Pro-privacy browser Brave, which has been testing its own brand search engine for several months — operating a waitlist where brave (ha!) early adopters could kick the tyres of an upstart alternative in Internet search — has now launched the tool, Brave Search, in global beta.

Users interested in checking out Brave’s non-tracking search engine, which is built on top of an independent index and touted as a privacy-safe alternative to surveillance tech products like Google search, will find it via Brave’s desktop and mobile browsers. It can also be reached from other browsers via search.brave.com — so doesn’t require switching to Brave’s browser to use.

Brave Search is being offered as one of multiple search options that users of the company’s eponymous browser can pick from (including Google’s search engine). But Brave says it will make it the default search in its browser later this year.

As we reported back in March, the company acquired technology and developers who had previously worked on Cliqz, a European anti-tracking search-browser combo which closed down in May 2020 — building on a technology they’d started to develop, called Tailcat, to form the basis of the Brave-branded search engine.

The (now beta) search engine has been tested by more than 100,000 “early access users” at this point, per Brave. It’s made this video ad to tout its “all in one” alternative to Google search + Chrome.

The company recently passed 32M monthly active users (up from 25M back in March) for its wider suite of products — which, as well as its flagship pro-privacy browser, includes a news reader (Brave News), and a Firewall+VPN service.

Brave also offers privacy-preserving Brave Ads for businesses wanting to reach its community of privacy-preferring users.

Growing public awareness of surveillance based business models has been building momentum for pro-privacy consumer tech for a number of years. And several players which started out with a strong focus on one particular pro-privacy product (such as a browser, search engine or email) have been expanding into a full suite of products — all under the same non-tracking umbrella.

As well as Brave, there’s the likes of DuckDuckGo — which offers non-tracking search but also a tracker blocker and an email inbox protector tool, among other products, and reckons it now has between 70M-100M users overall; and Proton, the maker of e2e-encrypted email service ProtonMail but also a cloud calendar and file storage as well as a VPN. The latter recently confirmed passing 50M users globally.

There is also Apple itself too, of course — a Big Tech giant that competes with Google and the adtech complex by promising users a privacy premium to drive sales of its hardware and services. (At the start of this year Apple said there are now over 1BN iOS users globally — and over 1.65BN Apple devices.)

Tl;dr: The market for privacy consumer tech is growing.

Still, even Apple doesn’t try to compete against Google search which perhaps underlines the scale of the challenge involved in trying to poach users from the search behemoth. (Albeit, Apple extracts massive payments from Google to preload the latter’s search engine onto iOS devices — which does conflict with (and complicate) its wider, pro-privacy, pro-user promises while also adding a nice revenue boost for Apple… ).

DuckDuckGo has, by contrast, been at the non-tracking search coalface for years — and turning a profit since 2014. Though clearly not in the same profit league as Apple. But, more recently, it’s also taken in rare tranches of external funding as its investors spy growing opportunity for private search.

Other signs of expanding public appetite to protect people’s information from commercial snoopers include the surge of usage for e2e encrypted alternatives to Facebook-owned WhatsApp — such as Signal — which saw a download spike earlier this year, after the advertising giant announced unilateral changes to WhatsApp’s terms of service.

Credible players that have amassed a community of engaged users around a core user privacy promise are well positioned to ride each new wave of privacy interest — and cross sell a suite of consumer products where they’ve been able to expand their utility. Hence Brave believing the time is right for it to dabble in search.

Commenting in a statement, Brendan Eich, CEO and co-founder of Brave, said: “Brave Search is the industry’s most private search engine, as well as the only independent search engine, giving users the control and confidence they seek in alternatives to big tech. Unlike older search engines that track and profile users, and newer search engines that are mostly a skin on older engines and don’t have their own indexes, Brave Search offers a new way to get relevant results with a community-powered index, while guaranteeing privacy. Brave Search fills a clear void in the market today as millions of people have lost trust in the surveillance economy and actively seek solutions to be in control of their data.”

Brave touts its eponymous search offering as having a number of differentiating features vs rivals (including smaller rivals) — such as its own index which it also says gives it independence from other search providers.

Why is having an independent index important? We put that question to Josep M. Pujol, chief of search at Brave, who told us: “There are plenty of incentives for censorship and biases, either by design, or what is even more difficult to combat, unintentional. The problem of search, and how people access the web, is that it is a mono-culture, and everybody knows that while it’s very efficient, it’s also very dangerous. A single disease can kill all the crops. The current landscape is not fail-tolerant, and this is something that even users are becoming aware of. We need more choices, not to replace Google or Bing, but to offer alternatives. More choices will entail more freedom and also get back to real competition, with checks and balances.

“Choice can only be achieved by being independent, as if we do not have our own index, then we are just a layer of paint on top of Google and Bing, unable to change much or anything in the results for users’ queries. Not having your own index, as with certain search engines, gives the impression of choice, but in reality such engine ‘skins’ are the same players as the big-two. Only by building our own index, which is a costly proposition, will we be in a position to offer true choice to the users for the benefit of all, whether they are Brave Search users or not.”

Although, for now, it’s worth noting that Brave is relying on some provision from other search providers — for specific queries and in areas like image search (where, for example, it says it’s currently fetching results from Microsoft-owned Bing) — to ensure its results achieve adequate relevancy.

Elsewhere it also says it’s relying upon anonymized contributions from the community to improve and refine results — and is seeking to live up to wider transparency claims vis-a-vis the search index (which it also claims has “no secret methods or algorithms to bias results”; and for which it will “soon” be offering “community-curated open ranking models to ensure diversity and prevent algorithmic biases and outright censorship”).

In another transparency step Brave is reporting the percentage of users’ queries that are independent by showing what it bills as “the industry’s first search independence metric” — meaning it displays the ratio of results coming exclusively from its own index.

“It is derived privately using the user’s browser as we do not build user profiles,” Brave notes in a press release. “Users can check this aggregate metric to verify the independence of their results and see how results are powered by our own index, or if third-parties are being used for long tail results while we are still in the process of building our index.”

It adds that Brave Search will “typically be answering most queries, reflected by a high independence metric”. Although if you’re performing an image search, for example, you’ll see the the independence metric take a hit (but Brave confirms this will not result in any tracking of users).

“[Transparency] is a key principle at Brave, and there will also be a global independence metric for Brave Search across all searches, which we will make publicly available to show how we are progressing towards complete independence,” it adds.

Example of Brave’s ‘independence metric’ for search results (Image credits: Brave)

On the monetization side, Brave says it will “soon” be offering both a paid ad-free version of search in the future and an ad-supported free version — while still pledging “fully anonymous” search. Though it specifies that it won’t be flipping the ad switch during the early beta phase.

“We will offer options for both ad-free paid search and ad-supported free search later,” it notes. “When we are ready, we will explore bringing private ads with BAT revenue share to search, as we’ve done for Brave user ads.”

Users of the search engine who do not also use Brave’s own browser will be served contextual ads.

“In Brave Search via the browser, strong privacy guarantees for opt-in ads are a norm and a brand value that we uphold,” adds Pujol, confirming that users of its search and browser are likely to get the same type of ad targeting.

Asked about pricing of the forthcoming ad-free version of the search engine he says: “Although we have not finalized the launch date or the price yet, our ad-free paid search will be affordable because we believe search, and access to information, should be available on fair terms for everyone.”

In an interesting recent development in Europe, Google — under pressure from antitrust regulators — has agreed to ditch a pay-to-play auction model for the choice screen it offers regional users of its Android platform, letting them pick a default search engine from list with a number of rivals and its own brand Google search. The move should expand the number of alternative search engines Android users in Europe are exposed to — and could help chip away at some of Google’s search marketshare.

Brave previously told us it would not participate in Google’s paid auction — but Pujol says that if the new model is “truly free to participate” it will likely take part in future.

“Google and free-to-participate seem difficult to believe, given plenty of precedents but if this model is indeed truly free to participate, without contracts or non-disclosure agreements, then we would likely participate,” he says. “After all, Brave Search is open to everyone who would like to use it, and we are open and happy to put Brave Search on any platform.”

“We have localized browsers throughout the European market, so in addition to growth via the Brave browser growing, we intend to grow Brave Search’s usage by marketing our best-in-class privacy on all media that reach prospective users,” he adds.

The need for markets-focused competition watchdogs and consumer-centric privacy regulators to think outside their respective ‘legal silos’ and find creative ways to work together to tackle the challenge of big tech market power was the impetus for a couple of fascinating panel discussions organized by the Centre for Economic Policy Research (CEPR), which were livestreamed yesterday but are available to view on-demand here.

The conversations brought together key regulatory leaders from Europe and the US — giving a glimpse of what the future shape of digital markets oversight might look like at a time when fresh blood has just been injected to chair the FTC so regulatory change is very much in the air (at least around tech antitrust).

CEPR’s discussion premise is that integration, not merely intersection, of competition and privacy/data protection law is needed to get a proper handle on platform giants that have, in many cases, leveraged their market power to force consumers to accept an abusive ‘fee’ of ongoing surveillance.

That fee both strips consumers of their privacy and helps tech giants perpetuate market dominance by locking out interesting new competition (which can’t get the same access to people’s data so operates at a baked in disadvantage).

A running theme in Europe for a number of years now, since a 2018 flagship update to the bloc’s data protection framework (GDPR), has been the ongoing under-enforcement around the EU’s ‘on-paper’ privacy rights — which, in certain markets, means regional competition authorities are now actively grappling with exactly how and where the issue of ‘data abuse’ fits into their antitrust legal frameworks.

The regulators assembled for CEPR’s discussion included, from the UK, the Competition and Markets Authority’s CEO Andrea Coscelli and the information commissioner, Elizabeth Denham; from Germany, the FCO’s Andreas Mundt; from France, Henri Piffaut, VP of the French competition authority; and from the EU, the European Data Protection Supervisor himself, Wojciech Wiewiórowski, who advises the EU’s executive body on data protection legislation (and is the watchdog for EU institutions’ own data use).

