VividQ, a UK-based deeptech startup with technology for rendering holograms on legacy screens, has raised $15 million to develop its technology for next-generation digital displays and devices. And it’s already lining up manufacturing partners in the US, China and Japan to do it.

The funding round, a Seed extension round, was led by UTokyo IPC, the venture investment arm for the University of Tokyo. It was joined by Foresight Williams Technology (a joint collaboration between Foresight Group and Williams Advanced Engineering), Japanese Miyako Capital, APEX Ventures in Austria, and the R42 Group VC out of Stanford. Previous investors University of Tokyo Edge Capital, Sure Valley Ventures, and Essex Innovation also participated.

The funding will be used to scale VividQ’s HoloLCD technology, which, claims the company, turns consumer-grade screens into holographic displays.

Founded in 2017, VividQ has already worked with ARM, and other partners, including Compound Photonics, Himax Technologies, and iView Displays.

The startup is aiming its technology at Automotive HUD, head-mounted displays (HMDs), and smart glasses with a Computer-Generated Holography that projects “actual 3D images with true depth of field, making displays more natural and immersive for users.” It also says it has discovered a way to turn normal LCD screens into holographic displays.

Darran Milne, Co-Founder and CEO of VividQ, said: “Scenes we know from films, from Iron Man to Star Trek, are becoming closer to reality than ever. At VividQ, we are on a mission to bring holographic displays to the world for the first time. Our solutions help bring innovative display products to the automotive industry, improve AR experiences, and soon will change how we interact with personal devices, such as laptops and mobiles.”

VividQ

Mikio Kawahara, Chief Investment Officer of UTokyo IPC, said, “The future of display is holography. The demand for improved 3D images in real-world settings is growing across the whole display industry. VividQ’s products will make the future ambitions of many consumer electronics businesses a reality.”

Hermann Hauser, APEX Ventures’ advisor, and co-founder of Arm added: “Computer-Generated Holography recreates immersive projections that possess the same 3D information as the world around us. VividQ has the potential to change how humans interact with digital information.”

Speaking on a call with me, Milne added: “We have put the technology on gaming laptops that can actually take make use of holographic displays on a standard LCD screen. So you know the image is actually extending out of the screen. We don’t use any optical trickery.”

“When we say holograms, what we mean is a hologram is essentially an instruction set that tells light how to behave. We compute that effect algorithmically and then present that to the eye, so it’s indistinguishable from a real object. It’s entirely natural as well. Your brain and your visual system are unable to distinguish it from something real because you’re literally giving your eyes the same information that reality does, so there’s no trickery in the normal sense,” he said.

If this works, it could certainly be a transformation, and I can see it being married very well with technology like UltraLeap.

The American IPO market is hot for many companies, but surprisingly cool for others. The gap between the two cohorts of private companies looking to list is becoming notable.

When Chinese ride-hailing giant Didi first set an IPO price range, The Exchange was curious about why the company felt so inexpensive. Compared to its American comps, shares in Didi simply felt underpriced at its proposed valuation interval. Recently, Didi stuck to its initial expectations by pricing at $14 per share, the upper end of its range, but no higher.

This week also brought a lackluster float for Chinese grocery-delivery company DingDong, which cut its IPO raise but only managed a flat American debut. Another China-based online grocery delivery service that went public domestically last week, Missfresh, is doing even worse.

With just those few data points, you’d be hard-pressed to be particularly bullish about U.S.-listed IPOs. Why go public in the United States if you are going to be underpriced and then trade poorly? The answer is that while many Chinese companies are seemingly struggling to find the demand that they expect for their shares on American exchanges, domestic companies are seeing some opposite results.

The Exchange explores startups, markets and money. Read it every morning on Extra Crunch or get The Exchange newsletter every Saturday.

We’re talking tech companies here, I should add; The Exchange doesn’t track IPO results for commodities diggers and biotech labs. It’s a big world. We have to focus.

There are contrary data points to our general thesis. Nio’s recent share price appreciation could be construed as such. But if we parse recent IPO news from SentinelOne and Xometry in contrast to what we’ve seen from Chinese tech companies’ own paths to the American public markets, there really does seem to be a gap forming.

Uneven ground

Didi’s IPO price of $14 per share values the company at around $67 billion on a non-diluted basis, and as high as $70 billion if we counted more shares in its market cap calculations. As we previously calculated, with around $6.5 billion in total Q1 2021 revenue and positive net income, the company is trading at a stiff multiples discount to Uber.

Indeed, Uber’s trailing price/sales ratio is north of 8x. If we valued Didi’s revenues from the last twelve months at the same price, it would be worth nearly $179 billion. It’s not. And that’s the gap that we want to stress.

