Fintech startup TreasurySpring raises $10M for platform giving online access to Fixed-term-funds

Fixed-term-funds (FTFs) have historically been a bank-to-bank market. FTF products allow for investing into some of the safest assets including, UK Government bonds, US Government bonds and highly-rated corporations. They allow holders of large amounts of cash (such as charities, private funds, family offices etc) to reduce and diversify their risk, but also increasing returns.

TreasurySpring is a fintech startup that is aiming to opening up access to this area of financial markets, by creating a Fixed-Term Fund platform. It’s now raised a $10 million Series A investment round co-led by MMC Ventures and Anthemis Group. Existing investors, including ETFS Capital, participated, taking the total its raised to $15 million.

TreasurySpring says its FTF platform gives holders of large cash balances online access to a menu of proprietary cash investments on a daily basis. This gives them access to an asset class that is usually only available to major financial institutions.

Founded in 2016 by Kevin Cook (CEO), Matthew Longhurst and James Skillen, Cook said in a statement: “Following a break-out 12 months in which we increased AUM by 10x, we wanted to bring in the best possible investment partners to support our ambitious growth plans. We have long admired both Anthemis Group and MMC, so I am delighted that they co-led the round and we are excited to work with Sean, Ollie and their respective teams, as we move into the next phase of our journey to redefine cash investment and front-office treasury.”

Given the current low and negative interest rates and an uncertain global financial outlook, TreasurySpring says its platform is likely to appeal as an alternative to traditional bank deposits and money market funds. It says it’s now issued more than $9B of FTFs to a client base which includes FTSE 100 and other listed companies, fund managers, large private companies, charities, and family offices.

Yann Ranchere, partner at Anthemis Group said: “With its ambitious and mission-driven team, TreaurySpring is opening the traditional money market industry to a whole new pool of participants.”

Oliver Richards, partner at MMC Ventures added: “Having worked with the team at TreasurySpring for the last two years, we have absolute confidence in their ability to deliver on their unique vision to level the playing field in cash investing and short-term funding, through a platform that not only brings value to its clients and issuers but also enhances the diversification and systemic stability of the money markets as a whole.”

Does TreasurySpring have any direct competitors? The compay sdays not. That said, bank deposits and money market funds are still the only tools available to most holders of large cash balances, so the banks and asset managers that offer these products are competitors, “to an extent” admits the firm. Howeverr, they are also “collaborators in many instances.”

Cook said: “Adoption of the platform is being driven by a realisation that the risks and returns of the traditional [deposit and MMF] options are becoming ever less attractive, whilst building out the infrastructure to do anything else is complex, cumbersome, time consuming and expensive.”

#bank, #bond, #ceo, #economy, #europe, #finance, #fintech-startup, #investment, #mmc-ventures, #money, #ollie, #partner, #tc, #uk-government, #us-government

0

Volta Energy Technologies raises over $90M of a targeted $150M fund to back energy storage startups

Volta Energy Technologies, the energy investment and advisory services firm backed by some of the biggest names in energy and energy storage materials, has closed on nearly $90 million of a targeted $150 million investment fund, according to people familiar with the group’s plans.

The venture investment vehicle compliments an $180 million existing commitment from Volta’s four corporate backers — Equinor, Albermarle, Epsilon, and Hanon Systems — and comes at a time when interest in energy storage technologies couldn’t be stronger. 

As the transition away from internal combustion engines and hydrocarbon fuels begins in earnest companies are scrambling to drive down costs and improve performance of battery technologies that will be necessary to power millions of electric cars and store massive amounts of renewable energy that still needs to be developed.

“Capital markets have noticed the enormity of the opportunity in transitioning away from carbon,” said Jeff Chamberlain, Volta’s founder and chief executive.

Born of an idea that that began in 2012 when Chamberlain began talking with the head of the Department of Energy under the Obama Administration back in 2014. What began when Chamberlain was at Argonne National Lab leading the development of JCESR, the lead lab in the US government’s battery research consortium, evolved into Volta Energy as Chamberlain pitched a private sector investment partner that could leverage the best research from National Laboratories and the work being done by private industry to find the best technology.

Support for the Volta project remained strong through both public and private institutions, according to Chamberlain. Even under the Trump Administration, Volta’s initiative was able to thrive and wrangle some of the biggest names in the chemicals, utility, oil and gas and industrial thermal management to invest in a $180 million fund that could be evergreen, Chamberlain said.

According to people with knowledge of the organizations plans, the new investment fund which is targeting $150 million but has hard cap of $225 million would compliment the existing investment vehicle to give the firm more firepower as additional capital floods into the battery industry.

Chamberlain declined to comment specifically on the fund, given restrictions, but did say that his firm had a mandate to invest in technology that is battery and storage related and that “enables the ubiquitous adoption of electric vehicles and the ubiquitous adoption of solar and wind.”

Back during the first cleantech boom the brains behind Volta witnessed a lot of good money getting poured into bad ideas and vaporware that would never amount to commercial success, said Chamberlain. Volta was formed to educate investors on the real opportunities that scientists were tracking in energy storage and back those companies with dollars.

“We knew that investors were throwing money into a dumpster fire. We knew it could have a negative impact on this transition to carbon,” Chamberlain said. “Our whole objective was to help guide individuals deploying massive amounts of their personal wealth and move it from putting money into an ongoing dumpster fire.”

That mission has become even more important as more money floods into the battery market, Chamberlain said.

The SPAC craze set off by Nikola’s public offering in electric vehicles and continuing through QuantumScape’s battery SPAC through a slew of other electric vehicle offerings and into EV charging and battery companies has made the stakes higher for everyone, he said.

Chamberlain thinks of Volta’s mission as finding the best emerging technologies that are coming to market across the battery and power management supply chain and ensure that as manufacturing capacity comes online, the technology is ready to meet growing demand.

“Investors who do not truly understand the energy storage ecosystem and its underlying technology challenges are at a distinct disadvantage,” said Goldman Sachs veteran and early Volta investor Randy Rochman, in a statement. “It has become abundantly clear to me that nothing happens in the world of energy storage without Volta’s knowledge. I can think of no better team to identify energy storage investment opportunities and avoid pitfalls.”  

The new fund from Volta has already backed a number of new energy storage and enabling technologies including: Natron, which develops high-power, fire-safe Sodium-ion batteries using Prussian blue chemistry for applications that demand a quick discharge of power; Smart Wires, which develops hardware that acts as a router for electricity to travel across underutilized power lines to optimize the integration of renewable power and energy storage on the grid; and Ionic Materials, which makes solid lithium batteries for both transportation and grid applications. Ionic Materials’ platform technology also enables breakthrough advancements in other growing markets, such as 5G mobile, and rechargeable alkaline batteries. 

