengths of both companies to unlock economies of scale around electric vehicles, according to Rick Schostek, executive vice president of American Honda Motor Co., who added that the two companies are already in discussions about further extending the partnership.
GM and Honda have worked together on projects before. The two automakers partnered on hydrogen fuel cells and electric vehicle batteries, and are both invested in autonomous vehicle company Cruise .
The automakers formed a joint venture in 2017 to produce hydrogen fuel cell systems. A year later, the companies announced an agreement for Honda to use battery cells and modules from GM in electric vehicles built for the North American market.
GM acquired Cruise in 2016; Honda later committed $2.75 billion as part of an exclusive agreement with GM and its self-driving technology subsidiary Cruise to develop and produce a new kind of autonomous vehicle. Cruise Origin, an electric, self-driving and shared vehicle and the first product of that arrangement, was revealed January 21.
Neil Sequeira was a managing director with General Catalyst for more than 13 years before co-founding early-stage firm Defy several years ago with another veteran of the industry, Trae Vassallo, who’d spent the dozen years prior with Kleiner Perkins.
We caught up with Sequeira yesterday afternoon and discussed whether he’s seeing valuations come down and whether he can imagine funding founders who may have an exciting pitch but is unable to meet in-person due to the pandemic.
Our chat has been edited for length.
TechCrunch: How are you, all things considered?
Neil Sequeira: We’ve been pretty busy at home. Obviously, my kids are home, homeschooling and my amazing wife is with them.
At work, we’ve been really busy. We have multiple term sheets out that we’ve done since the stay-at-home order [in the Bay Area] and I actually live within walking distance of my office, where I’m alone but it ends up being like a home office because it’s so close. And it’s great because my kids have been going bonkers.
How are your companies faring?
With national the stockpile’s inventory of life-saving healthcare equipment getting dangerously close to zero, President Trump on Thursday signaled that he will leverage a key national security provision to order additional companies to produce ventilators.
Trump’s reluctance to employ the law known as the Defense Production Act (DPA) has puzzled many as the administration attempts to right the myriad early wrongs that allowed the novel coronavirus to spread within the nation’s borders—an unprecedented modern public health crisis expected to claim as many as 200,000 lives in the U.S.
“Today, I have issued an order under the Defense Production Act to more fully ensure that domestic manufacturers can produce ventilators needed to save American lives,” Trump said in a statement. “My order to the Secretary of Health and Human Services and the Secretary of Homeland Security will help domestic manufacturers like General Electric, Hill-Rom, Medtronic, ResMed, Royal Philips, and Vyaire Medical secure the supplies they need to build ventilators needed to defeat the virus.”
The order will enable Health and Human Services Secretary Alex Azar to use “any and all authority available” to steer production efforts.
After much early confusion around the president’s willingness to invoke the DPA without actually putting it to use, Trump appeared to change course and on Friday wielded the law against General Motors which had already announced its intention to start manufacturing ventilators in spite of a lack of federal guidance. That heel-turn came two days after the Trump was poised to announce a deal with GM and ventilator maker Ventec Life Systems to produce up to 80,000 devices. The announcement was reportedly scuttled when the White House and FEMA balked at the effort’s $1 billion price tag.
Trump has repeatedly called the crisis-level demand for ventilators, masks and other medical supplies into question. “I have a feeling that a lot of the numbers that are being said in some areas are just bigger than they’re going to be,” Trump told Fox News host Sean Hannity last week. “I don’t believe you need 40,000 or 30,000 ventilators.” The president has also repeatedly questioned the nationwide shortage of N95 masks and other basic health protective gear, suggesting that in New York health facilities are somehow losing the masks or allowing them to be stolen, a false claim for which there is no evidence.
As states still compete for vital life-saving resources, federal orders through the DPA would force any private companies on the receiving end of an order to prioritize federal contracts. The law also allows the federal government to use its muscle to ensure that supply chains are able to produce and provide materials every step of the way. While much has been made of the law’s potency to mobilize supplies in the midst of a national crisis, the Trump administration will likely need to actively manage and coordinate with these newly-tapped manufacturers to see such orders through.
In dragging its feet to issue orders through the DPA, Trump appeared to put full faith in the private sector to step up on their own without a directive from the White House. While some companies indeed did just that, those nascent production efforts are nowhere near meeting demand and distribution issues are not resolved. With the outbreak threatening regions around the nation, many states forge ahead without vital life-saving supplies as the acute health crisis unfolding in New York offers a glimpse of a potentially disastrous near-future.
Until very recently, it had begun to seem like anyone with a thick enough checkbook and some key contacts in the startup world could not only fund companies as an angel investor but even put himself or herself in business as a fund manager.
It helped that the world of venture fundamentally changed and opened up as information about its inner workings flowed more freely. It didn’t hurt, either, that many billions of dollars poured into Silicon Valley from outfits and individuals around the globe who sought out stakes in fast-growing, privately held companies — and who needed help in securing those positions.
Of course, it’s never really been as easy or straightforward as it looks from the outside. While the last decade has seen many new fund managers pick up traction, much of the capital flooding into the industry has accrued to a small number of more established players that have grown exponentially in terms of assets under management. In fact, talk with anyone who has raised a first-time fund and you’re likely to hear that the fundraising process is neither glamorous nor lucrative and that it’s paved with very short phone conversations. And that’s in a bull market.
What happens in what’s suddenly among the worst economic environments the world has seen? First and foremost, managers who’ve struck out on their own suggest putting any plans on the back burner. “I would love to be positive, and I’m an optimist, buut I would have to say that now is probably one of the toughest times” to get a fund off the ground,” says Aydin Senkut, who founded the firm Felicis Ventures in 2006 and just closed its seventh fund.
It’s a perfect storm for first-time managers,” adds Charles Hudson, who launched his own shop, Precursor Ventures, in 2015.
Hitting pause doesn’t mean giving up, suggests Eva Ho, cofounder of the three-year-old, seed-stage L.A.-based shop Fika Ventures, which last year closed its second fund with $76 million. She says not to get “too dismayed” by the challenges. Still, it’s good to understand what a first-time manager is up against right now, and what can be learned more broadly about how to proceed when the time is right.
Know it’s hard, even in the best times
As a starting point, it’s good to recognize that it’s far harder to assemble a first fund than anyone who hasn’t done it might imagine.
Hudson knew he wanted to leave his last job as a general partner with SoftTech VC when the firm — since renamed Uncork Capital — amassed enough capital that it no longer made sense for it to issue very small checks to nascent startups. “I remember feeling like, ‘Gosh, I’ve reached a point where the business model for our fund is getting in the way of me investing in the kind of companies that naturally speak to me,” which is largely pre-product startups.
Hudson suggests he may have overestimated interest in his initial idea to create a single GP fund that largely backs ideas that are too early for other investors. “We had a pretty big LP based [at SoftTech] but what I didn’t realize is the LP base that’s interested in someone who is on fund three or four is very different than the LP base that’s interested in backing a brand new manager.”
Hudson says he spent a “bunch of time talking to fund of funds, university endowments — people who were just not right for me until someone pulled me aside and just said, ‘Hey, you’re talking to the wrong people. You need to find some family offices. You need to find some friends of Charles. You need to find people who are going to back you because they think this is a good idea and who aren’t quite so orthodox in terms of what they want to see in terms partner composition and all that.'”
Collectively, it took “300 to 400 LP conversations” and two years to close his first fund with $15 million. (Its now raising its third pre-seed fund).
Ho says it took less time for Fika to close its first fund but that she and her partners talked with 600 people in order to close their $41 million debut effort, adding that she felt like a “used car salesman” by the end of the process.
Part of the challenge was her network, she says. “I wasn’t connected to a lot of high-net-worth individuals or endowments or foundations. That was a whole network that was new to me, and they didn’t know who the heck I was, so there’s a lot of proving to do.” A proof-of-concept fund instill confidence in some of these investors, though Ho notes you have to be able to live off its economics, which can be miserly.