That a few other Chinese tech IPOs listed in the United States underperformed in the last week is contrasted by a blizzard of positive IPO results from domestic companies from just this week:

Freight technology startup, Forto, which we most recently covered when it raised $50 million late last year, is upping the stakes.

It’s now raised $240 million in a round led by Softbank Vision Fund 2 to expand its trade shipments between China and Europe. Forto manages shipping containers from origin to destination. Softbank is also hedging its bets after investing in China’s Full Truck Alliance (YMM.N), which plans a $20 billion IPO.

That means Forto’s valuation close to $1.2 billion, after it’s raised a total of $360 million. Also participating in the round were new investors Citi Ventures and G Squared. Existing investors including Northzone, Cherry Ventures and Unbound also took part, Forto said.

German logistics startups are proliferating. Trucking specialist Sennder, a digital road freight forwarder, raised $160 million in Series D financing earlier this year.

Forto says it has 2,500 clients, including Home 24 and German supermarket chain Edeka, and ships up to 10,000 containers a year by sea, rail and air.

This week, China started staffing up its own space station, and Rocket Lab got the nod from NASA to develop small satellites for the purposes of exploring Mars. Meanwhile, space startups continue to raise money and it doesn’t look like the pace of that is going to slow much heading into summer.

China delivers 3 astronauts to its space station

Image Credits: China News Service (opens in a new window)

China has launched astronauts to its space station for the first time, delivering three to the station’s core module, where they’ll remain for a mission that lasts until September. This is the first time China has flown a crewed mission since 2012, and it’s also going to set a record for the longest period of time a Chinese astronaut has remained in space continuously.

This will be a big step forward for China’s space program, and a key evolution of its ambitions to establish a continuous presence in low Earth orbit. China is not an International Space Station partner, and no Chinese nationals have ever set foot aboard that station. The European Space Agency had welcomed overtures for them to participate as a member nation in the ISS last decade, but the US refused.

China has sated outright that it will welcome participation in its space station from foreign astronauts, though there hasn’t been any specific agreements put in place for who those might be, or from what countries.

Rocket Lab will build two orbital research spacecraft for a mission to Mars

Image Credits: Rocket Lab

Rocket Lab has landed a contract of a different sort from its usual business, tapped to build small spacecraft that will go to Mars and perform valuable science and exploration missions on behalf of NASA and its partners. These will make use of Rocket Lab’s Photon platform, which is a satellite platform that it originally developed as one of its value-add offerings for its launch customers.

This is unique for Rocket Lab because the spacecraft its developing won’t be launched aboard a Rocket Lab Electron spacecraft, and will instead fly them on a commercial rocket to be selected by NASA in a separate contract process that will happen later.

The goal is to have these fly to the red planet by 2024, and it’ll help support NASA’s deep space exploration ambitions more broadly.

Startups raise $$

Image Credits: Hydrosat (opens in a new window)

Some interesting funding rounds this week, including $5 million for Hydrosat, a company that’s spotting ground temperature from space and providing that to customers for use in industries like agriculture, wildfire and drought risk, water table information and more.

This kind of data has been monitored by weather and environmental monitoring agencies in the past, but Hydrosat aims to collect it at a frequency that hasn’t been possible before.

Meanwhile, another startup whose entire focus is making sure that companies and other users on the ground can make use of Earth observation data also raised a chunk of cash. Skywatch picked up $17.2 million to help expand its platform, which not only provides access to the data for customers, but can actually also provide the customers themselves, a useful feature for brand new satellite companies.

Join us at TC Sessions: Space in December

Last year we held our first dedicated space event, and it went so well that we decided to host it again in 2021. This year, it’s happening mid-December, and it’s once again going to be an entirely virtual conference, so people from all over the world will be able to join — and you can, too.

The European Data Protection Board (EDPB) published its final recommendations yesterday setting on guidance for making transfers of personal data to third countries to comply with EU data protection rules in light of last summer’s landmark CJEU ruling (aka Schrems II).

The long and short of these recommendations — which are fairly long; running to 48 pages — is that some data transfers to third countries will simply not be possible to (legally) carry out. Despite the continued existence of legal mechanisms that can, in theory, be used to make such transfers (like Standard Contractual Clauses; a transfer tool that was recently updated by the Commission).

However it’s up to the data controller to assess the viability of each transfer, on a case by case basis, to determine whether data can legally flow in that particular case. (Which may mean, for example, a business making complex assessments about foreign government surveillance regimes and how they impinge upon its specific operations.)

Companies that routinely take EU users’ data outside the bloc for processing in third countries (like the US), which do not have data adequacy arrangements with the EU, face substantial cost and challenge in attaining compliance — in a best case scenario.

