User blogs

The lead data supervisor for a slew of tech giants in the European Union, including Apple, Facebook, Google, LinkedIn, TikTok and Twitter, is still relying on Lotus Notes to manage complaints and investigations lodged under the bloc’s flagship General Data Protection Regulation (GDPR), per freedom of information requests made by the Irish Council for Civil Liberties (ICCL).

Back in its 2016 annual report Ireland’s Data Protection Commission (DPC) stated that one of its main goals for GDPR (and ePrivacy) readiness included “implementation of a new website and case-management system” in time for the regulation coming into force in May 2018. However some five years later this ITC upgrade project is still a work in progress, responses to the ICCL’s FOIs show.

Project deadlines were repeatedly missed, per internal documents now in the public domain, while by October 2020 the cost of the DPC’s ICT upgrade had more than doubled vs an initial projection — ballooning to at least €615,121 (a figure that excludes staff time spent on the project since 2016; and also does not include the cost of maintaining the antiquated Lotus Notes system which is borne by the Irish government’s Department of Justice).

The revelation that the lead data supervisor for much of big tech in Europe is handling complaints using such ‘last-gen’ software not only looks highly embarrassing for the DPC but raises questions over the effectiveness of its senior management.

The DPC continues to face criticism over the slow pace of regulatory enforcement vis-a-vis big tech which, combined with the GDPR’s one-stop-shop mechanism, has led to a huge backlog of cases that the European Commission has conceded is a weakness of the regulation. So the revelation that it’s taking so long to get its own ITC in order will only fuel criticism that the regulator is not fit for purpose.

The wider issue here is the vast gulf in resources and technical expertise between tech giants, many of which are racking up vast profits off of people’s data that they can use to put toward paying armies of in-house lawyers to shield them from the risk of regulatory intervention, vs the tiny, under-resourced public sector agencies tasked with defending users’ rights — without appropriately modern tools to help them do the job.

In Ireland’s case, though, the length of time involved in overhauling its internal ICT does throw the spotlight on management of resources. Not least because the DPC’s budget and headcount has been growing since around 2015, as more resource have been allocated to it to reflect GDPR coming into application.

The ICCL is calling for the Irish government to consider hiring two additional commissioners — to supplement the current (sole) commissioner, Helen Dixon, who was appointed to the role back in 2014.

It notes that Irish law allows for the possibility of having three commissioners.

“The people who are supposed to make sure that Facebook and Google do not misuse the information that they have about each of us, are using a system so antiquated that one former staff member told me it is ‘like attempting to use an abacus to do payroll’,” Dr Johnny Ryan, an ICCL senior fellow, told TechCrunch.

The DPC is not configured for its digital mission,” he added in a statement. “What we have discovered indicates that it cannot run critically important internal technology projects. How can it be expected to monitor what the world’s biggest tech firms do with our data? This raises serious questions not only for the DPC, but for the Irish Government. We have alerted the Irish Government of the strategic economic risk from failing to enforce the GDPR.”

Reached for comment, the DPC told us it has a “functional and fit-for-purpose” Case Management System which it said has been “optimised with new features over the last number of years (including with capability for the generation of statistics and management reports)”.

But it conceded the system is “dated” and “limited” in terms of how much it can be adapted for integration with a new DPC website and web forms and the IMI [information systems management] shared platform used between EU data protection authorities — given that it’s based on Lotus Notes technology. 

“Significant work in specifying the system and building its core modules has been completed,” deputy commission Graham Doyle said. “Some delays in delivery have occurred because of updates to specification of security and infrastructure elements. Some other elements have on demand from the DPC been slowed in order to allow for the resolution between EU DPAs of final intended processes such as those involved in the Article 60 cooperation and consistency mechanism under the GDPR.

