French regulators throw the first big GDPR punch at Google with £44m fine

Google has fallen foul of the French data regulators with the announcement yesterday of an impressive £44m fine against the global search engine giant.  In a move that has sent the tech industry chattering, this marks the first major European penalty since the rollout of GDPR on 27th May 2018.  It was going to happen sooner or later, it was just a matter of who first?

Google’s blunder was their covert process of gathering data to personalise ads without ‘sufficiently’ informing user, burying the detail in terms and conditions and using pre-ticked boxes (contrary to new legislation).

CNIL, the French equivalent of the UK’s Information Commissioner’s Office filed two complaints as soon as GDPR came into effect.

Commenting on the severity of the fine, CNIL advised that the action was “justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent”.

The penalty is the largest to date under the European Union privacy law, known as the General Data Protection Regulation, which took effect in May, and shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.

The fine announced on Monday is far lower than the maximum penalty under the European privacy law, which is 4% of global revenue. For Google, that would be more than $4 billion!

The response has been largely welcomed in the wider MSP community as a prompt to improve better marketing processes, echoed by Amicus ITS.  Like many others today, Amicus ITS uses Account Based Marketing, so the lawful consent required is applied directly with the customer.

The news is a salutary reminder for vigilance with firms to ensure they comply with GDPR and offer flexibility in providing services through different marketing channels that create the variety and correct routes for data capture through websites and other means (which these days is translated as the increase in companies offering AI chatbots when communicating services or offering information with 3rd parties).

Are you surprised by the fine?  Who do you think is going to be next up for punishment?  Give us your thoughts.

Not Much Deep Thinking Evident Behind NHS Trust’s Data Share with Google DeepMind

Not for the first time, the NHS has come under fire from patients, patient groups and the scrutiny of the UK’s National Data Guardian (NDG), Dame Fiona Caldicott – and the ICO’s chief Elizabeth Denham.

The Royal Free Hospital in London commissioned Google’s DeepMind division in 2015 to help develop a Streams app to detect acute kidney injury through a blood test to identify deterioration. They provided DeepMind with 1.6 million patient records in the process to enabling ‘real time’ testing.

• Patients at the Royal Free Hospital in London were mainly unaware that their details were being used by a third party, nor how it was being used.
• No details on the financial terms of the deal have been disclosed publicly.

To Dame Fiona Caldicott, whose letter to the Royal Free was recently leaked, laid out her  concern that the data had been transferred on a ‘legally inappropriate’ (read ‘unlawful’) basis.  The app being developed was not ‘central’ to patient clinical care.  Caldicott shared her concerns with the ICO.

Caldicott does not dispute the app’s ability to help clinicians save lives today, but added in her letter: “Given that Streams was going through testing and therefore could not be relied upon for patient care, any role the application may have played in supporting the provision of direct care would have been limited and secondary to the purpose of the data transfer.  My considered opinion therefore remains that it would not have been within this reasonable expectation of patients that their records would have been shared for this purpose.”

Google DeepMind’s clinical lead Dominic King, was swift to distance any cross-use of the patient data with other Google products or services, or use for commercial purposes.

The ICO’s Elizabeth Denham has yet to give her judgement on misuse under the Data Protection Act, but the issue underlines the importance of individual consent.  This will be evermore intensely examined with the forthcoming GDPR regulations in 2018.  As it stands though, the ICO nonetheless has powers to fine a company up to £500,000 for the misuse of personal data as well as seek individual criminal prosecution.

Irrespective of the worthiness and potential benefit to patients in the longer term from the app, Dominic King agrees: “I think one thing that we do recognise that we could have done better is make sure that the public are really informed about how their data is used.”

It may prove a costly oversight to the Royal Free at a time of increasing NHS budget constraints, as well as prompting an ignominious slap in the face to the Trust from its patient body through damage reputation.

Amicus ITS is continuing its series of thought leadership events, this time on GDPR through 2017 for its customers and invited guests.  Further information on the programme can be found by contact Marketing (email) or calling Lindsay Burden on 02380 429475.