 

#chemicals, #department-of-energy, #electric-car, #electric-vehicle, #energy, #energy-storage, #head, #lithium-ion-battery, #nikola, #oil-and-gas, #renewable-energy, #tc, #transport, #trump-administration, #united-states, #us-government

0

The somewhat boring reason it appears that Robinhood yanked trading on some securities

After enduring a day’s worth of taking a beating across social media, government, and the various app stores of the mobile world, Robinhood took to its own blog and CEO’s Twitter account to explain why it had halted trading of some stocks earlier today.

That Robinhood had restricted trading in a number of securities was bombshell news after the consumer trading platform had become synonymous with not only a rise in retail investing, but also a risky wager by some individual investors to push shares of heavily-shorted companies, including GameStop, AMC and others higher. Speculation that Robinhood was limiting the trading ability of those users at the behest of, pick your poison, Citadel, the US government, hedge funds, Janet Yellen, or others, ran rampant.

But none of it was true – at least according to Robinhood’s telling. In its post, Robinhood wrote that (emphasis TechCrunch):

[a]mid this week’s extraordinary circumstances in the market, we made a tough decision today to temporarily limit buying for certain securities. As a brokerage firm, we have many financial requirements, including SEC net capital obligations and clearinghouse deposits. Some of these requirements fluctuate based on volatility in the markets and can be substantial in the current environment. These requirements exist to protect investors and the markets and we take our responsibilities to comply with them seriously, including through the measures we have taken today.

That reads like Robinhood ran low on capital and had to make some hard decisions, quickly. The securities its users wanted to trade likely generated the highest capital obligations given how volatile they proved and how long it takes for trades to settle, so Robinhood had to shut off some trades to stay on the right side of its capital needs. (Not great, not terrible?)

Reporting from Bloomberg indicates that Robinhood “tapped at least several hundred million dollars” from credit lines today makes sense in this context. As does the unicorn’s decision to allow for some trading of the afore-limited securities in the near future (“starting tomorrow, we plan to allow limited buys of these securities,” the company wrote); now reloaded with more capital, Robinhood can afford to let its users get back, somewhat, to business.

Of course Robinhood could have been more clear about all of this earlier in the day. Instead, unfairly or not, it became the face of theoretical corruption and other nefarious forces. (Here’s a tip, if your theory sounds like it could fit inside the Qanon orbit, try again?)

Nothing is settled. Congress has its hackles up. Other trading platforms had to suspend trading in GameStop and other stocks for a spell as well. Social media is pissed. Some Robinhood users were forced to liquidate positions. And somehow GameStop closed the day worth more than $196 per share. And after-hours it is up $72.40, or 37.40% to $266 per share.

Who knows what comes next. But grains of salt, please, as we continue this bizarre adventure.

#amc, #apps, #ceo, #congress, #finance, #gamestop, #hedge-fund, #investment, #money, #robinhood, #social-media, #startups, #tc, #u-s-securities-and-exchange-commission, #united-states, #us-government

0

2020 was one of the warmest years in history and indicates mounting risks of climate change

It’s official. 2020 was one of the warmest years on record either edging out or coming in just behind 2016 for the warmest year in recorded history according to data from US government agencies.

The National Aeronautics and Space Administration had the year just tied with 2016, while the National Oceanic and Atmospheric Administration put the figure just behind 2016’s totals.

No matter the ranking, the big picture for the climate isn’t pretty according to scientists from NASA’s Goddard Institute for Space Studies (GISS) in New York and the Washington, DC-based NOAA.

“The last seven years have been the warmest seven years on record, typifying the ongoing and dramatic warming trend,” said GISS Director Gavin Schmidt, in a statement. “Whether one year is a record or not is not really that important – the important things are long-term trends. With these trends, and as the human impact on the climate increases, we have to expect that records will continue to be broken.”

That’s a dire message for the nation considering the cost of last year’s record-breaking 22 weather and climate disasters. At least 262 people died and scores more were injured by climate-related disasters, according to the NOAA.

And the combination of wildfires, droughts, heatwaves, tornados, tropical cyclones, and severe weather events like hail storms in Texas and the derecho that wrecked the Midwest cost the nation $95 billion.

Homes are engulfed in flames in Vacaville, California during the LNU Lightning Complex fire on August 19, 2020.

Homes are engulfed in flames in Vacaville, California during the LNU Lightning Complex fire on August 19, 2020. – As of the late hours of August 18,2020 the Hennessey fire has merged with at least 7 fires and is now called the LNU Lightning Complex fires. Dozens of fires are burning out of control throughout Northern California as fire resources are spread thin. (Photo by JOSH EDELSON/AFP via Getty Images)

Both organizations track temperature trends to get some sort of picture of the impact that human activities — specifically greenhouse gas emissions — have on the planet. The image that comes into focus is that human activity has already contributed to increasing Earth’s average temperature by more than 2 degrees Fahrenheit since the industrial age took hold in the late 19th century.

Most troubling to scientists is that this year’s near record-setting temperatures happened without a boost from the climatic weather phenomenon known as El Niño, which is a large-scale ocean-atmosphere climate interaction linked to a periodic warming.

“The previous record warm year, 2016, received a significant boost from a strong El Niño. The lack of a similar assist from El Niño this year is evidence that the background climate continues to warm due to greenhouse gases,” Schmidt said, in a statement.

The warming trends the word is experiencing are most pronounced in the Arctic, according to NASA. There, temperatures have warmed three times as a fast as the rest of the globe over the past 30 years, Schmidt said. The loss of Arctic sea ice — whose annual minimum area is declining by about 13 percent per decade — makes the region less reflective, which means more sunlight is being absorbed by oceans, causing temperatures to climb even more.

These accelerating effects of climate change could be perilous for the world at large, Katharine Hayhoe, a professor at Texas Tech University wrote in an email to The Washington Post.

“What keeps us climate scientists up in the dead of night is wondering what we don’t know about the self-reinforcing or vicious cycles in the Earth’s climate system,” Hayhoe wrote. “The further and faster we push it beyond anything experienced in the history of human civilization on this planet, the greater the risk of serious and even dangerous consequences. And this year, we’ve seen that in spades… It’s no longer a question of when the impacts of climate change will manifest themselves: They are already here and now. The only question remaining is how much worse it will get.”

#articles, #climate, #climate-change, #director, #greenhouse-gas-emissions, #katharine-hayhoe, #national-oceanic-and-atmospheric-administration, #new-york, #tc, #texas, #the-washington-post, #united-states, #us-government, #washington-dc

0

Entrepreneurs say regulatory constraints are hampering commercial applications of space tech

When Payam Banazadeh and his team started Capella Space in 2016, they had visions of providing private industry with a wealth of new data that they could use in all sorts of ways to create business opportunities and improve efficiencies.

Four years later, Banazadeh is still waiting for that commercial opportunity.