The UK’s CMA now sits outside the EU, of course — giving the national authority a higher profile role in global mergers & acquisition decisions (vs pre-brexit), and the chance to help shape key standards in the digital sphere via the investigations and procedures it chooses to pursue (and it has been moving very quickly on that front).

The CMA has a number of major antitrust probes open into tech giants — including looking into complaints against Apple’s App Store and others targeting Google’s plan to depreciate support for third party tracking cookies (aka the so-called ‘Privacy Sandbox’) — the latter being an investigation where the CMA has actively engaged the UK’s privacy watchdog (the ICO) to work with it.

Only last week the competition watchdog said it was minded to accept a set of legally binding commitments that Google has offered which could see a quasi ‘co-design’ process taking place, between the CMA, the ICO and Google, over the shape of the key technology infrastructure that ultimately replaces tracking cookies. So a pretty major development.

Germany’s FCO has also been very active against big tech this year — making full use of an update to the national competition law which gives it the power to take proactive inventions around large digital platforms with major competitive significance — with open procedures now against Amazon, Facebook and Google.

The Bundeskartellamt was already a pioneer in pushing to loop EU data protection rules into competition enforcement in digital markets in a strategic case against Facebook, as we’ve reported before. That closely watched (and long running) case — which targets Facebook’s ‘superprofiling’ of users, based on its ability to combine user data from multiple sources to flesh out a single high dimension per-user profile — is now headed to Europe’s top court (so likely has more years to run).

But during yesterday’s discussion Mundt confirmed that the FCO’s experience litigating that case helped shape key amendments to the national law that’s given him beefier powers to tackle big tech. (And he suggested it’ll be a lot easier to regulate tech giants going forward, using these new national powers.)

“Once we have designated a company to be of ‘paramount significance’ we can prohibit certain conduct much more easily than we could in the past,” he said. “We can prohibit, for example, that a company impedes other undertaking by data processing that is relevant for competition. We can prohibit that a use of service depends on the agreement to data collection with no choice — this is the Facebook case, indeed… When this law was negotiated in parliament parliament very much referred to the Facebook case and in a certain sense this entwinement of competition law and data protection law is written in a theory of harm in the German competition law.

“This makes a lot of sense. If we talk about dominance and if we assess that this dominance has come into place because of data collection and data possession and data processing you need a parameter in how far a company is allowed to gather the data to process it.”

“The past is also the future because this Facebook case… has always been a big case. And now it is up to the European Court of Justice to say something on that,” he added. “If everything works well we might get a very clear ruling saying… as far as the ECN [European Competition Network] is concerned how far we can integrate GDPR in assessing competition matters.

“So Facebook has always been a big case — it might get even bigger in a certain sense.”

France’s competition authority and its national privacy regulator (the CNIL), meanwhile, have also been joint working in recent years.

Including over a competition complaint against Apple’s pro-user privacy App Tracking Transparency feature (which last month the antitrust watchdog declined to block) — so there’s evidence there too of respective oversight bodies seeking to bridge legal silos in order to crack the code of how to effectively regulate tech giants whose market power, panellists agreed, is predicated on earlier failures of competition law enforcement that allowed tech platforms to buy up rivals and sew up access to user data, entrenching advantage at the expense of user privacy and locking out the possibility of future competitive challenge.

The contention is that monopoly power predicated upon data access also locks consumers into an abusive relationship with platform giants which can then, in the case of ad giants like Google and Facebook, extract huge costs (paid not in monetary fees but in user privacy) for continued access to services that have also become digital staples — amping up the ‘winner takes all’ characteristic seen in digital markets (which is obviously bad for competition too).

Yet, traditionally at least, Europe’s competition authorities and data protection regulators have been focused on separate workstreams.

The consensus from the CEPR panels was very much that that is both changing and must change if civil society is to get a grip on digital markets — and wrest control back from tech giants to that ensure consumers and competitors aren’t both left trampled into the dust by data-mining giants.

Denham said her motivation to dial up collaboration with other digital regulators was the UK government entertaining the idea of creating a one-stop-shop ‘Internet’ super regulator. “What scared the hell out of me was the policymakers the legislators floating the idea of one regulator for the Internet. I mean what does that mean?” she said. “So I think what the regulators did is we got to work, we got busy, we become creative, got our of our silos to try to tackle these companies — the likes of which we have never seen before.

“And I really think what we have done in the UK — and I’m excited if others think it will work in their jurisdictions — but I think that what really pushed us is that we needed to show policymakers and the public that we had our act together. I think consumers and citizens don’t really care if the solution they’re looking for comes from the CMA, the ICO, Ofcom… they just want somebody to have their back when it comes to protection of privacy and protection of markets.

“We’re trying to use our regulatory levers in the most creative way possible to make the digital markets work and protect fundamental rights.”

During the earlier panel, the CMA’s Simeon Thornton, a director at the authority, made some interesting remarks vis-a-vis its (ongoing) Google ‘Privacy Sandbox’ investigation — and the joint working it’s doing with the ICO on that case — asserting that “data protection and respecting users’ rights to privacy are very much at the heart of the commitments upon which we are currently consulting”.

“If we accept the commitments Google will be required to develop the proposals according to a number of criteria including impacts on privacy outcomes and compliance with data protection principles, and impacts on user experience and user control over the use of their personal data — alongside the overriding objective of the commitments which is to address our competition concerns,” he went on, adding: “We have worked closely with the ICO in seeking to understand the proposals and if we do accept the commitments then we will continue to work closely with the ICO in influencing the future development of those proposals.”

“If we accept the commitments that’s not the end of the CMA’s work — on the contrary that’s when, in many respects, the real work begins. Under the commitments the CMA will be closely involved in the development, implementation and monitoring of the proposals, including through the design of trials for example. It’s a substantial investment from the CMA and we will be dedicating the right people — including data scientists, for example, to the job,” he added. “The commitments ensure that Google addresses any concerns that the CMA has. And if outstanding concerns cannot be resolved with Google they explicitly provide for the CMA to reopen the case and — if necessary — impose any interim measures necessary to avoid harm to competition.

“So there’s no doubt this is a big undertaking. And it’s going to be challenging for the CMA, I’m sure of that. But personally I think this is the sort of approach that is required if we are really to tackle the sort of concerns we’re seeing in digital markets today.”

Thornton also said: “I think as regulators we do need to step up. We need to get involved before the harm materializes — rather than waiting after the event to stop it from materializing, rather than waiting until that harm is irrevocable… I think it’s a big move and it’s a challenging one but personally I think it’s a sign of the future direction of travel in a number of these sorts of cases.”

Also speaking during the regulatory panel session was FTC commissioner Rebecca Slaughter — a dissenter on the $5BN fine it hit Facebook with back in 2019 for violating an earlier consent order (as she argued the settlement provided no deterrent to address underlying privacy abuse, leaving Facebook free to continue exploiting users’ data) — as well as Chris D’Angelo, the chief deputy AG of the New York Attorney General, which is leading a major states antitrust case against Facebook.

Slaughter pointed out that the FTC already combines a consumer focus with attention on competition but said that historically there has been separation of divisions and investigations — and she agreed on the need for more joined-up working.

She also advocated for US regulators to get out of a pattern of ineffective enforcement in digital markets on issues like privacy and competition where companies have, historically, been given — at best — what amounts to wrist slaps that don’t address root causes of market abuse, perpetuating both consumer abuse and market failure. And be prepared to litigate more.

As regulators toughen up their stipulations they will need to be prepared for tech giants to push back — and therefore be prepared to sue instead of accepting a weak settlement.

“That is what is most galling to me that even where we take action, in our best faith good public servants working hard to take action, we keep coming back to the same questions, again and again,” she said. “Which means that the actions we are taking isn’t working. We need different action to keep us from having the same conversation again and again.”

Slaughter also argued that it’s important for regulators not to pile all the burden of avoiding data abuses on consumers themselves.

“I want to sound a note of caution around approaches that are centered around user control,” she said. “I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how it’s being used, make decisions… I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.

“So I really worry about a framework that is built at all around the idea of control as the central tenant or the way we solve the problem. I’ll keep coming back to the notion of what instead we need to be focusing on is where is the burden on the firms to limit their collection in the first instance, prohibit their sharing, prohibit abusive use of data and I think that that’s where we need to be focused from a policy perspective.

“I think there will be ongoing debates about privacy legislation in the US and while I’m actually a very strong advocate for a better federal framework with more tools that facilitate aggressive enforcement but I think if we had done it ten years ago we probably would have ended up with a notice and consent privacy law and I think that that would have not been a great outcome for consumers at the end of the day. So I think the debate and discussion has evolved in an important way. I also think we don’t have to wait for Congress to act.”

As regards more radical solutions to the problem of market-denting tech giants — such as breaking up sprawling and (self-servingly) interlocking services empires — the message from Europe’s most ‘digitally switched on’ regulators seemed to be don’t look to us for that; we are going to have to stay in our lanes.

So tl;dr — if antitrust and privacy regulators’ joint working just sums to more intelligent fiddling round the edges of digital market failure, and it’s break-ups of US tech giants that’s what’s really needed to reboot digital markets, then it’s going to be up to US agencies to wield the hammers. (Or, as Coscelli elegantly phrased it: “It’s probably more realistic for the US agencies to be in the lead in terms of structural separation if and when it’s appropriate — rather than an agency like ours [working from inside a mid-sized economy such as the UK’s].”)

The lack of any representative from the European Commission on the panel was an interesting omission in that regard — perhaps hinting at ongoing ‘structural separation’ between DG Comp and DG Justice where digital policymaking streams are concerned.

The current competition chief, Margrethe Vestager — who also heads up digital strategy for the bloc, as an EVP — has repeatedly expressed reluctance to impose radical ‘break up’ remedies on tech giants. She also recently preferred to waive through another Google digital merger (its acquisition of fitness wearable Fitbit) — agreeing to accept a number of ‘concessions’ and ignoring major mobilization by civil society (and indeed EU data protection agencies) urging her to block it.

Yet in an earlier CEPR discussion session, another panellist — Yale University’s Dina Srinivasan — pointed to the challenges of trying to regulate the behavior of companies when there are clear conflicts of interest, unless and until you impose structural separation as she said has been necessary in other markets (like financial services).