Those that can’t apply viable ‘special measures’ to ensure transferred data is safe are duty bound to suspend data flows — with the risk, should they fail to do that, of being ordered to by a data protection authority (which could also apply additional sanctions).

One alternative option could be for such a firm to store and process EU users’ data locally — within the EU. But clearly that won’t be viable for every company.

Law firms are likely to be very happy with this outcome since there will be increased demand for legal advice as companies grapple with how to structure their data flows and adapt to a post-Schrems II world.

In some EU jurisdictions (such as Germany) data protection agencies are now actively carrying out compliance checks — so orders to suspend transfers are bound to follow.

While the European Data Protection Supervisor is busy scrutinizing EU institutions’ own use of US cloud services giants to see whether high level arrangements with tech giants like AWS and Microsoft pass muster or not.

Last summer the CJEU struck down the EU-US Privacy Shield — only a few years after the flagship adequacy arrangement was inked. The same core legal issues did for its predecessor, ‘Safe Harbor‘, though that had stood for some fifteen years. And since the demise of Privacy Shield the Commission has repeatedly warned there will be no quick fix replacement this time; nothing short of major reform of US surveillance law is likely to be required.

US and EU lawmakers remain in negotiations over a replacement EU-US data flows deal but a viable outcome that can stand up to legal challenge as the prior two agreements could not, may well require years of work, not months.

And that means EU-US data flows are facing legal uncertainty for the foreseeable future.

The UK, meanwhile, has just squeezed a data adequacy agreement out of the Commission — despite some loudly enunciated post-Brexit plans for regulatory divergence in the area of data protection.

If the UK follows through in ripping up key tenets of its inherited EU legal framework there’s a high chance it will also lose adequacy status in the coming years — meaning it too could face crippling barriers to EU data flows. (But for now it seems to have dodged that bullet.)

Data flows to other third countries that also lack an EU adequacy agreement — such as China and India — face the same ongoing legal uncertainty.

The backstory to the EU international data flows issues originates with a complaint — in the wake of NSA whistleblower Edward Snowden’s revelations about government mass surveillance programs, so more than seven years ago — made by the eponymous Max Schrems over what he argued were unsafe EU-US data flows.

Although his complaint was specifically targeted at Facebook’s business and called on the Irish Data Protection Commission (DPC) to use its enforcement powers and suspend Facebook’s EU-US data flows.

A regulatory dance of indecision followed which finally saw legal questions referred to Europe’s top court and — ultimately — the demise of the EU-US Privacy Shield. The CJEU ruling also put it beyond legal doubt that Member States’ DPAs must step in and act when they suspect data is flowing to a location where the information is at risk.

Following the Schrems II ruling, the DPC (finally) sent Facebook a preliminary order to suspend its EU-US data flows last fall. Facebook immediately challenged the order in the Irish courts — seeking to block the move. But that challenge failed. And Facebook’s EU-US data flows are now very much operating on borrowed time.

As one of the platform’s subject to Section 702 of the US’ FISA law, its options for applying ‘special measures’ to supplement its EU data transfers look, well, limited to say the least.

It can’t — for example — encrypt the data in a way that ensures it has no access to it (zero access encryption) since that’s not how Facebook’s advertising empire functions. And Schrems has previously suggested Facebook will have to federate its service — and store EU users’ information inside the EU — to fix its data transfer problem.

Safe to say, the costs and complexity of compliance for certain businesses like Facebook look massive.

But there will be compliance costs and complexity for thousands of businesses in the wake of the CJEU ruling.

Commenting on the EDPB’s adoption of final recommendations, chair Andrea Jelinek said: “The impact of Schrems II cannot be underestimated: Already international data flows are subject to much closer scrutiny from the supervisory authorities who are conducting investigations at their respective levels. The goal of the EDPB Recommendations is to guide exporters in lawfully transferring personal data to third countries while guaranteeing that the data transferred is afforded a level of protection essentially equivalent to that guaranteed within the European Economic Area.

“By clarifying some doubts expressed by stakeholders, and in particular the importance of examining the practices of public authorities in third countries, we want to make it easier for data exporters to know how to assess their transfers to third countries and to identify and implement effective supplementary measures where they are needed. The EDPB will continue considering the effects of the Schrems II ruling and the comments received from stakeholders in its future guidance.”

The EDPB put out earlier guidance on Schrems II compliance last year.

It said the main modifications between that earlier advice and its final recommendations include: “The emphasis on the importance of examining the practices of third country public authorities in the exporters’ legal assessment to determine whether the legislation and/or practices of the third country impinge — in practice — on the effectiveness of the Art. 46 GDPR transfer tool; the possibility that the exporter considers in its assessment the practical experience of the importer, among other elements and with certain caveats; and the clarification that the legislation of the third country of destination allowing its authorities to access the data transferred, even without the importer’s intervention, may also impinge on the effectiveness of the transfer tool”.

