Twitter is the latest social media site to allow users to experiment with posting disappearing content. Fleets, as Twitter calls them, allows its mobile users post short stories, like photos or videos with overlaying text, that are set to vanish after 24 hours.
But a bug meant that fleets weren’t deleting properly and could still be accessed long after 24 hours had expired. Details of the bug were posted in a series of tweets on Saturday, less than a week after the feature launched.
The bug effectively allowed anyone to access and download a user’s fleets without triggering a notification that the user’s fleet had been read and by whom. The implication is that this bug could be abused to archive a user’s fleets after they expire.
Using an app that’s designed to interact with Twitter’s back-end systems via its developer API. What returned was a list of fleets from the server. Each fleet had its own direct URL, which when opened in a browser would load the fleet as an image or a video. But even after the 24 hours elapsed, the server would still return links to fleets that had already disappeared from view in the Twitter app.
When reached, a Twitter spokesperson said a fix was on the way. “We’re aware of a bug accessible through a technical workaround where some Fleets media URLs may be accessible after 24 hours. We are working on a fix that should be rolled out shortly.”
Twitter acknowledged that the fix means that fleets should now expire properly, it said it won’t delete the fleet from its servers for up to 30 days — and that it may hold onto fleets for longer if they violate its rules. We checked that we could still load fleets from their direct URLs even after they expire.
Fleet with caution.
SUPPORT THE TIMES CLOCK
Fractions aren’t enough of an answer to divisions – TechCrunch
Welcome to Startups Weekly, a fresh human-first take on this week’s startup news and trends. To get this in your inbox, subscribe here.
This past week, I wrote about the launch of Fractional, a startup that wants to make it easier for friends (and strangers) to co-own real estate together. The co-founders, Stella Han and Carlos Treviño, bonded over their shared background of growing up in real estate families while working at Affirm, the buy now, pay later giant. However, the mission of “pay at your own pace” at Affirm clashed with the duo’s firsthand experience of the taxing time commitment and high costs that come with owning real estate; a contrast that eventually seeded the idea for Fractional.
I get more into the specifics of Fractional’s product and its recent fundraise in my story, but today I want to focus on a bit of my interview with Han, the co-founder, that has stuck with me. During our phone call, we chatted about how the future of alternative investing is built on on-ramping folks into a long-exclusionary asset class; we’re seeing it with private equity, art ownership and, now, real estate. While lowering the check size for entry matters — it’s one of Fractional’s hooks — so does the social aspect. Can you meaningfully educate a cohort of people to understand the value that they’re going to get from putting money into a home versus an index fund? Can you “disrupt” hesitation to get into business with friends? Can you plan for the unplanned twists and turns of life and someone in your investment group wanting liquidation sooner rather than later? These questions are all far more interesting, and thorny, than the logistical argument of making home ownership accessible. Fractional, I hope, will make it collaborative as well.
The way that Fractional has been preparing for the unexpected, so far, looks like some classic curation. Han explained that they’re building investment communities around specific properties, with the goal of putting together like-minded folks. “It doesn’t make sense for someone who’s thinking about flipping a property in a year versus someone who wants to hold for like five years,” she said. By eliminating major core differences upfront, and then getting lawyers involved, the startup is beginning to pacify early concerns. Still, the startup’s heaviest lift — like any business promising to bring access to a new asset — will be governance and transparently establishing expectations.
Fractions aren’t enough of an answer when trying to resolve divisions, and that’s a lesson for both startups and the pumpkin pie lovers among us. In the rest of this newsletter, we’ll tease some gift guides, and, um, estate management. As always, you can follow me on Twitter @nmasc_ or on Instagram @natashathereporter.
Tools to enhance your work-from-home setup, or just your home
TechCrunch is beginning to roll out our annual gift guides! For those who are new, we have a tradition of publishing niche-yet-nerdy wish lists every year to help gift-givers make decisions. It can range from gadgets to upgrade your work-from-home setup, or gifts to make you less lonely.
Here’s what to know: So far, we’ve published gift guides for the work-from-home office, the video call setup and the cohort of homeowners who want to upgrade their home into a smart home. Oh, and we also published a wishlist for plant lovers and for kids who love STEM toys. Can you tell that we’ve all been inside for way too long?
Speaking of hardware:
- Subscribe to Actuator, Brian Heater’s soon-to-be-launched newsletter about robotics by the week.
