User blogs

TikTok is facing a fresh round of regulatory complaints in Europe where consumer protection groups have filed a series of coordinated complaints alleging multiple breaches of EU law.

The European Consumer Organisation (BEUC) has lodged a complaint against the video sharing site with the European Commission and the bloc’s network of consumer protection authorities, while consumer organisations in 15 countries have alerted their national authorities and urged them to investigate the social media giant’s conduct, BEUC said today.

The complaints include claims of unfair terms, including in relation to copyright and TikTok’s virtual currency; concerns around the type of content children are being exposed to on the platform; and accusations of misleading data processing and privacy practices.

Details of the alleged breaches are set out in two reports associated with the complaints: One covering issues with TikTok’s approach to consumer protection, and another focused on data protection and privacy.

Child safety

On child safety, the report accuses TikTok of failing to protect children and teenagers from hidden advertising and “potentially harmful” content on its platform.

“TikTok’s marketing offers to companies who want to advertise on the app contributes to the proliferation of hidden marketing. Users are for instance triggered to participate in branded hashtag challenges where they are encouraged to create content of specific products. As popular influencers are often the starting point of such challenges the commercial intent is usually masked for users. TikTok is also potentially failing to conduct due diligence when it comes to protecting children from inappropriate content such as videos showing suggestive content which are just a few scrolls away,” the BEUC writes in a press release.

TikTok has already faced a regulatory intervention in Italy this year in response to child safety concerns — in that instance after the death of a ten year old girl in the country. Local media had reported that the child died of asphyxiation after participating in a ‘black out’ challenge on TikTok — triggering the emergency intervention by the DPA.

Soon afterwards TikTok agreed to reissue an age gate to verify the age of every user in Italy, although the check merely asks the user to input a date to confirm their age so seems trivially easy to circumvent.

In the BEUC’s report, the consumer rights group draws attention to TikTok’s flimsy age gate, writing that: “In practice, it is very easy for underage users to register on the platform as the age verification process is very loose and only self-declaratory.”

And while it notes TikTok’s privacy policy claims the service is “not directed at children under the age of 13” the report cites a number of studies that found heavy use of TikTok by children under 13 — with BEUC suggesting that children in fact make up “a very big part” of TikTok’s user base.

From the report:

In France, 45% of children below 13 have indicated using the app. In the United Kingdom, a 2020 study from the Office for Telecommunications (OFCOM) revealed that 50% of children between eight and 15 upload videos on TikTok at least weekly. In Czech Republic, a 2019 study found out that TikTok is very popular among children aged 11-12. In Norway, a news article reported that 32% of children aged 10-11 used TikTok in 2019. In the United States, The New York Times revealed that more than one-third of daily TikTok users are 14 or younger, and many videos seem to come from children who are below 13. The fact that many underage users are active on the platform does not come as a surprise as recent studies have shown that, on average, a majority of children owns mobile phones earlier and earlier (for example, by the age of seven in the UK).

A recent EU-backed study also found that age checks on popular social media platforms are “basically ineffective” as they can be circumvented by children of all ages simply by lying about their age.

Terms of use

Another issue raised by the complaints centers on a claim of unfair terms of use — including in relation to copyright, with BEUC noting that TikTok’s T&Cs give it an “irrevocable right to use, distribute and reproduce the videos published by users, without remuneration”.

A virtual currency feature it offers is also highlighted as problematic in consumer rights terms.

TikTok lets users purchase digital coins which they can use to buy virtual gifts for other users (which can in turn be converted by the user back to fiat). But BEUC says its ‘Virtual Item Policy’ contains “unfair terms and misleading practices” — pointing to how it claims an “absolute right” to modify the exchange rate between the coins and the gifts, thereby “potentially skewing the financial transaction in its own favour”.

While TikTok displays the price to buy packs of its virtual coins there is no clarity over the process it applies for the conversion of these gifts into in-app diamonds (which the gift-receiving user can choose to redeem for actual money, remitted to them via PayPal or another third party payment processing tool).