“In advertising we have an electronically traded market with exchanges and we have brokers on both sides. In a competitive market — when competition was working — you saw that those brokers were acting in the best interest of buyers and sellers. And as part of carrying out that function they were sort of protecting the data that belonged to buyers and sellers in that market, and not playing with the data in other ways — not trading on it, not doing conduct similar to insider trading or even front running,” she said, giving an example of how that changed as Google gained market power.

“So Google acquired DoubleClick, made promises to continue operating in that manner, the promises were not binding and on the record — the enforcement agencies or the agencies that cleared the merger didn’t make Google promise that they would abide by that moving forward and so as Google gained market power in that market there’s no regulatory requirement to continue to act in the best interests of your clients, so now it becomes a market power issue, and after they gain enough market power they can flip data ownership and say ‘okay, you know what before you owned this data and we weren’t allowed to do anything with it but now we’re going to use that data to for example sell our own advertising on exchanges’.

“But what we know from other markets — and from financial markets — is when you flip data ownership and you engage in conduct like that that allows the firm to now build market power in yet another market.”

The CMA’s Coscelli picked up on Srinivasan’s point — saying it was a “powerful” one, and that the challenges of policing “very complicated” situations involving conflicts of interests is something that regulators with merger control powers should be bearing in mind as they consider whether or not to green light tech acquisitions.

(Just one example of a merger in the digital space that the CMA is still scrutizing is Facebook’s acquisition of animated GIF platform Giphy. And it’s interesting to speculate whether, had brexit happened a little faster, the CMA might have stepped in to block Google’s Fitibit merger where the EU wouldn’t.)

Coscelli also flagged the issue of regulatory under-enforcement in digital markets as a key one, saying: “One of the reasons we are today where we are is partially historic under-enforcement by competition authorities on merger control — and that’s a theme that is extremely interesting and relevant to us because after the exit from the EU we now have a bigger role in merger control on global mergers. So it’s very important to us that we take the right decisions going forward.”

“Quite often we intervene in areas where there is under-enforcement by regulators in specific areas… If you think about it when you design systems where you have vertical regulators in specific sectors and horizontal regulators like us or the ICO we are more successful if the vertical regulators do their job and I’m sure they are more success if we do our job properly.

“I think we systematically underestimate… the ability of companies to work through whatever behavior or commitments or arrangement are offered to us, so I think these are very important points,” he added, signalling that a higher degree of attention is likely to be applied to tech mergers in Europe as a result of the CMA stepping out from the EU’s competition regulation umbrella.

Also speaking during the same panel, the EDPS warned that across Europe more broadly — i.e. beyond the small but engaged gathering of regulators brought together by CEPR — data protection and competition regulators are far from where they need to be on joint working, implying that the challenge of effectively regulating big tech across the EU is still a pretty Sisyphean one.

It’s true that the Commission is not sitting on hands in the face of tech giant market power.

At the end of last year it proposed a regime of ex ante regulations for so-called ‘gatekeeper’ platforms, under the Digital Markets Act. But the problem of how to effectively enforce pan-EU laws — when the various agencies involved in oversight are typically decentralized across Member States — is one key complication for the bloc. (The Commission’s answer with the DMA was to suggest putting itself in charge of overseeing gatekeepers but it remains to be seen what enforcement structure EU institutions will agree on.)

Clearly, the need for careful and coordinated joint working across multiple agencies with different legal competencies — if, indeed, that’s really what’s needed to properly address captured digital markets vs structural separation of Google’s search and adtech, for example, and Facebook’s various social products — steps up the EU’s regulatory challenge in digital markets.

“We can say that no effective competition nor protection of the rights in the digital economy can be ensured when the different regulators do not talk to each other and understand each other,” Wiewiórowski warned. “While we are still thinking about the cooperation it looks a little bit like everybody is afraid they will have to trade a little bit of its own possibility to assess.”

“If you think about the classical regulators isn’t it true that at some point we are reaching this border where we know how to work, we know how to behave, we need a little bit of help and a little bit of understanding of the other regulator’s work… What is interesting for me is there is — at the same time — the discussion about splitting of the task of the American regulators joining the ones on the European side. But even the statements of some of the commissioners in the European Union saying about the bigger role the Commission will play in the data protection and solving the enforcement problems of the GDPR show there is no clear understanding what are the differences between these fields.”

One thing is clear: Big tech’s dominance of digital markets won’t be unpicked overnight. But, on both sides of the Atlantic, there are now a bunch of theories on how to do it — and growing appetite to wade in.

Instagram Reels are getting ads. The company announced today it’s launching ads in its short-form video platform and TikTok rival, Reels, to businesses and advertisers worldwide. The ads will be up to 30 seconds in length, like Reels themselves, and vertical in format, similar to ads found in Instagram Stories. Also like Reels, the new ads will loop, and people will be able to like, comment, and save them, the same as other Reels videos.

The company had previously tested Reels ads in select markets earlier this year, including India, Brazil, Germany, and Australia, then expanded those tests to Canada, France, the U.K. and the U.S. more recently. Early adopters of the new format have included brands like BMW, Nestlé (Nespresso), Louis Vuitton, Netflix, Uber, and others.

Instagram tells us the ads will appear in most places users view Reels content, including on the Reels tab, Reels in Stories, Reels in Explore, and Reels in your Instagram Feed, and will appear in between individual Reels posted by users. However, in order to be served a Reels ad, the user first needs to be in the immersive, full-screen Reels viewer.

Image Credits: Instagram

The company couldn’t say how often a user might see a Reels ad, noting that the number of ads a viewer may encounter will vary based on how they use Instagram. But the company is monitoring user sentiment around ads themselves, and the overall commercially of Reels, it says.

Like Instagram’s other advertising products, Reels ads will launch with an auction-based model. But so far, Instagram is declining to share any sort of performance metrics around how those ads are doing, based on tests. Nor is it yet offering advertisers any creator tools or templates that could help them get started with Reels ads. Instead, Instagram likey assumes advertisers already have creative assets on hand or know how to make them, because of Reels ads’ similarities to other vertical video ads found elsewhere, including on Instagram’s competitors.

While vertical video has already shown the potential for driving consumers to e-commerce shopping sites, Instagram hasn’t yet taken advantage of Reels ads to drive users to its built-in Instagram Shops, though that seems like a natural next step as it attempts to tie the different parts of its app together.

But perhaps ahead of that step, Instagram needs to make Reels a more compelling destination — something other TikTok rivals, which now include both Snap and YouTube — have done by funding creator content directly. Instagram, meanwhile, had made offers to select TikTok stars directly.

The launch of Instagram Reels ads follows news of TikTok’s climbing ad prices. Bloomberg reported this month that TikTok is now asking for more than $1.4 million for a home page takeover ad in the U.S., as of the third quarter, which will jump to $1.8 million by Q4 and more than $2 million on a holiday. Though the company is still building its ads team and advertisers haven’t yet allocated large portions of their video budget to the app, that tends to follow user growth — and TikTok now has over 100 million monthly active users in the U.S.

Both apps, Instagram and TikTok, now have over a billion monthly active users on a global basis, though Reels is only a part of the larger Instagram platform. For comparison, Instagram Stories is used by some 500 million users, which demonstrates Instagram’s ability to drive traffic to different areas of its app. Instagram declined to share how many users Reels has as of today.

New York-based IAB Tech Labs, a standards body for the digital advertising industry, is being taken to court in Germany by the Irish Council for Civil Liberties (ICCL) in a piece of privacy litigation that’s targeted at the high speed online ad auction process known as real-time bidding (RTB).

While that may sound pretty obscure the case essentially loops in the entire ‘data industrial complex’ of adtech players, large and small, which make money by profiling Internet users and selling access to their attention — from giants like Google and Facebook to other household names (the ICCL’s PR also name-checks Amazon, AT&T, Twitter and Verizon, the latter being the parent company of TechCrunch — presumably because all participate in online ad auctions that can use RTB); as well as the smaller (typically non-household name) adtech entities and data brokers which also also involved in handling people’s data to run high velocity background auctions that target behavioral ads at web users.

The driving force behind the lawsuit is Dr Johnny Ryan, a former adtech insider turned whistleblower who’s now a senior fellow a the ICCL — and who has dubbed RTB the biggest data breach of all time.

He points to the IAB Tech Lab’s audience taxonomy documents which provide codes for what can be extremely sensitive information that’s being gathered about Internet users, based on their browsing activity, such as political affiliation, medical conditions, household income, or even whether they may be a parent to a special needs child.

The lawsuit contends that other industry documents vis-a-vis the ad auction system confirm there are no technical measures to limit what companies can do with people’s data, nor who they might pass it on to.

The lack of security inherent to the RTB process also means other entities not directly involved in the adtech bidding chain could potentially intercept people’s information — when it should, on the contrary, be being protected from unauthorized access, per EU law…

Ryan and others have been filing formal complaints against RTB security issue for years, arguing the system breaches a core principle of Europe’s General Data Protection Regulation (GDPR) — which requires that personal data be “processed in a manner that ensures appropriate security… including protection against unauthorised or unlawful processing and against accidental loss” — and which, they contend, simply isn’t possible given how RTB functions.

The problem is that Europe’s data protection agencies have failed to act. Which is why Ryan, via the ICCL, has decided to take the more direct route of filing a lawsuit.

“There aren’t many DPAs around the union that haven’t received evidence of what I think is the biggest data breach of all time but it started with the UK and Ireland — neither of which took, I think it’s fair to say, any action. They both said they were doing things but nothing has changed,” he tells TechCrunch, explaining why he’s decided to take the step of litigating to try to enforce Internet users’ data protection rights.

“I want to take the most efficient route to protection people’s rights around data,” he adds.

Per Ryan, the Irish Data Protection Commission (DPC) has still not sent a statement of issues relating to the RTB complaint he lodged with them back in 2018 — so years later. In May 2019 the DPC did announce it was opening a formal investigation into Google’s adtech, following the RTB complaints, but the case remains open and unresolved. (We’ve contacted the DPC with questions about its progress on the investigation and will update with any response.)