Capella is still successful. The company has managed to raise $82 million in venture capital financing and has a robust pipeline of government contracts, but Banazadeh has not seen the kinds of uptake in private industry.

He’s not the only one.

Speaking at TC Sessions: Space 2020, Banazadeh was among a number of executives including Peter Platzer, the chief executive officer of Spire Global; Helsinki-based ICEYE’s co-founder and chief executive Rafal Modrzewski; and Melanie Stricklan, the founder and chief strategy officer of Slingshot Aerospace; who spoke about the central role government plays in the current space business and how they’re hoping that will change.

“I think regulation in the US… has made huge improvements this past year. But the challenge is always how do you balance national security concerns with making sure that the US industrial space can keep up with the competition internationally,” Banazadeh said. “I think we need to… in the US… we need to take a leadership position to not just restrict the US companies on following what international companies are doing, but rather allow US companies to go above and beyond and be able to capture more of the commercial market by being able to provide some of the more advanced features [that they have] on the government side.”

Modrzewski agreed.

“When we were starting ICEYE, we were kind of all under the impression that the idea behind new space and things that we are doing, is really to enable the use of observation for the betterment of the world… For improving efficiencies of businesses, monitoring climate change, doing all these things that that that we haven’t been able to do to do before,” he said. “And when I look at basically democratizing data and handing best capabilities available to commercial industries, as well as to the government, ultimately, right, because they are users of the same, the same supply chain. I see that you know, the largest factor that’s currently stopping the evolution is actually national approach to particular sets of activities. I think the the more globally we approach to the market, the broader the competition, the less limitation we impact… It seems to work significantly better for everyone as a global community, if we allow those companies to freely collaborate, and the data exchange to be free. So if there was one wish that I had for 2021, it is to have less borders, and more open markets in terms of exchange of data.”

Governments are, already, massive customers for most of these businesses. In total government spending represents around half of the total $423 billion spent on the space industry already, according to data from Statista.

But if the industry is to achieve the $1 trillion potential revenue that Morgan Stanley projects for businesses in the next 20 years, then more will have to be done to unlock private industry.

“When we started the company, we saw the immediate opportunity in commercial. And as we dug a little deeper and made some progress, we realized that the commercial market is still not as mature as we had hoped it to be. And in the meantime, we quickly found out that the government market, both US government, as well as international governments are expanding and growing much faster than, than before, specifically for this type of data, because of the new challenges and challenges and threats that are that are around the corner,” Banazadeh said. “And so we’ve pivoted and focused on going after governments in catering to their needs… We do want to get back into commercial, we have that aspiration. And that’s our long term goal. We just think that we’re probably a few years out to get there.”

While the commercial market may not have materialized to the degree that these entrepreneurs would have hoped, there are still opportunities for plenty of business from government contracts thanks, in part, to the increasing complexity of operating in space.

That means big business for company’s like Slingshot, which provides what Stricklan calls “situational awareness.”

“Whether that’s in orbit or terrestrially, we provide answers to our customers around their risk and and how to mitigate that risk, or at least how to understand the risk as it pertains to spatial-temporal information,” Stricklan said. “And so right now … their most important asset is their data [and] in order to get that data, they have to have their satellites in orbit, and they have to have safety of flight and all those different things.”

The exploding number of satellites in orbit and the presence of nearly 500,000 pieces of space debris means that operationally these very expensive assets are at greater risk than they were. Slingshot tries to solve that problem by giving its customers orbital awareness of potential risks, and providing ways to process data to understand the terrestrial risks that companies face.

Everyone from insurance companies to logistics providers to financial investors use satellite data and imagery in their decision making process and an increasing driver for all of these businesses is a chance to model out impacts from climate change, according to Platzer.

“I think I think the demand for a global understanding off the planet, to use its resources in an effective and responsible way, is unabated. You know, perspire in particular, you know, the impact of climate change through weather on every single business in every single country, for every single person is certainly not going away. And so that demand is is absolutely increasing,” Platzer said. “So I honestly actually see mostly, almost exclusively opportunities, and not necessarily obstacles, funding in the industry is growing at 46%. year over year. Company creation is growing at 32% year over year. So I think I think it’s really a very, very dynamic period, which is more dominated by opportunities than obstacles I would say.”

Increasingly, startups will be able to meet these opportunities, especially if they can receive a boost from government entities that can highlight the areas that are emerging business opportunities and leave it to private industry to pursue them, Modrzewski said.

Still, the panelists agreed that there’s no better time to start a company focused on the space industry than now.

“If I could encourage those that have any sort of inspiration to start a company around space to do it, just do it. Execute on that, that vision, but understand all of the, the things that we talked about today are different than the risk of say, starting a marketing company or those different things. So be up to the challenge to understand the government as part of this and understand rules and regulations, and outside the government that impact how we fly satellites, how we take care of satellites, how we provide data and understand that there’s a lot of legacy that comes with this industry,” Stricklan said. “I think the global space ecosystem is one that remains heavily siloed. It’s not like the digital transformations that have happened in Silicon Valley. Over the last 10 or 15 years. This industry still needs that digital transformation and so the the world is your oyster, but be prepared and be up for the challenge.”

#capella-space, #chief-executive-officer, #driver, #helsinki, #iceye, #industries, #insurance, #rafal-modrzewski, #slingshot, #spire-global, #tc, #tc-sessions-space-2020, #united-states, #uptake, #us-government, #venture-capital-financing

0

Finger-pointing abounds as states get fewer vaccines than planned

Fake highway sign showing the USS Enterprise hitting a speed bump

Enlarge / Operation Warp Speed hits a speed bump. (credit: Aurich Lawson / Getty Images)

As we’re waiting for word on the authorization of a second vaccine for use in the US, glitches have been striking the distribution of the first through the federal government’s “Operation Warp Speed.” This week, the US saw the first use of the vaccine developed by a Pfizer/BioNTech collaboration. But immediately afterward, many states started saying that orders for shipments in the ensuing weeks were being cut. After some in the federal government had indicated that the problem might be in production, Pfizer issued a statement indicating that it had doses in its warehouse ready to ship out but no indication of where to ship them to.

All in all, it’s about what you’d expect in the first weeks of a massive undertaking like this.

State of denial

One of the first states to report problems was Illinois, where its governor, J.B. Pritzker, said that it had indications it would only be receiving half the expected doses of the Pfizer/BioNTech vaccine next week. Since then, over a dozen states have indicated that they’ll be receiving fewer doses than planned in the second week (this article seems to have a fairly comprehensive list).

