Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on more than 533 million accounts was found posted for free download on a hacker forum.
Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).
Article 82 of the GDPR provides for a “right to compensation and liability” for those affected by violations of the law. Since the regulation came into force, in May 2018, related civil litigation has been on the rise in the region.
The Ireland-based digital rights group is urging Facebook users who live in the European Union or European Economic Area to check whether their data was breached — via the haveibeenpwned website (which lets you check by email address or mobile number) — and sign up to join the case if so.
Information leaked via the breach includes Facebook IDs, location, mobile phone numbers, email address, relationship status and employer.
Facebook has been contacted for comment on the litigation. Update: A Facebook spokesperson said:
We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it. As LinkedIn and Clubhouse have shown, no company can completely eliminate scraping or prevent data sets like these from appearing. That’s why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge.
The tech giant’s European headquarters is located in Ireland — and earlier this week the national data watchdog opened an investigation, under EU and Irish data protection laws.
A mechanism in the GDPR for simplifying investigation of cross-border cases means Ireland’s Data Protection Commission (DPC) is Facebook’s lead data regulator in the EU. However it has been criticized over its handling of and approach to GDPR complaints and investigations — including the length of time it’s taking to issue decisions on major cross-border cases. And this is particularly true for Facebook.
With the three-year anniversary of the GDPR fast approaching, the DPC has multiple open investigations into various aspects of Facebook’s business but has yet to issue a single decision against the company.
(The closest it’s come is a preliminary suspension order issued last year, in relation to Facebook’s EU to U.S. data transfers. However, that complaint long predates GDPR; and Facebook immediately filed to block the order via the courts. A resolution is expected later this year after the litigant filed his own judicial review of the DPC’s processes.)
Since May 2018 the EU’s data protection regime has — at least on paper — baked in fines of up to 4% of a company’s global annual turnover for the most serious violations.
Again, though, the sole GDPR fine issued to date by the DPC against a tech giant (Twitter) is very far off that theoretical maximum. Last December the regulator announced a €450,000 (~$ 547,000) sanction against Twitter — which works out to around just 0.1% of the company’s full-year revenue.
That penalty was also for a data breach — but one which, unlike the Facebook leak, had been publicly disclosed when Twitter found it in 2019. So Facebook’s failure to disclose the vulnerability it discovered and claims it fixed by September 2019, which led to the leak of 533 million accounts now, suggests it should face a higher sanction from the DPC than Twitter received.
However, even if Facebook ends up with a more substantial GDPR penalty for this breach the watchdog’s caseload backlog and plodding procedural pace makes it hard to envisage a swift resolution to an investigation that’s only a few days old.
Judging by past performance it’ll be years before the DPC decides on this 2019 Facebook leak — which likely explains why the DRI sees value in instigating class action-style litigation in parallel to the regulatory investigation.
“Compensation is not the only thing that makes this mass action worth joining. It is important to send a message to large data controllers that they must comply with the law and that there is a cost to them if they do not,” DRI writes on its website.
It also submitted a complaint about the Facebook breach to the DPC earlier this month, writing then that it was “also consulting with its legal advisors on other options including a mass action for damages in the Irish Courts”.
It’s clear that the GDPR enforcement gap is creating a growing opportunity for litigation funders to step in in Europe and take a punt on suing for data-related compensation damages — with a number of other mass actions announced last year.
In the case of DRI its focus is evidently on seeking to ensure that digital rights are upheld. But it told RTE that it believes compensation claims which force tech giants to pay money to users whose privacy rights have been violated is the best way to make them legally compliant.
Facebook, meanwhile, has sought to play down the breach it failed to disclose in 2019 — claiming it’s “old data” — a deflection that ignores the fact that people’s dates of birth don’t change (nor do most people routinely change their mobile number or email address).
Plenty of the “old” data exposed in this latest massive Facebook leak will be very handy for spammers and fraudsters to target Facebook users — and also now for litigators to target Facebook for data-related damages.
With free measurement tools from Google, you can get insights into how customer behavior has changed due to COVID-19 and then take action to update your marketing strategy. Read more to learn about how to get started, and for specific tips to help your business navigate the coming months.
Understand the impact of your Google media
If you’re running marketing campaigns to drive visits to your website or app, it’s important for these visits to turn into sales. Attribution in Google Ads helps you understand the paths people take to complete a conversion, and then award credit for that conversion to different ads, clicks, and factors along the way.
We recently launched a new look for attribution reports in Google Ads that helps you quickly see how customers interact with your marketing throughout the purchase cycle. This makes it easier for you to then take action in the areas that are driving results.
Attribution models give you a deeper understanding of how your ads perform to help you decide where to allocate your marketing investment. One model, data-driven attribution, uses machine learning to determine how much credit to assign to each click on the customer journey, helping it better account for changes in customer behavior during turbulent times. For example, if you’re working on behalf of a grocery store experiencing an increase in online orders from mobile devices, data-driven attribution may indicate that your mobile ads are having a greater impact on driving conversions than you realized, giving you the insight you need to optimize your campaign performance. If you’d like to learn which attribution model is right for your business, check out our official guide to attribution modeling.