- For my gift guide, I need you to DM me who your favorite solo-entrepreneur is (I know, mysterious, but how else do we build up suspense‽)
And the startup of the week is…
New Culture! Anyone who listens to the podcast knows that I absolutely love a cheesy startup, both figuratively and literally. This week, New Culture raised $25 million in seed funding to commercialize its cheesy vegan mozzarella. Maybe it’ll get to grocery stores soon enough!
Here’s what to know: The alternative cheese manufacturer claims that it’s far better for the environment than dairy-based cheese, which can require 56 gallons of water just to produce one ounce. New Culture also touted progress when it comes to land use.
Not to be bleak but…
Let’s talk about estate planning (partially because the topic is core to the latest season of “Insecure,” and partially because it feels like one of those parts of life no one, understandably, wants to plan for). In a column for TechCrunch+, Gentreo CEO and founder Renee Fry gave founders some basic estate planning tips, both for high-net-worth individuals and simple startup owners.
Here’s what to know: Fry argues that estate plans should constantly be adjusted throughout a person’s life, especially if they’re in charge of a thriving business. The fluidity of a business’ success is exciting in real time but could bring challenges when it comes to succession planning.
You must decide whom you trust to take over your company if something happens to you. It is not just about having an estate plan that expresses your wishes — it’s almost equally important to communicate it with a written succession plan. — Renee Fry
And, there’s always a succession angle:
Give our newest TechCrunch Podcast, Found, a listen. Co-hosted by Darrell Etherington and Jordan Crook, Found is about how founders do what they do, twists and turns preferred.
Across the week
Seen on TechCrunch
Seen on TechCrunch+
Italy fines Apple and Google for ‘aggressive’ data practices – TechCrunch
Apple and Google have been fined €10 million apiece by Italy’s competition and market authority (AGCM) which has found they did not provide their users with clear enough information on commercial uses of their data — in violation of the country’s consumer code.
The regulator also accuses the pair of deploying “aggressive” practices to push users to accept the commercial processing.
Apple and Google were both contacted for a response to the ACGM’s sanction. Both said they will appeal.
Google is accused of omitting relevant information at the account creation phase and as consumers are using its services — information the regulator says should be providing in order for people to decide whether or not to consent to its use of their data for commercial ends.
The AGCM has also accused Apple of failing to immediately provide users with clear information on how it uses their information commercially when they create an Apple ID or access its digital stores, such as the App Store.
It’s the rather more surprising sanction — given Apple’s carefully cultivated image as a champion of consumer privacy (not to mention the premium its devices and services tend to command vs cheaper, ad-supported alternatives, such as stuff made by Google).
The Italian regulator lumps both companies’ practices together in a press release announcing the sanctions — accusing each one of being especially aggressive in pushing self-serving commercial terms on their respective users, especially at the account creation phase.
For Google, the ACGM notes that it pre-sets user acceptance of commercial processing — and also notes that the adtech giant fails to provide a clear way for users to revoke consent for these data transfers later or otherwise change their choice after the account step has been completed.
It also takes the view that Apple’s approach denies users the ability to properly exercise choice over its commercial use of their data, with the regulator arguing the iPhone maker’s data acquisition practices and architecture essentially “condition” the consumer to accept its commercial terms.
It’s an awkward accusation for a company that splashes major marketing cash on suggesting its devices and software are superior to alternatives (such as tech made by Google) exactly because it claims to put user privacy at the core of what it does.
In a statement, Apple rejected the ACGM’s finding — writing:
“We believe the Authority’s view is wrong and will be appealing the decision. Apple has a long-standing commitment to the privacy of our users and we work incredibly hard to design products and features that protect customer data. We provide industry-leading transparency and control to all users so they can choose what information to share or not, and how it is used.”
A Google spokeswoman also disagreed with the findings, sending this statement:
“We have transparent and fair practices in order to provide our users with helpful tools and clear information about their usage. We give people simple controls to manage their information and limit the use of personal data, and we work hard to be fully compliant with the consumer protection rules. We disagree with the Authority’s decision and we will appeal.”
The Italian regulator has had a busy few days slapping big tech: Earlier this week it issued a $230M fine (total) for Apple and Amazon over alleged collusion around the sale of Apple kit on Amazon’s Italian marketplace.
It has also been stepping up investigations of tech giants over a period of years — earlier this year it fined Facebook over similar issues with its commercial use of people’s data, while this summer it hit Google with a $123M fine related to Android Auto. It also has an open probe into Google’s displaying advertising business.
