EE retains its brand in the new BT world


With BT’s recent purchase of mobile giant EE receiving clearance from the Competition & Markets Authority, we have been curious to see how EE would fit into BT and whether they would lose their identity and become part of BT Mobile?

Following the announcement of the £12.5 billion acquisition on 29th of January, BT has announced the first details on the new organisational structure which comes into place from April 2016.

For EE this means being split in half:

•         The first half is led by EE’s new CEO Marc Allera and comprises of their mobile, broadband and TV services. This part of EE becomes BT’s sixth standalone line of business and interestingly will retain control of its branding, network assets and retail stores.
•         The other half of EE is its business operations, which will now be spun off into a new business unit, BT Business and Public Sector unit which will replace the current BT Business.

So it appears, at least for the short term, that both BT mobile and EE’s mobile offerings will be managed by distinct business groups within BT, each with their own brands, tariffs and marketing – and both being competitively sold to consumers.

“We will operate a multi-brand strategy with UK customers being able to choose a mix of BT, EE or Plusnet services, depending on which suits them best,” said BT CEO Gavin Patterson.

One wonders whether one of the underlying decisions in retaining the EE identify (perhaps a rather canny one in our view), may be down to EE’s brand strength. Cited against the more unwieldy BT Mobile brand, EE’s is perhaps the better recognised, which in fickle markets can cause change – and with the mobile market dominance they hold, any churn could be substantial.  Either way, we’ll see how well they continue to serve their respective customer base and how much more competitive their offerings might become in this new world of Chinese wall telecommunications.

BT’s EE acquisition now cleared by the Competition and Markets Authority


Last January we reported on BT’s £12.5 billion takeover of mobile provided EE. We had since been awaiting to hear from the Competition and Marketing Authority (CMA) whether this move would significantly harm the competition, in not just the mobile provider arena but in the Quad-play (selling a package of fixed-line phone, mobile, internet and TV) space as well.  Surprisingly, the CMA have granted BT the all clear in the EE buy out.

Both BT and EE are giants in their specialties with BT controlling 37.6% of the UK home phone market, 31% of the UK fixed-broadband market and EE holding 33.8% mobile market share. Together they hold 35 million customers between them.

Rivals, including Vodafone and TalkTalk had voiced concern during the acquisition’s original announcement calling for competition authorities to force BT to spin off its Openreach operation which maintains the UK’s copper and fibre communications cable network. This has since gone to regulator Ofcom for review for whether BT and Openreach should in fact be split up due to concerns their performance to other providers had often been poor.

The bringing together of BT and EE will likely see both cross-promotion and cross-sales between landline services and mobile.  One would assume that customers buying all their telecommunications packages from both BT and EE should get monetary savings and they wouldn’t want to lose by switching their mobile carrier next time round, something that is more frequent in the mobile world compared to consumers switching their landline provider.

Another matter yet discussed is the fate of the EE brand, being relatively young at just 6 years. Despite its size as the largest in the market, BT may not be able to resist the temptation in switching the EE brand for uncool BT Mobile. If this was the case, we could see some users switch back over to other mobile provides due to BT’s lack of lustre reputation in customer services and lack of historic expertise in the mobile arena next to O2, Vodafone and even now Three.

Is this really a fair and prudent decision by the CMA in what should be a competitive marketplace?

EU data privacy rules – Impact across the pond

A new European privacy directive is about to be signed, one which could see US tech firms fined millions of dollars if they don’t comply.

The directive regulates how tech companies obtain and use user data. According to USA Today, companies must get a clear consent from the user and have to explain just what their data will be used for. Companies must also explain to the user how the data was obtained, and in case the user wants that data changed or completely deleted, the company must do so.

As an example, if they choose to delete their Facebook account, Facebook would have to also delete all the information it had collected about them. The directive has been in production for several years and will replace a patchwork of laws from the 1990s.

“A lot of the language in this regulation has been sharpened in response to US companies walking very close to the line as far as complying with EU data protection regulations,” said Danny O’Brien, the international director of the Electronic Frontier Foundation, a San Francisco-based cyber rights group for USA Today.

The Age of Data Consent will also be raised from 13 to 16 years old, meaning all younger than 16 will have to get their parents’ approval before giving their data to companies.

The European Commission and the European Parliament could not agree on the size of the penalty in case a company fails to comply, but it seems that 4% of the company’s global revenue could be the sweet spot. For companies the size of Google or Facebook, that is a lot of money.

