Archiv der Kategorie: Werbung

June 2018 Tech News & Trends to Watch

1. Companies Worldwide Strive for GDPR Compliance

By now, everyone with an email address has seen a slew of emails announcing privacy policy updates. You have Europe’s GDPR legislation to thank for your overcrowded inbox. GDPR creates rules around how much data companies are allowed to collect, how they’re able to use that data, and how clear they have to be with consumers about it all.

Companies around the world are scrambling to get their business and its practices into compliance – a significant task for many of them. While technically, the deadline to get everything in order passed on May 25, for many companies the process will continue well into June and possibly beyond. Some companies are even shutting down in Europe for good, or for as long as it takes them to get in compliance.

Even with the deadline behind us, the GDPR continues to be a top story for the tech world and may remain so for some time to come.

 

2. Amazon Provides Facial Recognition Tech to Law Enforcement

Amazon can’t seem to go a whole month without showing up in a tech news roundup. This month it’s for a controversial story: selling use of Rekognition, their facial recognition software, to law enforcement agencies on the cheap.

Civil rights groups have called for the company to stop allowing law enforcement access to the tech out of concerns that increased government surveillance can pose a threat to vulnerable communities in the country. In spite of the public criticism, Amazon hasn’t backed off on providing the tech to authorities, at least as of this time.

 

3. Apple Looks Into Self-Driving Employee Shuttles

Of the many problems facing our world, the frustrating work commute is one that many of the brightest minds in tech deal with just like the rest of us. Which makes it a problem the biggest tech companies have a strong incentive to try to solve.

Apple is one of many companies that’s invested in developing self-driving cars as a possible solution, but while that goal is still (probably) years away, they’ve narrowed their focus to teaming up with VW to create self-driving shuttles just for their employees.  Even that project is moving slower than the company had hoped, but they’re aiming to have some shuttles ready by the end of the year.

 

4. Court Weighs in on President’s Tendency to Block Critics on Twitter

Three years ago no one would have imagined that Twitter would be a president’s go-to source for making announcements, but today it’s used to that effect more frequently than official press conferences or briefings.

In a court battle that may sound surreal to many of us, a judge just found that the president can no longer legally block other users on Twitter.  The court asserted that blocking users on a public forum like Twitter amounts to a violation of their First Amendment rights. The judgment does still allow for the president and other public officials to mute users they don’t agree with, though.

 

5. YouTube Launches Music Streaming Service

YouTube joined the ranks of Spotify, Pandora, and Amazon this past month with their own streaming music service. Consumers can use a free version of the service that includes ads, or can pay $9.99 for the ad-free version.

youtube music service

With so many similar services already on the market, people weren’t exactly clamoring for another music streaming option. But since YouTube is likely to remain the reigning source for videos, it doesn’t necessarily need to unseat Spotify to still be okay. And with access to Google’s extensive user data, it may be able to provide more useful recommendations than its main competitors in the space, which is one way the service could differentiate itself.

 

6. Facebook Institutes Political Ad Rules

Facebook hasn’t yet left behind the controversies of the last election. The company is still working to proactively respond to criticism of its role in the spread of political propaganda many believe influenced election results. One of the solutions they’re trying is a new set of rules for any political ads run on the platform.

Any campaign that intends to run Facebook ads is now required to verify their identity with a card Facebook mails to their address that has a verification code. While Facebook has been promoting these new rules for a few weeks to politicians active on the platform, some felt blindsided when they realized, right before their primaries no less, that they could no longer place ads without waiting 12 to 15 days for a verification code to come in the mail. Politicians in this position blame the company for making a change that could affect their chances in the upcoming election.

Even in their efforts to avoid swaying elections, Facebook has found themselves criticized for doing just that. They’re probably feeling at this point like they just can’t win.

 

7. Another Big Month for Tech IPOs

This year has seen one tech IPO after another and this month is no different. Chinese smartphone company Xiaomi has a particularly large IPO in the works. The company seeks to join the Hong Kong stock exchange on June 7 with an initial public offering that experts anticipate could reach $10 billion.

The online lending platform Greensky started trading on the New York Stock Exchange on May 23 and sold 38 million shares in its first day, 4 million more than expected. This month continues 2018’s trend of tech companies going public, largely to great success.

 

8. StumbleUpon Shuts Down

In the internet’s ongoing evolution, there will always be tech companies that win and those that fall by the wayside. StumbleUpon, a content discovery platform that had its heyday in the early aughts, is officially shutting down on June 30.

Since its 2002 launch, the service has helped over 40 million users “stumble upon” 60 billion new websites and pieces of content. The company behind StumbleUpon plans to create a new platform that serves a similar purpose that may be more useful to former StumbleUpon users called Mix.

 

9. Uber and Lyft Invest in Driver Benefits

In spite of their ongoing success, the popular ridesharing platforms Uber and Lyft have faced their share of criticism since they came onto the scene. One of the common complaints critics have made is that the companies don’t provide proper benefits to their drivers. And in fact, the companies have fought to keep drivers classified legally as contractors so they’re off the hook for covering the cost of employee taxes and benefits.

Recently both companies have taken steps to make driving for them a little more attractive. Uber has begun offering Partner Protection to its drivers in Europe, which includes health insurance, sick pay, and parental leave ­ ­– so far nothing similar in the U.S. though. For its part, Lyft is investing $100 million in building driver support centers where their drivers can stop to get discounted car maintenance, tax help, and customer support help in person from Lyft staff. It’s not the same as getting full employee benefits (in the U.S. at least), but it’s something.

Source: https://www.hostgator.com/blog/june-tech-trends-to-watch/

Advertisements

Forget Facebook

Forget Facebook

Photo Credits: oe24.at – Copyrights of oe24.at reserved

Source: Techcrunch.com

Cambridge Analytica may have used Facebook’s data to influence your political opinions. But why does least-liked tech company Facebook have all this data about its users in the first place?

Let’s put aside Instagram, WhatsApp and other Facebook products for a minute. Facebook has built the world’s biggest social network. But that’s not what they sell. You’ve probably heard the internet saying “if a product is free, it means that you are the product.”