Since the GDPR came into application in Europe in May 2018 there has been growth in privacy lawsuits  — including class action style suits — so litigation funders may be spying an opportunity to cash in on the growing enforcement gap left by resource-strapped and, well, risk-averse data protection regulators.

A similar complaint about RTB lodged with the UK’s Information Commissioner’s Office (ICO) also led to a lawsuit being filed last year — albeit in that case it was against the watchdog itself for failing to take any action. (The ICO’s last missive to the adtech industry told it to — uhhhh — expect audits.)

“The GDPR was supposed to create a situation where the average person does not need to wear a tin-foil hat, they do not need to be paranoid or take action to become well informed. Instead, supervisory authorities protect them. And these supervisory authorities — paid for by the tax payer — have very strong powers. They can gain admission to any documents and any premises. It’s not about fines I don’t think, just. They can tell the biggest most powerful companies in the world to stop doing what they’re doing with our data. That’s the ultimate power,” says Ryan. “So GDPR sets up these guardians — these potentially very empowered guardians — but they’ve not used those powers… That’s why we’re acting.”

“I do wish that I’d litigated years ago,” he adds. “There’s lots of reasons why I didn’t do that — I do wish, though, that this litigation was unnecessary because supervisory authorities protected me and you. But they didn’t. So now, as Irish politics like to say in the middle of a crisis, we are where we are. But this is — hopefully — several nails in the coffin [of RTB].”

The lawsuit has been filed in Germany as Ryan says they’ve been able to establish that IAB Tech Labs — which is NY-based and has no official establishment in Europe — has representation (a consultancy it hired) that’s based in the country. Hence they believe there is a clear route to litigate the case at the Landgerichte, Hamburg.

While Ryan has been indefatigably sounding the alarm about RTB for years he’s prepared to clock up more mileage going direct through the courts to see the natter through.

And to keep hammering home his message to the adtech industry that it must clean up its act and that recent attempts to maintain the privacy-hostile status quo — by trying to rebrand and repackage the same old data shuffle under shiny new claims of ‘privacy’ and ‘responsibility’ — simply won’t wash. So the message is really: Reform or die.

“This may very well end up at the ECJ [European Court of Justice]. And that would take a few years but long before this ends up at the ECJ I think it’ll be clear to the industry now that it’s time to reform,” he adds.

IAB Tech Labs has been contacted for comment on the ICCL’s lawsuit.

Ryan is by no means the only person sounding the alarm over adtech. Last year the European Parliament called for tighter controls on behavioral ads to be baked into reforms of the region’s digital rules — calling for regulation to favor less intrusive, contextual forms of advertising which do not rely on mass surveillance of Internet users.

While even Google has said it wants to depreciate support for tracking cookies in favor of a new stack of technology proposals that it dubs ‘Privacy Sandbox’ (although its proposed alternative — targeting groups of Internet users based on interests derived from tracking their browsing habits — has been criticized as potentially amplifying problems of predatory and exploitative ad targeting, so may not represent a truly clean break with the rights-hostile adtech status quo).

The IAB is also facing another major privacy law challenge in Europe — where complaints against a widely used framework it designed for websites to obtain Internet users’ consent to being tracked for ads online led to scrutiny by Belgium’s data protection agency. And, last year, its investigatory division found that the IAB Europe’s Transparency and Consent Framework (TCF) fails to meet the required standards of data protection under the GDPR.

The case went in front of the litigation chamber last week.

A verdict — and any enforcement action by the Belgian DPA over the IAB Europe’s TCF — remains pending.

Location-based services may have had their day as a salient category for hot apps or innovative tech leveraging the arrival of smartphones, but that’s largely because they are now part of the unspoken fabric of how we interact with digital services every day: we rely on location specific information when we are on search engines, when we are using maps, or weather apps, or taking and posting photos and more.

Still, there remain a lot of gaps in how location information links up with accurate information, and so today a company that’s made it its business to address that is announcing some funding as it scales up its service.

Uberall, which works with retailers and other brick-and-mortar operators to help them update and provide more accurate information about themselves across the plethora of apps and other services that consumers use to discover them, is announcing $115 million in funding. Alongside that, the Berlin startup is making an acquisition: it’s buying MomentFeed, a location marketing company based out of Los Angeles, CA, to continue scaling its business.

The funding is being led by London-based investor Bregal Milestone, with Level Equity, United Internet and Uberall management also participating. From what we understand from sources, the funding values Uberall at around $500 million, and the deal for MomentFeed was made for between $50 million and $60 million.

The business combination is building way more scale into the platform: Uberall said that together they will manage the online presence for 1.35 million business locations, making the company the biggest in the field, with customers including the gas station operator BP, KFC, clothes and food chain Marks and Spencer, McDonald’s and Pizza Hut.

Florian Hübner, the CEO and co-founder of Uberall, noted in an interview that the companies have quite a lot of overlap, and in fact prior to the deal being made the companies worked together closely in the U.S. market, but all the same, MomentFeed has built some specific technology that will enrich the wider platform, such as a particularly strong tool for measuring sentiment analysis.

“Managing the online presence” is not a company’s website, nor is it its apps, but may nevertheless be its most common digital touchpoints when it comes to actually engaging with consumers online. It includes how those companies appear on local listings services like Yelp or TripAdvisor, or mapping apps like Google’s — which provide not just listings information like addresses and opening hours but also customer reviews — or social apps or location-based advertising. Altogether, when you are considering a company with multiple locations and the multiple touchpoints a consumer might use, it ends up being a complicated mess of places that need to be managed and kept up to date.

“We are the catalyst for this huge ecosystem where we enable the brands to use everything that the other tech platforms are offering in the best possible way,” Hübner told me. The tech platforms, meanwhile, are willing to work with middle-ware companies like Uberall to make the information on their services more accurate and complete by connecting with businesses when they have not manage to do so directly on their own. (And if you’ve ever been caught out by the wrong opening times on a Google Maps entry, or any other entry or piece of information elsewhere, you know this is an issue.)

And of course expecting any company with potentially hundreds of locations to provide the right details without a tool is also a non-starter. “Casually updating 100,000 profiles is super hard,” Hübner said.

It also provides services to update information about vaccine and Covid-19 testing clinics, as well as other essential services that also have to contend with the same variations in location, opening hours and customer feedback as any other business on a site like Google Maps.

Altogether, Uberall has built out a platform that essentially connects up all of those end points, so that an Uberall customer can use a dashboard to provide updates that populate automatically everywhere, and also to read and respond to reviews.

Conversely, Uberall also can look out for instances where a company is being unofficially represented, or mis-represented and locks those down. Alongside those, it has built a location-based marketing service that also serves ads for its customers. It is somewhat akin to social media management tools, which let you manage social media accounts and social media marketing campaigns, except that it’s covering a much more fragmented and disparate set of places where a company might appear online.

The bigger picture here is that just as location-based marketing is a fragmented business, so is the business of providing services to manage it. This move reduces down that field a little more and improves the efficiency of scaling such services.

“As we saw the market trending towards consolidation, we considered several potential companies to merge with. Uberall was by far our most preferred,” said MomentFeed CEO Nick Hedges in a statement. “This combination makes enormous strategic sense for our customers, who represent the who’s-who of leading U.S. omni channel brands. It helps accelerate our already rapid pace of innovation, giving customers an even greater edge in the hyper-competitive world of ’Near Me’ Marketing.” After the deal closes, Hedges will become Uberall’s chief strategy officer and EVP for North America.

“We are thrilled to partner with the Uberall team for this next phase of growth. Our strategic investment will significantly accelerate Uberall’s ambition to become the leading ‘Near Me’ Customer Experience platform worldwide. Uberall’s differentiated full-suite solution is unsurpassed by competition in terms of integration and functionality, providing customers with a real edge to reach, interact with, and convert online customers. We look forward to supporting Florian, Nick and their talented team to deliver on their exciting innovation and expansion roadmap.” said Cyrus Shey, managing partner of Bregal Milestone, in a statement.

European privacy group noyb, which recently kicked off a major campaign targeting rampant abuse of the region’s cookie consent rules, has followed up by publishing a technical proposal for an automated browser-level signal it believes could go even further to tackle the friction generated by endless ‘your data choices’ pop-ups.

Its proposal is for an automated signal layer that would enable users to configure advanced consent choices — such as only being asked to allow cookies if they frequently visit a website; or being able to whitelist lists of sites for consent (if, for example, they want to support quality journalism by allowing their data to be used for ads in those specific cases).

The approach would offer a route to circumvent the user experience nightmare flowing from all the dark pattern design that’s made cookie consent collection so cynical, confusing and tedious — by simply automating the yeses and noes, thereby keeping interruptions to a user-defined minimum.

In the European Union cookie consent banners mushroomed in the wake of a 2018 update to the bloc’s privacy rules (GDPR) — especially on websites that rely on targeted advertising to generate revenue. And in recent years it has not been unusual to find cookie pop-ups that contain a labyrinthine hell of opacity — culminating (if you don’t just click ‘agree’) — to vast menus of ‘trusted partners’ all after your data. Some of which are pre-set to share information and require the user to individually toggle each and every one off.

Such stuff is a mockery of compliance, rather than the truly simple choice envisage by the law. So noyb’s earlier campaign is focused on filing scores of complaints against sites it believes aren’t complying with requirements to provide users with a clear and free choice to say no to their data being used for ads (and it’s applying a little automation tech there too to help scale up the number of complaint it can file).

Its follow-up here — showing how an advanced control layer that signals user choices in the background could work — shares the same basic approach as the ‘Do Not Track’ proposals originally proposed for baking into web browsers all the way back in 2009 but which failed to get industry buy-in. There has also been a more recent US-based push to revive the idea of browser-level privacy control — buoyed by California’s California Consumer Privacy Act (CCPA), which took effect at the start of last year, and includes a requirement that businesses respect user opt-out preferences via a signal from their browser.

However noyb’s version of browser-level privacy control seeks to go further by enabling more granular controls — which it says it necessary to better mesh with the EU’s nuanced legal framework around data protection.

It points out that Article 21(5) of the GDPR already allows for automatic signals from the browser to inform websites in the background whether a user is consenting to data processing or not.