Read 10 remaining paragraphs | Comments

#moderna, #operation-warp-speed, #pfizer, #policy, #science, #us-government, #vaccine

0

~18,000 organizations downloaded backdoor planted by Cozy Bear hackers

3D illustration Rendering of binary code pattern Abstract background.Futuristic Particles for business,Science and technology background,Blue Background

Enlarge (credit: Getty Images)

About 18,000 organizations around the world downloaded network management tools that contained a backdoor that spies believed to be backed by the Russian government could use to install additional malware that stole sensitive data, the tools provider, SolarWinds, said on Monday.

The disclosure from Austin, Texas-based software maker SolarWinds, came a day after the US government revealed a major security breach hitting federal agencies and private companies. The US Departments of Treasury, Commerce, and Homeland Security departments were among the federal agencies on the receiving end of attacks that gave access to email and other sensitive resources.

Security firm FireEye, which last week disclosed a serious breach of its own network, said that hackers backed by the Russian government compromised a SolarWinds software update mechanism and then used it to infect selected customers who installed a backdoored version of the company’s Orion network management tool.

Read 11 remaining paragraphs | Comments

#apt29, #biz-it, #cozy-bear, #hackers, #nation-state, #policy, #tech, #us-government

0

Energy offset and renewable power developer Arcadia pitches clean power as an employee benefit

Arcadia, the company that gives homeowners and renters a way to offset their carbon footprints through renewable energy credits and clean power developments, is now pitching its services to businesses as an employee benefit.

Companies can offset their employees carbon footprints or subsidize their power bills using Arcadia’s services, the company said. It’s a response to the millions of Americans who are now working from home rather than going in to an office and an acknowledgement that office perks look different when the office is a living room couch, dining room table, or bed.

Since commuter benefits and office amenities like free coffee, snacks, sodas or whatever have become as nonexistent as a competent US government response to a global pandemic, companies are trying to come up with new ways to make employees happy (even though folks are lucky to be employed right now).

Energy usage that spikes in offices in the summer have now been distributed to homes around the country, according to data cited by Arcadia, which means that workers will be eating the cost of increased cooling bills that would have been borne by their corporate offices.

For workplaces that opt in to the new potential benefit for employees, Arcadia can either buy renewable energy credits to offset an employee’s emissions or it can take pay for that employee’s energy usage by acquiring blocks of renewable power from energy markets around the country.

The company has already signed up a few marquee customers, including McDonald’s, which is using the service to offset employee’s emissions (but not paying for their power).  

“We’re thrilled to partner with Arcadia on this new initiative,” said Emma Cox, Manager of North America Sustainability at McDonald’s, in a statement. “Getting the program up and running is incredibly easy and enables us to empower our employees that are no longer in the office, and is consistent with McDonald’s goals in reducing carbon emissions.”

 

#articles, #carbon-footprint, #energy, #greenhouse-gas-emissions, #mcdonalds, #nature, #partner, #renewable-energy, #tc, #us-government

0

US government built secret iPod with Apple’s help, former engineer says

US government built secret iPod with Apple’s help, former engineer says

An Apple engineer who helped launch the iPod said he helped the US government build a secret version of the device that could covertly collect data.

David Shayer, the second software engineer hired for the iPod project in 2001, said he first learned of the project in 2005, when he received an office visit from his boss’s boss.

“He cut to the chase,” Shayer recounts in a post published on Monday. “‘I have a special assignment for you. Your boss doesn’t know about it. You’ll help two engineers from the US Department of Energy build a special iPod. Report only to me.’”

Read 13 remaining paragraphs | Comments

#apple, #biz-it, #ipod, #policy, #tech, #us-government

0

TikTok found to have tracked Android users’ MAC addresses until late last year

Until late last year social video app TikTok was using an extra layer of encryption to conceal a tactic for tracking Android users via the MAC address of their device which skirted Google’s policies and did not allow users to opt out, The Wall Street Journal reports. Users were also not informed of this form of tracking, per its report.

Its analysis found that this concealed tracking ended in November as US scrutiny of the company dialled up, after at least 15 months during which TikTok had been gathering the fixed identifier without users’ knowledge.

A MAC address is a unique and fixed identifier assigned to an Internet connected device — which means it can be repurposed for tracking the individual user for profiling and ad targeting purposes, including by being able to re-link a user who has cleared their advertising ID back to the same device and therefore to all the prior profiling they wanted to jettison.

TikTok appears to have exploited a known bug on Android to gather users’ MAC addresses which Google has still failed to plug, per the WSJ.

A spokeswoman for TikTok did not deny the substance of its report, nor engage with specific questions we sent — including regarding the purpose of this opt-out-less tracking. Instead she sent the below statement, attributed to a spokesperson, in which company reiterates what has become a go-to claim that it has never given US user data to the Chinese government:

Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any US user data to the Chinese government nor would we do so if asked.

“We always encourage our users to download the most current version of TikTok,” the statement added.

With all eyes on TikTok, as the latest target of the Trump administration’s war on Chinese tech firms, scrutiny of the social video app’s handling of user data has inevitably dialled up.

And while no popular social app platform has its hands clean when it comes to user tracking and profiling for ad targeting, TikTok being owned by China’s ByteDance means its flavor of surveillance capitalism has earned it unwelcome attention from the US president — who has threatened to ban the app unless it sells its US business to a US company within a matter of weeks.

Trump’s fixation on China tech, generally, is centered on the claim that the tech firms pose threats to national security in the West via access to Western networks and/or user data.

The US government is able to point to China’s Internet security law which requires firms to provide the Chinese Communist Party with access to user data — hence TikTok’s emphatic denial of passing data. But the existence of the law makes such claims difficult to stick.

TikTok’s problems with user data don’t stop there, either. Yesterday it emerged that France’s data protection watchdog has been investigating TikTok since May, following a user complaint.

The CNIL’s concerns about how the app handled a user request to delete a video have since broadened to encompass issues related to how transparently it communicates with users, as well as to transfers of user data outside the EU — which, in recent weeks, have become even more legally complex in the region.

Compliance with EU rules on data access rights for users and the processing of minors’ information are other areas of stated concern for the regulator.

Under EU law any fixed identifier (e.g. a MAC address) is treated as personal data — meaning it falls under the bloc’s GDPR data protection framework, which places strict conditions on how such data can be processed, including requiring companies to have a legal basis to collect it in the first place.

If TikTok was concealing its tracking of MAC addresses from users it’s difficult to imagine what legal basis it could claim — consent would certainly not be possible. The penalties for violating GDPR can be substantial (France’s CNIL slapped Google with a $57M fine last year under the same framework, for example).

The WSJ’s report notes that the FTC has said MAC addresses are considered personally identifiable information under the Children’s Online Privacy Protection Act — implying the app could also face a regulatory probe on that front, to add to its pile of US problems.