“The EDPB [European Data Protection Board] is only now preparing internal guidance on the operationalisation of Article 60 and further on the dispute resolution mechanism under Article 65. These are key features of work between EU DPAs that require hand-offs between systems. In addition, the EU almost 3 years after it intended to has not yet adopted its new e-Privacy legislation. Further, the DPC alongside all other EU DPAs is learning how the procedural and operational aspects of the GDPR are to operate in fine detail and some of them remain to be settled.”

Doyle added that “progress continues” on the new Case Management System investment — saying it’s the DPC’s intention that “initial core modules” of the new system will be rolled out in Q2 2021.

To date, Ireland’s regulator has only issued one decision pertaining to a cross-border GDPR complaint: In December when it fined Twitter $550k over a security breach the company had publicly disclosed in January 2019.

Disagreement between Ireland and other EU DPAs over its initial enforcement proposal added months more to the decision process — and the DPC was finally forced to increase its suggested penalty by up to a few thousand euros following a majority vote.

The Twitter case was hardly smooth sailing but it actually represents a relatively rapid turnaround compared to the seven+ years involved in a separate (2013) complaint (aka Schrems II) — related to Facebook’s international data transfers which predates the GDPR.

With that complaint the DPC chose to go to court to raise concerns about the legality of the data transfer mechanism itself rather than acting on a specific complaint over Facebook’s use of Standard Contractual Clauses. A referral to the European Court of Justice followed and the EU’s highest court ended up torpedoing a flagship data transfer arrangement between the EU and the US.

Despite its legal challenge resulting in the EU-US Privacy Shield being struck down, the DPC still hasn’t pulled the plug on Facebook’s EU transfers. Although last September it did issue a preliminary suspension order — which Facebook immediately challenged (and blocked, temporarily) via judicial review.

Last year the DPC settled a counter judicial review of its processes, brought by the original complainant, agreeing to swiftly finalize the complaint — although a decision is still likely months out. But should finally come this year.

The DPC defends itself against accusations of enforcement foot-dragging by saying it must follow due process to ensure its decisions stand up to legal challenge.

But as criticism of the unit continues to mount revelations that its own flagship internal ICT upgrade is dragging on some five years after it was stated as a DPC priority will do nothing to silence critics.

Last week the EU parliament’s civil liberties committee issued a draft motion calling on the Commission to begin infringement proceedings against against Ireland “for not properly enforcing the GDPR”.

In the statement it wrote of “deep concern” that several complaints against breaches of the GDPR have not yet been decided by the Irish DPC despite GDPR coming into application in May 2018.

The LIBE committee also flagged the Schrems II Facebook transfers case — writing that it is concerned this case “was started by the Irish Data Protection Commissioner, instead taking a decision within its powers pursuant to Article 58 GDPR”.

It’s also notable that the Commission’s latest plans for updating pan-EU platform regulations — the Digital Services Act and Digital Markets Act — propose to side-step the risk of enforcement bottlenecks by suggesting that key enforcement against the largest platforms should be brought in-house to avoid the risk of any single Member State agency standing in the way of cross-border enforcement of European citizens’ data rights, as continues to happen with the GDPR.

Another quirk in relation to the Irish DPC is that the unit is not subject to the full range of freedom of information law. Instead the law only applies in respect of records concerning “the general administration of the Commission”. This means that its “supervisory, regulatory, consultation, complaint-handling or investigatory functions (including case files) are not releasable under the Act”, as it notes on its website.

Freedom of information requests filed by TechCrunch last year — asking the DPC how many times it has used GDPR powers to impose a temporary or absolute ban on data processing — were refused by the regulator on these grounds.

Its refusal to disclose whether or not it has ever asked an infringing entity to stop processing personal data cited the partial coverage of FOI law, with the regulator saying ‘general administration’ only refers to “records which have to do with the management of an FOI body such as records referring to personnel, pay matters, recruitment, accounts, information technology, accommodation, internal organization, office procedures and the like”.

While Ireland’s FOI law prevents closer scrutiny of the DPC’s activities, the agency’s enforcement record speaks for itself.

