Connect with us

Uncategorized

Apple’s IDFA gets targeted in strategic EU privacy complaints

Published

on

A unique device identifier that Apple assigns to each iPhone for third parties to track users for ad targeting — aka the IDFA (Identifier for Advertisers) — is itself now the target of two new complaints filed by European privacy campaign not-for-profit, noyb.

The complaints, lodged with German and Spanish data protection authorities, contend that Apple’s setting of the IDFA breaches regional privacy laws on digital tracking because iOS users are not asked for their consent for the initial storage of the identifier.

noyb is also objecting to others’ being able to access the IDFA without prior consent — with one of its complainants writing that they were never asked for consent for third party access yet found several apps had shared their IDFA with Facebook (per their off-Facebook activity page).

We’ve reached out to the data protection agencies in question for comment.

While Apple isn’t the typical target for digital privacy campaigners, given it makes most of its money selling hardware and software instead of profiling users for ad targeting, as adtech giants like Facebook and Google do, its marketing rhetoric around taking special care over user privacy can look awkward when set against the existence of an Identifier for Advertisers baked into its hardware.

In the European Union there’s a specific legal dimension to this awkwardness — as existing laws require explicit consent from users to (non-essential) tracking. noyb’s complaints cite Article 5(3) of the EU’s ePrivacy Directive which mandates that users must be asked for consent to the storage of ad tracking technologies such as cookies. (And noyb argues the IDFA is just like a tracking cookie but for iPhones.)

Europe’s top court further strengthened the requirement last year when it made it clear that consent for non-essential tracking must be obtained prior to storing or accessing the trackers. The CJEU also ruled that such consent cannot be implied or assumed — such as by the use of pre-checked ‘consent’ boxes.

In a press release about the complaints, noyb’s Stefano Rossetti, a privacy lawyer, writes: “EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.”

Apple has long controlled how third parties serving apps on its iOS platform can use the IDFA, wielding the stick of ejection from its App Store to drive their compliance with its rules.

Recently, though, it has gone further — telling advertisers this summer they will soon have to offer users an opt-out from ad tracking in a move billed as increasing privacy controls for iOS users — although Apple delayed implementation of the policy until early next year after facing anger from advertisers over the plan. But the idea is there will be a toggle in iOS 14 that users need to flip on before a third party app gets to access the IDFA to track iPhone users’ in-app activity for ad targeting.

However noyb’s complaint focuses on Apple’s setting of the IDFA in the first place — arguing that since the pseudonymised identifier constitutes private (personal) data under EU law they need to get permission before creating and storing it on their device.

“The IDFA is like a ‘digital license plate’. Every action of the user can be linked to the ‘license plate’ and used to build a rich profile about the user. Such profile can later be used to target personalised advertisements, in-app purchases, promotions etc. When compared to traditional internet tracking IDs, the IDFA is simply a ‘tracking ID in a mobile phone’ instead of a tracking ID in a browser cookie,” noyb writes in one complaint, noting that Apple’s privacy policy does not specify the legal basis it uses to “place and process” the IDFA.

noyb also argues that Apple’s planned changes to how the IDFA gets accessed — trailed as incoming in early 2021 — don’t go far enough.

“These changes seem to restrict the use of the IDFA for third parties (but not for Apple itself),” it writes. “Just like when an app requests access to the camera or microphone, the plans foresee a new dialog that asks the user if an app should be able to access the IDFA. However, the initial storage of the IDFA and Apple’s use of it will still be done without the users’ consent and therefore in breach of EU law. It is unclear when and if these changes will be implemented by the company.”

We reached out to Apple for comment on noyb’s complaints but at the time of writing an Apple spokesman said it did not have an on-the-record statement. The spokesman did tell us that Apple itself does not use unique customer identifiers for advertising.

In a separate but related recent development, last month publishers and advertisers in France filed an antitrust complaint against the iPhone maker over its plan to require opt-in consent for accessing the IDFA — with the coalition contending the move amounts to an abuse of market power.

Apple responded to the antitrust complaint in a statement that said: “With iOS 14, we’re giving users the choice whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers.”