Presented with the WSJ’s findings, Senator Josh Hawley (R., Mo.) told the newspaper that Google should remove TikTok’s app from its store. “If Google is telling users they won’t be tracked without their consent and knowingly allows apps like TikTok to break its rules by collecting persistent identifiers, potentially in violation of our children’s privacy laws, they’ve got some explaining to do,” he said.

We’ve reached out to Google for comment.

#android, #apps, #bytedance, #china, #chinese-communist-party, #encryption, #european-union, #federal-trade-commission, #france, #general-data-protection-regulation, #google, #josh-hawley, #mac-address, #privacy, #security, #social, #targeted-advertising, #tc, #tiktok, #trump-administration, #united-states, #us-government

0

Google, Nokia, Qualcomm are investors in $230M Series A2 for Finnish phone maker, HMD Global

Mobile device maker HMD Global has announced a $230M Series A2 — its first tranche of external funding since a $100M round back in 2018 when it tipped over into a unicorn valuation. Since late 2016 the startup has exclusively licensed Nokia’s brand for mobile devices, going on to ship some 240M devices to date.

Its latest cash injection is notable both for its size (HMD claims it as the third largest funding round in Europe this year); and the profile of the strategic investors ploughing in capital — namely: Google, Nokia and Qualcomm.

Though whether a tech giant (Google) whose OS dominates the world’s smartphone market (Android) becoming a strategic investor in Europe’s last significant mobile OEM (HMD) catches the attention of regional competition enforcers remains to be seen. Er, vertical integration anyone? (To wit: It’s a little over two years since Google was slapped with a $5BN penalty by EU regulators for antitrust violations related to how it operates Android — and the Commission has said it continues to monitor the market ‘remedies’.)

In a further quirk, when we spoke to HMD Global CEO, Florian Seiche, ahead of today’s announcement, he didn’t expect the names of the investors to be disclosed — but we’d already been sent press release material listing them so he duly confirmed the trio are investors in the round. (But wouldn’t be drawn on how much equity Google is grabbing.)

HMD’s smartphones run on Google’s Android platform, which gives the tech giant a firm business reason for supporting the mobile maker in growing the availability of Google-packed hardware in key growth markets around the world.

And while HMD likens its consistent (and consistently updated) flavor of Android to the premium ‘pure’ Android experience you get from Google’s own-brand Pixel smartphones, the difference is the Finnish company offers devices across the range of price points, and targets hardware at mobile users in developing markets.

The upshot is relatively little overlap with Google’s Pixel hardware, and still plenty of business upside for Google should HMD grow the pipeline of Google services users (as it makes money by targeting ads).

Connoisseurs of mobile history may see more than a little irony in Google investing into Nokia branded smartphones (via HMD), given Android’s role in fatally disrupting Nokia’s lucrative smartphone business — knocking the Finnish giant off its perch as the world’s number one mobile maker and ushering in an era of Android-fuelled Asian mobile giants. But wait long enough in tech and what goes around oftentimes comes back around.

“We’re extremely excited,” said Seiche, when we mention Google’s pivotal role in Nokia’s historical downfall in smartphones. “How we are going to write that next chapter on smartphones is a critical strategic pillar for the company and our opportunity to team up so closely with Google around this has been a very, very great partnership from the beginning. And then this investment definitely confirms that — also for the future.”

“It’s a critical time for the industry therefore having a clear strategy — having a clear differentiation and a different point of view to offer, we believe, is a fantastic asset that we have developed for ourselves. And now is a great moment for us to double down on this,” he added.

We also asked Seiche whether HMD has any interest in taking advantage of the European Commission’s Android antitrust enforcement decision — i.e. to fork Android and remove the usual Google services, perhaps swapping them out for some European alternatives, which is at least a possibility for OEMs selling in the region — but Seiche told us: “We have looked at it but we strongly believe that consumers or enterprise customers actually love [Google] services and therefore they choose those services for themselves.” (Millions of dollars of direct investment from Google also, presumably, helps make the Google services business case stack up.)

Nokia, meanwhile, has always had a close relationship with HMD — which was established by former Nokia execs for the sole purpose of licensing its iconic mobile brand. (The backstory there is a clause in the sale terms of Nokia’s mobile device division to Microsoft expired in 2016, paving the way for Nokia’s brand to be returned to the smartphone market without the prior Windows Mobile baggage.)

Its investment into HMD now looks like a vote of confidence in how the company has been executing in the fiercely competitive mobile space to date (HMD doesn’t break out a lot of detail about device sales but Seiche told us it sold in excess of 70M mobiles last year; that’s a combined figure for smartphones and feature phones) — as well as an upbeat assessment of the scope of the growth opportunity ahead of it.

On the latter front US-led geopolitical tensions between the West and China do look poised to generate a tail-wind for HMD’s business.

Mobile chipmaker Qualcomm, for example, is facing a loss of business, as US government restrictions threaten its ability to continue selling chips to Huawei; a major Chinese device maker that’s become a key target for US president Trump. Its interest in supporting HMD’s growth, therefore, looks like a way for Qualcomm to hedge against US government disruption aimed at Chinese firms in its mobile device maker portfolio.

While with Trump’s recent threats against the TikTok app it seems safe to assume that no tech company with a Chinese owner is safe.

As a European company, HMD is able to position itself as a safe haven — and Seiche’s sales pitch talks up a focus on security detail and overall quality of experience as key differentiating factors vs the Android hoards.

“We have been very clear and very consistent right from the beginning to pick these core principles that are close to our heart and very closely linked with the Nokia brand itself — and definitely security, quality and trust are key elements,” he told TechCrunch. “This is resonating with our carrier and retail customers around the world and it is definitely also a core fundamental differentiator that those partners that are taking a longer term view clearly see that same opportunity that we see for us going forward.”

HMD does use manufacturing facilities in China, as well as in a number of other locations around the world — including Brazil, India, Indonesia and Vietnam.

But asked whether it sees any supply chain risks related to continued use of Chinese manufacturers to build ‘secure’ mobile hardware, Seiche responded by claiming: “The most important [factor] is we do control the software experience fully.” He pointed specifically to HMD’s acquisition of Valona Labs earlier this year. The Finnish security startup carries out all its software audits. “They basically control our software to make sure we can live up to that trusted standard,” Seiche added. 

Landing a major tranche of new funding now — and with geopolitical tension between the West and the Far East shining a spotlight on its value as alternative, European mobile maker — HMD is eyeing expansion in growth markets such as Africa, Brail and India. (Currently, HMD said it’s active in 91 markets across eight regions, with its devices ranged in 250,000 retail outlets around the world.)

It’s also looking to bring 5G to devices at a greater range of price-points, beyond the current flagship Nokia 8.3. Seiche also said it wants to do more on the mobile services side. HMD’s first 5G device, the flagship Nokia 8.3, is due to land in the US and Europe in a matter of weeks. And Seiche suggested a timeframe of the middle of next year for launching a 5G device at a mid tier price point.