Source: https://techcrunch.com/2021/02/09/eus-lead-data-supervisor-for-most-of-big-tech-is-still-using-lotus-notes/

The post I Thought I Didn’t Want To Get Married, Now I Do? Help! appeared first on A Practical Wedding: Wedding Planning, Inspiration, and Ideas.

Finch Capital, the early-stage fintech VC with a presence in London and Amsterdam, has raised a third fund. Targeting a final close of €150 million, the fund has already secured €85 million from LPs ready to deploy.

Out of Finch Capital “Europe III,” the VC will invest in fintech startups at the Series A and B stages, deemphasising its previous inclusion of seed. Specifically, it says it is on the lookout for “European category leaders,” and in particular those leveraging AI with €2-5 million in revenues — a company profile, the firm argues, that is currently seeing a funding gap. Noteworthy, in early 2020, Finch Capital added Google and DeepMind alum Steve Crossan as a venture partner.

As with its previous funds, Finch plans to back 15-20 European startups over the next three years, and candidly reveals it’s targeting liquidity (i.e. exits) “3-5 years post investment”.

“Although we have a relatively good hit rate on seed deals, the overall impact on the fund is small, as we have made the best returns on deals with €2-5 million in revenues,” Radboud Vlaar, MD Finch Capital, tells me. “This plays to our sweet spot as a team, to leverage our network to help companies to scale, which is harder in the earlier stages when the companies look for product market fit”.

On a potential funding gap, Vlaar says there is a lot of early-stage capital going to companies with €0.5-2 million in revenue, with the aim to get to €5 million and beyond in revenue quickly. And there is also a lot of capital chasing companies with €5-10 million in revenue. “In reality, B2B takes time and many companies are not growing linearly,” he observes. “They might have to adapt the team, strategy etc., on the way to cracking the market.

In addition, most of the U.S. or European growth firms prefer to see signs of a “winner takes all” market, which in Europe, due to its fragmented landscape, is more the exception than the rule, with a greater proportion of €100-500 million exits.

This means that Finch is seeing promising companies with “great products” that are facing a funding gap at €2-5 million in revenue, which the VC aims to plug. “Our strategy is fairly dynamic in terms of ownership but specific in terms of theme: we can aspire for 30-40% in certain companies as well as the more traditional stake of 15-25%,” adds Vlaar.

Meanwhile, Finch’s current portfolio spans pure-play fintech, regtech and insurtech, and includes Trussle, Fourthline, Goodlord, Grab, Hiber, BUX, Twisto and Zopa. Exits include Salviol and Cermati, plus two exits currently unannounced or in progress.

In 2020 the firm launched “Flowrence,” its machine learning tool to help source and manage deal flow. Finch says that over the last SIX months, 20% of its shortlisted deals were sourced by Flowrence, especially useful during the current pandemic.

Source: https://techcrunch.com/2021/02/09/finch-capital-launches-third-fund/

Hoxton Farms, a U.K. startup that wants to produce animal fat without using animals, has raised £2.7 million in seed funding.

The round is led by Founders Fund, the Silicon Valley venture capital firm founded by Peter Thiel. Also participating is Backed, Presight Capital, CPT Capital and Sustainable Food Ventures.

Still at the R&D stage, Hoxton Farms says it will use the funding to grow its interdisciplinary science team in a new purpose-built lab in London’s Old Street. “[We] will be working towards a scalable prototype of our cultivated fat over the next year to 18 months,” co-founder and mathematician Ed Steele tells me.

He started the company with longtime school friend Dr Max Jamilly, who has two degrees in biotechnology and a PhD in synthetic biology (the pair met at pre-school). “I spent my PhD using a genome editing technology called CRISPR to discover better treatments for children’s leukaemia,” says Jamily. “Along the way, I learnt how to grow complex cells at scale — a fundamental part of the scientific challenge that we face at Hoxton Farms”.