And it’s particularly true in this case because Facebook is the world’s second biggest advertising company in the world behind Google. During the last quarter of 2017, Facebook reported $12.97 billion in revenue, including $12.78 billion from ads.

That’s 98.5 percent of Facebook’s revenue coming from ads.

Ads aren’t necessarily a bad thing. But Facebook has reached ad saturation in the newsfeed. So the company has two options — creating new products and ad formats, or optimizing those sponsored posts.

Facebook has reached ad saturation in the newsfeed

This isn’t a zero-sum game — Facebook has been doing both at the same time. That’s why you’re seeing more ads on Instagram and Messenger. And that’s also why ads on Facebook seem more relevant than ever.

If Facebook can show you relevant ads and you end up clicking more often on those ads, then advertisers will pay Facebook more money.

So Facebook has been collecting as much personal data about you as possible — it’s all about showing you the best ad. The company knows your interests, what you buy, where you go and who you’re sleeping with.

You can’t hide from Facebook

Facebook’s terms and conditions are a giant lie. They are purposely misleading, too long and too broad. So you can’t just read the company’s terms of service and understand what it knows about you.

That’s why some people have been downloading their Facebook data. You can do it too, it’s quite easy. Just head over to your Facebook settings and click the tiny link that says “Download a copy of your Facebook data.”

In that archive file, you’ll find your photos, your posts, your events, etc. But if you keep digging, you’ll also find your private messages on Messenger (by default, nothing is encrypted).

And if you keep digging a bit more, chances are you’ll also find your entire address book and even metadata about your SMS messages and phone calls.

All of this is by design and you agreed to it. Facebook has unified terms of service and share user data across all its apps and services (except WhatsApp data in Europe for now). So if you follow a clothing brand on Instagram, you could see an ad from this brand on Facebook.com.

Messaging apps are privacy traps

But Facebook has also been using this trick quite a lot with Messenger. You might not remember, but the on-boarding experience on Messenger is really aggressive.

On iOS, the app shows you a fake permission popup to access your address book that says “Ok” or “Learn More”. The company is using a fake popup because you can’t ask for permission twice.

There’s a blinking arrow below the OK button.

If you click on “Learn More”, you get a giant blue button that says “Turn On”. Everything about this screen is misleading and Messenger tries to manipulate your emotions.

“Messenger only works when you have people to talk to,” it says. Nobody wants to be lonely, that’s why Facebook implies that turning on this option will give you friends.

Even worse, it says “if you skip this step, you’ll need to add each contact one-by-one to message them.” This is simply a lie as you can automatically talk to your Facebook friends using Messenger without adding them one-by-one.

The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger

If you tap on “Not Now”, Messenger will show you a fake notification every now and then to push you to enable contact syncing. If you tap on yes and disable it later, Facebook still keeps all your contacts on its servers.

On Android, you can let Messenger manage your SMS messages. Of course, you guessed it, Facebook uploads all your metadata. Facebook knows who you’re texting, when, how often.

Even if you disable it later, Facebook will keep this data for later reference.

But Facebook doesn’t stop there. The company knows a lot more about you than what you can find in your downloaded archive. The company asks you to share your location with your friends. The company tracks your web history on nearly every website on earth using embedded JavaScript.

But my favorite thing is probably peer-to-peer payments. In some countries, you can pay back your friends using Messenger. It’s free! You just have to add your card to the app.

It turns out that Facebook also buys data about your offline purchases. The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger.

In other words, Messenger is a great Trojan horse designed to learn everything about you.

And the next time an app asks you to share your address book, there’s a 99-percent chance that this app is going to mine your address book to get new users, spam your friends, improve ad targeting and sell email addresses to marketing companies.

I could say the same thing about all the other permission popups on your phone. Be careful when you install an app from the Play Store or open an app for the first time on iOS. It’s easier to enable something if a feature doesn’t work without it than to find out that Facebook knows everything about you.

GDPR to the rescue

There’s one last hope. And that hope is GDPR. I encourage you to read TechCrunch’s Natasha Lomas excellent explanation of GDPR to understand what the European regulation is all about.

Many of the misleading things that are currently happening at Facebook will have to change. You can’t force people to opt in like in Messenger. Data collection should be minimized to essential features. And Facebook will have to explain why it needs all this data to its users.

If Facebook doesn’t comply, the company will have to pay up to 4 percent of its global annual turnover. But that doesn’t stop you from actively reclaiming your online privacy right now.

You can’t be invisible on the internet, but you have to be conscious about what’s happening behind your back. Every time a company asks you to tap OK, think about what’s behind this popup. You can’t say that nobody told you.

Source: Techcrunch.com

What is GDPR – General Data Protection Regulation

Source Techcrunch.com

European Union lawmakers proposed a comprehensive update to the bloc’s data protection and privacy rules in 2012.

Their aim: To take account of seismic shifts in the handling of information wrought by the rise of the digital economy in the years since the prior regime was penned — all the way back in 1995 when Yahoo was the cutting edge of online cool and cookies were still just tasty biscuits.

Here’s the EU’s executive body, the Commission, summing up the goal:

The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy.

For an even shorter the EC’s theory is that consumer trust is essential to fostering growth in the digital economy. And it thinks trust can be won by giving users of digital services more information and greater control over how their data is used. Which is — frankly speaking — a pretty refreshing idea when you consider the clandestine data brokering that pervades the tech industry. Mass surveillance isn’t just something governments do.

The General Data Protection Regulation (aka GDPR) was agreed after more than three years of negotiations between the EU’s various institutions.

It’s set to apply across the 28-Member State bloc as of May 25, 2018. That means EU countries are busy transposing it into national law via their own legislative updates (such as the UK’s new Data Protection Bill — yes, despite the fact the country is currently in the process of (br)exiting the EU, the government has nonetheless committed to implementing the regulation because it needs to keep EU-UK data flowing freely in the post-brexit future. Which gives an early indication of the pulling power of GDPR.

Meanwhile businesses operating in the EU are being bombarded with ads from a freshly energized cottage industry of ‘privacy consultants’ offering to help them get ready for the new regs — in exchange for a service fee. It’s definitely a good time to be a law firm specializing in data protection.