She also says that as someone who’d worked at Google and helped found the location data company Factual, she underestimated the work involved in running a small fund. “I thought, ‘Well, I’ve started these companies and run these big teams. How how different could it be? Learning the motions and learning what it’s really like to run the funds and to administer a fund and all responsibilities and liabilities that come with it . . . it made me really stop and think, ‘Do I want to do this for 20 to 30 years, and if so, what’s the team I want to do it with?'”
Investors will offer you funky deals; avoid these if you can
In Hudson’s case, an LP offered him two options, either a typical LP agreement wherein the outfit would write a small check, or an option wherein it would make a “significant investment that have been 40% of our first fund,” says Hudson.
Unsurprisingly, the latter offer came with a lot of strings. Namely, the LP said it wanted to have a “deeper relationship” with Hudson, which he took to mean it wanted a share of Precursor’s profits beyond what it would receive as a typical investor in the fund.
“It was very hard to say no to that deal, because I didn’t get close to raising the amount of money that I would have gotten if I’d said yes for another year,” says Hudson. He still thinks it was the right move, however. “I was just like, how do I have a conversation with any other LP about this in the future if I’ve already made the decision to give this away?”
Fika similarly received an offer that would have made up 25 percent of the outfit’s debut fund, but the investor wanted a piece of the management company. It was “really hard to turn down because we had nothing else,” recalls Ho. But she says that other funds Fika was talking with made the decision simpler. “They were like, ‘If you sign on to those terms, we’re out.” The team decided that taking a shortcut that could damage them longer term wasn’t worth it.
Your LPs have questions, but you should question LPs, too
Senkut started off with certain financial advantages that many VCs do not, having been the first product manager at Google and enjoying the fruits of its IPO before leaving the outfit in 2005 along with many other Googleaires, as they were dubbed at the time.
Still, as he tells it, it was “not a friendly time a decade ago” with most solo general partners spinning out of other venture funds instead of search engine giants. In the end, it took him “50 no’s before I had my first yes” — not hundreds — but it gave him a taste of being an outsider in an insider industry, and he seemingly hasn’t forgotten that feeling.
Indeed, according to Senkut, anyone who wants to crack into the venture industry needs to get into the flow of the best deals by hook or by crook. In his case, for example, he shadowed angel investor Ron Conway for some time, working checks into some of the same deals that Conway was backing.
“If you want to get into the movie industry, you need to be in hit movies,” says Senkut. “If you want to get into the investing industry, you need to be in hits. And the best way to get into hits is to say, ‘Okay. Who has an extraordinary number of hits, who’s likely getting the best deal flow, because the more successful you are, the better companies you’re going to see, the better the companies that find you.”
Adds Senkut, “The danger in this business is that it’s very easy to make a mistake. It’s very easy to chase deals that are not going to go anywhere. And so I think that’s where [following others] things really helped me.”
Senkut has developed an enviable track record over time. The companies that Felicis has backed and been acquired include Credit Karma, which was just gobbled up by Intuit; Plaid, sold in January to Visa; Ring, sold in 2018 to Amazon, and Cruise, sold to General Motors in 2016, and that’s saying nothing of its portfolio companies to go public.
That probably gives him a kind of confidence that it’s harder to earlier managers to muster. Still, Senkut also says it’s very important for anyone raising a fund to ask the right questions of potential investors, who will sometimes wittingly or unwittingly waste a manager’s time.
He says, for example, that with Felicis’s newest fund, the team asked many managers outright about how many assets they have under management, how much of those assets are dedicated to venture and private equity, and how much of their allotment to each was already taken. They did this so they don’t find themselves in a position of making a capital call that an investor can’t meet, especially given that venture backers have been writing out checks to new funds at a faster pace than they’ve ever been asked to before.
In fact, Felicis added new managers who “had room” while cutting back some existing LPs “that we respected . .. because if you ask the right questions, it becomes clear whether they’re already 20% over-allocated [to the asset class] and there’s no possible way [they are] even going to be able to invest if they want to.”
It’s a “little bit of an eight ball to figure out what are your odds and the probability of getting money even if things were to turn south,” he notes.
Given that they have, the questions look smarter still.
In the wake of the financial crisis, Congress passed regulations limiting the types of investments that banks could make into private equity and venture capital funds. As cash strapped investors pull back on commitments to venture funds given the precipitous drop of public market stocks, loosening restrictions on the how banks invest cash could be a lifeline for venture funds.
That’s the position that the National Venture Capital Association is taking on the issue in comments sent to the chairs of the Federal Reserve, the Securities and Exchange Commission and the Federal Deposit Insurance Corp., and the Commodities Future Trading Commission.
The proposed revisions of the Volcker Rule would exclude qualifying venture capital funds from the covered fund definition.
“The loss of banking entities as limited partners in venture capital funds has had a disproportionate impact on cities and regions with emerging entrepreneurial ecosystems — areas outside of Silicon Valley and other traditional technology centers,” NVCA president and chief executive Bobby Franklin wrote. “The more challenging reality of venture fundraising in these areas of the country tends to require investment from a more diverse set of limited partners.”
Franklin cited the case of Renaissance Venture Capital, a Michigan-based regionally focused fund that estimated the Volcker Rule cost them $50 million in potential capital commitments resulting in the loss of a potential $800 million in capital invested in the state of Michigan.
“This narrative unfortunately repeats itself, as we have heard firsthand from investors about how the Volcker Rule has affected venture capital investment and entrepreneurial activity across the country,” wrote Franklin. “The majority of these concerns about the Volcker Rule have come from members located in regions with emerging ecosystems, including states like Ohio, Michigan, North Carolina, New Hampshire, Wisconsin, Georgia, and Virginia, to name a few.”
It’s not only small states that could be impacted by the decision to reverse course on banking investments into venture firms in these uncertain times.
There’s a growing concern among venture investors that — just like in 2008 — their limited partners might find that they’re over-allocated into venture investments given the decline in markets, which would force them to pull back on making commitments to new funds.
“Institutional LPs will run into the same issues they had in 2008. If you used to manage $10B and the market declines and you now manage $6B, the percentage allocated to private equity has now increased relative to the whole portfolio,” Hyde Park Ventures partner, Ira Weiss told a Forbes columnist in a March interview. “They’re really not going to look at new managers. If you’ve done really well as a manager, they will probably re-up but may reduce commitment amounts. This will bleed backwards into the venture market. This is happening at a time when Softbank has already had a lot of trouble and people had not really modulated for that yet, but now they will.”
Some of the largest investment funds have already closed on capital, insulating them from the worst hits. These include funds like New Enterprise Associates and General Catalyst . But newer funds are going to have a harder time raising. For them, giving banks the ability to invest in venture firms could be a big boon — and a confidence boost that the industry needs at a time when investors across the board are getting skittish.
“Fundraising for new funds in 2020 and 2021 might prove to be more difficult as asset managers think about rebalancing their portfolio and/or protecting their assets from the current volatility in the market,” Aaron Holiday told Forbes . “This means that VC investing could slow down in 12 – 24 months after the most recent wave of funds (i.e. 2018 and 2019 vintages) are fully deployed.”
A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.
China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.
Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.
The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.
In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.
The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.
The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.
While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?
Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.
Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.
Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.
The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.
“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.
“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”
Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”
The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.
Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.
On its website PEPP-PT explains the approach thus:
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.
Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”
While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”
Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:
Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.
However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.
Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.
“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.
“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.
“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”
We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.
“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”
“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.
“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”
The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.
Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.
Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.
Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.
But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.
Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.
Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.
Development of artificial intelligence agents tends to frequently be measured by their performance in games, but there’s a good reason for that: Games tend to offer a wide proficiency curve, in terms of being relatively simple to grasp the basics, but difficult to master, and they almost always have a built-in scoring system to evaluate performance. DeepMind’s agents have tackled board game Go, as well as real-time strategy video game StarCraft – but the Alphabet company’s most recent feat is Agent57, a learning agent that can beat the average human on each of 57 Atari games with a wide range of difficulty, characteristics and gameplay styles.