Commenting on the EDPB’s recommendations in a statement, law firm Linklaters dubbed the guidance “strict” — warning over the looming impact on businesses.

“There is little evidence of a pragmatic approach to these transfers and the EDPB seems entirely content if the conclusion is that the data must remain in the EU,” said Peter Church, a Counsel at the global law firm. “For example, before transferring personal data to third country (without adequate data protection laws) businesses must consider not only its law but how its law enforcement and national security agencies operate in practice. Given these activities are typically secretive and opaque, this type of analysis is likely to cost tens of thousands of euros and take time. It appears this analysis is needed even for relatively innocuous transfers.”

“It is not clear how SMEs can be expected to comply with these requirements,” he added. “Given we now operate in a globalised society the EDPB, like King Canute, should consider the practical limitations on its power. The guidance will not turn back the tides of data washing back and forth across the world, but many businesses will really struggle to comply with these new requirements.”

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.

This is Equity Monday, our weekly kickoff that tracks the latest private market news, talks about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here and myself here.

Our live show is this week! And we’re very excited about it! Details here, and you can register here. It’s free, of course, so swing by and hang with us.

Back on theme, we had a lot to get through this morning, so inside the show you can find the following and more:

• The Chinese cryptocurrency clampdown is a big damn deal: With lots of the nation’s mining capacity heading offline, there’s a scramble to relocate rigs and generally figure out what a crypto market sans China might look like.
• In the wake of the news, the value of cryptocurrencies fell. As did shares of Coinbase this morning in pre-market trading.
• Facebook’s Clubhouse rival is out. The American social giant follows Spotify into the live-audio market. You have to give it to modern software companies, who thought that they could be both leading tech shops and Kinko’s clones at the same time?
• Revolut is unprofitable as hell but increasingly less so. That could be good news for fintech as a whole.
• Amber Group raised $100 million; Forto raised $240 million.

See you this Thursday at the live show!

Equity drops every Monday at 7:00 a.m. PST, Wednesday, and Friday at 6:00 AM PST, so subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts!

Didi filed to go public in the United States last night, providing a look into the Chinese ride-hailing company’s business. This morning, we’re extending our earlier reporting on the company to dive into its numerical performance, economic health and possible valuation.

Didi is approaching the American public markets at a fortuitous moment. While the late-2020 IPO fervor, which sent offerings from DoorDash and others skyrocketing after their debuts, has cooled, valuations for public companies remain high compared to historical norms. And Uber and Lyft, two American ride-hailing companies, have been posting numbers that point to at least a modest recovery in the ride-hailing industry as COVID-19 abates in many parts of the world.

As further grounding, recall that Didi has raised tens of billions worth of private capital from venture capitalists, private equity firms, corporations and other sources. The size of the bet riding on Didi is simply massive. As we explore the company’s finances, then, we’re more than vetting a single company’s performance; we’re examining what sort of returns an ocean of capital may be able to derive from its exit.

In that vein, we’ll consider GMV results, revenue growth, historical profitability, present-day profitability, and what Didi may be worth on the American markets, given current comps. Sound good? Into the breach!

Inside Didi’s IPO filing

Starting at the highest level, how quickly has gross transaction volume (GTV) scaled at the company?

GTV

Didi is historically a business that operates in China but has operations today in more than a dozen countries. The impact and recovery of China’s bout with COVID-19 is therefore not the whole picture of the company’s GTV results.

COVID-19 began to affect the company starting in the first quarter of 2020. From the Didi F-1 filing:

Core Platform GTV fell by 32.8% in the first quarter of 2020 as compared to the first quarter of 2019, and then by 16.0% in the second quarter of 2020 as compared to the second quarter of 2019.

The dips were short-lived, however, with Didi quickly returning to growth in the second half of the year:

Our businesses resumed growth in the second half of 2020, which moderated the impact on a year-on-year basis. Our Core Platform GTV for the full year 2020 decreased by 4.8% as compared to the full year 2019. Both our China Mobility and International segments were impacted, but whereas the GTV for our China Mobility segment decreased by 6.6% from 2019 to 2020, the GTV for our International segment increased by 11.4% from 2019 to 2020.

Holding to just the Chinese market, we can see how rapidly Didi managed to pick itself up over the last year. Chinese GTV at Didi grew from 25.7 billion RMB to 54.6 billion RMB from the first quarter of 2020 to the first quarter of 2021; naturally, we’re comparing a more pandemic-impacted quarter at the company to a less-affected period, but the comparison is still useful for showing how the company recovered from early-2020 lows.