GDPR is a significant piece of legislation whose full impact will clearly take some time to shake out. In the meanwhile, here’s our guide to the major changes incoming and some potential impacts.

Data protection + teeth

A major point of note right off the bat is that GDPR does not merely apply to EU businesses; any entities processing the personal data of EU citizens need to comply. Facebook, for example — a US company that handles massive amounts of Europeans’ personal data — is going to have to rework multiple business processes to comply with the new rules. Indeed, it’s been working on this for a long time already.

Last year the company told us it had assembled “the largest cross functional team” in the history of its family of companies to support GDPR compliance — specifying this included “senior executives from all product teams, designers and user experience/testing executives, policy executives, legal executives and executives from each of the Facebook family of companies”.

“Dozens of people at Facebook Ireland are working full time on this effort,” it said, noting too that the data protection team at its European HQ (in Dublin, Ireland) would be growing by 250% in 2017. It also said it was in the process of hiring a “top quality data protection officer” — a position the company appears to still be taking applications for.

The new EU rules require organizations to appoint a data protection officer if they process sensitive data on a large scale (which Facebook very clearly does). Or are collecting info on many consumers — such as by performing online behavioral tracking. But, really, which online businesses aren’t doing that these days?

The extra-territorial scope of GDPR casts the European Union as a global pioneer in data protection — and some legal experts suggest the regulation will force privacy standards to rise outside the EU too.

Sure, some US companies might prefer to swallow the hassle and expense of fragmenting their data handling processes, and treating personal data obtained from different geographies differently, i.e. rather than streamlining everything under a GDPR compliant process. But doing so means managing multiple data regimes. And at very least runs the risk of bad PR if you’re outed as deliberately offering a lower privacy standard to your home users vs customers abroad.

Ultimately, it may be easier (and less risky) for businesses to treat GDPR as the new ‘gold standard’ for how they handle all personal data, regardless of where it comes from.

And while not every company harvests Facebook levels of personal data, almost every company harvests some personal data. So for those with customers in the EU GDPR cannot be ignored. At very least businesses will need to carry out a data audit to understand their risks and liabilities.

Privacy experts suggest that the really big change here is around enforcement. Because while the EU has had long established data protection standards and rules — and treats privacy as a fundamental right — its regulators have lacked the teeth to command compliance.

But now, under GDPR, financial penalties for data protection violations step up massively.

The maximum fine that organizations can be hit with for the most serious infringements of the regulation is 4% of their global annual turnover (or €20M, whichever is greater). Though data protection agencies will of course be able to impose smaller fines too. And, indeed, there’s a tiered system of fines — with a lower level of penalties of up to 2% of global turnover (or €10M).

This really is a massive change. Because while data protection agencies (DPAs) in different EU Member States can impose financial penalties for breaches of existing data laws these fines are relatively small — especially set against the revenues of the private sector entities that are getting sanctioned.

In the UK, for example, the Information Commissioner’s Office (ICO) can currently impose a maximum fine of just £500,000. Compare that to the annual revenue of tech giant Google (~$90BN) and you can see why a much larger stick is needed to police data processors.

It’s not necessarily the case that individual EU Member States are getting stronger privacy laws as a consequence of GDPR (in some instances countries have arguably had higher standards in their domestic law). But the beefing up of enforcement that’s baked into the new regime means there’s a better opportunity for DPAs to start to bark and bite like proper watchdogs.

GDPR inflating the financial risks around handling personal data should naturally drive up standards — because privacy laws are suddenly a whole lot more costly to ignore.

More types of personal data that are hot to handle

So what is personal data under GDPR? It’s any information relating to an identified or identifiable person (in regulatorspeak people are known as ‘data subjects’).

While ‘processing’ can mean any operation performed on personal data — from storing it to structuring it to feeding it to your AI models. (GDPR also includes some provisions specifically related to decisions generated as a result of automated data processing but more on that below).

A new provision concerns children’s personal data — with the regulation setting a 16-year-old age limit on kids’ ability to consent to their data being processed. However individual Member States can choose (and some have) to derogate from this by writing a lower age limit into their laws.

GDPR sets a hard cap at 13-years-old — making that the defacto standard for children to be able to sign up to digital services. So the impact on teens’ social media habits seems likely to be relatively limited.

The new rules generally expand the definition of personal data — so it can include information such as location data, online identifiers (such as IP addresses) and other metadata. So again, this means businesses really need to conduct an audit to identify all the types of personal data they hold. Ignorance is not compliance.

GDPR also encourages the use of pseudonymization — such as, for example, encrypting personal data and storing the encryption key separately and securely — as a pro-privacy, pro-security technique that can help minimize the risks of processing personal data. Although pseudonymized data is likely to still be considered personal data; certainly where a risk of reidentification remains. So it does not get a general pass from requirements under the regulation.

Data has to be rendered truly anonymous to be outside the scope of the regulation. (And given how often ‘anonymized’ data-sets have been shown to be re-identifiable, relying on any anonymizing process to be robust enough to have zero risk of re-identification seems, well, risky.)

To be clear, given GDPR’s running emphasis on data protection via data security it is implicitly encouraging the use of encryption above and beyond a risk reduction technique — i.e. as a way for data controllers to fulfill its wider requirements to use “appropriate technical and organisational measures” vs the risk of the personal data they are processing.

The incoming data protection rules apply to both data controllers (i.e. entities that determine the purpose and means of processing personal data) and data processors (entities that are responsible for processing data on behalf of a data controller — aka subcontractors).

Indeed, data processors have some direct compliance obligations under GDPR, and can also be held equally responsible for data violations, with individuals able to bring compensation claims directly against them, and DPAs able to hand them fines or other sanctions.

So the intent for the regulation is there be no diminishing in responsibility down the chain of data handling subcontractors. GDPR aims to have every link in the processing chain be a robust one.

For companies that rely on a lot of subcontractors to handle data operations on their behalf there’s clearly a lot of risk assessment work to be done.

As noted above, there is a degree of leeway for EU Member States in how they implement some parts of the regulation (such as with the age of data consent for kids).

Consumer protection groups are calling for the UK government to include an optional GDPR provision on collective data redress to its DP bill, for example — a call the government has so far rebuffed.