Being better than humans at 57 Atari games may seem like an odd benchmark against which to measure the performance of a deep learning agent, but it’s actually a standard that goes all the way back to 2012, with a selection of Atari classics including Pitfall, Solaris, Montezuma’s Revenge and many others. Taken together, these games represent a broad range of difficulty levels, as well as requiring a range of different strategies in order to achieve success.
That’s a great type of challenge for creating a deep learning agent because the goal is not to build something that can determine one effective strategy that maximizes your chances of success every time you play a game – instead, the reason researchers build these agents and set them to these tasks at all is to develop something that can learn across multiple and shifting scenarios and conditions, with the long-term aim of building a learning agent that approaches general AI – or AI that is more human in terms of being able to apply its intelligence to any problem put before it, including challenges it’s never encountered before.
DeepMind’s Agent57 is remarkable because it performs better than human players on each of the 57 games in the Atari57 set – previous agents have been able to be better than human players on average – but that’s because they were extremely good at some of the simpler games that basically just worked via a simple action-reward loop, but terrible at games that required more advanced play, including long-term exploration and memory, like Montezuma’s Revenge.
The DeepMind team addressed this by building a distributed agent with different computers tackling different aspects of the problem, with some tuned to focus on novelty rewards (encountering things they haven’t encountered before), with both short- and long-term time horizons for when the novelty value resets. Others sought out more simple exploits, figuring out which repeated pattern provided the biggest reward, and then all the results are combined and managed by an agent equipped with a meta-controller that allows it to weight the costs and benefits of different approaches based on which game it encounters.
In the end, Agent57 is an accomplishment, but the team says it can stand to be improved in a few different ways. First, it’s incredibly computationally expensive to run, so they will seek to streamline that. Second, it’s actually not as good at some of the simpler games as some simpler agents – even though it excels at the the top 5 games in terms of challenge to previous intelligent agents. The team says it has ideas for how to make it even better at the simpler games that other, less sophisticated agents, are even better at.
At these difficult times, parents are concerned for their children’s education, especially given so much of it has had to go online during the COVID-19 pandemic. But what about pre-schoolers who are missing out?
Pre-school children are sponges for information but don’t get formal training on reading and writing until they enter the classroom when they are less sponge-like and surrounded by 30 other children. Things are tougher for non-English speaking children who’s parents want them to learn English.
Lingumi, a platform aimed at toddlers learning critical skills, has now raised £4 million in a funding round led by China-based technology fund North Summit Capital – a fund run by Alibaba’s former Chief Data Scientist Dr Min Wanli – alongside existing investors LocalGlobe, ADV and Entrepreneur First.
The startup, launched in 2017, is also announcing the launch of daily free activity packs and videos to support children and families during the COVID-19 outbreak, and it has pledged to donate 20% of its sales during this period to the Global Children’s Fund.
Lingumi’s interactive courses offer one-to-one tutoring with a kind “social learning” and its first course helps introduce key English grammar and vocabulary from the age of 2.
Instead of tuning into live lessons with tutors, which are typically timetabled and expensive, Lingumi’s lessons are delivered through interactive speaking tasks, teacher videos, and games. At the end of each lesson, children can see videos of Lingumi friends speaking the same words and phrases as them. Because the kids are watching videos, Lingumi is cheaper than live courses, and thus more flexible for parents.
The company launched the first Lingumi course in China last year, focused on teaching spoken English to non-English speakers. The platform is now being used by more than 100,000 families globally, including in mainland China, Taiwan, UK, Germany, Italy and France. More than 1.5 million English lessons have taken place in China over the past six months, and 40% of active users are also playing lessons daily. Lingumi says its user base grew 50% during China’s lockdown and it has had a rapid uptake in Europe.
“Lingumi’s rapid expansion in the Chinese market required a strategic local investor, and Dr Min and the team had a clear-sighted understanding of the technology and scale opportunity both in China, and globally.”
Dr Wanli Min, general partner at North Summit Capital, commented: “It is only the most privileged children who can access native English speakers for one-on-one tutoring… Lingumi has the potential to democratize English learning and offer every kid a personalized curriculum empowered by AI & Lingumi’s ‘asynchronous teaching; model.”
Competitors to include Lingumi include live teaching solutions like VIPKid, and learning platforms like Jiliguala in China, or Lingokids in the West.
General Catalyst, the 20-year-old venture firm that has been bulking up in recent years, announced this morning that it has secured $2.3 billion in capital commitments across three funds: a $600 million early-stage fund, a $1 billion growth fund for companies with $10 million-plus in annual revenue and a $700 million “endurance fund” to back large companies doing more than $100 million in sales, as reported earlier in Forbes.
It’s an impressive amount for the firm, which last closed a $1.4 billion fund in 2018 that combined its early and growth-stage investments — which was itself a huge leap from the $845 million in capital that General Catalyst raised in early 2016 across two funds.
Seemingly, the idea is to compete in more later-stage deals, which could well come down in price as other, non-traditional backers are forced to retrench from the suddenly dicey market.
SoftBank, whose fortunes have shifted, is one example. Mutual fund investors that have flocked to privately held companies will likely start committing less capital to illiquid startups right now, too, especially given that the IPO window is shut for the foreseeable future.
The firm tells Forbes it’s also looking to back sectors that are more relevant than ever in the era of coronavirus, including healthcare software, technologies for remote education and working.
Just today, Olive, a Columbus, Ohio-based healthcare startup that’s looking to AI-enabled robotic process automation solution, said it has raised $51 million in funding led by General Catalyst, with participation from its earlier backers. FierceHealthcare has more here.
Still, the firm’s limited partners, including university endowments and pension funds, have also seen their assets hard hit by the sudden economic downturn. It will surely make the kind of commitments they’ve made to General Catalyst and other firms to recently announce giant funds a little trickier to execute.
While there’s no reason to think they won’t fulfill their obligations, during the last major downturn in the startup world back in 2000 (the 2008 recession hit Wall Street much harder than Silicon Valley), some venture firms wound up reducing the size of their funds.
In part, they did this to ease the financial obligations of their limited partners. In part, they suddenly needed a lot less capital. Another reason they cut back what were then record-breaking-size funds was the harsh realization that the more they raised, the harder it would be to produce venture-like returns.
General Catalyst has a number of high-flying bets in its portfolio. Among them: Stripe and Airbnb. It isn’t yet clear how Stripe is faring in the current environment, but Airbnb and its hosts around the world have been struggling as much of the world shelters in place.
Though the company originally expected to go public in 2020, those plans seem highly unlikely now.
As part of its response to the public health emergency triggered by the COVID-19 pandemic, the European Commission has been leaning on Europe’s telcos to share aggregate location data on their users.
“The Commission kick-started a discussion with mobile phone operators about the provision of aggregated and anonymised mobile phone location data,” it said today.
“The idea is to analyse mobility patterns including the impact of confinement measures on the intensity of contacts, and hence the risks of contamination. This would be an important — and proportionate — input for tools that are modelling the spread of the virus, and would also allow to assess the current measures adopted to contain the pandemic.”
“We want to work with one operator per Member State to have a representative sample,” it added. “Having one operator per Member State also means the aggregated and anonymised data could not be used to track individual citizens, that is also not at all the intention. Simply because not all have the same operator.
“The data will only be kept as long as the crisis is ongoing. We will of course ensure the respect of the ePrivacy Directive and the GDPR.”
Earlier this week Politico reported that commissioner Thierry Breton held a conference with carriers, including Deutsche Telekom and Orange, asking for them to share data to help predict the spread of the novel coronavirus.
Europe has become a secondary hub for the disease, with high rates of infection in countries including Italy and Spain — where there have been thousands of deaths apiece.
The European Union’s executive is understandably keen to bolster national efforts to combat the virus. Although it’s less clear exactly how aggregated mobile location data can help — especially as more EU citizens are confined to their homes under national quarantine orders. (While police patrols and CCTV offer an existing means of confirming whether or not people are generally moving around.)