“The 5G journey again has started, in terms of market adoption, in China. But now Europe, US are the key next opportunity — not just in the premium tier but also in the mid segment. And to get to that as fast as possible is one of our goals,” he said, noting joint-working with Qualcomm on that.

“We also see great opportunity with Nokia in that 5G transition — because they are also working on a lot of private LTE deployments which is also an interesting area since… we are also very strongly present in that large enterprise segment,” he added.

On mobile services, Seiche highlighted the launch of HMD Connect: A data SIM aimed at travellers — suggesting it could expand into additional connectivity offers in future, forging more partnerships with carriers. 

“We have already launched several services that are close to the hardware business — like insurance for your smartphones — but we are also now looking at connectivity as a great area for us,” he said. “The first pilot of that has been our global roaming but we believe there is a play in the future for consumers or enterprise customers to get their connectivity directly with their device. And we’re partnering also with operators to make that happen.”

“You can see us more as a complement [to carriers],” he added, arguing that business “dynamics” for carriers have also changed substantially — and customer acquisition hasn’t been a linear game for some time.

“In a similar way when we talk about Google Pixel vs us — we have a different footprint. And again if you look at carriers where they get their subscribers from today is already today a mix between their own direct channels and their partner channels. And actually why wouldn’t a smartphone player be a natural good partner of choice also for them? So I think you’ll see that as a trend, potentially, evolving in the next couple of years.”

#africa, #android, #antitrust, #brazil, #china, #europe, #european-commission, #european-union, #fundings-exits, #google, #hmd-global, #huawei, #india, #indonesia, #microsoft, #mobile, #mobile-device, #mobile-devices, #nokia, #qualcomm, #smartphone, #smartphones, #trump, #united-states, #us-government, #vietnam, #windows-mobile

0

EU-US Privacy Shield is dead. Long live Privacy Shield

As the saying goes, insanity is doing the same thing over and over again and expecting different results.

And so we arrive at the news, put out yesterday in the horse latitudes of summer via joint press statement, that the EU’s executive body and the US Department of Commerce have begun talks toward fashioning a shiny new papier-mâché ‘Privacy Shield’.

“The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case,” the pair write.

The EU-US Privacy Shield, as you may recall, refers to the four-year-old data transfer mechanism which Europe’s top court just sunk with the legal equivalent of a nuclear bomb.

Five years ago the same court carpet-bombed its predecessor, a fifteen-year-old arrangement known — without apparent irony — as ‘Safe Harbor’.

Thousands of companies had been signed up to the Privacy Shield, relying on the claimed legal protection to authorize transatlantic transfers of EU users’ data. The mirage collapsed on cue last month, raising legal questions over continued use of cloud services based in a third country like the US — barring data localization.

Alternative data transfer mechanisms do exist but data controllers wanting to use an alternative tool, like Standard Contractual Clauses (SCCs), to take EU citizens’ data over the pond are legally required to carry out an assessment of whether US law provides adequate protections. If they cannot guarantee the data’s safety they cannot use SCCs legally either. (And if they go ahead they are risking costly regulatory intervention.)

The fall of Privacy Shield should really have shocked no one, given the warnings, right from the get-go, that it amounted to ‘lipstick on a pig‘. Nothing has changed the fundamental problems identified by the Court of Justice of the EU in 2015 — so carrying on doing bulk data transfers to the US was headed for the same legal slapdown.

The basic problem is the mechanism failed to do what’s claimed on the tin. Which is to say EU people’s personal data is not safe as houses over there because US government security agencies have their hands in tech platforms’ cookie jars (and all the other jars and tubes of the modern Internet), as the 2013 Snowden revelations illustrated beyond doubt.

Nothing since the Snowden disclosures has substantially reworked US surveillance law to make it less incompatible with EU privacy law. President Obama made a few encouraging noises but under Trump the administration has dug in on helping itself to people’s data without a warrant. So it’s closer to a funnel than a shield.

Turns out neither a ‘Shield’ nor a ‘Harbor’ were metaphors grand enough to paper over this fundamental clash of legal priorities, when a regional trading bloc with long standing laws that protect privacy butts up against an alien regime that rubberstamps digital intrusion on national security grounds, with zero concern for privacy.

And so we arrive at the prospect of a new, papier-mâché ‘Privacy Shield II(I)’ — which looks to be the most appropriate metaphor for this latest round of EU-US ‘negotiations’ aimed at cobbling something together to buy more time for data to keep flowing. Bottom line: Even if Commission and US negotiators ink something on paper any claimed legal protections will, without root and branch reform of US surveillance law, sum to another sham headed for a speedy demolition day in court. 

It’s also worth noting that Europe’s judges are likely to step on the gas in this respect, with Privacy Shield standing for just a fraction of the time Safe Harbor hung around. So any Privacy Shield II (III if you count Safe Harbor) would likely get even shorter shrift. 

Not that legal reality and legal clarity is preventing fuzzy soundbites from being despatched from both sides of the Atlantic, of course.

“The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades,” the pair write in a fresh attempt to re-spin a legal car crash disaster that everyone could see coming, years ahead.

“As we face new challenges together, including the recovery of the global economy after the COVID-19 pandemic, our partnership will strengthen data protection and promote greater prosperity for our nearly 800 million citizens on both sides of the Atlantic.”

There’s no doubting the appetite of the Commission and the US Department of Commerce share for data to keep flowing. Both prioritize ‘business as usual’ and lionize their notion of “prosperity”, to the degree where they’re willing to turn a blind eye to rights impacts (including the Commission).

However neither side has demonstrated that it posses the political clout and influence to remake the US’ data industrial complex — which is what’s needed to meaningfully ‘enhance’ Privacy Shield. Instead, we get publicity for their next pantomime.

We’ve reached out to the Commission with questions, lots of questions.

 

#cloud, #cloud-services, #data-localization, #data-protection, #digital-rights, #eu-us-privacy-shield, #europe, #european-commission, #european-union, #human-rights, #obama, #personal-data, #policy, #privacy, #safe-harbor, #trump, #u-s-department-of-commerce, #united-states, #us-government

0

Legal clouds gather over US cloud services, after CJEU ruling

In the wake of yesterday’s landmark ruling by Europe’s top court — striking down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process — Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.

Countries like the U.S.

The original complaint that led to the Court of Justice of the EU (CJEU) ruling focused on Facebook’s use of a data transfer mechanism called Standard Contractual Clauses (SCCs) to authorize moving EU users’ data to the U.S. for processing.

Complainant Max Schrems asked the Irish Data Protection Commission (DPC) to suspend Facebook’s SCC data transfers in light of U.S. government mass surveillance programs. Instead, the regulator went to court to raise wider concerns about the legality of the transfer mechanism.