Apple’s mixed reality headset may be a standalone device – TechCrunch
Apple’s long-rumored mixed reality headset will be powered by two processors, according to renowned analyst Ming-Chi Kuo. In Kuo’s latest research report seen by MacRumors and 9to5Mac, the analyst said that the device will have a main processor with the same computing power as the M1 chip and a secondary processor to handle all sensor-related computing. With both processors in place, the headset won’t need to be tethered to an iPhone or a Mac.
The device will be able to provide not just augmented, but also virtual reality experiences, Kuo said, thanks to a pair of 4K Micro OLED displays from Sony. That’ll only be possible, because the M1 chip has the power needed to be able to support the displays. As for the separate processor for its sensor, it’s apparently necessary because “the computing power of the sensor is significantly higher than that of the iPhone.” Kuo expects the device to arrive in late 2022 and said Apple will make sure it can support a “comprehensive range of applications” with the ultimate goal of replacing the iPhone in a decade’s time.
Editor’s note: This article originally appeared on Engadget.
Paris asks scooter sharing services to restrict speed to 10km/h – TechCrunch
Riding a scooter in Paris will soon feel incredibly… slow. The City of Paris has announced that scooter sharing services should restrict the maximum top speed to 10km/h (that’s 6.2mph). That decision comes following a number of pedestrian injuries that involved a scooter.
Paris has been an important market for scooter sharing companies. It’s a dense city with an important network of bike lanes. There are also a lot of tourists looking for different ways to explore the city.
For those reasons, the situation used to be a bit out of control. At some point, 16 different scooter startups wanted to operate a fleet of scooters in Paris. Paris ended up selecting three companies and implementing a set of rules. Dott, Lime and Tier won permits to operate shared electric scooters for two years.
Since then, things have been going well for those three companies. This year alone, Dott raised $85 million in a mix of equity and asset-backed debt financing, Tier recently raised $200 million in debt and equity, and Lime closed a $523 million raise in convertible debt and term loan financing. Except that scooters became a public safety issues for riders, but also for people just walking down the street. According to the AFP, scooters have been involved in 298 accidents in 2021 alone. 329 people have been injured and two persons died.
In particular, a dramatic event occurred back in June 2021. Two women were riding a scooter near the Seine at night. They hit a pedestrian and left her there. A couple of days later, she passed away at the hospital.
The relationship between the City of Paris and scooter startups never really went back to normal following the accident. On July 1st, Paris listed a dozen areas with a high density of pedestrians, such as the Tuileries and Palais Royal gardens or the Bastille and République squares. Scooter sharing companies agreed to limit the maximum speed to 10km/h in these areas using real-time geolocation.
In September, the City of Paris asked each arrondissement administration to list areas where the top speed of scooters should be limited to 10km/h. The result was a patchwork of 700 slow zones. And scooter startups agreed to implement those zones in their respective service.
But the City of Paris wants to go even further than that. The entire city is now a slow zone for scooter startups, except a couple of streets that have wide lanes for bikes, scooters and other micromobility vehicles. Of couse, if you have your own scooter, those restrictions won’t apply to your personal device. The new restrictions on scooter sharing services will be implemented during the first half of December.
The only good news is that the scooter tender has been extended by six months. Dott, Lime and Tier will keep their scooter permits until February 2023. But today’s new rules could have some significant consequences on usage in Paris.
In other news, the City of Paris is also going to regulate free-floating electric mopeds. There are currently five companies operating in Paris — Cityscoot, Cooltra, Lime, Yego and Troopy. Other companies are also working on a launch in Paris.
Paris wants to regulate mopeds with permits. It’ll work a bit like scooter permits, except that those permits will last five years. Only two or three companies will be able to operate a fleet of mopeds in Paris. The new system will start on September 1st, 2022.
Google agrees with UK’s CMA to deeper oversight of Privacy Sandbox – TechCrunch
As part of an ongoing antitrust investigation into Google’s Privacy Sandbox by the UK’s competition regulator, the adtech giant has agreed to an expanded set of commitments related to oversight of its planned migration away from tracking cookies, the regulator announced today.
Google has also put out its own blog post on the revisions — which it says are intended to “underline our commitment to ensuring that the changes we make in Chrome will apply in the same way to Google’s ad tech products as to any third party, and that the Privacy Sandbox APIs will be designed, developed and implemented with regulatory oversight and input from the CMA [Competition and Markets Authority] and the ICO [Information Commissioner’s Office]”.