The ePrivacy Regulation proposal, a much delayed reform of the bloc’s rules around electronic privacy has also included such a provision.

However noyb says development to establish such a signal hasn’t happened yet — suggesting that cynically manipulative consent management platforms may well have been hampering privacy-focused innovation.

But it also sees a chance for the necessary momentum to build behind the idea.

For example, it points to how Apple has recently been dialling up the notification and control it offers users of its mobile platform, iOS, to allow people to both know which third party apps want to track them and allow or deny access to their data — including giving users a super simple ‘deny all third party tracking’ option backed into iOS’ settings.

So, well, why should Internet users who happen to be browsing on a desktop device not have a set of similarly advanced privacy controls too?

EU lawmakers are also still debating the ePrivacy Regulation reform — which deals centrally with cookies — so the campaign group wants to demonstrate how automated control tech could be a key piece of the answer to so-called ‘cookie consent fatigue’; by giving users a modern toolset to shrink consent friction without compromising their ability to control what happens with their data.

In order to work as intended automated signals would need to be legally binding (to prevent adtech companies just ignoring them) — and having a clear legal basis set out in the ePrivacy Regulation is one way that could happen within fairly short order.

The chance at least is there.

There have been concerns that the ePrivacy reform — which was stalled for years — could end up weakening the EU’s data protection framework in the face of massive adtech industry lobbying. And the negotiation process to reach a final text remains ongoing. So it’s still not clear where it’s going to end up.

But, earlier this year, the European Council agreed its negotiating mandate with the other EU institutions. And, on cookies, the Council said they want companies to find ways to reduce ‘cookie consent fatigue’ among users — such as by whitelisting types of cookies/providers in their browser settings. So there is at least a potential path to legislate for an effective browser-level control layer in Europe.

For now, noyb has published a prototype and a technology specification for what it’s calling the ADPC (aka Advanced Data Protection Control). The work on the framework has been carried out by noyb working with the Sustainable Computing Lab at the Vienna University of Economics and Business.

The proposal envisages web pages sending privacy requests in a machine-readable way and the ADPC allowing the response to be transmitted using header signals or via Java Script. noyb likens the intelligent management of queries and automatic responses such a system could support to an email spam filter.

Commenting in a statement, chairman Max Schrems said: “For Europe, we need more than just an ‘opt-out’ so that it fits into our legal framework. That’s why we call the prototype ‘Advanced’ Data Protection Control, because it’s much more flexible and specific than previous approaches.

“ADPC allows intelligent management of privacy requests. A user could say, for example, ‘please ask me only after I’ve been to the site several times’ or ‘ask me again after 3 months.’ It is also possible to answer similar requests centrally. ADPC thus allows the flood of data requests to be managed in a meaningful way.”

“With ADPC, we also want to show the European legislator that such a signal is feasible and brings advantages for all sides,” he added. “We hope that the negotiators of the member states and the European Parliament will ensure a solid legal basis here, which could be applicable law in a short time. What California has done already, the EU should be able to do as well.”

The Commission has been contacted for comment on noyb’s ADPC.

While there are wider industry shifts afoot to depreciate tracking cookies altogether — with Google proposing to replace current adtech infrastructure supported by Chrome with an alternative stack of (it claims) more privacy respecting alternatives (aka its Privacy Sandbox) — there’s still plenty of uncertainty over what will ultimately happen to third party cookies.

Google’s move to end support for tracking cookies is being closely scrutinized by regional antitrust regulators. And just last week the UK’s Competition and Markets Authority (CMA), which is investigating a number of complaints about the plan, said it’s minded to accept concessions from Google that would mean the regulator could order it not to switch off tracking cookies.

Moreover, even if tracking cookies do finally crumble there is still the question of what exactly they get replaced with — and how alternative adtech infrastructure could impact user privacy?

Google’s so-called ‘Privacy Sandbox’ proposal to target ads at cohorts of users (based on bucketed ‘interests’ its technology will assign them via on-device analysis of their browsing habits) has raised fresh concerns about the risks of exploitative and predatory advertising. So it may be no less important for users to have meaningful browser-level controls over their privacy choices in the future — even if the tracking cookie itself goes away.

A browser-level signal could offer a way for a web user to say ‘no’ to being stuck in an ‘interest bucket’ for ad targeting purposes, for example — signalling that they prefer to see only contextual ads instead, say.

tl;dr: The issue of consent does not only affect cookies — and it’s telling that Google has avoided running the first trials of its replacement tech for tracking cookies (FLoCs, or federated learning of cohorts) in Europe.

Well this is big. The UK’s competition regulator looks set to get an emergency brake that will allow it to stop Google ending support for third party cookies, a technology that’s currently used for targeting online ads, if it believes competition would be harmed by the depreciation going ahead.

The development follows an investigation opened by the Competition and Markets Authority (CMA) into Google’s self-styled ‘Privacy Sandbox’ earlier this year.

The regulator will have the power to order a standstill of at least 60 days on any move by Google to remove support for cookies from Chrome if it accepts a set of legally binding commitments the latter has offered — and which the regulator has today issued a notification of intention to accept.

The CMA could also reopen a fuller investigation if it’s not happy with how things are looking at the point it orders any standstill to stop Google crushing tracking cookies.

It follows that the watchdog could also block Google’s wider ‘Privacy Sandbox’ technology transition entirely — if it decides the shift cannot be done in a way that doesn’t harm competition. However the CMA said today it takes the “provisional” view that the set of commitments Google has offered will address competition concerns related to its proposals.

It’s now opened a consultation to see if the industry agrees — with the feedback line open until July 8.

Commenting in a statement, Andrea Coscelli, the CMA’s chief executive, said:

“The emergence of tech giants such as Google has presented competition authorities around the world with new challenges that require a new approach.

“That’s why the CMA is taking a leading role in setting out how we can work with the most powerful tech firms to shape their behaviour and protect competition to the benefit of consumers.

“If accepted, the commitments we have obtained from Google become legally binding, promoting competition in digital markets, helping to protect the ability of online publishers to raise money through advertising and safeguarding users’ privacy.”

In a blog post sketching what it’s pledged — under three broad headlines of ‘Consultation and collaboration’; ‘No data advertising advantage for Google products’; and ‘No self-preferencing’ — Google writes that if the CMA accepts its commitments it will “apply them globally”, making the UK’s intervention potentially hugely significant.

It’s perhaps one slightly unexpected twist of Brexit that it’s put the UK in a position to be taking key decisions about the rules for global digital advertising. (The European Union is also working on new rules for how platform giants can operate but the CMA’s intervention on Privacy Sandbox does not yet have a direct equivalent in Brussels.)

That Google is choosing to offer to turn a UK competition intervention into a global commitment is itself very interesting. It may be there in part as an added sweetener — nudging the CMA to accept the offer so it can feel like a global standard setter.

At the same time, businesses do love operational certainty. So if Google can hash out a set of rules that are accepted by one (fairly) major market, because they’ve been co-designed with national oversight bodies, and then scale those rules everywhere it may create a shortcut path to avoiding any more regulator-enforced bumps in the future.

So Google may see this as a smoother path toward the sought for transition for its adtech business to a post-cookie future. Of course it also wants to avoid being ordered to stop entirely.

More broadly, engaging with the fast-paced UK regulator could be a strategy for Google to try to surf over the political deadlocks and risks which can characterize discussions on digital regulation in other markets (especially its home turf of the U.S. — where there has been a growing drumbeat of calls to break up tech giants; and where Google specifically now faces a number of antitrust investigations).

The outcome it may be hoping for is being able to point to regulator-stamped ‘compliance’ — in order that it can claim it as evidence there’s no need for its ad empire to be broken up.

Google’s offering of commitments also signifies that regulators who move fastest to tackle the power of tech giants will be the ones helping to define and set the standards and conditions that apply for web users everywhere.

What is Privacy Sandbox?

Privacy Sandbox is a complex stack of interlocking technology proposals for replacing current ad tracking methods (which are widely seen as horrible for user privacy) with alternative infrastructure that Google claims will be better for individual privacy and also still allow the adtech and publishing industries to generate (it claims much the same) revenue by targeting ads at cohorts of web users who will be put into ‘interest buckets’ based on what they look at online.

The full details of the proposals (which include components like FLoCs, aka Google’s proposed new ad ID based on federated learning of cohorts; and Fledge/Turtledove, Google’s suggested new ad delivery technology) have not yet been set in stone.

Nonetheless, Google announced in January 2020 that it intended to end support for third party cookies within two years — so that rather nippy timeframe has likely concentrated opposition, with pushback coming from the adtech industry and publishers concerned it will have a major impact on their ad revenues when individual-level ad targeting goes away.

The CMA began to look into Google’s planned depreciating of tracking cookies after complaints that the transition away from tracking cookies to a new infrastructure of Google’s devising will merely increase Google’s market power — by locking down third parties’ ability to track Internet users for ad targeting while leaving Google with a high dimension view of what people get up to online as a result of its expansive access to first party data (gleaned through its dominance for consumer web services).

The executive summary of today’s CMA notice lists its concerns that without proper regulatory oversight Privacy Sandbox might:

At the same time, privacy concerns around the ad tracking and targeting of Internet users are undoubtedly putting pressure on Google to retool Chrome — given that other web browsers have been stepping up efforts to protect their users from online surveillance by doing stuff like blocking trackers for years.

Web users hate creepy ads — which is why they’ve been turning to ad blockers in droves. Numerous major data scandals have also increased awareness of privacy and security. And — in Europe and elsewhere — digital privacy regulations have been toughened up or introduced in recent years. So the line of ‘what’s acceptable’ for ad businesses to do online has been shifting.

The key issue is how privacy and competition regulation interacts — and potentially conflicts — with the very salient risk that ill-thought through and overly blunt competition interventions could essentially lock in privacy abuses of web users as a result of a legacy of weak enforcement around online privacy, which allowed for rampant, consent-less ad tracking and targeting of Internet users to develop and thrive in the first place.

Poor privacy enforcement coupled with banhammer-wielding competition regulators does not look like a good recipe for protecting web users’ rights.