Like other companies in the meat alternative space, the startup is founded on the premise that the traditional meat industry is unsustainable. This is seeing demand for meat alternatives soaring, but, argues Steele, these products still aren’t good enough. “They don’t taste right and they aren’t healthy. They are missing the key ingredient: fat,” he says. And, of course, it’s fat that gives meat most of its flavour.

However, meat alternatives typically use plant oils as a fat replacement, which has a number of drawbacks. Some oils are bad for the environment, such as coconut and palm oil, and most lack flavour.

“At Hoxton Farms, we grow real animal fat without the animals,” explains Steele. “Starting from just a few cells, we grow purified animal fat in bioreactors to produce cultivated fat, a cruelty-free and sustainable ingredient that will finally unlock meat alternatives that look, cook and taste like the real thing”.

Furthermore, he says that current techniques for culturing animal cells are too expensive. Hoxton Farms is using mathematical and computational modelling to “massively reduce the cost of cell culture,” which the company believes will result in a production process “that is cost-effective at scale”.

“We’re combining the latest techniques from computational biology and tissue engineering to do science that wasn’t possible a few years ago,” says Steele. “What sets us apart is the fundamental philosophy that the only way to grow cells cost-effectively at scale is to combine the power of mathematical modelling with synthetic biology”.

It’s envisioned that his computational approach will not only help it compete with other companies working on the same problem — competitors include Mission Barns in the U.S. and Peace of Meat in Belgium/Israel — but also enable it to customise fats for different manufacturers. This could include fine tuning the taste profile, physical properties (melting temperature, density, etc.) and nutritional profile (saturated/unsaturated fatty acid ratio etc.).

Meanwhile, Hoxton Farms’ early customers will be plant-based meat companies who seek a more sustainable and flavoursome alternative to plant oils. Much further into the future, the startup will target cultivated meat companies that grow muscle cells but still need a source of fat, and other industries, such as bakery, confectionery and cosmetics.

Source: https://techcrunch.com/2021/02/09/hoxton-farms/

Tesla, which is seeing rapid growth in China as it ramps up local manufacturing capacity, has been called upon by the Chinese government for talks over quality issues in its electric cars.

A group of Chinese authorities, including the country’s top market regulator, cyberspace watchdog and transportation authority, held talks with Tesla after consumers complained about acceleration irregularities, battery fire, software upgrade failures and other vehicle problems, according to a government notice posted late Monday.

Tesla said on microblogging platform Weibo that it “sincerely accepts the government departments’ guidance” and will “strictly comply with Chinese laws.” It will also work to strengthen its “internal operational structure and workflow” under the direction of the regulators in order to ensure safety and consumer rights.

While its popularity surged in China over the past few years, Tesla has made a series of recalls due to faulty parts or functions in the country. Just before its meeting with the government, the American EV giant recalled 20,428 imported Model S vehicles and 15,698 units of imported Model X, China’s market regulator announced last week.

China is an increasingly important and the second-largest market for Tesla. The Gigafactory in Shanghai, where Tesla enjoys tax breaks granted by the local municipal government, has allowed the carmaker to localize procurement and production, thus driving down prices in products like Model 3.

China contributed $6.66 billion in revenue for Tesla in 2020, more than doubling the amount from a year before, and accounted for more than 20% of the firm’s total revenues, according to Tesla’s filing with the Securities and Exchange Commission this week. In 2019, China made up just around 12% of Tesla’s revenues.

Tesla is competing with a handful of well-financed and indigenous electric car startups in China such as Nio and Xpeng, which are both listed in the U.S. For comparison, Xpeng shipped a total of 27,041 vehicles in 2020, while Nio topped that with 43,728 units shipped. These numbers are still fractions of Tesla’s total delivery, which reached 499,647 vehicles in the year.

Source: https://techcrunch.com/2021/02/08/tesla-summoned-by-chinese-regulators-for-quality-concerns/