But the wider aim is for the regulation to harmonize as much as possible data protection rules across all Member States to reduce the regulatory burden on digital businesses trading around the bloc.

On data redress, European privacy campaigner Max Schrems — most famous for his legal challenge to US government mass surveillance practices that resulted in a 15-year-old data transfer arrangement between the EU and US being struck down in 2015 — is currently running a crowdfunding campaign to set up a not-for-profit privacy enforcement organization to take advantage of the new rules and pursue strategic litigation on commercial privacy issues.

Schrems argues it’s simply not viable for individuals to take big tech giants to court to try to enforce their privacy rights, so thinks there’s a gap in the regulatory landscape for an expert organization to work on EU citizen’s behalf. Not just pursuing strategic litigation in the public interest but also promoting industry best practice.

The proposed data redress body — called noyb; short for: ‘none of your business’ — is being made possible because GDPR allows for collective enforcement of individuals’ data rights. And that provision could be crucial in spinning up a centre of enforcement gravity around the law. Because despite the position and role of DPAs being strengthened by GDPR, these bodies will still inevitably have limited resources vs the scope of the oversight task at hand.

Some may also lack the appetite to take on a fully fanged watchdog role. So campaigning consumer and privacy groups could certainly help pick up any slack.

Privacy by design and privacy by default

Another major change incoming via GDPR is ‘privacy by design’ no longer being just a nice idea; privacy by design and privacy by default become firm legal requirements.

This means there’s a requirement on data controllers to minimize processing of personal data — limiting activity to only what’s necessary for a specific purpose, carrying out privacy impact assessments and maintaining up-to-date records to prove out their compliance.

Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable. (And we’ve sure seen a whole lot of those hellish things in tech.) The core idea is that consent should be an ongoing, actively managed process; not a one-off rights grab.

As the UK’s ICO tells it, consent under GDPR for processing personal data means offering individuals “genuine choice and control” (for sensitive personal data the law requires a higher standard still — of explicit consent).

There are other legal bases for processing personal data under GDPR — such as contractual necessity; or compliance with a legal obligation under EU or Member State law; or for tasks carried out in the public interest — so it is not necessary to obtain consent in order to process someone’s personal data. But there must always be an appropriate legal basis for each processing.

Transparency is another major obligation under GDPR, which expands the notion that personal data must be lawfully and fairly processed to include a third principle of accountability. Hence the emphasis on data controllers needing to clearly communicate with data subjects — such as by informing them of the specific purpose of the data processing.

The obligation on data handlers to maintain scrupulous records of what information they hold, what they are doing with it, and how they are legally processing it, is also about being able to demonstrate compliance with GDPR’s data processing principles.

But — on the plus side for data controllers — GDPR removes the requirement to submit notifications to local DPAs about data processing activities. Instead, organizations must maintain detailed internal records — which a supervisory authority can always ask to see.

It’s also worth noting that companies processing data across borders in the EU may face scrutiny from DPAs in different Member States if they have users there (and are processing their personal data).

Although the GDPR sets out a so-called ‘one-stop-shop’ principle — that there should be a “lead” DPA to co-ordinate supervision between any “concerned” DPAs — this does not mean that, once it applies, a cross-EU-border operator like Facebook is only going to be answerable to the concerns of the Irish DPA.

Indeed, Facebook’s tactic of only claiming to be under the jurisdiction of a single EU DPA looks to be on borrowed time. And the one-stop-shop provision in the GDPR seems more about creating a co-operation mechanism to allow multiple DPAs to work together in instances where they have joint concerns, rather than offering a way for multinationals to go ‘forum shopping’ — which the regulation does not permit (per WP29 guidance).

Another change: Privacy policies that contain vague phrases like ‘We may use your personal data to develop new services’ or ‘We may use your personal data for research purposes’ will not pass muster under the new regime. So a wholesale rewriting of vague and/or confusingly worded T&Cs is something Europeans can look forward to this year.

Add to that, any changes to privacy policies must be clearly communicated to the user on an ongoing basis. Which means no more stale references in the privacy statement telling users to ‘regularly check for changes or updates’ — that just won’t be workable.

The onus is firmly on the data controller to keep the data subject fully informed of what is being done with their information. (Which almost implies that good data protection practice could end up tasting a bit like spam, from a user PoV.)

The overall intent behind GDPR is to inculcate an industry-wide shift in perspective regarding who ‘owns’ user data — disabusing companies of the notion that other people’s personal information belongs to them just because it happens to be sitting on their servers.

“Organizations should acknowledge they don’t exist to process personal data but they process personal data to do business,” is how analyst Gartner research director Bart Willemsen sums this up. “Where there is a reason to process the data, there is no problem. Where the reason ends, the processing should, too.”

The data protection officer (DPO) role that GDPR brings in as a requirement for many data handlers is intended to help them ensure compliance.

This officer, who must report to the highest level of management, is intended to operate independently within the organization, with warnings to avoid an internal appointment that could generate a conflict of interests.

Which types of organizations face the greatest liability risks under GDPR? “Those who deliberately seem to think privacy protection rights is inferior to business interest,” says Willemsen, adding: “A recent example would be Uber, regulated by the FTC and sanctioned to undergo 20 years of auditing. That may hurt perhaps similar, or even more, than a one-time financial sanction.”

“Eventually, the GDPR is like a speed limit: There not to make money off of those who speed, but to prevent people from speeding excessively as that prevents (privacy) accidents from happening,” he adds.

Another right to be forgotten

Under GDPR, people who have consented to their personal data being processed also have a suite of associated rights — including the right to access data held about them (a copy of the data must be provided to them free of charge, typically within a month of a request); the right to request rectification of incomplete or inaccurate personal data; the right to have their data deleted (another so-called ‘right to be forgotten’ — with some exemptions, such as for exercising freedom of expression and freedom of information); the right to restrict processing; the right to data portability (where relevant, a data subject’s personal data must be provided free of charge and in a structured, commonly used and machine readable form).

All these rights make it essential for organizations that process personal data to have systems in place which enable them to identify, access, edit and delete individual user data — and be able to perform these operations quickly, with a general 30 day time-limit for responding to individual rights requests.