We believe privacy is a fundamental human right and support the European Union’s leadership in protecting privacy with strong laws such as the GDPR (General Data Protection Regulation),” Apple added then.

That antitrust complaint may explain why noyb has decided to file its own strategic complaints against Apple’s IDFA. Simply put, if no tracker ID can be created — because an iOS user refuses to give consent — there’s less surface area for advertisers to try to litigate against privacy by claiming tracking is a competitive right.

“We believe that Apple violated the law before, now and after these changes,” said Rossetti in another statement. “With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default.”

Another interesting component of the noyb complaints is they’re being filed under the ePrivacy Directive, rather than under Europe’s (newer) General Data Protection Regulation. This means noyb is able to target them to specific EU data protection agencies, rather than having complaints funnelled back to Ireland’s DPC — under the GDPR’s one-stop-shop mechanism for handling cross-border cases.

Its hope is this route will result in swifter regulatory action. These cases are based on the ‘old’ cookie law and do not trigger the cooperation mechanism of the GDPR. In other words, we are trying to avoid endless procedures like the ones we are facing in Ireland,” added Rossetti.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Continue Reading
Comments

Uncategorized

How the US, UK and China are planning to roll out vaccines

Published

on

The vaccines are coming. The UK became the first country in the West to approve a covid-19 vaccine for emergency use on December 2, specifically the Pfizer and BioNTech vaccine, which has completed Phase 3 trials. But the US, EU, and many other countries are expected to follow suit in the following days and weeks. The imminent arrival of vaccines not only means that countries face a huge logistical challenge to distribute them—which is complicated by the fact the two most promising vaccines require ultra-cold temperatures—but they also have to grapple with hard choices over who gets them first. 

Here’s how different countries are making their decisions on distributing vaccines to their populations. 

United States

How many doses will be available? Up to 40 million doses are expected to be on offer in the US by the end of 2020—25 million of which will come from Pfizer-BioNTech, and 12.5 million from Moderna, according to Reuters. Since the vaccines each require two doses spaced several weeks apart, this will be enough to vaccinate 20 million people—but not all shipments will come at once. The first shipment will reportedly cover 3.2 million people, with 5-10 million more doses delivered each week after that.  

Who will get it first? In the US, individual states are responsible for creating their own vaccine distribution plans. They are meant to follow general guidance from the CDC’s Interim Playbook for Covid-19, which was shaped by the Advisory Committee on Immunization Practices (ACIP) with input from the National Academies of Sciences, Engineering, and Medicine.

ACIP met on December 1, and voted on the recommended first phase of the distribution plan. This is known as 1a, and will prioritize 21 million health care workers and 3 million adults in long-term care facilities, like nursing homes, who are particularly vulnerable. 

USA vaccine covid-19

MS TECH | PIXABAY

The following phases will add other people to the list: 1b will prioritize other essential workers, such as school staff, while 1c prioritizes adults older than 65 and others with other medical issues that increase the risk of serious complications from covid.

Phase two would cover people who work in schools, transportation, congregate housing facilities, like nursing homes, and other places with high concentrations of people. Phase three includes young adults and children—in an attempt to stop super spreading events—as well as other essential workers not previously covered. Phase four would include everyone else. 

But the CDC guidelines leave a lot for state and local governments to interpret and implement. 

Even in phase 1, different states have different definitions for essential workers, for example. ACIP has yet to discuss anything beyond phase 1, leaving many open questions about how to prioritize the rest of the population. One analysis of 47 published state plans by the Kaiser Family Foundation found that about half explicitly mentioned race and health equity as a factor for prioritization. 

China

How many doses will be available? Chinese scientists say the country will have 600 million doses ready this year, the South China Morning Post reports. Wang Junzhi, a member of the nation’s vaccine task force, told journalists on December 4 that the doses of inactivated vaccines will be ready for launch before the end of the year. He said a “major announcement”on vaccine trials was expected in the coming weeks. 

China vaccine covid-19

MS TECH | PIXABAY

China has five vaccine candidates from four manufacturers in phase three clinical trials, including the frontrunners from Sinopharm and Sinovac Biotech. While none have yet been approved for commercial use, they have been administered in so-called “pre-tests” in China, where coronavirus numbers are low, and are also undergoing phase three trials in 15 countries abroad. 