We’ve put together a guide that lists a few reporting shortcuts in Analytics that can help you easily get useful insights. For example, if your business has shifted to online only, you need to make sure you’re converting as many site or app visits into sales as possible. You can use a shortcut to see your weekly conversion rate for the last 60 days and identify areas you might be able to improve upon – without digging through multiple reports in your account.
Visualize trends about your business
With so much changing so rapidly, you’ll want to understand how your business has been impacted. You can use Google Data Studio to help you create a report and visualize the changes that have happened over the past few months. Data Studio is easy to use, anyone on your team can quickly start using it.
If you’ve connected Data Studio to your marketing campaigns, you can use these curated marketing templates to monitor the performance of those campaigns. Let’s say you need to create a report that shows daily online sales from each of your Google Ads campaigns over the last 60 days. You can use one of those templates to quickly build the report and then identify which campaigns are performing best so you can re-allocate your marketing budget to those campaigns.
Keep your website updated
During this time, you might have different business hours or shipping policies. Instead of having to invest in an additional resource to update your website, you can do it for free with Google Optimize. When you log into your account, you can use a new feature to easily add a message for your customers to the top of your homepage. Either use our templated banner or customize the message by editing the color, size or text.
And if you need to make other changes throughout your site, you can still continue to use Optimize to create site personalizations. Optimize users would normally be limited to running 10 site personalizations at once, but we’ve removed that restriction for the next 90 days, until July 31.
All of these products and features are available for free today. We hope they are helpful as you navigate your business through changing times.
Facebook was ordered to pay $ 650 million Friday for running afoul of an Illinois law designed to protect the state’s residents from invasive privacy practices.
That law, the Biometric Information Privacy Act (BIPA), is a powerful state measure that’s tripped up tech companies in recent years. The suit against Facebook was first filed in 2015, alleging that Facebook’s practice of tagging people in photos using facial recognition without their consent violated state law.
Indeed, 1.6 million Illinois residents will receive at least $ 345 under the final settlement ruling in California federal court. The final number is $ 100 million higher than the $ 550 million Facebook proposed in 2020, which a judge deemed inadequate. Facebook disabled the automatic facial recognition tagging features in 2019, making it opt-in instead and addressing some of the privacy criticisms echoed by the Illinois class action suit.
A cluster of lawsuits accused Microsoft, Google and Amazon of breaking the same law last year after Illinois residents’ faces were used to train their facial recognition systems without explicit consent.
The Illinois privacy law has tangled up some of tech’s giants, but BIPA has even more potential to impact smaller companies with questionable privacy practices. The controversial facial recognition software company Clearview AI now faces its own BIPA-based class action lawsuit in the state after the company failed to dodge the suit by pushing it out of state courts.
A $ 650 million settlement would be enough to crush any normal company, though Facebook can brush it off much like it did with the FTC’s record-setting $ 5 billion penalty in 2019. But the Illinois law isn’t without teeth. For Clearview, it was enough to make the company pull out of business in the state altogether.
The law can’t punish a behemoth like Facebook in the same way, but it is one piece in a regulatory puzzle that poses an increasing threat to the way tech’s data brokers have done business for years. With regulators at the federal, state and legislative level proposing aggressive measures to rein in tech, the landmark Illinois law provides a compelling framework that other states could copy and paste. And if big tech thinks navigating federal oversight will be a nightmare, a patchwork of aggressive state laws governing how tech companies do business on a state-by-state basis is an alternate regulatory future that could prove even less palatable.
Since the start of the year, I’ve covered nine M&A deals already, the largest being Citrix buying Wrike for $ 2.25 billion. But not every deal involves a huge price tag. Today we are going to look at three smaller deals that show there is plenty of activity at the lower-end of the acquisition spectrum.
As companies look for ways to enhance their offerings, and bring in some talent at the same time, smaller acquisitions can provide a way to fill in the product road map without having to build everything in-house.
This gives acquiring companies additional functionality for a modest amount of cash. In smaller deals, we often don’t even get the dollar amount, although in one case today we did. If the deal isn’t large enough to have a material financial impact on a publicly traded company, they don’t have to share the price.
Let’s have a look at three such deals that came through in recent days.
Tenable buys Alsid
For starters, Tenable, a network security company that went public in 2018, bought French Active Directory security startup Alsid for $ 98 million. Active Directory, Microsoft’s popular user management tool, is also a target of hackers. If they can get a user’s credentials, it’s an easy way to get on the network and Alsid is designed to prevent that.
Security companies tend to enhance the breadth of their offerings over time and Alsid gives Tenable another tool and broader coverage across their security platform. “We view the acquisition of Alsid as a natural extension into user access and permissioning. Once completed, this acquisition will be a strategic complement to our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire attack surface,” according to the investor FAQ on this acquisition.