GDPR also gives people who have consented to their data being processed the right to withdraw consent at any time. Let that one sink in.

Data controllers are also required to inform users about this right — and offer easy ways for them to withdraw consent. So no, you can’t bury a ‘revoke consent’ option in tiny lettering, five sub-menus deep. Nor can WhatsApp offer any more time-limit opt-outs for sharing user data with its parent multinational, Facebook. Users will have the right to change their mind whenever they like.

The EU lawmakers’ hope is that this suite of rights for consenting consumers will encourage respectful use of their data — given that, well, if you annoy consumers they can just tell you to sling yer hook and ask for a copy of their data to plug into your rival service to boot. So we’re back to that fostering trust idea.

Add in the ability for third party organizations to use GDPR’s provision for collective enforcement of individual data rights and there’s potential for bad actors and bad practice to become the target for some creative PR stunts that harness the power of collective action — like, say, a sudden flood of requests for a company to delete user data.

Data rights and privacy issues are certainly going to be in the news a whole lot more.

Getting serious about data breaches

But wait, there’s more! Another major change under GDPR relates to security incidents — aka data breaches (something else we’ve seen an awful, awful lot of in recent years) — with the regulation doing what the US still hasn’t been able to: Bringing in a universal standard for data breach disclosures.

GDPR requires that data controllers report any security incidents where personal data has been lost, stolen or otherwise accessed by unauthorized third parties to their DPA within 72 hours of them becoming aware of it. Yes, 72 hours. Not the best part of a year, like er Uber.

If a data breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms” the regulation also implies you should ‘fess up even sooner than that — without “undue delay”.

Only in instances where a data controller assesses that a breach is unlikely to result in a risk to the rights and freedoms of “natural persons” are they exempt from the breach disclosure requirement (though they still need to document the incident internally, and record their reason for not informing a DPA in a document that DPAs can always ask to see).

“You should ensure you have robust breach detection, investigation and internal reporting procedures in place,” is the ICO’s guidance on this. “This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.”

The new rules generally put strong emphasis on data security and on the need for data controllers to ensure that personal data is only processed in a manner that ensures it is safeguarded.

Here again, GDPR’s requirements are backed up by the risk of supersized fines. So suddenly sloppy security could cost your business big — not only in reputation terms, as now, but on the bottom line too. So it really must be a C-suite concern going forward.

Nor is subcontracting a way to shirk your data security obligations. Quite the opposite. Having a written contract in place between a data controller and a data processor was a requirement before GDPR but contract requirements are wider now and there are some specific terms that must be included in the contract, as a minimum.

Breach reporting requirements must also be set out in the contract between processor and controller. If a data controller is using a data processor and it’s the processor that suffers a breach, they’re required to inform the controller as soon as they become aware. The controller then has the same disclosure obligations as per usual.

Essentially, data controllers remain liable for their own compliance with GDPR. And the ICO warns they must only appoint processors who can provide “sufficient guarantees” that the regulatory requirements will be met and the rights of data subjects protected.

tl;dr, be careful who and how you subcontract.

Right to human review for some AI decisions

Article 22 of GDPR places certain restrictions on entirely automated decisions based on profiling individuals — but only in instances where these human-less acts have a legal or similarly significant effect on the people involved.

There are also some exemptions to the restrictions — where automated processing is necessary for entering into (or performance of) a contract between an organization and the individual; or where it’s authorized by law (e.g. for the purposes of detecting fraud or tax evasion); or where an individual has explicitly consented to the processing.

In its guidance, the ICO specifies that the restriction only applies where the decision has a “serious negative impact on an individual”.

Suggested examples of the types of AI-only decisions that will face restrictions are automatic refusal of an online credit application or an e-recruiting practices without human intervention.

Having a provision on automated decisions is not a new right, having been brought over from the 1995 data protection directive. But it has attracted fresh attention — given the rampant rise of machine learning technology — as a potential route for GDPR to place a check on the power of AI blackboxes to determine the trajectory of humankind.

The real-world impact will probably be rather more prosaic, though. And experts suggest it does not seem likely that the regulation, as drafted, equates to a right for people to be given detailed explanations of how algorithms work.

Though as AI proliferates and touches more and more decisions, and as its impacts on people and society become ever more evident, pressure may well grow for proper regulatory oversight of algorithmic blackboxes.

In the meanwhile, what GDPR does in instances where restrictions apply to automated decisions is require data controllers to provide some information to individuals about the logic of an automated decision.

They are also obliged to take steps to prevent errors, bias and discrimination. So there’s a whiff of algorithmic accountability. Though it may well take court and regulatory judgements to determine how stiff those steps need to be in practice.

Individuals do also have a right to challenge and request a (human) review of an automated decision in the restricted class.

Here again the intention is to help people understand how their data is being used. And to offer a degree of protection (in the form of a manual review) if a person feels unfairly and harmfully judged by an AI process.

The regulation also places some restrictions on the practice of using data to profile individuals if the data itself is sensitive data — e.g. health data, political belief, religious affiliation etc — requiring explicit consent for doing so. Or else that the processing is necessary for substantial public interest reasons (and lies within EU or Member State law).

While profiling based on other types of personal data does not require obtaining consent from the individuals concerned, it still needs a legal basis and there is still a transparency requirement — which means service providers will need to inform users they are being profiled, and explain what it means for them.

And people also always have the right to object to profiling activity based on their personal data.

 

Source: https://techcrunch.com/2018/01/20/wtf-is-gdpr/

Google introduces an ad blocker to Chrome – Filtering – Censorship?

Photo by David Ramos/Getty Images

Google will introduce an ad blocker to Chrome early next year and is telling publishers to get ready.

The warning is meant to let websites assess their ads and strip any particularly disruptive ones from their pages. That’s because Chrome’s ad blocker won’t block all ads from the web. Instead, it’ll only block ads on pages that are determined to have too many annoying or intrusive advertisements, like videos that autoplay with sound or interstitials that take up the entire screen.

Sridhar Ramaswamy, the executive in charge of Google’s ads, writes in a blog post that even ads “owned or served by Google” will be blocked on pages that don’t meet Chrome’s guidelines.