However there is cautious reason for optimism here.

Last month the CMA and the UK’s Information Commissioner’s Office (ICO) issued a joint statement in which they discussed the importance of having competition and data protection in digital markets — citing the CMA’s Google Privacy Sandbox probe as a good example of a case that requires nuanced joint working.

Or, as they put it then: “The CMA and the ICO are working collaboratively in their engagement with Google and other market participants to build a common understanding of Google’s proposals, and to ensure that both privacy and competition concerns can be addressed as the proposals are developed in more detail.”

Although the ICO’s record on enforcement against rights-trampling adtech is, well, non-existent.

So its preference for regulatory inaction in the face of adtech industry lobbying should off-set any quantum of optimism derived from the bald fact of the UK’s privacy and competition regulators’ ‘joint working’. (The CMA, by contrast, has been very active in the digital space since gaining, post-Brexit, wider powers to pursue investigations. And in recent years took a deep dive look at competition in the digital ad market, so it’s armed with plenty of knowledge. It is also in the process of configuring a new unit that will oversee a pro-competition regime which the UK explicitly wants to clip the wings of big tech.)

What has Google committed to?

The CMA writes that Google has made “substantial and wide-ranging” commitments vis-a-vis Privacy Sandbox — which it says include:

• A commitment to develop and implement the proposals in a way that avoids distortions to competition and the imposition of unfair terms on Chrome users. This includes a commitment to involve the CMA and the ICO in the development of the Proposals to ensure this objective is met.
• Increased transparency from Google on how and when the proposals will be taken forward and on what basis they will be assessed. This includes a commitment to publicly disclose the results of tests of the effectiveness of alternative technologies.
• Substantial limits on how Google will use and combine individual user data for the purposes of digital advertising after the removal of third-party cookies.
• A commitment that Google will not discriminate against its rivals in favour of its own advertising and ad-tech businesses when designing or operating the alternatives to third-party cookies.
• A standstill period of at least 60 days before Google proceeds with the removal of third party cookies giving the CMA the opportunity, if any outstanding concerns cannot be resolved with Google, to reopen its investigation and, if necessary, impose any interim measures necessary to avoid harm to competition.

Google also writes that: “Throughout this process, we will engage the CMA and the industry in an open, constructive and continuous dialogue. This includes proactively informing both the CMA and the wider ecosystem of timelines, changes and tests during the development of the Privacy Sandbox proposals, building on our transparent approach to date.”

“We will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals, while the CMA will be getting direct input from the ICO,” it adds.

Google’s commitments cover a number of areas directly related to competition — such as self-preferencing, non-discrimination, and stipulations that it will not combine user data from specific sources that might give it an advantage vs third parties.

However privacy is also being explicitly baked into the competition consideration, here, per the CMA — which writes that the commitments will [emphasis ours]:

An ICO spokeswoman was also keen to point out that one of the first commitments obtained from Google under the CMA’s intervention “focuses on privacy and data protection”.

In a statement, the data watchdog added:

“The commitments obtained mark a significant moment in the assessment of the Privacy Sandbox proposals. They demonstrate that consumer rights in digital markets are best protected when competition and privacy are considered together.

“As we outlined in our recent joint statement with the CMA, we believe consumers benefit when their data is used lawfully and responsibly, and digital innovation and competition are supported. We are continuing to build upon our positive and close relationship with the CMA, to ensure that consumer interests are protected as we assess the proposals.”

This development in the CMA’s investigation raises plenty of questions, large and small — most pressingly over the future of key web infrastructure and what the changes being hashed out here between Google and UK regulators might mean for Internet users everywhere.

The really big issue is whether ‘co-design’ with oversight bodies is the best way to fix the market power imbalance flowing from a single tech giant being able to combine massive dominance in consumer digital services with duopoly dominance in adtech.

Others would say that breaking up Google’s consumer tech and Google’s adtech is the only way to fix the abuse — and eveything else is just fiddling while Rome burns.

Google, for instance, is still in charge of proposing the changes itself — regardless of how much pre-implementation consultation and tweaking goes on. It’s still steering the ship and there are plenty of people who believe that’s not an acceptable governance model for the open web.

But, for now at least, the CMA wants to try to fiddle.

It should be noted that, in parallel, the UK government and CMA are speccing out a wider pro-competition regime that could result in deeper interventions into how Google and other platform giants operate in the future.

For now, though, Google is probably feeling pretty happy for the opportunity to work with UK regulators. If it can pull oversight bodies deep down in the detail of the changes it wants to make that’s likely a far more comfortable spot for Mountain View vs being served with an order to break its business up — something the CMA has previously taken feedback on.

Google has been contacted with questions on its Privacy Sandbox commitments.

InfoSum, a startup which takes a federated approach to third party data enrichment, has launched a new product (called InfoSum Bridge) that it says significantly expands the customer identity linking capabilities of its platform.

“InfoSum Bridge incorporates multiple identity providers across every identity type — both online and offline, in any technical framework — including deterministic, probabilistic, and cohort-level matches,” it writes in a press release.

It’s also disclosing some early adopters of the product — naming data-for-ads and data-aggregator giants Merkle, MMA and Experian as dipping in.

Idea being they can continue to enrich (first party) data by being able to make linkages, via InfoSum’s layer, with other ‘trusted partners’ who may have gleaned more tidbits of info on those self-same users.

InfoSum says it has 50 enterprise customers using InfoSum Bridge at this point. The three companies it’s named in the release all play in the digital marketing space.

The 2016-founded startup (then called CognitiveLogic) sells customers a promise of ‘privacy-safe’ data enrichment run via a technical architecture that allows queries to be run — and insights gleaned — across multiple databases yet maintains each pot as a separate silo. This means the raw data isn’t being passed around between interested entities. 

Why is that important? Third party data collection is drying up, after one (thousand) too many privacy scandals in recent years — combing with the legal risk attached to background trading of people’s data as a result of data protection regimes like Europe’s General Data Protection Regulation.

That puts the spotlight squarely on first party data. However businesses whose models have been dependent on access to big data about people — i.e. being able to make scores of connections by joining up information on people from different databases/sources (aka profiling) — are unlikely to be content with relying purely on what they’ve been able to learn by themselves.

This is where InfoSum comes in, billing itself as a “neutral data collaboration platform”.

Companies that may have been accustomed to getting their hands on lashings of personal data in years past, as a result of rampant, industry-wide third party data collection (via technologies like tracking cookies) combined with (ehem) lax data governance — are having to cast around for alternatives. And that appears to be stoking InfoSum’s growth.

And on the marketing front, remember, third party cookies are in the process of going away as Google tightens that screw…

“We are growing faster than Slack (at equivalent stage e.g. Series A->B) because we are the one solution that is replacing the old way of doing things,” founder Nick Halstead tells TechCrunch. “Experian, Liveramp, Axciom, TransUnion, they all offer solutions to take your data. InfoSum is offering the equivalent of the ‘Cisco router for customer data’ — we don’t own the data we are just selling boxes to make it all connect.”

“The announcement today — ‘InfoSum Bridge’ — is the next generation of building the ultimate network to ‘Bridge the industry chasm’ it has right now of 100’s of competing ID’s, technical solutions and identity types, bringing a infrastructure approach,” he adds.

We took a deep dive into InfoSum’s first product back in 2018 — when it was just offering early adopters a glimpse of the “art of the possible”, as it put it then.

Three+ years on it’s touting a significantly expansion of its pipeline, having baked in support for multiple ID vendors/types, as well as adding probabilistic capabilities (to do matching on users where there is no ID).

Per a spokesman: “InfoSum Bridge is an extension of our existing and previous infrastructure. It enables a significant expansion of both our customer identity linking, and the limits of what is possible for data collaboration in a secure and privacy-focused manner. This is a combination of new product enhancements and announcement of partnerships. We’ve built capabilities to support across all ID vendors and types but also probabilistic and support for those publishers with unauthenticated audiences.”

InfoSum bills its platform as “the future of identity connectivity”. Although, as Halstead notes, there is now growing competition for that concept, as the adtech industry scrambles to build out alternative tracking systems and ID services ahead of Google crushing their cookies for good.

But it’s essentially making a play to be the trusted, independent layer that can link them all.

Exactly what this technical wizardry means for Internet users’ privacy is difficult to say. If, for example, it continues to enable manipulative microtargeting that’s hardly going to sum to progress.

InfoSum has previously told us its approach is designed to avoid individuals being linked and identified via the matching — with, for exmaple, limits placed on the bin sizes. Although its platform is also configurable (which puts privacy levers in its customers hands). Plus there could be edge cases where overlapped datasets result in a 100% match for an individual. So a lot is unclear.

The security story looks cleaner, though.

If the data is properly managed by InfoSum (and it touts “comprehensive independent audits”, as well as pointing to the decentralized architecture as an advantage) that’s a big improvement on — at least — one alternative scenario of whole databases being passed around between businesses which may be (to put it politely) disinterested in securing people’s data themselves.

InfoSum’s PR includes the three canned quotes (below) from the trio of marketing industry users it’s disclosing today.

All of whom sound very happy indeed that they’ve found a way to keep their “data-driven” marketing alive while simultaneously getting to claim it’s “privacy-safe”…

John Lee, Global Chief Strategy Officer, Merkle: “The conversation around identity is continuing to be top of mind for marketers across the industry, and as the landscape rapidly changes, it’s essential that brands have avenues to work together using first-party identity and data in a privacy-safe way. The InfoSum Bridge solution provides our clients and partners a way to collaborate using their first-party data, resolved to Merkury IDs and data, with even greater freedom and confidence than with traditional clean room or safe haven approaches.”

Lou Paskalis, Chairman, MMA Global Media and Data Board: “As marketers struggle to better leverage their first-party data in the transition from the cookie era to the consent era, I would have expected more innovative solutions to emerge.  One bright spot is InfoSum, which offers a proprietary technology to connect data, yet never share that data. This is the most customer-friendly and compliant technology that I’ve seen that enables marketers to fully realize the true potential of their first party data. What InfoSum has devised is an elegant way to respect consumers’ privacy choices while enabling marketers to realize the full benefit of their first party data.”