The Death of Flash


Adobe Flash, released in 1996 brought with it animations, games and of course ads to a mostly static web. The technology was greeted with almost universal praise and adoption by developers and web surfers alike.   Nowadays the software tool has a less favoured reputation; it’s unable to run on most mobile devices, consumes high amounts of devices’ processing power and battery life – and then of course there are the many security issues around Flash.

The adoption of Flash has decreased throughout the years but its most noticeable set-back was arguably the unveiling of Apple’s iPhone, bringing with it a new world of mobile internet which left Adobe behind technically, despite their willingness to be included.

Steve Jobs published his Thoughts on Flash on April, 2010 detailing why Apple don’t and won’t allow Flash onto their hugely successful iPhone, iPad and iPod. His main reason being that the mobile era is all about low powered devices, touch interfaces and open web standards – all areas where ‘Flash falls short’.

In August 2015 Amazon announced it would no longer be accepting Flash ads on its website.  This week Google announced, from the 30th June 2016 it will stop accepting Flash ads on its AdWords and DoubleClick networks and from 2nd January 2017 it won’t display any Flash ads on Display Network or DoubleClick.    Google has stated “We’ve rolled out tools to encourage advertisers to use HTML5, so you can reach the widest possible audience across screens.”     This move is likely to be the killing blow for Adobe’s Flash platform, with Google being the most prominent web ad provider around.

Adobe itself has come around to support open web standards, now providing its own Flash-alternative, HTML5 tools, for developers to create HTML5 content for both desktop and mobile.

With the almost inevitable demise of Flash in sight and modern, mobile-friendly web standards likes HTML5 ready to take over, appreciation of Adobe’s early efforts in making the web a more animated place should be acknowledged, though few will mourn all the security headaches that came with it.

Blackberry announces privacy focused Android phone


Blackberry’s much rumoured android venture has finally become official with the announcement of the companies first Google powered smart phone called the Priv due to be released later this year.

Priv stands for privacy which has been the cornerstone of BlackBerry’s business over the last 20 years.

Both the phone and the strategy announcement of a non-BlackBerry OS phone came out from a simple press release from the company after many rumours and substantial leaks showing much of the device. The announcement also confirmed that BlackBerry is not yet cancelling development of its own BlackBerry OS but will be developing both Android and BlackBerry OS handsets in the future to give consumer the choice of which they prefer.

The dual development approach however may not be a long term strategy and it is very possible that this time next year BlackBerry, if their Android phones are more successful than their own developed counterparts, could announce plans to drop their own OS in favour of providing additional development resources into their Android security layer that will be their unique selling point going forwards.

Many have been calling doom and gloom for the Canadian company and its easy to see why with BlackBerry currently holding less than 1% of the smart phone market, however with the Priv and future business and security focused smart phones they could start to carve back a market from both corporate users and smart phone fans that still long for the days of durable, long lasting battery phones with a physical keyboard but don’t want to compromise with an unsupported OS that won’t run the many applications the modern mobile user would want to use.

BlackBerry going Android could actually provide a breath of fresh air from smartphone slabs that mostly all look and act the same today.

Google’s going to have a daddy called Alphabet


This week Google announced plans for the US tech giant to be divided up and run by a new parent company called Alphabet, with Google CEO becoming the CEO for Alphabet.

Google is known primarily for its search engine and other web services such as Mail, Maps and YouTube but the money Google has made from these ventures and most importantly its internet ads, have given it the opportunity to spin up a surprising amount of side-projects big and small.

This split of the main company into division companies with dedicated leadership of each, enables Google to remain focused, not just on its core business such as web services and android platform development, but keep a spotlight on self-driving cars, robotics and its far reaching project, Calico – which seeks to deny death.