The number of transactions that Didi recorded in China during the first quarter of this year was also up more than 2x year over year.

On a whole-company basis, Didi’s “core platform GTV,” or the “sum of GTV for our China Mobility and International segments,” posted numbers that are less impressive in growth terms:

Image Credits: Didi F-1 filing

You can see how quickly and painfully COVID-19 blunted Didi’s global operations. But seeing the company settle back to late-2019 GTV numbers in 2021 is not super bullish.

Takeaway: While Didi managed an impressive GTV recovery in China, its aggregate numbers are flatter, and recent quarterly trends are not incredibly attractive.

Revenue growth

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.

This is Equity Monday, our weekly kickoff that tracks the latest private market news, talks about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here and myself here.

It’s WWDC week, so expect a deluge of Apple news to overtake your Twitter feed here and there over the next few days. But there’s a lot more going on, so let’s dig in:

• The Weekend: A supercharged, supercharged Model S Tesla car is not coming out. Instead, a merely supercharged version will come out. It’s still stupid fast and expensive. And Nigeria’s war with Twitter continued, with new efforts from the African nation to limit access to the social media service within its borders.
• This Morning: Flipkart is raising $3 billion at a roughly $40 billion valuation The deal underscores not just how big the Indian tech scene is, but also how much investor interest there is in ecommerce bets more generally. And Jeff Bezos is going to space. Soon!
• Funding Rounds: Trulioo raised a $394 million Series D. The Canadian startup is now worth far more than $1 billion. And Chinese company Kanzhun is going public in the United States, which raised an eyebrow here amongst the Equity Morning Crew.
• Take The Damn Equity Survey: Take it! All the cools kids are taking it!

And that’s your start to the week. More to come from your friends here on Wednesday, and Friday. Chat soon!

Equity drops every Monday at 7:00 a.m. PST, Wednesday, and Friday at 6:00 AM PST, so subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts!

There has been a wave of businesses over the past several years hoping to offer broadband internet delivered from thousands of satellites in low-earth orbit (LEO), providing coverage of most of the earth’s surface.

This isn’t the first time we’ve seen excitement in the category. Companies and people that you have heard of — Bill Gates and Motorola, to name a few — invested billions of dollars into this business model two decades ago in an adventure that ended in many bankruptcies and very few people connected to the internet from low-earth orbit. Yet, here we are 20 years later, witnessing billionaires from Elon Musk to Jeff Bezos and entities from SoftBank to the United Kingdom investing billions into broadband from space in a gold rush that began around 2015, and has only accelerated since the beginning of 2020.

During that same period, we have seen a parallel ascendance of China’s space capabilities. In tandem with the accelerated deployment of SpaceX’s Starlink constellation in 2020, China has rapidly responded in terms of policy, financing, and technology, including most notably the creation of a “Chinese answer to Starlink”, namely constellation operating company China SatNet, and the associated GuoWang (国网, or National Net(work)) constellation.

While still in early development, SatNet and GuoWang are likely to compete in certain markets with Starlink and others, while also fulfilling what may be a similar strategic purpose from a government perspective. With considerable backing from very high-level actors, we are likely to see the rollout of a Red Star(link) over China (and the rest of the world) over the coming several years.

The rapid rise of Starlink

China’s LEO constellation plans cannot be understood in a vacuum. Like many other areas of high-tech investment, China’s actions here are partially reactive to developments in the West. The acceleration and expansion of Western LEO constellations in recent years — most notably Starlink — has been an accelerant to China’s own plans.

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.

This is Equity Monday Tuesday, our weekly kickoff that tracks the latest private market news, talks about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here and myself here.

We are back from a long weekend here in America. But not break here in the States can stop the flow of global tech news. So, here’s the rundown:

• The Weekend: Tata bought BigBasket, setting up a fascinating ecommerce war in India. China is cracking down on edtech companies, leading to an IPO freeze. And Wejo is going public via a SPAC. You can read its investor deck here.
• This Morning: The are a zillion funding rounds in Europe and globally this morning, the start of what could be a super busy week’s cycle. Private Equity is buying Cloudera, which is a surprise. Nio had chip shortage issues that impacted its delivery cadence. The Chinese EV company does expect to meet its Q2 delivery goal, however.
• Funding Rounds: Truebill raised $45 million. Chipper Cash raised $100 million. Zenyum raised $40 million. WeFox raised $650 million. Malt raised $97 million. Sennder raised $80 million. idwall raised $38 million. Belvo raised $43 million. And that was not even close to all the big ones.
• Riff: Late last week we missed the Sprinklr filing. You can read it here. Quite a number of VCs have money riding on the IPO.