Colin Grieves, Managing Director Experian: “At Experian we are committed to a culture of customer-centric data innovation, helping develop more meaningful and seamless connections between brands and their audiences. InfoSum Bridge gives us a scalable environment for secure, data connectivity and collaboration. Bridge is at the core of the Experian Match offering, which allows brands and publishers alike the ability to understand and engage the right consumers in the digital arena at scale, whilst safeguarding consumer data and privacy.”

Thing is, clever technical architecture that enables big data fuelled modelling and profiling of people to continue, via pattern matching to identify ‘lookalike’ customers who can (for example) be bucketed and targeted with ads, doesn’t actually sum to privacy as most people would understand it… But, for sure, impressive tech architecture guys.

The same issue attaches to FloCs, Google’s proposed replacement for tracking cookies — which also relies on federation (and which the EFF has branded a “terrible idea”, warning that such an approach actually risks amplifying predatory targeting).

The tenacity with which the marketing industry seeks to cling to microtargeting does at least underline why rights-focused regulatory oversight of adtech is going to be essential if we’re to stamp out systematic societal horrors like ads that scale bias by discriminating against protected groups, or the anti-democratic manipulation of voters that’s enabled by opaque targeting and hyper-targeted messaging, circumventing the necessary public scrutiny.

Tl;dr: Privacy is not just important for the individual. It’s a collective good. And keeping that collective commons safe from those who would seek to exploit it — for a quick buck or worse — is going to require a whole other type of oversight architecture.

France’s competition watchdog, L’Autorité de la concurrence, has fined Google up to €220 million (~$268M) in a case related to self-preferencing within the adtech market which the watchdog found constituted an abuse by Google of a dominant position for ad servers for website publishers and mobile apps.

L’Autorité began looking into Google’s adtech business following complaints from a number of French publishers.

Today it said Google had requested a settlement — and is “not disputing the facts of the case” — with the tech giant proposing certain ‘interoperability’ commitments that the regulator has accepted, and which will form a binding part of the decision.

The watchdog called the action a world first in probing Google’s complex algorithmic ad auctions.

Commenting in a statement, L’Autorité’s president, Isabelle de Silva, said: “The decision sanctioning Google has a very special meaning because it is the first decision in the world to look into complex algorithmic processes. Auctions through which online display advertising works. The investigation, carried out particularly quickly, revealed the processes by which Google, relying on its considerable dominant position on ad servers for sites and applications, was favored over its competitors on both ad servers and SSP platforms. These very serious practices penalized competition in the emerging online advertising market, and have enabled Google not only to preserve but also to increase its dominant position. This sanction and these commitments will make it possible to restore a level playing field for all players, and the ability of publishers to make the most of their advertising space. ”

At specific issue is preferential treatment Google granted to its own proprietary technologies — offered under the Google Ad Manager brand — on both the demand and supply sides; via the operation of its DFP ad server (which allows publishers of sites and applications to sell their spaces advertising), and its sales platform SSP AdX (which organizes the auction process allowing publishers to sell their ‘impressions’ or advertising inventories to advertisers), per the watchdog.

L’Autorité found that Google’s preferential treatment of its adtech harmed competitors and publishers.

Reached for comment, a Google spokeswoman referred us to this blog post discussing the settlement where Maria Gomri, a legal director for Google France, writes that it has “agreed on a set of commitments to make it easier for publishers to make use of data and use our tools with other ad technologies” — before detailing the steps it has pledged to take.

The publishing groups that made the original complaint against Google in France were News Corp Inc., the Le Figaro group and the Rossel La Voix group, although Le Figaro withdrew its referral last November — at the same time as it signed a content-licensing deal with Google, related to Google’s News Showcase product (a vehicle Google has spun up as legislators in different markets around the world have taken steps to force it to pay for some content reuse).

France’s competition watchdog had earlier ordered Google to negotiate with publishers over remuneration for reuse of their content, following the transposing into national law of updated, pan-EU copyright rules — which extend neighbouring rights to publishers’ news snippets. So the adtech giant’s operations remain under scrutiny on that front too.

Google agrees to interoperability changes

Google has agreed to improve the interoperability of Google Ad Manager services with third-party ad server and advertising space sales platform solutions, per L’Autorité, as well as agreeing to end provisions that favor itself.

“The practices in question are particularly serious because they penalized Google’s competitors in the SSP market and the publishers of sites and mobile applications,” it writes in a press release (translated from French with Google Translate). “Among these, the press groups — including those who were [the source] of the referral to the Authority — were affected even though their economic model is also strongly weakened by the decline in sales of paper subscriptions and the decline in associated advertising revenue.”

L’Autorité confirmed it has accepted Google’s commitments — and makes them binding in its decision. The commitments will be mandatory for a three year period, per the agreement.

The commitments Google has offered appear to speak to some operational details that have emerged via a Texas antitrust lawsuit also targeting Google’s adtech.

Earlier this year, documents surfaced via that suit which appeared to show the tech giant operated a secret program that used data from past bids in its digital ad exchange to allegedly give its own ad-buying system an advantage over competitors, per the WSJ — which reported that the so-called ‘Project Bernanke’ program was not disclosed to publishers who sold ads through Google’s exchange.

In the area of data access, Google has committed to the L’Autorité to devise a solution to ensure that all buyers which use Google Ad Manager to participate in its ad exchange receive equal access to data from its auctions — “to help them efficiently buy ad space from publishers”. Including when publishers use an off-platform technique called ‘Header Bidding’ (which enables publishers to run an auction among multiple ad exchanges but which, as a result of how Google operates, has meant such buyers may be at a data disadvantage vs those participating through Google’s own platform).

Google claims it is “usually not technically possible” for it to identify participants in Header Bidding auctions, and thus that it cannot share data with those buyers. But it’s now committed to address that by working “to create a solution that ensures that all buyers that a publisher works with, including those who participate in Header Bidding, can receive equal access to data related to outcomes from the Ad Manager auction”.

It notes that “in particular” it will be “providing information around the ‘minimum bid to win’ from previous auctions”, going forward — which would address one disadvantageous blind-spot for publishers taking an off-platform route to try to earn more ad revenue.

Another commitment from Google to the French watchdog is a pledge to increase flexibility for publishers using its Ad Manager product — including by letting them set custom pricing rules for ads that are in sensitive categories and implementing product changes aimed at improving interoperability between Ad Manager and third-party ad servers.

Google also writes that it is “reaffirming” that it won’t limit Ad Manager publishers from negotiating specific terms or pricing directly with other sell-side platforms (SSPs); and says it is committing to continue to provide publishers with controls to include or exclude certain buyers at their discretion when they use its product.

The third batch of commitments focus on transparency — and the opacity of adtech has long been a core criticism of the market, including for the competitive dimension as unclear workings by dominant platforms can be used to shield abusive practices from view. (Indeed, L’Autorité already fined Google $166M back in December 2019 for having what it billed then as “opaque and difficult to understand” rules for its ad platform, Google Ads, and for applying them in “an unfair and random manner.”)

On transparency, Google has pledged not to use data from other SSPs to optimize bids in its own exchange in a way that other SSPs can’t reproduce. It also says it’s reupping a promise not to share any bid from any Ad Manager auction participants with any other auction participant prior to completion of the auction.

“Additionally, we’ll give publishers at least three months’ notice for major changes requiring significant implementation effort that publishers must adopt, unless those are related to security or privacy protections, or are required by law,” it further notes.

The commitments made to L’Autorité will apply to how Google operates its adtech in the French market — but are also set to be applied more widely.

“We will be testing and developing these changes over the coming months before rolling them out more broadly, including some globally,” Gomri added in the blog post.

L’Autorité‘s action comes after years of attention paid to the online advertising market.

Back in 2018 it published a report that delved into a number of competitive advantages leveraged by Facebook and Google, noting how the duopoly’s ad targeting offerings benefit from their leadership positions in respective markers and the resultant network effects; and also from their vertical integration model (playing in both publishing and technical intermediation); as well as from the ‘logged’ environments both have developed, requiring users to log in to access ‘free’ services — giving them access to a high volume of sociodemographic and behavioral data to power their ad targeting products, among other competitive advantages.

The UK’s Competition and Markets Authority has also conducted an online ad market study in recent years — findings from which are underpinning ‘pro-competition’ regulatory reform that’s now being targeted at tech giants with ‘strategic market status’ which will, in the future, be subject to an ex ante regime of custom requirements aimed at preemptively preventing market abuse.

The European Commission has, meanwhile, issued multiple antitrust enforcements against Google’s business in recent years — including a $1.7BN fine related to its search ad brokering business, AdSense, in 2019, and a $2.7BN penalty for its price comparison service, Google Shopping, back in 2017, to name two.

More recently, the EU regulators have been reported to be further probing Google’s adtech practices. So more interventions could be forthcoming.

However the Commission’s preferred approach of not imposing specific remedies itself — nor obtaining specific commitments, beyond a general requirement not to continue the sanctioned abuse (or any equivalent behavior) — seems to have failed to move the needle, certainly where Google’s market dominance is concerned.

Still, EU lawmakers’ experience with Google antitrust cases has certainly informed a recent pan-EU plan for a set of ex ante rules to apply to digital ‘gatekeepers’ — incoming under the Digital Markets Act, which was presented by Brussels last December.

TikTok announced a ban on political advertising all the way back in 2019. So you’d be forgiven for thinking the ugly problem of democracy-denting political disinformation doesn’t apply inside its walled garden of dancing Gen Zers. But you’d be wrong.

New research by Mozilla suggests that policy loopholes and lax oversight, especially around influencer marketing, coupled with an ongoing lack of ads transparency by TikTok — which offers no publicly searchable ad archive — are making its video-sharing platform vulnerable to passing off political ads as organic content.

Mozilla says it found over a dozen instances of TikTok influencers across the political spectrum who were being paid (or otherwise compensated) by a variety of political organizations to promote partisan messages without disclosing that these posts were sponsored.