Nonetheless, EU telcos have already been sharing aggregate data with national governments.
Such as Orange in France which is sharing “aggregated and anonymized” mobile phone geolocation data with Inserm, a local health-focused research institute — to enable them to “better anticipate and better manage the spread of the epidemic”, as a spokeswoman put it.
“The idea is simply to identify where the populations are concentrated and how they move before and after the confinement in order to be able to verify that the emergency services and the health system are as well armed as possible, where necessary,” she added. “For instance, at the time of confinement, more than 1 million people left the Paris region and at the same time the population of Ile de Ré increased by 30%.
“Other uses of this data are possible and we are currently in discussions with the State on all of these points. But, it must be clear, we are extremely vigilant with regards to concerns and respect for privacy. Moreover, we are in contact with the CNIL [France’s data protection watchdog]… to verify that all of these points are addressed.”
Germany’s Deutsche Telekom is also providing what a spokesperson dubbed “anonymized swarm data” to national health authorities to combat the corona virus.
“European mobile operators are also to make such anonymized mass data available to the EU Commission at its request,” the spokesperson told us. “In fact, we will first provide the EU Commission with a description of data we have sent to German health authorities.”
It’s not entirely clear whether the Commission’s intention is to pool data from such existing local efforts — or whether it’s asking EU carriers for a different, universal data-set to be shared with it during the COVID-19 emergency.
When we asked about this it did not provide an answer. Although we understand discussions are ongoing with operators — and that it’s the Commission’s aim to work with one operator per Member State.
The Commission has said the metadata will be used for modelling the spread of the virus and for looking at mobility patterns to analyze and assess the impact of quarantine measures.
A spokesman emphasized that individual-level tracking of EU citizens is not on the cards.
“The Commission is in discussions with mobile operators’ associations about the provision of aggregated and anonymised mobile phone location data,” the spokesman for Breton told us.
“These data permit to analyse mobility patterns including the impact of confinement measures on the intensity of contacts and hence the risks of contamination. They are therefore an important and proportionate tool to feed modelling tools for the spread of the virus and also assess the current measures adopted to contain the Coronavrius pandemic are effective.”
“These data do not enable tracking of individual users,” he added. “The Commission is in close contact with the European Data Protection Supervisor (EDPS) to ensure the respect of the ePrivacy Directive and the GDPR.”
At this point there’s no set date for the system to be up and running — although we understand the aim is to get data flowing asap. The intention is also to use datasets that go back to the start of the epidemic, with data-sharing ongoing until the pandemic is over — at which point we’re told the data will be deleted.
Breton hasn’t had to lean very hard on EU telcos to share data for a crisis cause.
Earlier this week Mats Granryd, director general of operator association the GSMA, tweeted that its members are “committed to working with the European Commission, national authorities and international groups to use data in the fight against COVID-19 crisis”.
Although he added an important qualifier: “while complying with European privacy standards”.
The @GSMA and our members are committed to working with the @EU_Commission, national authorities and international groups to use data in the fight against COVID-19 crisis, while complying with European privacy standards. https://t.co/f1hBYT5Lqx
— Mats Granryd (@MatsGranryd) March 24, 2020
Europe’s data protection framework means there are limits on how people’s personal data can be used — even during a public health emergency. And while the legal frameworks do quite rightly bake in flexibility for a pressing public purpose, like the COVID-19 pandemic, it does not mean individuals’ privacy rights automatically go out the window.
Individual tracking of mobile users for contact tracing — such as Israel’s government is doing — is unimaginable at the pan-EU level. Certainly unless the regional situation deteriorates drastically.
One privacy lawyer we spoke to last week suggested such a level of tracking and monitoring across Europe would be akin to a “last resort”. Though individual EU countries are choosing to respond differently to the crisis — such as, for example, Poland giving quarantined people a choice between regular police checks up or uploading geotagged selfies to prove they’re not breaking lockdown.
While former EU Member, the UK, has reportedly chosen to invite US surveillance-as-a-service tech firm Palantir to carry out resource tracking for its National Health Service during the coronavirus crisis.
Under pan-EU law (which the UK remains subject to, until the end of the Brexit transition period), the rule of thumb is that extraordinary data-sharing — such as the Commission asking telcos to share user location data during a pandemic — must be “temporary, necessary and proportionate”, as digital rights group Privacy International recently noted.
This explains why Breton’s request is for “anonymous and aggregated” location data. And why, in background comments to reporters, the claim is that any shared data sets will be deleted at the end of the pandemic.
Not every EU lawmaker appears entirely aware of all the legal limits, however.
Today the bloc’s lead privacy regulator, data protection supervisor (EDPS) Wojciech Wiewiórowski, could be seen tweeting cautionary advice at one former commissioner, Andrus Ansip (now an MEP) — after the latter publicly eyed up a Bluetooth-powered contacts tracing app deployed in Singapore.
“Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder,” wrote Wiewiórowski.
So it remains to be seen whether pressure will mount for more privacy-intrusive surveillance of EU citizens if regional rates of infection continue to grow.
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
As we reported earlier this week, governments or EU institutions seeking to make use of mobile phone data to help with the response to the coronavirus must comply with the EU’s ePrivacy Directive — which covers the processing of mobile location data.
The ePrivacy Directive allows for Member States to restrict the scope of the rights and obligations related to location metadata privacy, and retain such data for a limited time — when such restriction constitutes “a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system” — and a pandemic seems a clear example of a public security issue.
Thing is, the ePrivacy Directive is an old framework. The previous college of commissioners had intended to replace it alongside an update to the EU’s broader personal data protection framework — the General Data Protection Regulation (GDPR) — but failed to reach agreement.
This means there’s some potential mismatch. For example the ePrivacy Directive does not include the same level of transparency requirements as the GDPR.
Perhaps understandably, then, since news of the Commission’s call for carrier metadata emerged concerns have been raised about the scope and limits of the data sharing. Earlier this week, for example, MEP Sophie in’t Veld wrote to Breton asking for more information on the data grab — including querying exactly how the data will be anonymized.
Fighting the #coronavirus with technology: sure! But always with protection of our privacy. Read my letter to @ThierryBreton about @EU_Commission’s plans to call on telecoms to hand over data from people’s mobile phones in order to track&trace how the virus is spreading. pic.twitter.com/55kZo9bMhN
— Sophie in 't Veld (@SophieintVeld) March 25, 2020
The EDPS confirmed to us that the Commission consulted it on the proposed use of telco metadata.
A spokesman for the regulator pointed to a letter sent by Wiewiórowski to the Commission, following the latter’s request for guidance on monitoring the “spread” of COVID-19.
In the letter the EDPS impresses on the Commission the importance of “effective” data anonymization — which means it’s in effect saying a technique that does genuinely block re-identification of the data must be used. (There are plenty of examples of ‘anonymized’ location data being shown by researchers to be trivially easy to reidentify, given how many individual tells such data typically contains, like home address and workplace address.)
“Effective anonymisation requires more than simply removing obvious identifiers such as phone numbers and IMEI numbers,” warns the EDPS, adding too that aggregated data “can provide an additional safeguard”.
We also asked the Commission for more details on how the data will be anonymized and the level of aggregation that would be used — but it told us it could not provide further information at this stage.
So far we understand that the anonymization and aggregation process will be undertaken before data is transferred by operators to a Commission science and research advisory body, called the Joint Research Centre (JRC) — which will perform the data analytics and modelling.
The results — in the form of predictions of propagation and so on — will then be shared by the Commission with EU Member States authorities. The datasets feeding the models will be stored on secure JRC servers.
The EDPS is equally clear on the Commission’s commitments vis-a-vis securing the data.
“Information security obligations under Commission Decision 2017/464 still apply [to anonymized data], as do confidentiality obligations under the Staff Regulations for any Commission staff processing the information. Should the Commission rely on third parties to process the information, these third parties have to apply equivalent security measures and be bound by strict confidentiality obligations and prohibitions on further use as well,” writes Wiewiórowski.
