Hello, and welcome back to Equity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines.
This is our Monday show, where we dig into the weekend and take a peek at the week that is to come.
Now that we are finally past Y Combinator’s demo day — though our Friday show is worth listening if you haven’t had a chance yet — we can dive into the latest news.
So, this morning on Equity Monday we got into the chance that the United States might pass a real data privacy law.
There’s movement to report, but we’re still very, very far from anything becoming law.
Your cut out & keep guide to Big Tech talking points in a new age of antitrust With regulatory risk soaring, platforms are in lobbying overdrive.
We cut to the chase with a no-nonsense glossary of Big Tech’s top whines…As the likes of Amazon, Apple, Google, Meta, Microsoft and TikTok face unprecedented (yes, actually!)
But there’s an even greater nightmare for Big Tech: The break-up of established empires may be on the cards.
This may explain why some of the defensive claims put out in response to dialled-up regulatory attention are so familiar.
“why am I seeing this ad?”because we tracked you“why are we doing this?”to keep tracking you for 🤑“publicly available information”stuff we stole
The deal is interesting on a number of fronts including the round’s structure and how Skyflow has been impacted by growth of AI.
The new capital comes after Skyflow expanded its data privacy business to support new AI technologies last year.
(In its latest news dump, Skyflow said that it expanded its support of China and that market’s particular data rules.)
This Skyflow round slots neatly into several trends we’ve observed recently.
The explosive growth in AI is creating healthy businesses for LLM infrastructure and support companies.
The feature, spotted first by the TGInfoEn Telegram channel (via reverse engineer AssembleDebug), is rolling out in select countries for Telegram for Android users.
If you agree to let Telegram use your number as an OTP relay, the company will send you a transferable code for Telegram Premium.
The terms of service for this peer-to-peer login program notes that the company will send a maximum of 150 OTP messages per month.
From a monetary perspective, you might end up paying more through your phone bill than the value of Telegram’s premium membership.
However, users opting into the peer-to-peer login system have to think if giving out their phone number to strangers to save a few bucks is worth the hassle.
The complaint accuses Apple of moulding its privacy and security practices in ways that benefits the company financially.
One quote particularly jumps out where the DOJ calls Apple’s privacy and security justification an “elastic shield”:“Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests,” it says.
“Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct.
It also said that at the moment developers can’t offer a separate app store for children.
Essentially, the DOJ argues that Apple’s privacy and security practices are pretextual in nature and the company chooses “alternative courses” to protect its monopoly.
The U.S. Department of Transportation announced its first industry-wide review of data security and privacy policies across the largest U.S. airlines.
Those airlines include Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United.
Wyden has raised alarms about the sharing and sale of sensitive U.S. consumer data to data brokers — companies that collect and resell people’s personal data, like precise location data, often derived from their phones and computers.
In recent months, Wyden has warned that data brokers sell access to Americans’ personal information, which can identify which websites they visit and the places they travel to.
In remarks, Wyden said: “Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses.”
On Tuesday, digital EVP and competition chief Margrethe Vestager cast doubt on Meta’s privacy fee, telling Reuters: “I think there are many different ways to monetize the services that you provide.
“Consumers should be given time to reflect before making that decision, and not being put under pressure to accept it quickly.”As noted above, consumer protection groups have filed a number of complaints about Meta’s privacy fee — arguing Meta is breaching EU consumer protection and privacy rules.
There’s currently no way for users in the EU to use Facebook or Instagram and not be tracked.
They suggest Meta’s strategy is a blatant attempt to circumvent EU laws by making privacy an unaffordable luxury.
Vestager’s remarks also suggest the Commission already takes the view that Meta’s privacy fee is non-compliant with the DMA.
“[W]e await feedback from the Irish Data Protection Commission [DPC], our lead data protection regulator in the EU,” he added.
While Meta’s compliance with the GDPR is led by the Irish DPC, under the regulation’s one-stop-shop.
This structure does not mean the Irish authority gets final say on Meta’s compliance with EU privacy rules, though.
In the case of Meta, this has frequently led to objections from other data protection authorities which have landed stiffer enforcements than the DPC originally proposed.
So who gets the final say on the GDPR compliance of Meta’s consent mechanism is complex too.
“The trajectory of privacy and data protection is at a critical juncture, and it is imperative that all stakeholders, including tech giants like yours, uphold their responsibilities to safeguard these rights.
One of the signatories, Pirate Party MEP Patrick Breyer, summarizes Meta’s demand for a “privacy fee” as “economic coercion”.
noyb has subsequently filed another GDPR complaint against Meta’s model, focused on how easy/not is it for people to withdraw consent.
There are also a series of consumer protection complaints in the mix — which argue Meta’s approach breaches EU consumer protection rules.
Completing the circle, consumer right groups have filed as series of GDPR complaints against Meta’s ‘pay or okay’ model, too.
Sharing URLs privatelyNow, if all of this sounds a bit familiar, then that’s likely because you are already familiar with the Safe Browsing Enhanced Mode.
The privacy server removes potential user identifiers and forwards the encrypted hash prefixes to the Safe Browsing server via a TLS connection that mixes requests with many other Chrome users.
The Safe Browsing server decrypts the hash prefixes and matches them against the server-side database, returning full hashes of all unsafe URLs that match one of the hash prefixes sent by Chrome.
This server sits between Chrome and Safe Browsing and strips out any identifying information from the browser request.
Thanks to all of this, Google’s Safe Browsing service should never see your IP address.