Instead of an ad “blocker,” Google is referring to the feature as an ad “filter,” according toThe Wall Street Journal, since it will still allow ads to be displayed on pages that meet the right requirements. The blocker will work on both desktop and mobile.

Google is providing a tool that publishers can run to find out if their sites’ ads are in violation and will be blocked in Chrome. Unacceptable ads are being determined by a group called the Coalition for Better Ads, which includes Google, Facebook, News Corp, and The Washington Post as members.

Google shows publishers which of their ads are considered disruptive.

The feature is certain to be controversial. On one hand, there are huge benefits for both consumers and publishers. But on the other, it gives Google immense power over what the web looks like, partly in the name of protecting its own revenue.

First, the benefits: bad ads slow down the web, make the web hard and annoying to browse, and have ultimately driven consumers to install ad blockers that remove all advertisements no matter what. A world where that continues and most users block all ads looks almost apocalyptic for publishers, since nearly all of your favorite websites rely on ads to stay afloat. (The Verge, as you have likely noticed, included.)

By implementing a limited blocking tool, Google can limit the spread of wholesale ad blocking, which ultimately benefits everyone. Users get a better web experience. And publishers get to continue using the ad model that’s served the web well for decades — though they may lose some valuable ad units in the process.

There’s also a good argument to be made that stripping out irritating ads is no different than blocking pop ups, which web browsers have done for years, as a way to improve the experience for consumers.

But there are drawbacks to building an ad blocker into Chrome: most notably, the amount of power it gives Google. Ultimately, it means Google gets to decide what qualifies as an acceptable ad (though it’s basing this on standards set collectively by the Coalition for Better Ads). That’s a good thing if you trust Google to remain benign and act in everyone’s interests. But keep in mind that Google is, at its core, an ad company. Nearly 89 percent of its revenue comes from displaying ads.

The Chrome ad blocker doesn’t just help publishers, it also helps Google maintain its dominance. And it advantages Google’s own ad units, which, it’s safe to say, will not be in violation of the bad ad rules.

This leaves publishers with fewer options to monetize their sites. And given that Chrome represents more than half of all web browsing on desktop and mobile, publishers will be hard pressed not to comply.

Google will also include an option for visitors to pay websites that they’re blocking ads on, through a program it’s calling Funding Choices. Publishers will have to enable support for this feature individually. But Google already tested a similar feature for more than two years, and it never really caught on. So it’s hard to imagine publishers seeing what’s essentially a voluntary tipping model as a viable alternative to ads.

Ramaswamy says that the goal of Chrome’s ad blocker is to make online ads better. “We believe these changes will ensure all content creators, big and small, can continue to have a sustainable way to fund their work with online advertising,” he writes.

And what Ramaswamy says is probably true: Chrome’s ad blocker likely will clean up the web and result in a better browsing experience. It just does that by giving a single advertising juggernaut a whole lot of say over what’s good and bad.

https://www.theverge.com/2017/6/1/15726778/chrome-ad-blocker-early-2018-announced-google

9 Steps to Get Millions of Views on Your YouTube Channel

9-steps-to-get-millions-of-views-on-your-youtube-channel

YouTube is the second most powerful search engine on the planet, and holds the top spot as the largest video network in existence.

The video site continues to grow more pervasive with the maturation of smartphone technology. Today, half of YouTube video views stem from mobile devices.

For this reason, and many others, YouTube is the master of reaching across generational boundaries to impact and engage members of GenX, GenY and GenZ. For example, YouTube currently reaches more 18-34 and 18-49 year-olds than any U.S cable network currently broadcasting.

Because of the popularity of the platform, influencers have spawned from the network and continually leave lasting impressions on their dedicated viewers. Studies suggest that recommendations from influencers are trusted 92% more than from celebrities or advertisements.

The trust factor brought forth by influencers is one of the most notable reasons as to why influencer marketing is so effective.

It’s not as simple as it looks

Leveraging influencers on YouTube is not as simple as it sounds. Because there are many performance and brand risks associated with YouTubers that need to be managed in order to deliver rockstar results.

YouTubers are legitimate masters of their craft and make their living by presenting themselves authentically. This means that brand interference regarding their voice or image is not normally welcomed.

Despite the challenges, brands and YouTubers can get along famously when the right partnership is forged.

The balancing act

By way of example, Google recently recruited famed YouTube influencer Lewis Hilsenteger from the channel Unbox Therapy to help make some noise about Android Pay.

The video depicted Lewis travelling throughout New York City, visiting destinations that accept the form of payment to prove that you could survive solely with Android Pay. This is a prime example of recruiting an influencer that expresses a brand’s message while maintaining their authenticity.

The video generated 1.7 million views while showing off the real-world capabilities of Android Pay.                     

unbox-therapy-for-views-on-your-youtube-channel

No doubt successful collaborations like these and the significant revenue generation potential spurred Google to recently acquire influencer marketplace Famebit.

The 9 key steps to get millions of views on YouTube

Below you’ll find nine steps that fast-casual restaurant chain Qdoba Mexican Eats took when engaging the YouTube audience for the first time.

The results were phenomenal (and, in full disclosure, delivered under the direction of, as well as executed by digital marketing agency Evolve!, Inc.).

If you’re planning on diving into YouTube to help grow your business, use this campaign as a model – it delivered 3 million views, 84K social engagements, and 200M potential impressions, all while adhering to strict brand guidelines and beating aggressive price targets.

1. Set your goals and success criteria

As with any marketing campaign, align your influencer marketing campaign with your overall marketing and sales goals.

Define success using quality metrics, such as messaging and how the brand is portrayed, as well as quantifiable targets such as cost per video view, average length of video view, number of targeted views, and cost per conversion.

2. Set a budget

The cost per view charged for YouTube sponsorships varies WIDELY, depending on factors such as audience size, reach, demographics, engagement, their industry vertical and genre, the type of sponsorship and length of integration, the YouTuber’s desire to work with a particular brand, and whether the talent is represented by an agency.

A good rule of thumb is to target a .04 – .07 cents cost per view (CPV) for video integrations and a .08 to .15 CPV for dedicated videos.