“I would also like to stress the importance of applying adequate measures to ensure the secure transmission of data from the telecom providers. It would also be preferable to limit access to the data to authorised experts in spatial epidemiology, data protection and data science.”
Data retention — or rather the need for prompt destruction of data sets after the emergency is over — is another key piece of the guidance.
“I also welcome that the data obtained from mobile operators would be deleted as soon as the current emergency comes to an end,” writes Wiewiórowski. “It should be also clear that these special services are deployed because of this specific crisis and are of temporary character. The EDPS often stresses that such developments usually do not contain the possibility to step back when the emergency is gone. I would like to stress that such solution should be still recognised as extraordinary.”
teresting to note the EDPS is very clear on “full transparency” also being a requirement, both of purpose and “procedure”. So we should expect more details to be released about how the data is being effectively rendered unidentifiable.
“Allow me to recall the importance of full transparency to the public on the purpose and procedure of the measures to be enacted,” writes Wiewiórowski. “I would also encourage you to keep your Data Protection Officer involved throughout the entire process to provide assurance that the data processed had indeed been effectively anonymised.”
The EDPS has also requested to see a copy of the data model. At the time of writing the spokesman told us it’s still waiting to receive that.
“The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstandings,” Wiewiórowski added in the letter.
Ford announced the details of its current manufacturing efforts around building much-needed medical supplies for front-line healthcare workers and COVID-19 patients on Tuesday. Its efforts include building Powered Air-Purifying Respirators (PAPRs) with partner 3M, including a new design that employs existing parts from both partners to deliver effectiveness and highly-scalable production capacity.
Ford says that it’s also going to be building face shields, leaning on its 3D printing capabilities, with an anticipated production rate of over 100,000 units per week. These are key pieces of personal protective equipment (PPE) used by frontline healthcare staff to protect them against virus-containing droplets that are spread by patients through coughing and sneezing in clinical settings. The company has designed a new face shield, which will be tested with the first 1,000 units this week at Detroit Mercy, Henry Ford Health Systems and Detroit Medical Center Sinai-Grace Hospitals in Michigan to evaluate their efficacy. Provided they perform as planned, Ford anticipates scaling to building 75,000 by end of week, with 100,000 able to be made in one of the company’s Plymouth, MI production facilities each week thereafter.
The automaker is also going to be working with GE on expanding production capacity for GE Healthcare’s ventilator, with a simplified design that should allow for higher volume production. That’s part of a response to a U.S. government request for more units to support healthcare needs, the company said. On top of its U.S.-focused ventilator project with GE, Ford is also working on a separate effort to spin up ventilator production targeting the UK based on a request for aid from that country’s government, and it’s also shipping back 165,000 N95 respirator masks that were sent by the company from the U.S. to China earlier this year, since the need for that equipment is now greater back in the U.S., the company said, and China’s situation continues to improve.
Over the weekend, President Trump tweeted that U.S. automakers, including Ford, GM and Tesla had received the “go ahead” to make “ventilators and other metal products, fast.”
“We have had preliminary discussions with the U.S. and U.K. governments and looking into the feasibility,” Ford spokesperson Rachel McCleery said at the time in a statement to TechCrunch . “It’s vital that we all pull together to help the country weather this crisis and come out the other side stronger than ever.”
Based on this update, it seems like Ford did indeed move quickly to take stock of where it could contribute, and in what capacity. The company will be looking at using both its own and partner facilities to produce this much-needed medical equipment, it said on Tuesday during a press conference call about the announcement, and it’ll also be leveraging existing parts and equipment to speed production capabilities and capacity.
The PAPRs that Ford is building, for instance, will use off-the-shelf components from the automaker’s F-150 truck’s cooled seating, as well as 3M’s existing HEPA filters. These respirators could potentially offer significant advantages in use compared to N95s, since they are battery-powered and can filter airborne virus particles for up to eight hours on a single, swappable standard power tool battery pack worn at the waist. Asked about production timelines and capacity, 3M Global Technical Director Mike Kesti said that they’re still working that out, with a focus on how Ford can supplement existing PAPR production before moving into producing their new version.
“[Ford is] helping us expand the capacity of our existing units,” Kesti said. “So impact will be over the next days and weeks to just increase capacity of our existing [PAPR]. But we’re also working closely together with them the leverage components both from Ford, that they have available, and 3M, particularly our filters that meet the NIOSH [National Institute for Occupational Safety and Health] regulatory requirements, and trying to integrate that into a modified design that will meet the NIOSH regulation performance requirements, and scale it up as as quickly as possible.”
Ford is also assisting 3M with ramping production of its existing N95 respiratory masks, Kesti said.
Ford and GE don’t yet have a timeline, or estimates of production capacity for the new types of ventilators they’re working on either, but the team is “working feverishly to get to the release point,” according to GE Healthcare VP and Chief Quality Officer Tom Westrick.
“We don’t have specific timelines and numbers related to the to the design and the release of the new ventilators,” he said. “Although, obviously this is of utmost importance to both us and Ford.”
GM revealed Wednesday a new electric architecture that will be the foundation of the automaker’s future EV plans and support a wide range of products across its brands, including compact cars, work trucks, large premium SUVs, performance vehicles and a new Bolt EUV crossover that will come to market next summer.
This modular architecture, called “Ultium,” will be capable of 19 different battery and drive unit configurations, 400-volt and 800-volt packs with storage ranging from 50 kWh to 200 kWh, and front, rear and all-wheel drive configurations.
GM’s focus on making this EV architecture modular underlines the automaker’s desire to electrify a wide variety of its business lines, from the Cruise Origin autonomous taxi and compact Chevrolet Bolt EUV to the GMC HUMMER electric truck and SUV and the newly announced Cadillac Lyriq SUV. GM also on Wednesday showed a variety of electric vehicles that had not yet been announced or revealed in public, to show how this modularity will be exploited further out in their product plan, including a massive Cadillac flagship sedan called Celestiq.
The Celestiq will be hand-built in the Detroit area, GM President Mark Reuss said, joining a large electric SUV in Cadillac’s future lineup. A pair of future Buick crossovers showed that brand’s styling moving in a decidedly Tesla-inspired direction, while a mid-sized Chevrolet crossover hinted at a more affordable option in GM’s otherwise premium-focused future EV lineup.
Using a single architecture for such a wide variety of vehicles provides much-needed scale and capital-efficiency to what has been a small-volume and profitability-challenged EV market. GM sees this scale driving reductions in the cost and complexity of its battery packs, eliminating 80% of the pack wiring compared to the current Chevrolet Bolt and enabling it to drive battery cell costs below the $100/kWh level.
At the heart of the new modular architecture will be large-format pouch battery cells manufactured as part of a joint manufacturing venture between LG Chem and GM. The companies announced in December plans to mass produce battery cells for GM’s electric vehicles at a plant in Lordstown, Ohio.
While the automaker has used LG Chem as a lithium-ion and electronics supplier for at least a decade, the joint venture marks a shift that aims to accelerate the automaker’s ability to win in the electric vehicle space.
GM’s relationship with LG Chem has produced a new Nickel Cobalt Manganese Aluminium (NCMA) battery cell, which the automaker says will have the lowest cobalt content of any large-format pouch cell. The flat, rectangular pouch cells allow GM to stack batteries vertically, enabling more packaging flexibility and interior space than the cylindrical cells favored by Tesla, Rivian and others.
GM and LG Chem will break ground on the new $2.3 billion joint venture plant this spring, where they will have annual production capacity of 30 gigawatt hours of these cells, with room to expand. The two firms said they will work together to eventually drive all cobalt and nickel out of its cell chemistries, develop electrolyte additives that heal cell degradation and explore solid-state cell options.