Who will get it first? That question’s already been answered. Emergency authorization was granted to the two leading candidates earlier this year: Since June, an unknown number of People’s Liberation Army members have received shots, and essential city workers started getting vaccinated in July. All in all, roughly one million people have received emergency authorization vaccines so far, including employees of state-owned enterprises, Huawei employees in 180 countries, and Chinese diplomats. 

“An emergency use authorization, which is based on Chinese vaccine management law, allows unapproved vaccine candidates to be used among people who are at high risk of getting infected on a limited period,” said Zheng Zhongwei, the director of the Science and Technology Development Center of China’s National Health Commission, in an interview with China’s state television channel on August 22.

President Xi Jinping has vowed to make the vaccine available around the world as a“global public good.” In October, China joined the Covax Facility, a global alliance of 189 countries that have pledged to equitably distribute vaccines. The US is not part of that group. 

The countries prioritized for distribution of the five Chinese vaccine candidates are primarily those which have hosted trials, which in turn is shaped by China’s strategic interest.  These include Brazil, Indonesia, and Turkey, which have signed deals for 46 million, 50 million, and 50 million Sinovac doses respectively; and Mexico, which has a deal with CanSino Biologics for 35 million doses. 

Little is known about how the Chinese government is prioritizing vaccine distribution domestically, though local reports suggest that individual provinces are making their own plans to buy vaccine doses, which will cost 200 RMB per dose (roughly $30.) The state insurance plan will not cover the cost. 

UK

How many doses will be available? The UK approved the Pfizer/BioNTech vaccine for emergency use in the general public on December 2. It will start inoculating its population of 67 million people through the state-run National Health Service, with the first vaccinations to be given to the highest-priority individuals from December 7. The UK bought 40 million doses of the Pfizer vaccine; since each person requires two doses, so it has enough to vaccinate about a third of the population. It has also purchased 100 million doses of the AstraZeneca/Oxford vaccine, 7 million doses of the Moderna vaccine, and smaller quantities of other vaccine candidates, bringing the total it has bought to 355 million—in short, more than enough to vaccinate everyone. 

Who will get it first? The UK’s decision relied on a group called the Joint Committee on Vaccination and Immunisation (JCVI), an independent committee of academics and medical experts responsible for advising government ministers. For its phase one delivery, it divided the population into nine different groups, recommended vaccinating them in this order of priority, which the government has adopted:

  • Residents and staff working in elderly care homes
  • Everyone over 80 years old plus health and social care workers
  • Everyone over 75 years old
  • Everyone over 70 years old plus “clinically extremely vulnerable” individuals, which does not include pregnant people or those under the age of 18. 
  • Everyone over 65 years old
  • Adults aged 18 to 65 years in an at-risk group. This includes people with chronic diseases, diabetes, learning difficulties, morbid obesity or severe mental illness.  
  • Everyone over 60 years old
  • Everyone over 55 years old
  • Everyone over 50 years old

The JCVI has publicly explained its thinking in a 25-page document stating that “current evidence strongly indicates that the single greatest risk of mortality from covid-19 is increasing age.” It has not yet announced plans beyond phase one.

Elsewhere

Russia: Russia became the first country anywhere to approve a vaccine back in August 2020. President Vladimir Putin himself announced its Sputnik V vaccine had been granted authorization on August 11, before phase 3 trials had even started. Those are still underway, but the country is already preparing to start mass immunizations, with Putin ordering officials to start making the necessary preparations just hours after the news of the UK’s approval came in. Vaccinations will reportedly begin with healthcare workers and teachers. They will be free of charge, and the Kremlin says they will be carried out on a voluntary basis. Russia also says it will have up to 500 million doses ready for export. 
Other countries: The options are limited for many lower and middle income countries, since the world’s richest nations—including the 27 member-states of the EU as well as Canada, the United States, United Kingdom, Australia, and Japan—have already pre-ordered half of the world’s expected available supply. Ninety two of these countries have joined the Covax Facility, which has secured 700 million doses and aims to cover 20% of the population of lower and middle income countries by the end of 2021.