As an IT Managed Service Provider, data controller and data processor, Amicus ITS has had to be proactive in looking at the impact of these changes for us and our customer base.  These changes, which will become law in the member states, reflect positively on individuals as we all obtain more rights over our data.  However, for any organization that holds or processes data these changes will have an impact that cannot be ignored.


Is it easier and better sometimes to pay a ransom on demand?

Following Talk Talk’s moment ‘hackus horribilis’ on 21st October 2015, details are emerging not of foreign extremists potentially being behind the attack, but rather a growing cabal of youngsters aged 14-16 have been arrested and released on bail by the British police after questioning over the incident. The latest advisory from TalkTalk is that only 4% of their customer base (157,000 customers and around 15,600 accounts) were actually affected by the breach of security (though obviously if you were one of that number, you wouldn’t care about the low percentages).

TalkTalk are not on their own though:  M&S had some of its users’ details accidentally shared with other customers online last week. This followed what was described as an internal error. The website was pulled down for 2 hours whilst the problem was fixed. Nonetheless, personal data including names, dates of birth, contacts and previous orders could be seen. Meanwhile, Barclays suffered problems with customers complaining of difficulties with ATM transactions during the weekend of 21st October. This incident was put down to a “network problem” resulting in a “tech outtage” by Barclays.

And in an interesting discussion at the 2015 Cyber Security Summit in Boston, the FBI’s Assistant Special Agent in Charge of CYBER and Counterintelligence Programmes, Joseph Bonavolanta advocated that sometimes it really might pay off the criminals in ransomware attacks, where a CryptoWall infection has breached a company’s IT systems. Often this advice is because the infected organisation has no way of recovering the files.  Often, the cause of failure is due to a lack of recovery options and the company has no back up, or one that is too old to be commercially useful.  Ransomware has been gathering traction since 2013 and much of the difficulty for government security agencies is that no two Ransomware attacks are the same.

Meanwhile, the Deputy Director of the US National Security Agency (NSA), Richard Ledgett commented last week in an interview with the BBC, that as the world becomes more connected and more vulnerable, nation states have to identify their red lines which cannot be crossed by other nation sabotage (eg. the Sony attack) and that where this happened it should lead to consequences. There should be a three prong plan:  build our defences, build offences against threat in others’ networks and “have a build up of international diplomatic regimes” through which the threat of sanctions could be levied.

Post the Edward Snowden leaks, he said real damage had been done, as the disclosures had led to changed behaviours in cyber attackers targeting many organisations.  He added “Several terrorist organisations and one in particular had a mature operational plot directed against western Europe and the US“. This had hampered the NSA’s ability he said to do their job.  Arguing the rights and wrongs of surveillance in a data-filled world, Ledgett said: “I think that the way the discussion (the Snowden leaks) came about was wrong. You hear claims that he was a whistle-blower and that he tried to raise things. Those are just not true…He didn’t try.”   On the subject of transparency, Ledgett advised that it was good to have a public discussion about what the authorities are and can do, but it got harder if it involved specific operations and specific targets.

With Teresa May updating the UK Government’s powers on mass surveillance there is a difficult path to tread for those who keep us safe, and those who would have liberty at the forefront of the argument.

(Pix below Richard Ledgett Deputy Director of the NSA).


Are we sailing into a new Safe Harbour soon?

Our post on 22nd October 2015 discussed the fallout issues following the demise of the 2000 Safe Harbour Agreement.  The issue has prompted great anxiety in UK Government corridors.  Conversative minister for intellectual property, Baroness-Neville-Rolfe recently commented:  “There is an important principle here that companies must be able to transfer data to third-party countries with appropriate safeguards and we are concerned about the uncertainty this judgement creates”.  She has expressed the Government’s desire for the European Commission and US authorities to conclude negotiations swiftly on a revised agreement.

This may be on the cards soon, if the assurances of US Secretary of Commerce Penny Pritzker are to be believed.  At meeting in Frankfurt on 29th October, she commented to journalists that “a solution was in hand”.   She said: “The solution … is Safe Harbour 2.0, which is totally doable.”  Pritzker is cited as saying: “We had an agreement prior to the court case I think with modest refinements that are being negotiated we could have an agreement shortly”.

This will be welcome news indeed as long as it is true, as British business, which since the announcement at the start of October, has been getting very nervous about the implications of legal action companies may face if found to be in breach at the end of January 2016.