Welcome back, America, to the week. It’s nice to see you, everyone else. Maybe Robinhood will file this week.

European Union lawmakers are facing further pressure to step in and do something about lackadaisical enforcement of the bloc’s flagship data protection regime after the European Parliament voted yesterday to back a call urging the Commission to start an infringement proceeding against Ireland’s Data Protection Commission (DPC) for not “properly enforcing” the regulation.

The Commission and the DPC have been contacted for comment on the parliament’s call.

Last summer the Commission’s own two-year review of the General Data Protection Regulation (GDPR) highlighted a lack of uniformly vigorous enforcement — but commissioners were keener to point out the positives, lauding the regulation as a “global reference point”.

It’s now nearly three years since the regulation begun being applied and criticism over weak enforcement is getting harder for the EU’s executive to ignore.

The parliament’s resolution — which, while non-legally binding, fires a strong political message across the Commission’s bow — singles out the DPC for specific criticism given its outsized role in enforcement of the General Data Protection Regulation (GDPR). It’s the lead supervisory authority for complaints brought against the many big tech companies which choose to site their regional headquarters in the country (on account of its corporate-friendly tax system).

The text of the resolution expresses “deep concern” over the DPC’s failure to reach a decision on a number of complaints against breaches of the GDPR filed the day it came into application, on May 25, 2018 — including against Facebook and Google — and criticises the Irish data watchdog for interpreting ‘without delay’ in Article 60(3) of the GDPR “contrary to the legislators’ intention – as longer than a matter of months”, as they put it.

To date the DPC has only reached a final decision on one cross-border GDPR case — against Twitter.

The parliament also says it’s “concerned about the lack of tech specialists working for the DPC and their use of outdated systems” (which Brave also flagged last year) — as well as criticizing the watchdog’s handling of a complaint originally brought by privacy campaigner Max Schrems years before the GDPR came into application, which relates to the clash between EU privacy rights and US surveillance laws, and which still hasn’t resulted in a decision.

The DPC’s approach to handling Schrems’ 2013 complaint led to a 2018 referral to the CJEU — which in turn led to the landmark Schrems II judgement last summer invalidating the flagship EU-US data transfer arrangement, Privacy Shield.

That ruling did not outlaw alternative data transfer mechanisms but made it clear that EU DPAs have an obligation to step in and suspend data transfers if European’s information is being taken to a third country that does not have essentially equivalent protections to those they have under EU law — thereby putting the ball back in the DPC’s court on the Schrems complaint.

The Irish regulator then sent a preliminary order to Facebook to suspend its data transfers and the tech giant responded by filing for a judicial review of the DPC’s processes. However the Irish High Court rejected Facebook’s petition last week. And a stay on the DPC’s investigation was lifted yesterday — so the DPC’s process of reaching a decision on the Facebook data flows complaint has started moving again.

A final decision could still take several months more, though — as we’ve reported before — as the DPC’s draft decision will also need to be put to the other EU DPAs for review and the chance to object.

The parliament’s resolution states that it “is worried that supervisory authorities have not taken proactive steps under Article 61 and 66 of the GDPR to force the DPC to comply with its obligations under the GDPR”, and — in more general remarks on the enforcement of GDPR around international data transfers — it states that it:

Is concerned about the insufficient level of enforcement of the GDPR, particularly in the area of international transfers; expresses concerns at the lack of prioritisation and overall scrutiny by national supervisory authorities with regard to personal data transfers to third countries, despite the significant CJEU case law developments over the past five years; deplores the absence of meaningful decisions and corrective measures in this regard, and urges the EDPB [European Data Protection Board] and national supervisory authorities to include personal data transfers as part of their audit, compliance and enforcement strategies; points out that harmonised binding administrative procedures on the representation of data subjects and admissibility are needed to provide legal certainty and deal with crossborder complaints;

The knotty, multi-year saga of Schrems’ Facebook data-flows complaint, as played out via the procedural twists of the DPC and Facebook’s lawyers’ delaying tactics, illustrates the multi-layered legal, political and commercial complexities bound up with data flows out of the EU (post-Snowden’s 2013 revelations of US mass surveillance programs) — not to mention the staggering challenge for EU data subjects to actually exercise the rights they have on paper. But these intersecting issues around international data flows do seem to be finally coming to a head, in the wake of the Schrems II CJEU ruling.

The clock is now ticking for the issuing of major data suspension orders by EU data protection agencies, with Facebook’s business first in the firing line.