“The amount of the final monetary compensation that is ultimately earned by the content provider remains obscure,” BEUC writes in the report, adding: “According to TikTok, the compensation is calculated ‘based on various factors including the number of diamonds that the user has accrued’… TikTok does not indicate how much the app retains when content providers decide to convert their diamonds into cash.”

“Playful at a first glance, TikTok’s Virtual Item Policy is highly problematic from the point of view of consumer rights,” it adds.

Privacy

On data protection and privacy, the social media platform is also accused of a whole litany of “misleading” practices — including (again) in relation to children. Here the complaint accuses TikTok of failing to clearly inform users about what personal data is collected, for what purpose, and for what legal reason — as is required under Europe’s General Data Protection Regulation (GDPR).

Other issues flagged in the report include the lack of any opt-out from personal data being processed for advertising (aka ‘forced consent’ — something tech giants like Facebook and Google have also been accused); the lack of explicit consent for processing sensitive personal data (which has special protections under GDPR); and an absence of security and data protection by design, among other issues.

We’ve reached out to the Irish Data Protection Commission (DPC), which is TikTok’s lead supervisor for data protection issues in the EU, about the complaint and will update this report with any response.

France’s data watchdog, the CNIL, already opened an investigation into TikTok last year — prior to the company shifting its regional legal base to Ireland (meaning data protection complaints must now be funnelled through the Irish DPC as a result of via the GDPR’s one-stop-shop mechanism — adding to the regulatory backlog).

Jef Ausloos, a postdoc researcher who worked on the legal analysis of TikTok’s privacy policy for the data protection complaints, told TechCrunch researchers had been ready to file data protection complaints a year ago — at a time when the platform had no age check at all — but it suddenly made major changes to how it operates.

Ausloos suggests such sudden massive shifts are a deliberate tactic to evade regulatory scrutiny of data-exploiting practices — as “constant flux” can have the effect of derailing and/or resetting research work being undertaken to build a case for enforcement — also pointing out that resource-strapped regulators may be reluctant to bring cases against companies ‘after the fact’ (i.e. if they’ve since changed a practice).

The upshot of breaches that iterate is that repeat violations of the law may never be enforced.

It’s also true that a frequent refrain of platforms at the point of being called out (or called up) on specific business practices is to claim they’ve since changed how they operate — seeking to use that a defence to limit the impact of regulatory enforcement or indeed a legal ruling. (Aka: ‘Move fast and break regulatory accountability’.)

Nonetheless, Ausloos says the complainants’ hope now is that the two years of documentation undertaken on the TikTok case will help DPAs build cases.

Commenting on the complaints in a statement, Monique Goyens, DG of BEUC, said: “In just a few years, TikTok has become one of the most popular social media apps with millions of users across Europe. But TikTok is letting its users down by breaching their rights on a massive scale. We have discovered a whole series of consumer rights infringements and therefore filed a complaint against TikTok.

“Children love TikTok but the company fails to keep them protected. We do not want our youngest ones to be exposed to pervasive hidden advertising and unknowingly turned into billboards when they are just trying to have fun.

“Together with our members — consumer groups from across Europe — we urge authorities to take swift action. They must act now to make sure TikTok is a place where consumers, especially children, can enjoy themselves without being deprived of their rights.”

Reached for comment on the complaints, a TikTok spokesperson told us:

Keeping our community safe, especially our younger users, and complying with the laws where we operate are responsibilities we take incredibly seriously. Every day we work hard to protect our community which is why we have taken a range of major steps, including making all accounts belonging to users under 16 private by default. We’ve also developed an in-app summary of our Privacy Policy with vocabulary and a tone of voice that makes it easier for teens to understand our approach to privacy. We’re always open to hearing how we can improve, and we have contacted BEUC as we would welcome a meeting to listen to their concerns.