The initial wave of electric vehicles from GM will be led by an updated version of the Chevrolet Bolt later this year, followed by a Bolt EUV crossover next summer that will be the first vehicle outside of the Cadillac brand to feature the hands-free SuperCruise driver assistance system. GM will reveal two new premium electric SUVs later this year, the GMC HUMMER EV that will begin production in 2021 and the Cadillac Lyriq, which will follow it to market in 2022.
GM’s new EV architecture enables Level 2 and DC fast charging, with up to 100 miles of range available in the first 10 minutes of charging. But rather than launching its own in-house fast-charging network, GM is aggregating public charger networks like ChargePoint and EVgo into its myChevrolet mobile app and enabling in-app payment at EVgo chargers. GM is also partnering with Qmerit to provide accredited home charger installation, because 80% of EV customers charge at home, the company said.
Cathay Pacific has been issued with a £500,000 penalty by the UK’s data watchdog for security lapses which exposed the personal details of some 9.4 million customers globally — 111,578 of whom were from the UK.
The penalty, which is the maximum fine possible under relevant UK law, was announced today by the Information Commissioner’s Office (ICO), following a multi-month investigation. It pertains to a breach disclosed by the airline in fall 2018.
At the time Cathay Pacific said it had first identified unauthorized access to its systems in March, though it did not explain why it took more than six months to make a public disclosure of the breach.
The failure to secure its systems resulted in unauthorised access to passengers’ personal details, including names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.
Today the ICO said the earliest date of unauthorised access to Cathay Pacific’s systems was October 14, 2014. While the earliest known date of unauthorised access to personal data was February 7, 2015.
“The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data,” the regulator writes in a press release, adding that it found “a catalogue of errors” during the investigation, including back-up files that were not password protected; unpatched Internet-facing servers; use of operating systems that were no longer supported by the developer; and inadequate antivirus protection.
Since Cathay’s systems were compromised in this breach the UK has transposed an update to the European Union’s data protection’s framework into its national law which bakes in strict disclosure requirements for breaches involving personal data — requiring data controllers inform national regulators within 72 hours of becoming aware of a breach.
The General Data Protection Regulation (GDPR) also includes a much more substantial penalties regime — with fines that can scale as high as 4% of global annual turnover.
However owing to the timing of the unauthorized access the ICO has treated this breach as falling under previous UK data protection legislation.
Under GDPR the airline would likely have faced a substantially larger fine.
Commenting on Cathay Pacific’s penalty in a statement, Steve Eckersley, the ICO’s director of investigations, said:
People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here.
This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.
Under data protection law organisations must have appropriate security measures and robust procedures in place to ensure that any attempt to infiltrate computer systems is made as difficult as possible.
Reached for comment the airline reiterated its regret over the data breach and said it has taken steps to enhance its security “in the areas of data governance, network security and access control, education and employee awareness, and incident response agility”.
“Substantial amounts have been spent on IT infrastructure and security over the past three years and investment in these areas will continue,” Cathay Pacific said in the statement. “We have co-operated closely with the ICO and other relevant authorities in their investigations. Our investigation reveals that there is no evidence of any personal data being misused to date. However, we are aware that in today’s world, as the sophistication of cyber attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.”
“We will continue to co-operate with relevant authorities to demonstrate our compliance and our ongoing commitment to protecting personal data,” it added.
Last summer the ICO slapped another airline, British Airways, with a far more substantial fine for a breach that leaked data on 500,000 customers, also as a result of security lapses.
In that case the airline faced a record £183.39M penalty — totalling 1.5% of its total revenues for 2018 — as the timing of the breach occurred when the GDPR applied.
Big tech’s lead privacy regulator in Europe has intervened to flag transparency concerns about a Facebook election reminder feature — asking the tech giant to provide it with information about what data it collects from users who interact with the notification and how their personal data is used, including whether it’s used for targeting them with ads.
Facebook confirmed to TechCrunch it has paused use of the election reminder feature in the European Union while it works on addressing the Irish Data Protection Commission (DPC)’s concerns.
Facebook’s Election Day Reminder (EDR) feature is a notification the platform can display to users on the day of an election — ostensibly to encourage voter participation. However, as ever with the data-driven ad business, there’s a whole wrapper of associated questions about what information Facebook’s platform might be harvesting when it chooses to deploy the nudge (and how the ad business is making use of the data).
On an FAQ on its website about the election reminder Facebook writes vaguely that users “may see reminders and posts about elections and voting”.
Facebook does not explain what criteria it uses to determine whether to target (or not to target) a particular user with an election reminder.
Yet a study carried out by Facebook in 2012, working with academics from the University of California at San Diego, found an election day reminder sent via its platform on the day of the 2010 US congressional elections boosted voter turnout by about 340,000 people — which has led to concern that selective deployment of election reminders by Facebook could have the potential to influence poll outcomes.
If, for example, Facebook chose to target an election reminder at certain types of users who it knows via its profiling of them are likely to lean towards voting a particular way. Or if the reminder was targeted at key regions where a poll result could be swung with a small shift in voter turnout. So the lack of transparency around how the tool is deployed by Facebook is also concerning.
Under EU law, entities processing personal data that reveals political opinions must also meet a higher standard of regulatory compliance for this so-called “special category data” — including around transparency and consent. (If relying on user consent to collect this type of data it would need to be explicit — requiring a clear, purpose-specific statement that the user affirms, for instance.)
In a statement today the DPC writes that it notified Facebook of a number of “data protection concerns” related to the EDR ahead of the recent Irish General Election — which took place February 8 — raising particular concerns about “transparency to users about how personal data is collected when interacting with the feature and subsequently used by Facebook”.
The DPC said it asked Facebook to make some changes to the feature but because these “remedial actions” could not be implemented in advance of the Irish election it says Facebook decided not to activate the EDR during that poll.
We understand the main issue for the regulator centers on the provision of in-context transparency for users on how their personal data would be collected and used when they engaged with the feature — such as the types of data being collected and the purposes the data is used for, including whether it’s used for advertising purposes.
In its statement, the DPC says that following its intervention Facebook has paused use of the EDR across the EU, writing: “Facebook has confirmed that the Election Day Reminder feature will not be activated during any EU elections pending a response to the DPC addressing the concerns raised.”
It’s not clear how long this intervention-triggered pause will last — neither the DPC nor Facebook have given a timeframe for when the transparency problems might be resolved.
We reached out to Facebook with questions on the DPC’s intervention.
The company sent this statement, attributed to a spokesperson:
We are committed to processing people’s information lawfully, fairly, and in a transparent manner. However, following concerns raised by the Irish Data Protection Commission around whether we give users enough information about how the feature works, we have paused this feature in the EU for the time being. We will continue working with the DPC to address their concerns.
“We believe that the Election Day reminder is a positive feature which reminds people to vote and helps them find their polling place,” Facebook added.
Forthcoming elections in Europe include Slovak parliamentary elections this month; North Macedonian and Serbian parliamentary elections, which are due to take place in April; and UK local elections in early May.
The intervention by the Irish DPC against Facebook is the second such public event in around a fortnight — after the regulator also published a statement revealing it had raised concerns about Facebook’s planned launch of a dating feature in the EU.
That launch was also put on ice following its intervention, although Facebook claimed it chose to postpone the rollout to get the launch “right”; while the DPC said it’s waiting for adequate responses and expects the feature won’t be launched before it gets them.
It looks like public statements of concern could be a new tactic by the regulator to try to address the sticky challenge of reining in big tech.
The DPC is certainly under huge pressure to deliver key decisions to prove that the EU’s flagship General Data Protection Regulation (GDPR) is functioning as intended. Critics say it’s taking too long, even as its case load continues to pile up.
No GDPR decisions on major cases involving tech giants including Facebook and Google have yet been handed down in Dublin — despite the GDPR fast approaching its second birthday.
At the same time it’s clear tech giants have no shortage of money, resources and lawyers to inject friction into the regulatory process — with the aim of slowing down any enforcement.
So it’s likely the DPC is looking for avenues to bag some quick wins — by making more of its interventions public and thereby putting pressure on a major player like Facebook to respond to publicity generated by it going public with “concerns”.