“Our research found that TikTok influencers across the political spectrum had undisclosed paid relationships with various political organizations in the U.S.,” it writes. “Several right-wing TikTok influencers appear to be funded by conservative
organizations like Turning Point USA, a tax-exempt nonprofit which has a dedicated influencer program specifically targeted at funding young conservative content creators on social media.”

Examples of TikTok influencers spreading political messaging (Image credits: Mozilla)

It similarly found evidence of left-leaning sponsored political messaging being spread without proper disclosures by TikTok influencers, noting that: “We found some evidence that progressive influencers supported by left-leaning political organizations were posting pro-Biden messages prior to the U.S. presidential election. For instance, The 99 Problems created and funded the Hype House account House of US, where influencers post political messaging.”

In the report, Th€se Are Not Po£itical Ad$: How Partisan Influencers Are Evading TikTok’s Weak Political Ad Policies, Mozilla calls out the platform for not offering adequate tools for ‘influencers’ — aka users who have amassed a large enough number of followers to become attractive targets for advertisers to target for making paid postings — to report sponsorships, pointing out that other major social media platforms (like Facebook/Instagram) do offer such tools and can flag influencer content if they’re found failing to properly report ads.

“Of course, it’s hard to know exactly how self-disclosure ad policies are being enforced across platforms but TikTok is significantly far behind Instagram and YouTube when it comes to providing tools and enacting clear, strict, and transparent policies,” Mozilla writes in the report.

Per TikTok’s rules, content creators are supposed to self-identify any paid content (typically by using the hashtag #ad or #sponsored), in keeping with U.S. Federal Trade Commission guidelines for the disclosure of paid influence.

But, as Mozilla points out, if TikTok isn’t actively monitoring or scrutinizing influencer ads (as the report suggests) it raises an obvious concern over how the platform can claim to be enforcing its “trust and safety” protocols.

Mozilla’s report also points to rumours that TikTok is testing features that will allow influencers to pay to further promote specific posts — which could dial up the ‘dark money’ political disinformation problem further, i.e. if not combined with active policing and enforcement of sponsorship disclosures.

“There do not appear to be any safeguards preventing creators from using this feature to promote paid political messages,” it warns. “It is unclear how TikTok is monitoring this content to ensure that it complies with their political ad policy.”

Another major criticism in the report is the general lack of ads transparency by TikTok vs other social platforms — with Mozilla’s report pointing out that it does not offer public, searchable ad databases as others (including Facebook/Instagram, Snap, and Google/YouTube) do. Twitter has also had a searchable ads archive since 2018.

“Mozilla believes Facebook and Google are doing a poor job on ad transparency, so the fact that TikTok can’t match even them is troubling,” the report notes.

In recommendations to TikTok (or to policymakers shaping laws aimed at preventing abuse of such platforms) Mozilla suggests that it needs to develop specific mechanisms for content creators to disclose partnerships; invest in comprehensive advertising transparency, including launching an ad database which includes paid partnerships (not just native platform ads); and update its policies and enforcement processes to cover all the ways that paid political influence can happen on its platform.

TikTok was contacted with questions on its approach to ads transparency and sponsored content. It sent this statement:

There are signs that TikTok is trying to get ahead of criticisms in the report — as Mozilla’s researcher, Becca Ricks, notes that the company has very recently (“within the past week”) created a branded content policy.

“It includes mention of a ‘branded content toggle‘ to help influencers disclose paid partnerships,” she went on, adding: “We’re currently analyzing the feature to learn more. But we’re cautiously optimistic that this could be a (small) step in the right direction, especially after we raised these issues directly with TikTok two weeks ago in the course of our research.

“That said, Mozilla’s other recommendations — and the entirety of the problems we uncovered in the research — remain. So TikTok has a long road to being truly transparent.”

Mozilla’s report is just the latest black cloud to fall over TikTok’s platform which is under pressure on a variety of fronts related to its content and wider policies, including around ad disclosures.

Last week, EU regulators kicked off what they couched as a formal “dialogue” with TikTok following a number of complaints by consumer protection groups which have accused the platform of hidden marketing, aggressive advertising techniques targeted at children and misleading and confusing contractual terms.

Other regional complaints have called out TikTok’s approach to privacy and user data. And it’s being sued in the UK over its handling of children’s data.

Concerns over weak age verification also led to an intervention by Italy’s data protection regulator earlier this year — acting on concerns for the safety of underage users. In that case TikTok was forced to remove over half a million accounts which were suspected of being used by children younger than 13.

In recent months TikTok has been trying to burnish its image with policymakers, announcing what it bills as a ‘Transparency Center’ in the U.S. last year — and another for Europe this April — saying these centers would provide a space for outside experts to access information about its content moderation and security policies.

However Mozilla said the centers suffer from a lack transparency vis-a-vis ads, writing in the report that they “do not provide detailed transparency regarding advertisements”, and specifying TikTok does not disclose specific data about “how many or which ads were rejected under TikTok’s ban on political advertisements”, for example.

TikTok’s opacity arounds ads looks to be on borrowed time as the issue of online political ads transparency is coming into sharper focus around the world.

In the U.S. a bipartisan bill to try to regulate online platforms that sell ads was introduced in 2017 — although progress stalled as the bill failed to pass ahead of the 2019 US presidential election.

In Europe lawmakers are expected to put forward a regulatory proposal this fall that will tighten ad disclosure and reporting requirements on platforms, as part of a wider package of digital reforms that aim to drive safety, transparency and accountability.

F8 Refresh, Facebook’s annual developer conference with a new twist — it’s more pared down than in years past, and virtual — is going to be kicking off later today, and ahead of that Facebook is unveiling some news: all businesses can now use the Messenger API to interact with users on Instagram.

The feature was first announced as a closed beta in October with select businesses — 30 developers and 700 brands in all. Now, any brand or organization using Instagram to interact with customers can use it.

The key point with this tool is that this integration represents a significant step forward in how companies can leverage the wider Facebook platform.

In the past, a brand that wanted to interact with customers either needed to do so directly through Instagram, or via Facebook’s unified business inbox, which are limited how they can be used, especially by companies that might be handling large volumes of traffic, or keen to be able to link up those customer interactions with wider customer service databases.

The Messenger API, by contrast, can be integrated into any third-party application that a company or brand might be using to manage communication, whether it’s a social media management platform like Hootsuite or Sprinklr, or a CRM application that can bring in other kinds of customer data, for example warranty information or loyalty card numbers.

Facebook noted that one of the key takeaways from the closed beta was that brands and companies wanted better ways of managing communications from one place; and another was that many of them are making more investments in software to better manage their communications and workflows. So extending the Messenger API to Instagram was a feature that was long needed in that regard.

The move to expand the Messenger API to Instagram makes sense in a couple of different ways. For starters, Facebook has been turning up the volume for some time on how it leverages Instagram’s commercial potential, starting with advertising but expanding into areas like conversation between brands or businesses and users, and most recently, enhanced shopping features. Facebook also notes that 90% of Instagram users today follow at least one business, so creating a better route for managing those conversations is a logical move.

At the same time, Facebook has been working on ways of better linking up its various apps and platforms — which include Facebook itself, Messenger, WhatsApp, Instagram and Oculus, not just for users to interact across them but to help businesses leverage them in a more unified social strategy. Rolling out the Messenger API — created originally to help brands interact with bots and manage conversations on Messenger — to include support for Instagram fits into both of those bigger strategies.

And for those wondering why it’s being announced ahead of F8 Refresh? Perhaps it’s a hint of what is the social network’s bigger priorities for this year’s event: partnerships to enable more business to take place on the social networking giant’s platforms.

Ads are coming to Twitter’s version of Stories, known as Fleets. The company announced today it will began pilot testing Fleet ads in the U.S., which will bring full-screen, vertical format ads to Twitter for the first time, allowing it to better compete with the vertical ads offered across social media platforms, including Facebook, Instagram, Snapchat and TikTok, among others.

The new Fleet ads will appear in between Fleets from people you follow and will support both images and video in 9:16 format. The video ads support up to 30-seconds of content, and brands can also include a “swipe up” call-to-action within their ads.

For video, this is shorter than what Instagram offers (up to 120 seconds) or TikTok (up to 60 seconds), but is in line with best practices which stress that shorter ads can be better.

Twitter didn’t say how often you’ll see a Fleet ad as you swipe, saying only that it will “innovate, test and continue to adapt” in this area, as it learns how people engage.

Advertisers, meanwhile, will receive standard Twitter ad metrics for their Fleet ads, including impressions, profile visits, clicks, website visits, and more. And for video ads, Twitter will report video views, 6s video views, starts, completes, quartile reporting and other metrics.

Image Credits: Twitter

The company is launching the pilot program in the U.S. with just 10 advertisers, including those in tech, retail, dining and CPG verticals.

Twitter says the pilot will help the company to understand how well these types of ads perform on Twitter, which will inform the company not only how to better optimize Fleet ads going forward, but also other areas where it may launch full-screen ads further down the road. In addition, it wants to learn how people feel about and engage with full-screen ads, as the test continues.

Twitter had first begun experimenting with Fleets in spring 2020 as a way to offer a Stories-like product experience where users could post ephemeral content. At the time, the company hoped Fleets would encourage more hesitant users to share content to the platform, as Fleets disappeared after 24 hours, reducing the pressure to perform that comes with posting directly. They also don’t circulate Twitter like retweets and quote tweets do, nor do they show up in Search or Moments.

Image Credits: Twitter

The feature rolled out to global users in November 2020. They were initially criticized by some who felt that Fleets were yet another example of how all social apps were starting to look the same. Nevertheless, Fleets have now become a core part of the Twitter experience.

Today, people use Fleets to point to other tweets they’ve posted, or to share personal updates, photos, and commentary. However, unlike Stories on other platforms, like Snapchat or Instagram, Fleets still offer a fairly bare bones experience in terms of creator tools. You can change the background color, add stickers and text, but that’s about it.

Twitter declined to say how many or what percentage of Twitter’s active user base has now adopted Fleets, noting instead that 73% of those who post Fleets say they also browse what others are sharing. The company says it plans to roll out new updates and features to Fleets in the future, as it continues to invest in the product.

Fleet ads will launch today in the U.S. across both iOS and Android.