Brands should also set aside budget for content generation (landing pages, blog posts, prizes and and/or promotions), analytics software for tracking, a promotional ad budget, and manpower.

3. Create a theme and campaign messaging that supports your goals

It can be something as simple as capturing people’s excitement as they try delicious Qdoba entrees for the first time (#QdobaUnbox), or reveling in the occasions when More is Better (#MoreIsBetter), including indulging in Qdoba’s generous array of delicious toppings (#MoreFlavorIsBetter).

Evolve even created a contest celebrating Qdoba’s key differentiating factor: Free Guacamole (#FreeGuac).

Develop brand, and campaign-specific messaging, but leave ample room for YouTubers to exercise their creative license.

create-a-theme-for-views-on-your-youtube-channel

Remember, integrations are NOT advertisements.  Videos that come off as too commercial tend to get panned in the comments and generate lower-than-expected view counts.

4. Establish your selection criteria

What constitutes a brand match?

Start with genres, industries and channel demographics, including age, sex and geography.

Does the campaign theme fit their interests? Do they create content that would resonate with or offend your audience?

Identify any influencers that meet this criteria, fall within the audience size that you are looking to engage, and begin the outreach process.

5. Develop a pitch letter

Be clear about the campaign requirements, and set expectations: Are you looking for an integration or a dedicated video?  What four or five key messages do YouTubers need to address in the video?  And what is your timeline?

Basically, what are the promotional requirements and is there any additional information you need from them when they respond to your proposal.

But bear in mind that people who have built sizeable, engaged followings can afford to be choosy about which brands they want to work with. You may want to excite them with something that’s unique about your brand.

Qdoba offered vloggers a summer of free food, in addition to the paid sponsorship.

6. Recruit enthusiastic YouTubers

This is perhaps the most time-consuming step, and the most critical to the success of your campaign.

You know you’ve hit gold when you’ve identified YouTubers who meet your brand criteria, like your brand and offer creative story lines, and sometimes bonus promotions in their response.

There are 3 routes to recruit YouTubers:

  • Outreach directly to the people you want to work with via the email listed on their YouTube channel
  • Work with talent agencies you know and trust
  • Solicit proposals through influencer marketplaces like Famebit, Grapevine Logic or Reelio

recruit-enthusiastic-youtubers-for-views-on-your-youtube-channel

7. Spell out everything in the contract

Flush out the creative before finalizing the contract, and include the type of integration, key messages, project timeline, the reviews process and video promotions.

YouTubers tend NOT to want the brand to weigh in on things like the Video Title or storyline outside the integration. On the same token, it is vital to be somewhat flexible when working with influencers on the creative direction of the content. These folks have built substantial followings that are enchanted by their unique voice. Setting too rigid of a structure that is outside the norm for influencers could result in a deal going south or a video not receiving the attention it deserves.

8. A/B test everything. Measure, tweak and repeat

Test various genres, campaign themes, messaging, calls to action, and amplification strategies. At this stage, we generally prefer to partner with YouTubers that have small but engaged audiences. This will allow you to get the most bang for your buck while simultaneously minimizing any potential losses for creatives that do not resonate with audiences.

ab-test-everything-for-views-on-your-youtube-channel

Measure campaign performance, focusing on actual video views, social engagements and cost per conversions, if that’s relevant. Pivot as needed and update projected outcomes.

We use several tools simultaneously, including Simply Measured, to monitor multiple channels to gain the most clear and comprehensive picture possible.

ab3

ab2

9. Scale!

Once the campaign has been optimized, turn up the volume. Contract larger YouTube channels, and consider using contests or launching several videos at once to support product launches.

These introduce an added layer of complexity because they need to adhere to strict timelines and you potentially need to manage multiple videos at once. On the flipside, they also generally produce much more significant results, so while efforts will become more intricate, they will also become much more fruitful.

Qdoba A/B tested several concepts before running a two week #FreeGuac campaign, which drove 2.4 million video views. Participating YouTube vloggers invited their viewers to enter into a scavenger hunt contest for the chance to win cash prizes, free food and cool SWAG.

Contests like these are ideal for scaling a campaign as almost any marketing element that engages an audience on a participatory level is going to garner more attention compared to content that is merely observed through comments and shares. The contest subsequently resulted in Qdoba collecting over 10K contest submissions.

Wrap

As video continues to grow, YouTube is quickly transitioning into the premier influencer marketing channel. The power of video content is unmatched by its predecessors and influencer marketing, when managed properly, has the ability to permeate and engage an audience in unparalleled fashion.

The most challenging aspect of this discipline is that the rules of engagement are constantly in flux, meaning that for the best results, it is advisable to collaborate with specialty digital marketing agencies that work day-in and day-out crafting influencer strategies on YouTube that resonate, sell, and make a brand’s efforts worthwhile.

9 Steps to Get Millions of Views on Your YouTube Channel

Machines are becoming smarter marketers

artificial-intelligence-930x620

Marketing is only helpful when it’s meeting a need. It sounds simple, but those needs can be really tough to parse. Like any consumer, my needs evolve every day, if not every minute. I won’t stand for poorly targeted ads or messages that are irrelevant to me.

I work in marketing technology, and this industry has been talking about data-driven personalization for years. We’ve made a lot of progress, but we’re only just beginning to realize the potential of machine learning to match goods and services with a particular person in a specific situation.

Machines are changing how marketing is done. I’m not just talking about workflow automation or customer service bots. I’m talking about software that can help brands understand, meet, and even predict the subtlest of consumer needs.

It’s a new phase that I think of as Marketing 3.0. The 1.0 version, marketing in its early 20th century form, involved selling products to people who had demonstrated a need. The 1950s saw the rise of Marketing 2.0: ad men who shaped consumer desires to sell products. Machine learning allows marketers to move beyond this model and return to the original purpose of marketing, while adding speed and scale.

Marketing 1.0: Meeting needs as expressed
Marketing 2.0: Creating needs, then meeting them
Marketing 3.0: Machines analyzing needs, then meeting them

Marketing 3.0 uses machine learning to match product and consumer faster, more precisely, and in the right context; and to identify people who have an implied rather than overtly demonstrated need. Machines learn from a large pool of real-world examples, so they can predict future intent by observing past behavior. Marketers don’t have to comprehend the precise patterns that emerge from massive amounts of data or map out the rules that determine people’s behaviors.