It’s T-minus one week to the big day, March 3, when more than 1,000 startuppers will convene in San Jose, Calif. for TC Sessions: Robotics + AI 2020. We’re talking a hefty cross-section representing big companies and exciting new startups. We’re talking some of the most innovative thinkers, makers, researchers, investors and influencers — all focused on creating the future of these two world-changing technologies.
Don’t miss out on this one-day conference of interviews, panel discussions, Q&As, workshops and demos dedicated to every aspect of robotics and A.I. General admission tickets cost $345. Snag your ticket now and save, because prices go up at the door. Want to save even more? Save 15 percent when you buy four or more tickets. Are you a student? Grab a ticket for just $50.
What do we have planned for this TC Session? Here’s a small sample of the fab programming that awaits you, and be sure to check out the full TC Session agenda here.
And — new this year — don’t miss watching the finalists from our Pitch Night competition. Founders of these early-stage companies, hand-picked by TechCrunch editors, will take the stage and have just five minutes to present their wares.
With just one more week until TC Sessions: Robotics + AI 2020 kicks off, you don’t have much time left to save on tickets. Why pay more at the door? Buy your ticket now and join the best and brightest for a full day dedicated to all things robotics.
The student loan crisis in the U.S. has left venture capitalists searching for novel approaches to financing higher education, but can the same systems designed for helping coders in Silicon Valley get jobs at Google help underserved students in developing countries become part of a global work force?
Similar to the buzzy San Francisco startup Lambda School, Microverse is a coding school that utilizes ISAs, or Income Share Agreements, as a means of allowing students to learn now and pay later with a fixed percentage of their future salary. Microverse isn’t aiming to compete heavily with Lambda School for U.S. students, however, they are looking more heavily at courting students in developing countries. The startup currently has students in 96 countries, with Mexico, Brazil, Kenya, Nigeria, Cameroon and India among their most represented, CEO Ariel Camus tells TechCrunch.
The pitch of bringing the ISA model worldwide has attracted investor interest. The startup tells TechCrunch it has just closed $3.2 million in seed funding from venture capitalists including General Catalyst and Y Combinator.
Lambda School and its ilk have excited plenty of investors. There has also been plenty of scrutiny and some questions on whether quickly scaling to venture-sized returns or building revenue by selling off securitized ISAs ends up pushing these startups toward cutting corners.
Microverse, for its part, is already built quite lean. The program has no full-time instructors. The entire curriculum is a self-guided English-only lesson plan that relies on students that are just months ahead in the program serving as “mentors.” Students are expected to spend eight hours per day pushing through the curriculum with assigned study partners and peer groups, graduating in about eight months on average, Camus says.
“The average starting salary for us — it’s of course lower and that’s expected,” said Camus. “The only way we can offer as good or better learning experience as Lambda or any other campus-based education in the U.S. — with salaries that will usually be lower — is if our costs are lower, and that’s why we have designed the entire system to allow us to scale faster. We don’t have to hire teachers, we don’t have to create content and that allows us to adjust to changes in the market and new technologies much much faster.”
While Lambda School’s ISA terms require students to pay 17% of their monthly salary for 24 months once they begin earning above $50,000 annually — up to a maximum of $30,000, Microverse requires that graduates pay 15% of their salary once they begin making more than just $1,000 per month, though there is no cap on time, so students continue payments until they have repaid $15,000 in full. In both startups’ cases, students only repay if they are employed in a field related to what they studied, but with Microverse, ISAs never expire, so if you ever enter a job adjacent to your area of study, you are on the hook for repayments. Lambda School’s ISA taps out after five years of deferred repayments.
Without much of the nuance in how Lambda School or Holberton School have structured their ISA terms, Microverse’s structure seems less amenable, but Camus defends the terms as a necessary means to getting around under-reporting.
“When you use a cap, you’re using a perverse incentive for under-reporting,” Camus says. “In the U.S. where you can enforce tax reviews, there’s no need to worry about that and I think it’s better if you can cap it, but in most of the developing countries where there is not a strong tax system, it isn’t a possibility.”
For students that qualify for terms for repaying this ISA, they are, again, on the hook for $15,000. Charging such a hefty fee for an online course without full-time instructors geared toward students in developing countries could be controversial for a venture-backed startup, but it will also put a heavy burden on the school to keep their students satisfied and help them find employment via its network of career counselors.
The CEO acknowledges the high price of Microverse’s instruction. “It is huge,” but he says that the premium is necessary to build a business around getting students in developing countries careers in the global workforce. Microverse is keeping its total number of admitted students small early on so that it can ensure it’s meeting their needs, Camus says, noting that Microverse accepts just 1% of applicants, adding 70-80 students to the program per month.
“This conversation around the ISA in the U.S. is so hot that you have to frame it in such a different way when you’re talking about students in developing and emerging countries. Like, there are no alternatives,” Camus says. “…if you can find a value proposition that aligns with their goals and gives them some international and professional exposure, that gives them a world-class education… that’s a very compelling proposition.”
Esports, video games and the innovations that enable them now occupy a central space in the cultural and commercial fabric of the tech world.
For the investment firm Bitkraft Esports Ventures, the surge in interest means a vast opportunity to invest in the businesses that continue to reshape entertainment and develop technologies which have implications far beyond consoles and controllers.
Increasingly, investors are willing to come along for the ride. The firm, which launched its first fund in 2017 with a $40 million target, is close to wrapping up fundraising on a roughly $140 million new investment vehicle, according to a person with knowledge of the firm’s plans.
Through a spokesperson, Bitkraft confirmed that over the course of 2019 it had invested $50 million into 25 investments across esports and digital entertainment, 21 of which were led by the firm.
The new, much larger, fund for Bitkraft is coming as the firm’s thesis begins to encompass technologies and services that extend far beyond gaming and esports — although they’re coming from a similar place.
Along with its new pool of capital, the firm has also picked up a new partner in Moritz Baier-Lentz, a former Vice President in the investment banking division of Goldman Sachs and the number one ranked esports player of Blizzard’s Diablo II PC game in 2003.
The numbers in venture capital — and especially in gaming — aren’t quite at that scale, but there are increasingly big bets being made in and around the games industry as investors recognize its potential. There were roughly $2 billion worth of investments made into the esports industry in 2019, less than half of the whopping $4.5 billion which was invested the prior year, according to the Esports Observer.
“Gaming is now one of the largest forms of entertainment in the United States, with more than $100B+ spent yearly, surpassing other major mediums like television. Gaming is a new form of social network where you can spend time just hanging with friends/family even outside of the constructs of ‘winning the game.’”
Over $100 billion is nothing to sneer at in a growing category — especially as the definition of what qualifies as an esports investment expands to include ancillary industries and a broader thesis.
For Bitkraft, that means investments which are “born in Internet and gaming, but they have applications beyond that,” says Baier-Lentz. “What we really see on the broader level and what we think bout as a team is this emergence of synthetic reality. [That’s] where we see the future and the growth and the return for our investors.”
Bitkraft’s newest partner, Moritz Baier-Lentz
Baier-Lentz calls this synthetic reality an almost seamless merger of the physical and digital world. It encompasses technologies enabling virtual reality and augmented reality and the games and immersive or interactive stories that will be built around them.
“Moritz shares our culture, our passion, and our ambition—and comes with massive investment experience from one of the world’s finest investment firms,” said Jens Hilgers, the founding general partner of BITKRAFT Esports Ventures, in a statement. “Furthermore, he is a true core gamer with a strong competitive nature, making him the perfect fit in our diverse global BITKRAFT team. With his presence in New York, we also expand our geographical coverage in one of today’s most exciting and upcoming cities for gaming and esports.”
It helps that, while at Goldman, Baier-Lentz helped develop the firm’s global esports and gaming practice. Every other day he was fielding calls around how to invest in the esports phenomenon from private clients and big corporations, he said.