Google announced its intention to deprecate support for the third party tracking cookies that are used for targeting ads at individuals in its Chrome browser all the way back in 2019 — and has been working on a stack of what it claims are less intrusive alternative ad-targeting technologies (aka, the “Privacy Sandbox”) since then.
The basic idea is to shift away from ads being targeted at individuals (which is horrible for Internet users’ privacy) to targeting methods that put Internet users in interest-based buckets and serve ads to so-called “cohorts” of users (aka, FloCs) which may be less individually intrusive — however it’s important to note that Google’s proposed alternative still has plenty of critics (the EFF, for example, has suggested it could even amplify problems like discrimination and predatory ad targeting).
And many privacy advocates would argue that pure-play contextual targeting poses the least risk to Internet users’ rights while still offering advertisers the ability to reach relevant audiences and publishers to monetize their content.
Google’s Sandbox plan has attracted the loudest blow-back from advertisers and publishers, who will be directly affected by the changes. Some of whom have raised concerns that the shift away from tracking cookies will simply increase Google’s market power — hence the Competition and Markets Authority (CMA) opening an antitrust investigation into the plan in January.
As part of that probe, the CMA had already secured one set of commitments from Google around how it would go about the switch, including that it would agree to halt any move to deprecate cookies if the regulator was not satisfied the transition could take place in a way that respects both competition and privacy; and agreements on self-preferencing, among others.
A market consultation on the early set of commitments drew responses from more than 40 third parties — including, TechCrunch understands, input from international regulators (some of who are also investigating Google’s Sandbox, such as the European Commission, which opened its own probe of Google’s adtech in June) .
Following that, the first set of proposed commitments has been expanded and beefed up with additional requirements (see below for a summary; and here for fuller detail from the CMA’s “Notice of intent to accept the modified commitments”).
The CMA will now consult on the expanded set — with a deadline of 5pm on December 17, 2021, to take fresh feedback.
It will then make a call on whether the beefed up bundle bakes in enough checks-and-balances to ensure that Google carries out the move away from tracking cookies with the least impact on competition and the least harm to user privacy (although it will be the UK’s ICO that’s ultimately responsible for oversight of the latter piece).
If the CMA is happy with responses to the revised commitments, it would then close the investigation and move to a new phase of active oversight, as set out in the detail of what it’s proposing to agree with Google.
A potential timeline for this to happen is early 2022 — but nothing is confirmed as yet.
Commenting in a statement, CMA CEO Andrea Coscelli said:
“We have always been clear that Google’s efforts to protect user’s privacy cannot come at the cost of reduced competition.
That’s why we have worked with the Information Commissioner’s Office, the CMA’s international counterparts and parties across this sector throughout this process to secure an outcome that works for everyone.
We welcome Google’s co-operation and are grateful to all the interested parties who engaged with us during the consultation.
If accepted, the commitments we have obtained from Google become legally binding, promoting competition in digital markets, helping to protect the ability of online publishers to raise money through advertising and safeguarding users’ privacy.”
More market reassurance
In general, the expanded commitments look intended to offer a greater level of reassurance to the market that Google will not be able to exploit loopholes in regulatory oversight of the Sandbox to undo the intended effect of addressing competition risks and privacy concerns.
Notably, Google has agreed to appoint a CMA approved monitoring trustee — as one of the additional measures it’s suggesting to improve the provisions around reporting and compliance.
It will also dial up reporting requirements, agreeing to ensure that the CMA’s role and the regulator’s ongoing process — which the CMA now suggests should continue for a period of six years — are mentioned in its “key public announcements”; and to regular (quarterly) reporting to the CMA on how it is taking account of third party views as it continues building out the tech bundle.
Transparency around testing is also being beefed up.
On that, there have been instances, in recent months, where Google staffers have not been exactly fulsome in articulating the details of feedback related to the Origin Trial of its FloCs technology to the market, for example. So it’s notable that another highlighted change requires Google to instruct its staff not to make claims to customers which contradict the commitments.
Another concern reflected in the revisions is the worry of market participants of Google removing functionality or information before the full Privacy Sandbox changes are implemented — hence it has offered to delay enforcement of its Privacy Budget proposal and offered commitments around the introduction of measures to reduce access to IP addresses.