Source: https://techcrunch.com/2021/02/16/tiktok-hit-with-consumer-child-safety-and-privacy-complaints-in-europe/

Most small businesses today don’t have a dedicated staff to handle their IT needs. Take restaurants, for an example. They have likely outsourced this job to contract IT professionals to reduce expenses.

Every time they need to buy a point-of-sale machine, a printer, new computers, or assign business emails to employees, they reach out to a trusted IT advisor, who then works with vendor partners to secure products and services that the business needs.

A former investor at Accel spotted an opportunity in this space and is tackling it with her new startup called Zomentum. The U.S.-headquartered startup’s platform allows IT partners to bring their entire sales process together, a phenomenon she said is helping them increase their revenue and close more sales in less time.

On Tuesday, three-year-old Zomentum, which aims to build a strong IT partner network that can serve as an effective sales channel to promote the hyperlocal IT market, said it has raised $13 million in its Series A round from Greenoaks Capital and existing investors Elevation Capital and Accel. The new round, which brings Zomentum’s to-date raise to $17.1 million, also saw participation from Eight Roads Ventures.

“SMBs are often so focused on helping customers that they end up strapped for time to select the right technology that suits their business needs. Increasingly, more and more IT channel partners are assuming the role of trusted advisors to these SMBs for their technology needs,” said Shruti Ghatge, co-founder and chief executive of Zomentum.

Citing internal research, Zomentum said average IT partners on its platform are able to create documents 70% faster, close twice as many deals with a 600% increase in deal value, and are seeing 2X increase in conversion.

“We see an opportunity to leverage the power of AI and data science to enable business insights for these channel partners. We want our partners and their clients to leverage AI-enabled Business Intelligence to help gain actionable insights and take smart decisions, something that until now, was available only to enterprises,” said Rahil Shah, co-founder and chief technology officer of Zomentum, in a statement.

More than 80% of Zomentum customers today are in the U.S., and Ghatge said the startup will deploy the fresh capital to expand its presence in the market and broaden its product offerings.

More to follow…

Source: https://techcrunch.com/2021/02/16/zomentum-raises-13-million-to-scale-its-it-sales-acceleration-platform/

The pandemic and the world’s big shift to doing (even) more online has put an unprecedented amount of pressure on cybersecurity. Now, it looks like one of the big public players in that space, Palo Alto Networks, has made an acquisition that will help it address that challenge, specifically with security tools designed for those working in DevOps to handle vast volumes of security data more efficiently.

According to our sources and reports, the company is acquiring Bridgecrew, a startup out of Israel that automates the process of network monitoring and security remediation by translating the feedback into code. Its tools are used by fast-scaling, internet-based businesses like Robinhood, BetterHelp and OneMain Financial.

The acquisition was first rumored earlier this month in Israeli press as a deal worth more than $100 million. Two sources confirmed the talks to us at the time but said the deal had not yet been closed. Then, a report this morning in Israel’s Calcalist said the acquisition is now valued at around $200 million, possibly more if you count earn-outs.

Sources close to the startup’s investors confirm to us that the papers have indeed now been signed on the deal, so expect an official announcement soon.

Spokespeople for both companies previously declined to comment on any deal when we asked earlier this month. We are reaching out to both again.

A $200 million price tag would represent a strong return for Bridgecrew and its investors.

The startup, backed by the likes of Battery Ventures, Operator Partners and more than a dozen others, has only raised around $18 million, including a Series A of $14 million last year. According to PitchBook data, Bridgecrew had a valuation of about $40 million at the time of that last round.

Cybersecurity — specifically the need for better and more sophisticated solutions in the face of an increasing amount of breaches in an ever-growing threat landscape — has seen an increasing focus for years. Indeed, it’s one of the rising tides that has lifted Palo Alto Networks’ boat.

But in the last year, the Covid-19 pandemic has brought more attention to cybersecurity and the need for more automation in it than ever before.

The reason is fairly obvious but is worth repeating: as more organizations migrate operations into distributed, digital-only, cloud-based environments, architectures have become more fragmented, complex and simply bigger and more of an exploitation target.