Other US-based services that are — similarly — subject to the US’ FISA regime (and also move EU users data over the pond for processing; and whose businesses are such they cannot shield user data via ‘zero access’ encryption architecture) are equally at risk of receiving an order to shut down their EU-US data-pipes. Or else having to shift data processing for these users inside the EU.

US-based services aren’t the only ones facing increase legal uncertainty, either.

The UK, post-Brexit, is also classed as a third country (in EU law terms). And in a separate resolution today the parliament adopted a text on the UK adequacy agreement, granted earlier this year by the Commission, which raises objections to the arrangement — including by flagging a lack of GDPR enforcement in the UK as problematic.

On that front the parliament highlights how adtech complaints filed with the ICO have failed to yield a decision. (It writes that it’s concerned “non-enforcement is a structural problem” in the UK — which it suggests has left “a large number of data protection law breaches… [un]remedied”.)

It also calls out the UK’s surveillance regime, questioning its compatibility with the CJEU’s requirements for essential equivalence — while also raising concerns about the risk that the UK could undermine protections on EU citizens data via onward transfers to jurisdictions the EU does not have an adequacy agreement with, among other objections.

The Commission put a four year lifespan on the UK’s adequacy deal — meaning there will be another major review ahead of any continuation of the arrangement in 2025.

It’s a far cry from the ‘hands-off’ fifteen years the EU-US ‘Safe Harbor’ agreement stood for, before a Schrems challenge finally led to the CJEU striking it down back in 2015. So the takeaway here is that data deals that allow for people’s information to leave Europe aren’t going to be allowed to stand unchecked for years; close scrutiny and legal accountability are now firmly up front — and will remain in the frame going forward.

The global nature of the Internet and the ease with which data can digitally flow across borders of course brings huge benefits for businesses — but the resulting interplay between different legal regimes is leading to increasing levels of legal uncertainty for companies seeking to take people’s data across borders.

In the EU’s case, the issue is that data protection is regulated within the bloc and these laws require that protection stays with people’s information, no matter where it goes. So if the data flows to countries that do not offer the same safeguards — be that the US or indeed China or India (or even the UK) — then that risk is that it can’t, legally, be taken there.

How to resolve this clash, between data protection laws based on individual privacy rights and data access mandates driven by national security priorities, has no easy answers.

For the US, and for the transatlantic data flows between the EU and the US, the Commission has warned there will be no quick fix this time — as happened when it slapped a sticking plaster atop the invalidated Safe Harbor, hailing a new ‘Privacy Shield’ regime; only for the CJEU to blast that out of the water for much the same reasons a few years later. (The parliament resolution is particularly withering in its assessment of the Commission’s historic missteps there.)

For a fix to stick, major reform of US surveillance law is going to be needed. And the Commission appears to have accepted that’s not going to come overnight, so it seems to be trying to brace businesses for turbulence…

The parliament’s resolution on Schrems II also makes it clear that it expects DPAs to step in and cut off risky data flows — with MEPs writing that “if no arrangement with the US is swiftly found which guarantees an essentially equivalent and therefore adequate level of protection to that provided by the GDPR and the Charter, that these transfers will be suspended until the situation is resolved”.

So if DPAs fail to do this — and if Ireland keeps dragging its feet on closing out the Schrems complaint — they should expect more resolutions to be blasted at them from the parliament.

MEPs emphasize the need for any future EU-US data transfer agreement “to address the problems identified by the Court ruling in a sustainable manner” — pointing out that “no contract between companies can provide protection from indiscriminate access by intelligence authorities to the content of electronic communications, nor can any contract between companies provide sufficient legal remedies against mass surveillance”.

“This requires a reform of US surveillance laws and practices with a view to ensuring that access of US security authorities to data transferred from the EU is limited to what is necessary and proportionate, and that European data subjects have access to effective judicial redress before US courts,” the parliament adds.

It’s still true that businesses may be able to legally move EU personal data out of the bloc. Even, potentially, to the US — depending on the type of business; the data itself; and additional safeguards that could be applied.

However for data-mining companies like Facebook — which are subject to FISA and whose businesses rely on accessing people’s data — then achieving essential equivalence with EU privacy protections looks, well, essentially impossible.

And while the parliament hasn’t made an explicit call in the resolution for Facebook’s EU data flows to be cut off that is the clear implication of it urging infringement proceedings against the DPC (and deploring “the absence of meaningful decisions and corrective measures” in the area of international transfers).

The parliament says it wants to see “solid mechanisms compliant with the CJEU judgement” set out — for the benefit of businesses with the chance to legally move data out of the EU — saying, for example, that the Commission’s proposal for a template for Standard Contractual Clauses (SCCs) should “duly take into account all the relevant recommendations of the EDPB“.