We understand that concerns from market participants also covered Google removing other functionality — such as the user agent string — and that strengthened commitments are intended to address those wider worries too.
Self-preferencing requirements have also been dialled up. And the revised commitments include clarifications on the internal limits on the data that Google can use — and monitoring those elements will be a key focus for the trustee.
The period of active oversight by the CMA has also been extended vs the earlier plan — to six years from the date of any decision to accept Google’s modified commitments (up from around five).
This means that if the CMA agrees to the commitments next year they could be in place until 2028. And by then the UK expects to have reformed competition rules wrapping tech giant — as
In its own blog post, Google condenses the revised commitments thus:
- Monitoring and reporting. We have offered to appoint an independent Monitoring Trustee who will have the access and technical expertise needed to ensure compliance.
- Testing and consultation. We have offered the CMA more extensive testing commitments, along with a more transparent process to take market feedback on the Privacy Sandbox proposals.
- Further clarity on our use of data. We are underscoring our commitment not to use Google first-party personal data to track users for targeting and measurement of ads shown on non-Google websites. Our commitments would also restrict the use of Chrome browsing history and Analytics data to do this on Google or non-Google websites.
As with the earlier set of pledges, it has agreed to apply the additional commitments globally — assuming the package gets accepted by the UK regulator.
So the UK regulator continues playing a key role in shaping how key web infrastructure evolves.
Google’s blog most also makes reference to an opinion published yesterday by the UK’s information commission — which urged the adtech industry of the need to move away from current tracking and profiling methods of ad targeting.
“We also support the objectives set out yesterday in the ICO’s Opinion on Data protection and privacy expectations for online advertising proposals, including the importance of supporting and developing privacy-safe advertising tools that protect people’s privacy and prevent covert tracking,” Google noted.
This summer Google announced a delay to its earlier timeline for the deprecation of tracking cookies — saying support wouldn’t start being phased out in Chrome until the second half of 2023.
There is no suggestion from the tech giant as this point of any additional delay to that timeline — assuming it gets the regulatory greenlight to go ahead.
UK privacy watchdog warns adtech the end of tracking is nigh – TechCrunch
It’s been well over two years since the UK’s data protection watchdog warned the behavioural advertising industry it’s wildly out of control.
The ICO hasn’t done anything to stop the systematic unlawfulness of the tracking and targeting industry abusing Internet users’ personal data to try to manipulate their attention — not in terms of actually enforcing the law against offenders and stopping what digital rights campaigners have described as the biggest data breach in history.
Indeed, it’s being sued over inaction against real-time-bidding’s misuse of personal data by complainants who filed a petition on the issue all the way back in September 2018.
But today the UK’s (outgoing) information commissioner, Elizabeth Denham, published an opinion — in which she warns the industry that its old unlawful tricks simply won’t do in the future.
New methods of advertising must be compliant with a set of what she describes as “clear data protection standards” in order to safeguard people’s privacy online, she writes.
Among the data protection and privacy “expectations” Denham suggests she wants to see from the next wave of online ad technologies are:
• engineer data protection requirements by default into the design of the initiative;
• offer users the choice of receiving adverts without tracking, profiling or targeting based on personal data;
• be transparent about how and why personal data is processed across the ecosystem and who is responsible for that processing;
• articulate the specific purposes for processing personal data and demonstrate how this is fair, lawful and transparent;
• address existing privacy risks and mitigate any new privacy risks that their proposal introduces
Denham says the goal of the opinion is to provide “further regulatory clarity” as new ad technologies are developed, further specifying that she welcomes efforts that propose to:
• move away from the current methods of online tracking and profiling practices;
• improve transparency for individuals and organisations;
• reduce existing frictions in the online experience;
• provide individuals with meaningful control and choice over the processing of device information and personal data;
• ensure valid consent is obtained where required;
• ensure there is demonstrable accountability across the supply chain;
The timing of the opinion is interesting — given an impending decision by Belgium’s data protection agency on a flagship ad industry consent gathering tool. (And current UK data protection rules share the same foundation as the rest of the EU, as the country transposed the General Data Protection Regulation into national law prior to Brexit.)
Earlier this month the IAB Europe warned that it expects to be found in breach of the EU’s General Data Protection Regulation, and that its so-called ‘transparency and consent’ framework (TCF) hasn’t managed to achieve either of the things claimed on the tin.
But this is also just the latest ‘reform’ missive from the ICO to rule-breaking adtech.