Continue Reading

Uncategorized

3 ways the pandemic is transforming tech spending

Published

on

Ever since the pandemic hit the U.S. in full force last March, the B2B tech community keeps asking the same questions: Are businesses spending more on technology? What’s the money getting spent on? Is the sales cycle faster? What trends will likely carry into 2021?

Recently we decided to join forces to answer these questions. We analyzed data from the just-released Q4 2020 Outlook of the Coupa Business Spend Index (BSI), a leading indicator of economic growth, in light of hundreds of conversations we have had with business-tech buyers this year.

A former Battery Ventures portfolio company, Coupa* is a business spend-management company that has cumulatively processed more than $2 trillion in business spending. This perspective gives Coupa unique, real-time insights into tech spending trends across multiple industries.

Tech spending is continuing despite the economic recession — which helps explain why many startups are raising large rounds and even tapping public markets for capital.

Broadly speaking, tech spending is continuing despite the economic recession — which helps explain why many tech startups are raising large financing rounds and even tapping the public markets for capital. Here are our three specific takeaways on current tech spending:

Spending is shifting away from remote collaboration to SaaS and cloud computing

Tech spending ranks among the hottest boardroom topics today. Decisions that used to be confined to the CIO’s organization are now operationally and strategically critical to the CEO. Multiple reasons drive this shift, but the pandemic has forced businesses to operate and engage with customers differently, almost overnight. Boards recognize that companies must change their business models and operations if they don’t want to become obsolete. The question on everyone’s mind is no longer “what are our technology investments?” but rather, “how fast can they happen?”

Spending on WFH/remote collaboration tools has largely run its course in the first wave of adaptation forced by the pandemic. Now we’re seeing a second wave of tech spending, in which enterprises adopt technology to make operations easier and simply keep their doors open.

SaaS solutions are replacing unsustainable manual processes. Consider Rhode Island’s decision to shift from in-person citizen surveying to using SurveyMonkey. Many companies are shifting their vendor payments to digital payments, ditching paper checks entirely. Utility provider PG&E is accelerating its digital transformation roadmap from five years to two years.

The second wave of adaptation has also pushed many companies to embrace the cloud, as this chart makes clear:

Similarly, the difficulty of maintaining a traditional data center during a pandemic has pushed many companies to finally shift to cloud infrastructure under COVID. As they migrate that workload to the cloud, the pie is still expanding. Goldman Sachs and Battery Ventures data suggest $600 billion worth of disruption potential will bleed into 2021 and beyond.

In addition to SaaS and cloud adoption, companies across sectors are spending on technologies to reduce their reliance on humans. For instance, Tyson Foods is investing in and accelerating the adoption of automated technology to process poultry, pork and beef.

All companies are digital product companies now

Mention “digital product company” in the past, and we’d all think of Netflix. But now every company has to reimagine itself as offering digital products in a meaningful way.

Continue Reading

Uncategorized

The fragmentation of everything

Published

on

The rise of technonationalism. Diverging regulatory regimes. The spread of “walled gardens.” Polarization like nothing we’ve seen before. The confluence of several trends is poised to completely fragment our real and digital worlds. For companies, this raises a host of new risks, from cybersecurity threats to reputation risk—which, in turn, will require new responses and approaches.

The techonomic cold war

A “techonomic cold war” is already under way—an ongoing, often-invisible state of conflict at the intersection of technology and geopolitics.

Competition to dominate the next generation of technology infrastructure—such as electric vehicles, 5G networks, and quantum computing—is becoming increasingly heated. It’s a high-stakes contest and the countries setting the rules for these technologies could secure significant economic advantage, much as the United States benefited over several decades from pioneering the personal computer and the internet.

At the same time, populist and nationalist leaders have been ascendant in much of the world. These leaders have protectionist and interventionist instincts, and a willingness to buck established norms. It’s a combination which has resulted in the deployment of unconventional tools to favor domestic companies—not just tariffs and trade wars, but company bans and new forms of cyberattacks such as weaponized disinformation.

All of this is leading to the partitioning of both the real world (e.g., trade, labor mobility, and investment) and the digital world (e.g., tech platforms and standards). In this fragmented future, companies once used to operating on a global stage will instead find themselves restricted to operating within the spheres of influence of their home states. (For more, see “Techonomic Cold War” in EY’s Megatrends 2020 report and MIT Technology Review’s “Technonationalism” issue).