It also says it supports the creation of a tool box of supplementary measures for such businesses to choose from — in areas like security and data protection certification; encryption safeguards; and pseudonymisation — so long as the measures included are accepted by regulators.

It also wants to see publicly available resources on the relevant legislation of the EU’s main trading partners to help businesses that have the possibility of being able to legally move data out of the bloc get guidance to help them do so with compliance.

The overarching message here is that businesses should buckle up for disruption of cross-border data flows — and tool up for compliance, where possible.

In another segment of the resolution, for example, the parliament calls on the Commission to “analyse the situation of cloud providers falling under section 702 of the FISA who transfers data using SCCs” — going on to suggest that support for European alternatives to US cloud providers may be needed to plug “gaps in the protection of data of European citizens transferred to the United States” and “reduce the dependence of the Union in storage capacities vis-à-vis third countries and to strengthen the Union’s strategic autonomy in terms of data management and protection”.

Less than a month after announcing a partnership with India’s largest two-wheeled vehicle maker, Gogoro is taking another big step in its global expansion plans. This time the market is China, where Gogoro’s technology, including its swappable smart batteries, will be used in scooters made by Dachangjiang Group (DCJ), one of the country’s biggest motorcycle makers, and Yadea, one of it top electric two-wheel companies. DCJ and Yadea will jointly invest $50 million in an operating company to develop new two-wheel vehicles with their own branding that use the Gogoro Network, including its batteries, drivetrains, controllers and other components.

“Think of it as DCJ and Yadea combining to create an AT&T,” Gogoro co-founder and chief executive officer Horace Luke told TechCrunch. “Gogoro will be the technology that powers them, so think about it like we’re the Ericsson.”

Last month, Gogoro and Hero MotoCorp announced a strategic partnership to build a battery-swapping network and electric two-wheeled vehicles in India. Gogoro’s new deals in India and China are the biggest steps it has taken for its global strategy since launching the first Gogoro Smartscooter in 2015.

Gogoro’s swappable batteries, its signature technology, means riders can replace their batteries for new ones at charging stations that are small enough to fit on a sidewalk. In Taipei City, where Gogoro is based, its swapping stations are a common sight, usually tucked against storefronts or by the side of gas stations and parking lots. Since Gogoro’s batteries are swappable, electric vehicles that use them don’t need to be parked to be charged. This addresses “range anxiety,” or consumer concerns about how far an electric vehicle can go before it needs to be charged again. The main challenge is making sure there are enough swapping stations to be convenient for riders of two-wheeled vehicles powered by the Gogoro Network.

DCJ and Yadea’s joint venture will launch first in Hangzhou, its pilot city, before expanding into other cities in 2022. Vehicle availability and pricing will be announced later.

Last year, China’s government introduced new regulations that require all new cars sold by 2035 to use “new energy” instead of fossil fuel. Combined, DCJ and Yadea have 47,000 retailers, covering 358 cities, or more than half the cities in China. Luke said this means once the joint venture expands beyond Hangzhou, it will be able to grow quickly.

Gogoro positions itself as a turnkey solution for other electric mobility companies, and its own brand was a way to develop its charging infrastructure and reputation. In Taiwan, where Gogoro-powered two-wheeled vehicles now account for nearly a quarter of monthly sales, its swappable batteries were first used in Gogoro Smartscooters before the technology was licensed to other makers like Kymco, Yamaha and Aeon.

“It was almost like a roundabout way to prove that the platform is feasible,” said Luke. “We had to build our own vehicles, our own retail chain and now we support 400,000 customers and 2,000 stations. That proof case enabled us to work with these larger partners, so when they asked us to pull up data, we could show them the unit economics, durability, stations and how it works. It took many years, but we were getting ready in the biggest way possible.”

DCJ ships about two million motorcycles a year and the joint venture marks the first time it will build an electric motorcycle. “They’ve been looking for technology to transition to electric, and we’ve been talking to them for almost two years to prove that our platform is the right platform for them to start the transition to electric vehicles,” said Luke.

Yadea sold more than 10 million electric two-wheelers in 2020, but wanted an alternative to lithium-ion batteries, he added. Along with Aima, Yadea is one of the best-known affordable electric two-wheeler brands in China, while Niu dominates the premium market.

Gogoro has raised about $480 million in funding since it was founded in 2011, with investors including HTC, Temasek Holdings and Generation Investment Management (GIM), the green-tech investment firm co-founded by former United States vice president Al Gore.

In a press statement, Gore, who is GIM’s chairman, said, “Gogoro’s partnership with Yadea and DCJ in China, which builds upon their existing work with Hero MotoCorp in India, sends a clear signal that the world’s two-wheel leaders are helping to fuel the sustainability revolution in Asia with smart battery swapping.”