Interestingly for an esports-focused investment firm, the one area where Bitkraft won’t invest is in Esports teams. instead the focus is on everything that can enable gaming. “We take a broader approach and we make investments in things that thrive on the backbone of a healthy esports industry,” said Baier-Lentz.
In addition to a slew of investments made into various game development studios, the company has also backed Spatial, which creates interactive audio environments; Network Next, a developer of private optimized high speed networks for gaming; and Lofelt, a haptic technology developers.
“Games are the driver of technological innovation and games have prepared us for human machine interaction,” says Baier-Lentz. “We see games and gaming content as the driver of a broader wave of synthetic reality. That would span gaming, sports, and interactive media. [But] we don’t only see it as entertainment… There are economic and social benefits here that are opened up once we transcend between the physical and the digital. I almost see it as the evolution of the internet.”
Several companies rolled out electric pickups in 2019. Tesla’s Cybertruck got most of the attention, but don’t sleep on General Motors and Ford — bringing electric pickups to market is critical for the viability of electric vehicles.
Automakers build vehicles around shared components. These platforms, the underpinnings of the vehicles, often live for 10 or more years, and are critical to each automaker’s economic stability. The exterior sheet metal might change, but dozens of models often share the frame, powertrain and electrical components.
Electric pickup platforms offer vehicle makers a new revenue source. Instead of building electric vehicles designed to move people, these platforms can move goods. That’s key to building a long-term strategy around electric vehicles.
Look at Ford, whose best-selling F-150 is just a portion of its success. From the F-150, the automaker has dozens of commercial vehicles built off platforms that share components. If Ford can produce an electric pickup — which it says it’s doing alongside startup Rivian — Ford will be able to electrify its commercial offering more quickly.
Specific vehicle platforms are perfect for electrification. Vehicles with a predictable driving route like municipal vehicles, delivery vans and even hearses could benefit from electric powertrains.
Electric powertrains have long offered advantages over internal combustion; electric counterparts feature fewer moving parts and are now often smaller, allowing for more interior space. And then there’s the torque that gives electric vehicles near-superhero strength.
Google has buried a major change in legal jurisdiction for its UK users as part of a wider update to its terms and conditions that’s been announced today and which it says is intended to make its conditions of use clearer for all users.
It says the update to its T&Cs is the first major revision since 2012 — with Google saying it wanted to ensure the policy reflects its current products and applicable laws.
“We’ve updated our Terms of Service to make them easier for people around the world to read and understand — with clearer language, improved organization, and greater transparency about changes we make to our services and products. We’re not changing the way our products work, or how we collect or process data,” Google spokesperson Shannon Newberry said in a statement.
Users of Google products are being asked to review and accept the new terms before March 31 when they are due to take effect.
Reuters reported on the move late yesterday — citing sources familiar with the update who suggested the change of jurisdiction for UK users will weaken legal protections around their data.
However Google disputes there will be any change in privacy standards for UK users as a result of the shift. it told us there will be no change to how it process UK users’ data; no change to their privacy settings; and no change to the way it treats their information as a result of the move.
We asked the company for further comment on this — including why it chose not to make a UK subsidiary the legal base for UK users — and a spokesperson told us it is making the change as part of its preparations for the UK to leave the European Union (aka Brexit).
“Like many companies, we have to prepare for Brexit,” Google said. “Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”
Heather Burns, a tech policy specialist based in Glasgow, Scotland — who runs a website dedicated to tracking UK policy shifts around the Brexit process — also believes Google has essentially been forced to make the move because the UK government has recently signalled its intent to diverge from European Union standards in future, including on data protection.
“What has changed since January 31 has been [UK prime minister] Boris Johnson making a unilateral statement that the UK will go its own way on data protection, in direct contrast to everything the UK’s data protection regulator and government has said since the referendum,” she told us. “These bombastic, off-the-cuff statements play to his anti-EU base but businesses act on them. They have to.”
“Google’s transfer of UK accounts from the EU to the US is an indication that they do not believe the UK will either seek or receive a data protection adequacy agreement at the end of the transition period. They are choosing to deal with that headache now rather than later. We shouldn’t underestimate how strong a statement this is from the tech sector regarding its confidence in the Johnson premiership,” she added.
Asked whether she believes there will be a reduction in protections for UK users in future as a result of the shift Burns suggested that will largely depend on Google.
So — in other words — Brexit means, er, trust Google to look after your data.
“The European data protection framework is based around a set of fundamental user rights and controls over the uses of personal data — the everyday data flows to and from all of our accounts. Those fundamental rights have been transposed into UK domestic law through the Data Protection Act 2018, and they will stay, for now. But with the Johnson premiership clearly ready to jettison the European-derived system of user rights for the US-style anything goes model,” Burns suggested.
“Google saying there is no change to the way we process users’ data, no change to their privacy settings and no change to the way we treat their information can be taken as an indication that they stand willing to continue providing UK users with European-style rights over their data — albeit from a different jurisdiction — regardless of any government intention to erode the domestic legal basis for those rights.”
Reuters’ report also raises concerns about the impact of the Cloud Act agreement between the UK and the US — which is due to come into effect this summer — suggesting it will pose a threat to the safety of UK Google users’ data once it’s moved out of an EU jurisdiction (in this case Ireland) to the US where the Act will apply.
The Cloud Act is intended to make it quicker and easier for law enforcement to obtain data stored in the cloud by companies based in the other legal jurisdiction.
So in future, it might be easier for UK authorities to obtain UK Google users’ data using this legal instrument applied to Google US.
It certainly seems clear that as the UK moves away from EU standards as a result of Brexit it is opening up the possibility of the country replacing long-standing data protection rights for citizens with a regime of supercharged mass surveillance. (The UK government has already legislated to give its intelligence agencies unprecedented powers to snoop on ordinary citizens’ digital comms — so it has a proven appetite for bulk data.)
Again, Google told us the shift of legal base for its UK users will make no difference to how it handles law enforcement requests — a process it talks about here — and further claimed this will be true even when the Cloud Act applies. Which is a weasely way of saying it will do exactly what the law requires.
Google confirmed that GDPR will continue to apply for UK users during the transition period between the old and new terms. After that it said UK data protection law will continue to apply — emphasizing that this is modelled after the GDPR. But of course in the post-Brexit future the UK government might choose to model it after something very different.
Asked to confirm whether it’s committing to maintain current data standards for UK users in perpetuity, the company told us it cannot speculate as to what privacy laws the UK will adopt in the future…
We also asked why it hasn’t chosen to elect a UK subsidiary as the legal base for UK users. To which it gave a nonsensical response — saying this is because the UK is no longer in the EU. Which begs the question when did the UK suddenly become the 51st American State?
Returning to the wider T&Cs revision, Google said it’s making the changes in a response to litigation in the European Union targeted at its terms.
This includes a case in Germany where consumer rights groups successfully sued the tech giant over its use of overly broad terms which the court agreed last year were largely illegal.
In another case a year ago in France a court ordered Google to pay €30,000 for unfair terms — and ordered it to obtain valid consent from users for tracking their location and online activity.
Since at least 2016 the European Commission has also been pressuring tech giants, including Google, to fix consumer rights issues buried in their T&Cs — including unfair terms. A variety of EU laws apply in this area.
Here, among the usual ‘dead cat’ claims about not ‘selling your information’ (tl;dr adtech giants rent attention; they don’t need to sell actual surveillance dossiers), Google writes that it doesn’t use “your emails, documents, photos or confidential information (such as race, religion or sexual orientation) to personalize the ads we show you”.
Though it could be using all that personal stuff to help it build new products it can serve ads alongside.
Even further towards the end of its business model screed it includes the claim that “if you don’t want to see personalized ads of any kind, you can deactivate them at any time”. So, yes, buried somewhere in Google’s labyrinthine setting exists an opt out.
The change in how Google articulates its business model comes in response to growing political and regulatory scrutiny of adtech business models such as Google’s — including on data protection and antitrust grounds.