Regulators aren’t the only ones fragmenting the digital world. To a large extent, tech companies have been doing it themselves.

Divergent social contracts

Technology platforms are today’s basic infrastructure, increasingly inseparable from the economies and societies in which they exist. These platforms are increasingly where citizens get news, engage in political debate, network professionally, and more.

But while tech companies might seek to create seamless, integrated global platforms, they in fact deliver their offerings in vastly different societies. The social contract of the US is fundamentally different from that of China, Saudi Arabia, or even the European Union (EU). So, governments and regulators in different markets have been moving to recast tech platforms in the image of their social contracts. An early example was China, which developed its own platforms that better align with its social contract than do US-developed offerings.

Meanwhile, the EU has become increasingly active and visible in regulating technology. The most prominent recent example, the General Data Protection Regulation (GDPR), is a precursor of things to come. The GDPR tackles privacy and data protection, but much bigger regulatory issues loom, from the explainability of algorithms to the safety of autonomous vehicles (for more, see EY’s Bridging AI’s trust gaps report). As these technologies come of age and become more prominent in the lives of citizens, expect governments in different regions to become more active in regulating them. Over time, increasingly complex regulatory issues and divergent ideologies will create either separate platforms, or platforms that ostensibly have the same name but deliver fundamentally different user experiences in different geographies.

Walled gardens

Regulators aren’t the only ones fragmenting the digital world. To a large extent, tech companies have been doing it themselves. Walled gardens—closed, self-contained tech platforms or ecosystems—have endured because they are good for the bottom line. They allow companies to extract more value from customers and their data while offering a more curated user experience. In recent months, there has been a growing fragmentation of “over-the-top” media streaming services, with individual studios and networks developing their own subscriber platforms. Instead of streaming platforms that hosted content from a wide variety of creators, platforms will offer exclusive access to their own content—fragmenting the streaming media experience.

Hyperpolarization

It’s no secret that political polarization has been growing at an alarming rate and that social media platforms—while not solely responsible—have been fueling the trend. Filter bubbles in social media platforms have enabled the spread of misinformation, leaving platforms with the tricky and unenviable task of policing the truth.

Worrying as it may be, everything we have seen so far may be nothing compared with what lies ahead. As social media platforms become more active in stemming the flow of misinformation, its purveyors are starting to seek new homes free from policing. In the weeks since the recent US Presidential election, a growing number of Trump voters have started leaving mainstream social media platforms for alternatives such as Parler and Telegram. By the time the next Presidential election rolls around, it’s not farfetched to anticipate that we could see today’s social media filter bubbles replaced by entirely separate social media platforms catering to conservatives and liberals.

At that point, we will have moved from an era of polarization to one of hyperpolarization. For anyone worried social media platforms are doing too little to curb misinformation, imagine how much worse things will be with platforms that don’t even try.

Risks and challenges

The techonomic cold war necessitates a new approach to cybersecurity. “Companies need to guard against not just malware and phishing attacks, but weaponized disinformation,” says Kris Lovejoy, EY’s global consulting cybersecurity leader. “We’ve seen disinformation used to attack elections, but there’s no reason it couldn’t be used to target companies. Most companies today do not have the safeguards and protections they will need in the next frontier of cybersecurity.”

A second challenge is lack of transparency. Commerce thrives on transparency, yet instruments such as company bans are opaque and seemingly arbitrary. To the extent these instruments undermine transparency, they create uncertainty for businesses.

The regional fragmentation of platforms by regulation and divergent social contracts increases the complexity of regulatory compliance and the risk of regulatory noncompliance. Beyond mere compliance, companies face significant brand and reputation risk if consumers perceive platforms to be misaligned with societal values.

A hyperpolarized future will create some of the most significant challenges of all. Losing the last tenuous bridges between our divergent echo chambers would threaten everything from social stability to the future of democracy and the very existence of a shared reality.

This content was produced by EY. It was not written by MIT Technology Review’s editorial staff.

Continue Reading

Trending