That in turn led Europe’s top judges to nuke the Commission’s adequacy decision, which underpinned the EU-U.S. Privacy Shield — meaning the U.S. no longer has a special arrangement greasing the flow of personal data from the EU. Yet, at the time of writing, Facebook is still using SCCs to process EU users’ data in the U.S. Much has changed, but the data hasn’t stopped flowing — yet.

Yesterday the tech giant said it would “carefully consider” the findings and implications of the CJEU decision on Privacy Shield, adding that it looked forward to “regulatory guidance.” It certainly didn’t offer to proactively flip a kill switch and stop the processing itself.

Ireland’s DPA, meanwhile, which is Facebook’s lead data regulator in the region, sidestepped questions over what action it would be taking in the wake of yesterday’s ruling — saying it (also) needed (more) time to study the legal nuances.

The DPC’s statement also only went so far as to say the use of SCCs for taking data to the U.S. for processing is “questionable” — adding that case by case analysis would be key.

The regulator remains the focus of sustained criticism in Europe over its enforcement record for major cross-border data protection complaints — with still zero decisions issued more than two years after the EU’s General Data Protection Regulation (GDPR) came into force, and an ever-growing backlog of open investigations into the data processing activities of platform giants.

In May, the DPC finally submitted to other DPAs for review its first draft decision on a cross-border case (an investigation into a Twitter security breach), saying it hoped the decision would be finalized in July. At the time of writing we’re still waiting for the bloc’s regulators to reach consensus on that.

The painstaking pace of enforcement around Europe’s flagship data protection framework remains a problem for EU lawmakers — whose two-year review last month called for uniformly “vigorous” enforcement by regulators.

The European Data Protection Supervisor (EDPS) made a similar call today, in the wake of the Schrems II ruling — which only looks set to further complicate the process of regulating data flows by piling yet more work on the desks of underfunded DPAs.

“European supervisory authorities have the duty to diligently enforce the applicable data protection legislation and, where appropriate, to suspend or prohibit transfers of data to a third country,” writes EDPS Wojciech Wiewiórowski, in a statement, which warns against further dithering or can-kicking on the intervention front.

“The EDPS will continue to strive, as a member of the European Data Protection Board (EDPB), to achieve the necessary coherent approach among the European supervisory authorities in the implementation of the EU framework for international transfers of personal data,” he goes on, calling for more joint working by the bloc’s DPAs.

Wiewiórowski’s statement also highlights what he dubs “welcome clarifications” regarding the responsibilities of data controllers and European DPAs — to “take into account the risks linked to the access to personal data by the public authorities of third countries.”

“As the supervisory authority of the EU institutions, bodies, offices and agencies, the EDPS is carefully analysing the consequences of the judgment on the contracts concluded by EU institutions, bodies, offices and agencies. The example of the recent EDPS’ own-initiative investigation into European institutions’ use of Microsoft products and services confirms the importance of this challenge,” he adds.

Part of the complexity of enforcement of Europe’s data protection rules is the lack of a single authority; a varied patchwork of supervisory authorities responsible for investigating complaints and issuing decisions.

Now, with a CJEU ruling that calls for regulators to assess third countries themselves — to determine whether the use of SCCs is valid in a particular use-case and country — there’s a risk of further fragmentation should different DPAs jump to different conclusions.

Yesterday, in its response to the CJEU decision, Hamburg’s DPA criticized the judges for not also striking down SCCs, saying it was “inconsistent” for them to invalidate Privacy Shield yet allow this other mechanism for international transfers. Supervisory authorities in Germany and Europe must now quickly agree how to deal with companies that continue to rely illegally on the Privacy Shield, the DPA warned.

In the statement, Hamburg’s data commissioner, Johannes Caspar, added: “Difficult times are looming for international data traffic.”

He also shot off a blunt warning that: “Data transmission to countries without an adequate level of data protection will… no longer be permitted in the future.”

Compare and contrast that with the Irish DPC talking about use of SCCs being “questionable,” case by case. (Or the U.K.’s ICO offering this bare minimum.)

Caspar also emphasized the challenge facing the bloc’s patchwork of DPAs to develop and implement a “common strategy” toward dealing with SCCs in the wake of the CJEU ruling.

In a press note today, Berlin’s DPA also took a tough line, warning that data transfers to third countries would only be permitted if they have a level of data protection essentially equivalent to that offered within the EU.

In the case of the U.S. — home to the largest and most used cloud services — Europe’s top judges yesterday reiterated very clearly that that is not in fact the case.

“The CJEU has made it clear that the export of data is not just about the economy but people’s fundamental rights must be paramount,” Berlin data commissioner Maja Smoltczyk said in a statement [which we’ve translated using Google Translate].

“The times when personal data could be transferred to the U.S. for convenience or cost savings are over after this judgment,” she added.

Both DPAs warned the ruling has implications for the use of cloud services where data is processed in other third countries where the protection of EU citizens’ data also cannot be guaranteed too, i.e. not just the U.S.

On this front, Smoltczyk name-checked China, Russia and India as countries EU DPAs will have to assess for similar problems.

“Now is the time for Europe’s digital independence,” she added.

Some commentators (including Schrems himself) have also suggested the ruling could see companies switching to local processing of EU users’ data. Though it’s also interesting to note the judges chose not to invalidate SCCs — thereby offering a path to legal international data transfers, but only provided the necessary protections are in place in that given third country.

Also issuing a response to the CJEU ruling today was the European Data Protection Board (EDPB). AKA the body made up of representatives from DPAs across the bloc. Chair Andrea Jelinek put out an emollient statement, writing that: “The EDPB intends to continue playing a constructive part in securing a transatlantic transfer of personal data that benefits EEA citizens and organisations and stands ready to provide the European Commission with assistance and guidance to help it build, together with the U.S., a new framework that fully complies with EU data protection law.”

Short of radical changes to U.S. surveillance law, it’s tough to see how any new framework could be made to legally stick, though. Privacy Shield’s predecessor arrangement, Safe Harbour, stood for around 15 years. Its shiny “new and improved” replacement didn’t even last five.

In the wake of the CJEU ruling, data exporters and importers are required to carry out an assessment of a country’s data regime to assess adequacy with EU legal standards before using SCCs to transfer data there.

“When performing such prior assessment, the exporter (if necessary, with the assistance of the importer) shall take into consideration the content of the SCCs, the specific circumstances of the transfer, as well as the legal regime applicable in the importer’s country. The examination of the latter shall be done in light of the non-exhaustive factors set out under Art 45(2) GDPR,” Jelinek writes.

“If the result of this assessment is that the country of the importer does not provide an essentially equivalent level of protection, the exporter may have to consider putting in place additional measures to those included in the SCCs. The EDPB is looking further into what these additional measures could consist of.”