And Denham is merely restating requirements that are derived from standards that already exist in UK law — and wouldn’t need reiterating had her office actually enforced the law against adtech breache(r)s. But this is the regulatory dance she has preferred.
This latest ICO salvo looks more like an attempt by the outgoing commissioner to claim credit for wider industry shifts as she prepares to leave office — such as Google’s slow-mo shift toward phasing out support for third party cookies (aka, it’s ‘Privacy Sandbox’ proposal, which is actually a response to evolving web standards such as competing browsers baking in privacy protections; rising consumer concern about online tracking and data breaches; and a big rise in attention on digital matters from lawmakers) — than it is about actually moving the needle on unlawful tracking.
If Denham wanted to do that she could have taken actual enforcement action long ago.
Instead the ICO has opted for — at best — a partial commentary on embedded adtech’s systematic compliance problem. And, essentially, to stand by as the breach continues; and wait/hope for future compliance.
Change may be coming regardless of regulatory inaction, however.
And, notably, Google’s ‘Privacy Sandbox’ proposal (which claims ‘privacy safe’ ad targeting of cohorts of users, rather than microtargeting of individual web users) gets a significant call-out in the ICO’s remarks — with Denham’s office writing in a press release that it is: “Currently, one of the most significant proposals in the online advertising space is the Google Privacy Sandbox, which aims to replace the use of third party cookies with alternative technologies that still enable targeted digital advertising.”
“The ICO has been working with the Competition and Markets Authority (CMA) to review how Google’s plans will safeguard people’s personal data while, at the same time, supporting the CMA’s mission of ensuring competition in digital markets,” the ICO goes on, giving a nod to ongoing regulatory oversight, led by the UK’s competition watchdog, which has the power to prevent Google’s Privacy Sandbox ever being implemented — and therefore to stop Google phasing out support for tracking cookies in Chrome — if the CMA decides the tech giant can’t do it in a way that meets competition and privacy criteria.
So this reference is also a nod to a dilution of the ICO’s own regulatory influence in a core adtech-related arena — one that’s of market-reforming scale and import.
The backstory here is that the UK government has been working on a competition reform that will bring in bespoke rules for platform giants considered to have ‘strategic market status’ (and therefore the power to damage digital competition); with a dedicated Digital Markets Unit already established and up and running within the CMA to lead the work (but which is still pending being empowered by incoming UK legislation).
So the question of what happens to ‘old school’ regulatory silos (and narrowly-focused regulatory specialisms) is a key one for our data-driven digital era.
Increased cooperation between regulators like the ICO and the CMA may give way to oversight that’s even more converged or even merged — to ensure powerful digital technologies don’t fall between regulatory cracks — and therefore that the ball isn’t so spectacularly dropped on vital issues like ad tracking in the future.
Intersectional digital oversight FTW?
As for the ICO itself, there is a further sizeable caveat in that Denham is not only on the way out (ergo her “opinion” naturally has a short shelf life) but the UK government is busy consulting on ‘reforms’ to the UK’s data protection rules.
Said reforms could see a major downgrading of domestic privacy and data protections; and even legitimize abusive ad tracking — if ministers, who seem more interested in vacuous soundbites (about removing barriers to “innovation”), end up ditching legal requirements to ask Internet users for consent to do stuff like track and profile them in the first place, per some of the proposals.
So the UK’s next information commissioner, John Edwards, may have a very different set of ‘data rules’ to apply.
And — if that’s the case — Denham will, in her roundabout way, have helped make sliding standards happen.
Europe offers tepid set of political ads transparency rules – TechCrunch
It’s been almost a year since the EU’s executive announced it would propose rules for political ads transparency in response to concern about online microtargeting and big data techniques making mincemeat of democratic integrity and accountability.
Today it’s come out with its proposal. But frankly it doesn’t look like the wait was worth it.
The Commission’s PR claims the proposal will introduce “strict conditions for targeting and amplifying” political advertising using digital tools — including what it describes as a ban on targeting and amplification that use or infer “sensitive personal data, such as ethnic origin, religious beliefs or sexual orientation”.
However the claimed ‘ban’ does not apply if “explicit consent” is obtained from the person whose sensitive data is to be exploited to better target them with propaganda — and online ‘consents’ to ad targeting are already a total trashfire of non-compliance in the region.