The new Alphabet companies consist of the following:

Google – core business such as search, Android, YouTube, Maps, ect
Google X – research and moonshot projects including Google Glass, Internet delivering balloons, robotics, ect
Fiber – high speed internet delivery
Nest – last years smart home devices acquisition
Sidewalk Labs – improving modern cities
Calico – Life sciences company project to increase human longevity
Google Capital – investment arm focusing on late-state growth companies
Google Venture – venture capital arm

In addition to the splitting up, Alphabet’s logo has a more subdued tone. The main Google logo has not changed however and remains as colourful as ever.

It is likely we will see more announcements soon and possibly Alphabet will be adding even more companies, both acquisitions and new developments into its fold in the future. The ambition of Google is looking bigger than ever.  But with Alphabet, they can down play their monstrous size and focus on delivering new individual projects once more.

As co-founder Larry Page said in his announcement:  “We’ve long believed that over time companies tend to get comfortable doing the same thing, just making incremental changes. But in the technology industry, where revolutionary ideas drive the next big growth areas, you need to be a bit uncomfortable to stay relevant”.  The tech giant is certainly keeping to that promise and ensuring that whilst its brand stays prominent, it is able to explore this statement of intent with clearly defined new business areas for the behemoth.

Google’s Knowledge Graph – the tool that knows what you want

Google’s massive web search engine is seeking to move towards creating a greater understanding of what the user is looking for in online web searches and reasoning like a person as it learns from the web. With the indexing of the web mainly done, the next task is to understand the content on this massive repository we all use.   So, after building up trillions of words, Google is now trying to connect them in ways similar to the human brain, to help Google work out what we want to know and deliver a device that can handle tasks and subtasks that we will end up using in every day life as it creates a view of the world.

This new tool, called ‘Now on Tap’, will appear on the new version of Android OS when released.  In a bid to understand the context of what you may need to know, Now on Tap is seeking to apply meaning to the collection of words on the web and make them all interconnecting and thus create the ‘Knowledge Graph’ to represent the world in a useful way.

Another, far smaller company, Diffbot nearby in Silicon Valley is doing the same thing, though on a smaller scale.  Founder Mike Tung is a former student of Stanford, having studyied AI.  His company data feeds into several online search engines including Microsoft’s Bing search engine.  Diffbot reads 2,500 web pages per second and categorises their content.  Diffbot’s Knowledge Graph is only 60% size of Google with around 600 million objects, however Mike Tung is not shy about the company’s ambitions:  “Our long term goal is to build a machine that can read one trillion objects.  This would be the leaping point for human level intelligence”.

All of this is some time away from commercial realisation, however whilst again demonstrating exciting advances in technology and innovation, alongside all this good stuff, there remains the nagging issue of security.   Google has a less than strong record in data security, so the development of a new architecture and connectivity through the Internet of Things has to run in conjunction with tighter security measures and data controls if Google and others are to afford assurance to users that the data searches they are seeking and storing remain personal and approved.


Europe aims to close the door on encryption flaw risk

There has been a lot of talk recently about whether Government entities be allowed direct, back door access to encrypted messaging systems such as Apple’s iMessage and Facebook’s acquired WhatsApp.

In the US, the FBI asked the U.S. Congress to make encryption back doors in mobile devices mandatory to help combat crime.    Apple, Google and other major  tech companies are currently urging Barack Obama to reject the proposals for back doors for smart phones.

This conversation has mostly taken place in America where government bodies have argued that without back door access to these systems, how can they have a clear avenue for investigating terrorism claims?   There are two main arguments against allowing this. First is users rights’ to have private information. The second is a technical one, with any back door access, you are making a once secure system less-secure, and introducing a new front through which the system can be breached.

European Commission Vice President Andrus Ansip states there are no plans to require backdoors in communications encryption in Europe, “We don’t want to destroy people’s trust by creating some back doors,”

It is reassuring that back doors to secure, encrypted services that users trust is not on the cards for Europe, but if America does get its way then these services and our own mobiles could in fact have back doors – whether or not Europe chooses.  With such security flaws in place, how long would it take a resourceful hacker to use it for their own needs?   Hopefully in a post back door world, countries which do not enforce such a policy will have their own data unreachable from those who do.   If not we could see a new market for European-only encrypted services which promise no back doors for anyone.