Again, it’s not clear what “additional measures” a platform could plausibly deploy to “fix” the gaping lack of redress afforded to foreigners by U.S. surveillance law. Major legal surgery does seem to be required to square this circle.

Jelinek said the EDPB would be studying the judgement with the aim of putting out more granular guidance in the future. But her statement warns data exporters they have an obligation to suspend data transfers or terminate SCCs if contractual obligations are not or cannot be complied with, or else to notify a relevant supervisory authority if it intends to continue transferring data.

In her roundabout way, she also warns that DPAs now have a clear obligation to terminate SCCs where the safety of data cannot be guaranteed in a third country.

“The EDPB takes note of the duties for the competent supervisory authorities (SAs) to suspend or prohibit a transfer of data to a third country pursuant to SCCs, if, in the view of the competent SA and in the light of all the circumstances of that transfer, those clauses are not or cannot be complied with in that third country, and the protection of the data transferred cannot be ensured by other means, in particular where the controller or a processor has not already itself suspended or put an end to the transfer,” Jelinek writes.

One thing is crystal clear: Any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished like summer rain.

In its place, a sense of déjà vu and a lot more work for lawyers.

#berlin, #china, #cloud, #cloud-services, #data-protection-law, #data-transmission, #digital-rights, #eu-us-privacy-shield, #europe, #european-commission, #european-data-protection-board, #european-union, #facebook, #general-data-protection-regulation, #germany, #google, #hamburg, #human-rights, #india, #ireland, #law, #mass-surveillance, #max-schrems, #microsoft, #personal-data, #privacy, #russia, #safe-harbour, #schrems-ii, #tc, #twitter, #united-states, #us-government

0

Europe’s top court strikes down flagship EU-US data transfer mechanism

A highly anticipated ruling by Europe’s top court has just landed — striking down a flagship EU-US data flows arrangement called Privacy Shield.

The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield,” it writes in a press release. 

The case — known colloquially as Schrems II (in reference to privacy activist and lawyer, Max Schrems, whose original complaints underpin the saga) — has a long and convoluted history. In a nutshell it concerns the clash of two very different legal regimes related to people’s digital data: On the one hand US surveillance law and on the other European data protection and privacy.

Putting a little more meat on the bones, the US’ prioritizing of digital surveillance — as revealed by the 2013 revelations of NSA whistleblower, Edward Snowden; and writ large in the breadth of data capture powers allowed by Section 702 of FISA (Foreign Intelligence Surveillance Act) and executive order 12,333 (which sanctions bulks collection) — collides directly with European fundamental rights which give citizens rights to privacy and data protection, as set out in the EU Charter of Fundamental Rights, the European Convention on Human Rights and specific pieces of pan-EU legislation (such as the General Data Protection Regulation).

The Schrems II case also directly concerns Facebook, while having much broader implications for how large scale data processing of EU citizens data can be done. It does not concern so called ‘necessary’ data transfers — such as being able to send an email to book a hotel room; but rather relates to the bulk outsourcing of data processing from the EU to the US (typically undertaken for cost/ease reasons). So one knock on effect of today’s ruling might be for companies to switch to regional data processing for European users.

The original case raised specific questions of legality around a European data transfer mechanism used by Facebook (and many other companies) for processing regional users’ data in the US — called Standard Contractual Clauses (SCCs).

Schrems challenged Facebook’s use of SCCs at the end of 2015, when he updated an earlier complaint on the same data transfer issue related to US government mass surveillance practices with Ireland’s data watchdog.

He asked the Irish Data Protection Commission (DPC) to suspend Facebook’s use of SCCs. Instead the regulator decided to take him and Facebook to court, saying it had concerns about the legality of the whole mechanism. Irish judges then referred a large number of nuanced legal questions to Europe’s top court, which brings us to today. It’s worth noting Facebook repeatedly tried and failed to block the reference to the Court of Justice. And you can now see exactly why they really wanted to derail this train.

The referral by the Irish High Court also looped in questions over a flagship European Commission data transfer agreement, called the EU-US Privacy Shield. This replaced a long standing EU-US data transfer agreement called Safe Harbor which was struck down by the CJEU in 2015 after an earlier challenge also lodged by Schrems. (Hence Schrems II — and now strike two for Schrems.)

So part of the anticipation associated with this case has been related to whether Europe’s top judges would choose to weigh in on the legality of Privacy Shield — a data transfer framework that’s being used by more than 5,300 companies at this point. And which the European Commission only put in place a handful of years ago.

Critics of the arrangement have maintained from the start that it does not resolve the fundamental clash between US surveillance and EU data protection — and in recent years, with the advent of the Trump administration, the Privacy Shield has looked increasingly precariously placed as we’ve reported.

In the event, the CJEU has sided with critics who have always said Privacy Shield is the equivalent of lipstick on a pig. Today is certainly not a good day for the European Commission (which also had a very bad day in court yesterday on a separate matter).

We reached out to the EU executive for comment on Schrems II and a spokesman told us it will be holding a press briefing at noon. (We’ll dial in so stay tuned for more.)

Privacy Shield had also been under separate legal challenge — with the complainant in that case (La Quadrature du Net) arguing the mechanism breaches fundamental EU rights and does not provide adequate protection for EU citizens’ data. That case now looks moot.

On SCCs, the CJEU has not taken issue with the mechanism itself — which, unlike Privacy Shield, does not contain an assessment on the quality of the protections offered by any third country; it’s merely a tool which may be available to use if the right legal conditions exist to guarantee EU citizens’ data rights — but judges impress the obligation on data controllers to carry out an assessment of the data protection afforded by the country where the data is to be taken. If the level is not equivalent to that offered by EU law then the controller has a legal obligation to suspend the data transfers.

This also means that EU regulators — such as Ireland’s DPC — have a clear obligation to suspend data transfers which are taking place via SCCs to third countries where data protections are not adequate. Like the US. Which was exactly what Schrems had asked the Irish regulator to do in the first place.

It’s not immediately clear what alternative exists for companies such as Facebook which are using SCCs to take EU citizens’ data to the US, given judges have invalidated Privacy Shield on the grounds of the lack of protections afforded to EU citizens data in the country.

US surveillance law is standing in the way of their EU data flows.

Commenting on the ruling in a statement, a jubilant Schrems said: “I am very happy about the judgment. At first sight it seems the Court has followed us in all aspects. This is a total blow to the Irish DPC and Facebook. It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market.”

We’ve also reached out to Facebook and the Irish DPC for comment.

This is a developing story… 

#controller, #data-protection, #digital-rights, #edward-snowden, #eu-us-privacy-shield, #europe, #european-commission, #european-union, #facebook, #human-rights, #ireland, #law, #mass-surveillance, #max-schrems, #privacy, #safe-harbor, #social-issues, #tc, #united-states, #us-government

0