So it’s not clear why the Commission believes politically vested interests hell-bent on influencing elections are going to play by a privacy rule-book that almost no online advertisers operating in the region currently do, even the ones that are only trying to get people to buy useless plastic trinkets or ‘detox’ teas.
In a Q&A offering further detail on the proposal, the Commission lists a set of requirements that it says anyone making use of political targeting and amplification will need to comply with, which includes having an internal policy on the use of such techniques; maintaining records of the targeting and use of personal data; and recording the source of said personal data — so at best it seems to be hoping to burden propagandists with the need to create and maintain a plausible paper trail.
Because it is also allowing a further carve-out to allow for political targeting — writing: “Targeting could also be allowed in the context of legitimate activities of foundations, associations or not-for-profit bodies with a political, philosophical, religious or trade union aim, when it targets their own members.”
This is incredibly vague. A “foundation” or an “association” with a political “aim” sounds like something any campaign group or vested interest could set up — i.e. to carry on the “legitimate” activity of (behaviorally?) targeting propaganda at voters.
In short, the scope for loopholes for political microtargeting — including via the dissemination of disinformation — looks massive.
On scope, the Commission says it wants the incoming rules to apply to “ads by, for or on behalf of a political actor” as well as “so called” issue-based ads — aka politically charged issues that can be a potent proxy to sway voters — which it notes are “liable to influence the outcome of an election or referendum, a legislative or regulatory process or voting behaviour”.
But how exactly the regulation will define ads that fall in and out of scope remains to be seen.
Perhaps the most substantial measure of a very thin proposal is around transparency — where the Commission has proposed “transparency labels” for paid political ads.
It says these must be “clearly labelled” and provide “a set of key information” — including the name of the sponsor “prominently displayed and an easily retrievable transparency notice”; along with the amount spent on the political advertisement; the sources of the funds used; and a link between the advertisement and the relevant elections or referenda.
However, again, the Commission appears to be hoping that a few transparency requirements will enforce a sea change on an infamously opaque and fraud-filled industry — one that has been fuelled by rampant misuse and unlawful exploitation of people’s data. Rather than cutting off the head of the hydra by actually curbing targeting — such as by limiting political targeting to broad-brush contextual buckets.
Hence it writes: “All political advertising services, from adtech that intermediate the placement of ads, to consultancies and advertising agencies producing the advertising campaigns, will have to retain the information they have access to through the provision of their service about the ad, the sponsor and the dissemination of the ad. They will have to transfer this information to the publisher of the political ad — this can be the website or app where the ad is seen by an individual, a newspaper, a TV broadcaster, a radio station, etc. The publisher will need to make the information available to the individual who sees the ad.”
“Transparency of political advertising will help people understand when they see a paid political advertisement,” the Commission further suggests, adding: “With the proposed rules, every political advertisement – whether on Twitter, Facebook or any other online platform – will have to be clearly marked as political advertisement as well as include the identity of the sponsor and a transparency notice with the wider context of the political advertisement and its aims, or a clear indication of where it can be easily retrieved.”
It’s a nice theory but for one thing plenty of election interference originates from outside a region where the election itself is taking place.
On that the Commission says it will require organisations that provide political advertising services in the EU but do not have a physical presence there to designate a legal representative in a Member States where the services are offered, suggesting: “This will ensure more transparency and accountability of services providers acting from outside the Union.”
How exactly it will require (and enforce) that stipulation isn’t clear.
Another problem is that all these transparency obligations will only apply to “political advertising services”.
Propaganda that gets uploaded to online platforms like Facebook by a mere “user” — aka an entity that does not self-identify as a political advertising service — will apparently escape the need for any transparency accountability at all.
Even if they’re — y’know — working out of a Russian trollfarm that’s actively trying to destabilize the European Union… Just so long as they claim to be ‘Hans, 32, Berliner, loves cats, hates the CSU’.
Now if platforms like Facebook were perfectly great at identifying, reporting and purging inauthentic activity, fake accounts and shadey influence ops in their own backyards it might not be such a problem to leave the door open for “a user” to post unaccountable political propaganda. But a whole clutch of whistleblowers have pointed out, in excruciating detail, that Facebook at least is very much not that.
So that looks like another massive loophole — one which underlines why the only genuine way to fix the problem of online disinformation and election interference is to put an end to behavioral targeting period, rather than just fiddling around the edges. Not least because by fiddly with some tepid measures that will offer only a flawed, partial transparency you risk lulling people into a false sense of security — as well as further normalizing exploitative manipulation (just so long as you have a ‘policy’ in place).