That’s presented a challenge for those provisioning security for these operations, and that has led to a new wave of companies over the last several years building automated solutions, merging DevOps with security monitoring.

“We founded Bridgecrew because we saw that there was a huge bottleneck in security engineering, in DevSecOps, and how engineers were running cloud infrastructure security,” Bridgecrew CEO and co-founder Idan Tendler told TechCrunch last year. Others in this wider space include PortShift (which was acquired by Cisco last year), Tines and many others.

Palo Alto Networks has also been building its own tools for DevOps security, namely with Prisma, which it introduced in 2019 and updated last year.

It’s not clear why Palo Alto would choose to supplement that with an outside acquisition, but it’s notable that Bridgecrew focuses on DevOps security specifically and it has seen a lot of traction in that area.

Its sweet spot appears to be customers who are building huge businesses themselves on cloud infrastructure and are using automation as part of bigger efforts to ensure better cybersecurity practices.

It counts customers like Databricks for its flagship Bridgecrew platform product, which provides security scanning and remediation in the form of code across a wide range of infrastructure environments. The company recently said that its customer base and monthly sign ups both tripled in the second half of last year.

It has also seen a lot of pick-up of Checkov, its open source infrastrcuture-as-code (IaC) scanner that it says works across cloud infrastructure in Terraform, Cloudformation, Kubernetes, Arm templates or Serverless Framework to detect misconfigurations.

Checkov passed a milestone of 1 million downloads last quarter, speaking to the company’s reputation and traction with the very customers that Palo Alto is looking to reach.

Notably, Bridgecrew says it’s working on other open source projects, so that could also be a focus for Palo Alto here.

Another takeaway from this news is how Israel continues to be fertile ground for hatching and growing cybersecurity businesses.

“Palo Alto Networks was established by Israeli founders, and Bridgecrew will be the seventh Israeli cybersecurity company acquired by Palo Alto in the recent years,” said Avihai Michaeli, a Tel Aviv-based senior investment banker and startup advisor.

We will update this story as we learn more.

Source: https://techcrunch.com/2021/02/16/sources-palo-alto-networks-acquired-devops-security-startup-bridgecrew-for-around-200m/

Carl Pei, co-founder of OnePlus, knows a thing or two about communities. At the Chinese smartphone maker, Pei fielded product and feature ideas from fans and held frequent gatherings to hear their feedback. At his new venture, Nothing, Pei is going a step further.

London-headquartered firm said on Tuesday it will allow its community to invest $1.5 million in the company through a community equity round early next month. One community member will be elected to Nothing’s board of directors to always keep the firm in “check” and remind it of ‘what users want,” said Pei.

The startup, which recently raised a $15 million Series A round from Alphabet’s GV, said it will raise money from the community at the same valuation as implied in the Series A round. (The startup has raised an additional $7 million from high-profile executives including Kunal Shah of Cred, Tony Fadell, principal at Future Shape and inventor of the iPod, well-known YouTuber Casey Neistat, Kevin Lin, co-founder of Twitch, Steve Huffman, chief executive of Reddit, and Kim Fai Kok of Truecaller.)

“We want our community to be part of our journey from the very start and play an active role in it.” said Pei, who serves as the chief executive of Nothing. Pre-registrations to the financing option will open on February 16 at 10AM GMT, and the campaign will go live on March 2 at 10AM GMT.

Pei has yet to share what all products he wants to tackle at his new venture. So far he has said the startup plans to develop a pair of wireless headphones and smart and connected consumer electronics devices.

TechCrunch asked him why he couldn’t do all of this at OnePlus. “When you want to build something new and different, the best way is to start-off on a clean sheet and with a change of environment,” he said.

This week, 9to5Google reported that Nothing had acquired some trademarks from Android creator Andy Rubin’s now-defunct Essential.

Source: https://techcrunch.com/2021/02/16/want-to-invest-in-nothing-carl-pei-opens-investment-opportunity-to-community/