In other words, machine learning shifts the role of the marketer from trying to manipulate customers’ needs to meeting the needs they actually have at a given moment.

Think about a BMW dealership looking to sell more of a particular model. They can use machine learning to identify indicators for people who bought a 5 Series in the past year: They researched similar cars like the Audi A6 and Mercedes E Class, they asked about mileage per gallon, and they had similar demographic traits.

Say I’m looking to buy a car and have a friend who recently bought a 5 Series. I’ve read about one of its new features: a 3D view of the car that I can see from my phone. When I search for “BMW 5 Series” on my iPhone, I’ll see a list of dealerships within a 10-mile radius of my regular commute. I call the dealership to ask about their inventory, and they know I’m ready to buy. I’m automatically matched with the sales rep who sold the same car to my friend, knows the specs I’m interested in, and can talk to me about 3D view.

I see massive opportunity to use predictive capabilities to link online and offline interactions — mobile ads, email campaigns, phone conversations, and in-person experiences. It’s becoming a reality as Google, Facebook, Apple, and Amazon continue investing in voice assistants and natural language processing technologies. Amazon is reportedly updating Alexa to be more emotionally intelligent. It’s not a huge leap to transition from making voice commands in my living room to calling a business and making a purchase directly through my Echo. A conversation is the most natural form of interaction, and the most conducive to forming relationships.

I think voice will be central to how marketers balance machine learning capabilities with the need to create human experiences. Even if machines can surface information and recommendations at exactly the right time, people still want human conversations, especially when it comes to buying complex or expensive products. I’m fine with Alexa ordering me a pizza, but not a car.

As I see it, the role of machines is to draw correlations between consumers’ behaviors and their ultimate intent. The role of the marketer is to figure out what can be automated (e.g., triggering an email after a purchase is made) and what can be augmented (e.g., predicting what products will most intrigue a customer) by using software. The next wave, Marketing 4.0, will take this a step further by meeting consumers’ expressed and unexpressed needs.

We’re moving toward a more predictive world in which machine learning powers the majority of interactions between consumers and brands. I don’t see this being at odds with human connection or authentic experiences. Marketing will be ambient and truly data-driven. It will catch up with consumer expectations and with the potential of technology to change how marketing is done

Machines are becoming smarter marketers

Amazon will continue to invest heavily in India

Amazon.com     Inc.     will     continue      investing  heavily  in  India,  the  chief   of its local operations said, dispelling  concerns of slower spending by the  US  e-commerce  company  after  its   chief financial officer Brian Olsavsky  said that while the India investments  were  starting  to  show  results,  they   had   hit   margins,   contributing   to    lower-than-expected  results  in  the   third quarter. “Not   at   all,”   Amazon’s   India   chief    Amit  Agarwal  said  in  an  interview   on   Monday   when   asked   whether    Amazon       would       slow       down        investments     in     India.     Amazon,      which  initially  said  it  would  invest   $2  billion  in  India,  had  said  in  June   that it would invest an additional $3  billion in the country. That investment is on track, Agarwal  said,  adding  that  the  company  is   “excited  about  the  momentum  that   we see in India”. “India is very early in its e-commerce  trajectory. Amazon is very early in its  e-commerce  trajectory  in  India.  To   transform how India buys is going  to take a long time; it will take a lot  of investment and… for many years.  This is just the beginning.” Amazon is betting big on its Prime  service in India and expects the  loyalty programme to dominate  sales in the coming months. “Prime continued to be the top seller  in all of October, not just for wave  one (of the Great Indian Festival).  Prime membership continues to  be a top seller and it is going to be  so going forward every month. My  belief is that Prime membership will  be the top seller every month based  on the trends that we are seeing,”  said Agarwal. On Monday, Amazon also said that  it witnessed record numbers during  its month-long Diwali sale event,  the Great Indian Festival, with sales  jumping 2.7 times from last year. This year’s Diwali sale has proven  to be the biggest showdown in the  history of Indian e-commerce, with  Amazon India and rival Flipkart  going all out to woo shoppers. While Flipkart claimed to outsell  Amazon India during the first leg of  the sale season, Amazon claims it  came back strongly during the latter  half of the sale season, with bigger  discounts in key categories such as  smartphones and large appliances. “October this year for us was 2.7  times of last year’s October—which  is incredible because last year was  4 times the October before,” said  Agarwal, adding that this growth  came even as “conversations”  suggested growth in India’s  e-commerce business was going to  be flat. Agarwal said that October could be  an inflection point for e-commerce  in India. “We had categories from  phones to Amazon Fashion to  appliances growing three to 11  times; even newer categories such  as luxury and beauty grew 46 times;  grocery and everyday consumables,  7.1 times; furniture, 11.8 times; gold  jewellery, eight times—so a lot of  these categories are showing robust  growth.” Agarwal said that 70% of the  company’s new customers in  October came from tier-II and tier-III  cities, adding that it was confident  of carrying the momentum from its  Diwali sale well into November and  December. Mint couldn’t independently verify  the numbers, but, in general,  all e-commerce marketplaces  (including Snapdeal, Amazon and  Flipkart’s smaller rival) did well in  October, carrying forward their  momentum from their annual sales. “When I look at the gaps between  the waves, our growth rates in those  gaps continued to the same extent.  We’re growing at 150% year-over- year. At peacetime, the growth rate  is still what I’m telling you. And as  we exit out of wave three (the third  sale event in October), we don’t see  a slowdown,” Agarwal said. “The broader e-commerce story is  not just a Flipkart-Amazon battle. Of  course, both Flipkart and Amazon  are trying to get a fair share of the pie  in key categories such as electronics,  fashion and large appliances. And  despite drags on margins, nobody is  going to reduce investments in India.  What you will see, however, is that  they will focus on innovation. For  example, during the festive season,  smartphone sales shot up and a lot  of the sales jumped due to things  like product exchanges. Another  new innovation was something like  Amazon Prime. So, you’ll see a lot of  that going forward,” said Sreedhar  Prasad, partner-e-commerce at  KPMG