Once online ads and content can be targeted at individuals based on tracking their digital activity and harvesting their personal data for profiling, it’s open season for opaque InfluenceOps and malicious interests to workaround whatever political ads transparency rules you try to layer on top of the cheap, highly scalable tools offered by advertising giants like Facebook to keep spreading their propaganda — at the expense of your free and fair elections.
Really what this regulation proposes is to create a large admin burden for advertisers who intend to run genuinely public/above board political campaigns — leaving the underbelly of paid mud slingers, hate spreaders and disinformation peddlers to exploit its plentiful loopholes to run mass manipulation campaigns right through it.
So it will be interesting to see whether the European Parliament takes steps to school the Commission by adding some choice amendments to its draft — as MEPs have been taking a stronger line against microtargeting in recent months.
On penalties, for now, under the Commission proposal, ‘official’ advertising services could be fined for breaking things like the transparency and record-keeping requirements but how much will be determined locally, by Member States — at a level the Commission says should be “effective, proportionate and dissuasive”.
What might that mean? Well under the proposal, national Data Protection Authorities (DPAs) will be responsible for monitoring the use of personal data in political targeting and for imposing fines — so, ultimately, for determining the level of fines that domestic rule-breaking political operators might face.
Which does not exactly inspire a whole lot of confidence. DPAs are, after all, resourced by the same set of political entities — or whichever flavor happens to be in government.
The UK’s ICO carried out an extensive audit of political parties data processing activities following the 2018 Cambridge Analytica Facebook data misuse scandal — and in 2020 it reported finding a laundry list of failures across the political spectrum.
So what did the EU’s (at the time) best resourced DPA do about all these flagrant breaches by UK political parties?
The ICO’s enforcement action at that point consisted of — checks notes — issuing a series of recommendations.
There was also a warning that it might take further action in the future. And this summer the ICO did issue one fine: Slapping the Conservative Party with a £10,000 penalty for spamming voters. Which doesn’t really sound very dissuasive tbh.
Earlier this month another of these UK political data offenders, the Labour Party, was forced to fess up to what it dubbed a “data incident” — involving an unnamed third party data processor. It remains to be seen what sanction it may face for failing to protect supporters’ information in that (post-ICO-audit) instance.
Adtech generally has also faced very little enforcement from EU DPAs — despite scores of complaints against its privacy-eviscerating targeting methods — and despite the ICO saying back in 2019 that its methods are rampantly unlawful under existing data protection law.
Vested interests in Europe have been incredibly successful at stymieing regulatory enforcement against invasive ad targeting.
And, apparently, also derailing progress by defanging incoming EU rules — so they won’t do anything much to stop the big-data ‘sausage-factory’ of (in this case) political microtargeting from keeping on slicing ‘n’ dicing up the eyeballs of the citizenry.
Michigan football coach Jim Harbaugh takes apparent jab at Ohio State coach Ryan Day after upset
Fractions aren’t enough of an answer to divisions – TechCrunch
College Student Dead After Frat’s Diabolical ‘Underground Fight Club’
What we know, and don’t know, about the car that plowed through a crowd at the Waukesha Christmas Parade
Will Smith says he borrowed $10,000 from a drug dealer after he went broke from not paying taxes
One chart shows the dramatic drop-off in ship tracking data from China. This could be a sign of a worsening global supply chain crisis.
- News6 days ago
What we know, and don’t know, about the car that plowed through a crowd at the Waukesha Christmas Parade
- News2 days ago
One chart shows the dramatic drop-off in ship tracking data from China. This could be a sign of a worsening global supply chain crisis.
- News5 days ago
This Is When You Should Turn Your Christmas Lights Off Each Night—Plus, Other Seasonal Fire Safety Tips
- News2 days ago
NFL Analyst Ryan Clark Exposes Online Troll Calling Him N-Word In DMs, But He Keeps The Response Classy
- News5 days ago
'That's a definite- no': WNY school leaders nix idea of returning to virtual learning amid high case count
- Technology5 days ago
Seaya Ventures, Cathay Innovation launch $125M fund for LatAm startups – TechCrunch
- Technology4 days ago
Auth0’s Eugenio Pace and Ubiquity’s Sunil Nagaraj will outline how the startup went from seed to a $6.5B acquisition – TechCrunch
- News4 days ago
On This Day: 24 November 2006