The Information Commissioner’s Office (ICO) has sought to provide some comfort, stating they are “… hopeful that the Safe Harbour 2.0 will emerge and “provide a strong and effective framework for protecting individuals when their personal data are transferred from the EU to the US.”  It all sounds rather dry and distanced considering negotiations for Safe Harbour 2.0 have been going on for nearly two years now.   But with a deadline around the corner and Santa’s prezzies just being wrapped, it might just go to prove the adage that there’s nothing like staring at a  cliff-face to focus the mind, event at this eleventh hour – or so we hope…

SafeHarbor Logo-Lines

The new flexible and affordable British Smart Phones


Smart phones have been a phenomenal success world-wide, with many manufacturers around the world fighting for a slice of the smart devices pie.

The newest participant is British-based WileyFox with the launch of 2 new smart phones. The first is the cheaper WileyFox Swift at £129 with a 5.0” display, 13MP camera and 2GB memory. The second is the WileyFox Storm priced at £199 with a bigger 5.5” display, better 20MP camera and larger 3GB memory.    Both of these phones also support dual SIM, expandable memory, 4G LTE and are powered by the open, Cyanogen OS, which is itself built on Google’s Android.

The WileyFox phones offer good value for money for those seeking to buy their phone outright instead of facing carrier subsidies or for UK buyers looking for a dual SIM phone as they rarely make it to our shores.
Of course good value for money doesn’t equal success, with many of the established smart phone giants failing to find profitability in the field including both Sony and LG who’s Q3 fiscal reports showed declining smartphone shipments.

WileyFox could find more success in the UK compared to markets with similarly position phones such as the US where consumers are tied to pricey monthly plans and do not have the flexibility to choose any network of their choosing, due to a lack of phone signal overlap between network providers.   In the UK not only can the average consumer choose from any network of their own preference, but many are becoming more savvy with their smart phone purchases, either buying phones outright and using either pay-as-you-go SIMs or cheap SIM-only plans.  All of which plays well into Wileyfox’s new affordable and flexible dual SIM options.

Red October For EU After Safe Harbour Decision Collapses Pan Atlantic Agreement

Updating our blog of 9th October, the end of January 2016 will mark the date point where EU data protection regulators could start prosecutions for any erroneous transfer of EU individuals’ personal data from Europe to the US – unless a replacement to the Safe Harbour Agreement is rapidly agreed.

The heat is firmly on in Brussels now to find a workable solution and fast, as the ramifications facing up to 4,500 US companies (not just tech firms) in transferring data across the Atlantic to Europe now means organisations could face 20 or more different sets of national data-privacy regulations to replace the Safe Harbour Agreement which had been in place for 15 years.

The NSA’s mass data collection originally highlighted by the Edward Snowden leaks in a case brought by law student Max Schrems against Facebook, prompted the European Court of Justice (CJEU) court ruling on 6th October 2015.  This now looks set to massively disrupt the international eco system for data transfer, legal adherence and sovereign user assurances.  The regulators emphasised that the question of mass and indiscriminate surveillance was central to the CJEU’s decision and a replacement data transfer agreement would have to provide “stronger guarantees to EU data subjects” accompanied by “clear and binding mechanisms” and “oversight of access by public authorities“.

The main points
•   Individual European countries can now set their own regulation for US companies’ handling of citizens’ data, vastly complicating the regulatory environment in Europe (Russia recently introduced a new data law demanding data on Russian citizens was stored within Russia).

•   Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.

•   The Irish data regulator (host nation for Facebook and Microsoft’s European data centres), has now agreed they will examine whether Facebook offered European users adequate data protections – and it may order the suspension of Facebook’s transfer of data from Europe to the US if so.

Privacy lawyer Dr Susan Foster of Mintz Levin commented:  “Consent has to be explicit and freely given” — which causes a headache for another key use of Safe Harbour, the transfer of employee data. “In many countries in Europe you can’t rely on consent from employees, because employees are understood not to have free choice.” An employee may feel pressured into consenting, so such a consent would not be a valid basis for the transfer. “A lot of multinational companies with employees in Europe rely on Safe Harbour because they don’t feel they can rely on consent, quite rightly.”

A new dawn awaits data controllers across Europe.  The upshot is likely to be one filled with more model contract clauses and a greater emphasis on risk based analysis surrounding data transfer.  But whatever the outcome, from 1st February 2015, ‘ignorantia juris non excusat’ – roughly translated: ‘ignorance of the law is no defence ‘.  Businesses beware!

SafeHarbor Logo-Lines