Emmanuel Gras, CEO and co-founder, Alsid says he started the company to prevent this kind of attack. “We started Alsid to help organizations solve one of the biggest security challenges, an unprotected Active Directory, which is one of the most common ways for threat actors to move laterally across enterprise systems,” Gras said in a statement.
Alsid is based in Paris and was founded in 2014. It raised a modest amount, approximately $ 15,000, according to Crunchbase data.
Copper acquires Sherlock
The pandemic pushed many shoppers online and providing a more customized experience by understanding more about your customer can contribute to and drive more engagement and sales. With Sherlock, the company is getting a tool that can help Copper users understand their customers better.
“Sherlock is an innovative engagement analytics and scoring platform, and surfaces your prospects’ and customers’ intentions in a way that drives action for sales, account management and customer success professionals,” Copper CEO Dennis Fois wrote in a blog post announcing the deal.
He added, “Relationships are based on engagement, and with Sherlock we are going to create CRM that is focused on action and momentum.”
RapidAPI snags Paw
It’s clear that APIs have changed the way we think about software development, but they have also created a management problem of their own as they proliferate across large organizations. RapidAPI, an API management platform, announced today that it has acquired Paw.
With Paw, RapidAPI adds the ability to design your own APIs, essentially giving customers a one-stop shop for everything related to creating and managing the API environment inside a company. “The acquisition enables RapidAPI to extend its open API platform across the entire API development lifecycle, creating a connected experience for developers from API development to consumption, across multiple clouds and gateways,” the company explained in a statement.
RapidAPI was founded in 2015 and has raised over $ 67 million, according to Crunchbase data. Its most recent funding came last May, a $ 25 million round from Andreessen Horowitz, DNS Capital, Green Bay Ventures, M12 (Microsoft’s Venture Fund) and Grove.
Each of these purchases fills an important need for the acquiring company and expands the abilities of the existing platform to offer more functionality to customers without putting out a ton of cash to do it.
One Senior Paid Strategist shares how she strategically crafted a funnel with conversion action sets and the resulting performance.
Read more at PPCHero.com
This post covers why you should use conversion tracking and how to use Google’s conversion action sets to better optimize your campaigns.
Read more at PPCHero.com
Curious how this Google beta product is performing? After testing for a short while, we have the data and insights just for you!
Read more at PPCHero.com
Netflix Hack Day, the company’s internal hackathon, has a habit of producing some amazing gems — like a brain-controlled interface, a Fitbit hack that shuts off Netflix when you fall asleep, a Netflix app for the original NES and a way to navigate the Netflix app with Face ID and ARKit, to name a few. At this year’s Netflix Hack Day, employees ventured into areas like voice technology and haptics — the latter, so your phone could vibrate right along with the on-screen action, among other things.
Project Rumble Pack, as the hack that used haptics was called, takes inspiration from mobile gaming. Some games vibrate, which allows players to feel the action — like a bouncing ball, a car on a race track, an object getting hit or destroyed and so on.
Similarly, Project Rumble lets you feel the action in a scene from a show or movie — like a fight, battle or big explosion. (Imagine a Michael Bay movie with Rumble Pack turned on!) The team behind the hack, Hans van de Bruggen and Ed Barker, demoed haptics in an episode of Voltron where a huge explosion makes the phone shake in your hands.
The hack was created by syncing Netflix content with haptic effects using Immersion Corporation technology.
Another hack, called The Voice of Netflix, taught Netflix to speak using the voice of Netflix’s favorite characters. The team trained a neural net to find words in Netflix’s content, which could then be used to create new sentences on demand.
A third favorite was TerraVision — a practical hack that sounds like a business opportunity.
The hack lets filmmakers drop into an interface a photo of a look they like for a film location, then get back the closest results from a library of location photos. The hack used a computer vision model trained to recognize places for its reverse-image search functionality.
The final highlight was a silly hack that plays “walk-out music” — like the music that kicks in when Oscar speeches go too long — when someone overstays their allotted time in a booked conference room.
Sadly, many of Netflix’s hacks don’t tend to escape the confines of the hackathon itself. But they can inspire real-world projects in other ways, and help to keep the creativity flowing.
An overview of this year’s Netflix Hack Day, which focused on Netflix’s studio efforts, is below.
Bing Ads announced in early April 2019 they are releasing a new ad extension format – Action Extensions. This new format is totally unique to Bing Ads allows advertisers to add a preset call-to action as an ad extension.
Read more at PPCHero.com
The UK Prime Minister is using the annual G7 summit of seven of the world’s major industrialized democracies to push for more to be done about online extremism, including co-ordinating on ways to force social media platforms to be more pro-active about removing and reporting extremist content to authorities. Read More
Social – TechCrunch
- Once VMware is free from Dell, who might fancy buying it?
- Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach
- Chinese hardware makers turn to crowdfunding as they look to go global
- Core Web Vitals & Preparing for Google’s Page Experience Update
- Conversion modeling through Consent Mode in Google Ads