New data about the real-time-bidding (RTB) system’s use of web users’ info for tracking and ad targeting, released today by the Irish Council for Civil Liberties (ICCL), suggests Google and other key players in the high velocity, surveillance-based ad auction system are processing and passing people’s data billions of times per day.

“RTB is the biggest data breach ever recorded,” argues the ICCL. “It tracks and shares what people view online and their real-world location 294 billion times in the U.S. and 197 billion times in Europe every day.”

The ICCL’s report, which is based on industry figures that the rights organization says it obtained from a confidential source, offers an estimate of RTB per person per day across US states and European countries which suggests that web users in Colorado and the UK are among the most exposed by the system — with 987 and 462 RTB broadcasts apiece per person per day.

But even online individuals living in bottom of the chart, District of Columbia or Romania, have their information exposed by RTB an estimated 486 times per day or 149 times per day respectively, per the report.

The ICCL calculates that people living in the U.S. have their online activity and real-world location exposed 57% more often than people in Europe — likely as a result of differences in privacy regulation across the two regions.

Collectively, the ICCL estimates that U.S. Internet users’ online behaviour and locations are tracked and shared 107 trillion times a year, while Europeans’ data is exposed 71 trillion times a year.

“On average, a person in the U.S. has their online activity and location exposed 747 times every day by the RTB industry. In Europe, RTB exposes people’s data 376 times a day,” it also writes, adding: “Europeans and U.S. Internet users’ private data is sent to firms across the globe, including to Russia and China, without any means of controlling what is then done with the data.”

The report’s figures are likely a conservative estimate of the full extent of RTB since the ICCL includes the caveat that: “[T]he figures presented for RTB broadcasts as a low estimate. The industry figures on which we rely do not include Facebook or Amazon RTB broadcasts.”

Per the report, Google, the biggest player in the RTB system, allows 4,698 companies to receive RTB data about people in the U.S., while Microsoft — which ramped up its involvement in RTB in December last year when it bought adtech firm Xandr from AT&T — says it may send data to 1,647 companies.

That too is likely just the tip of the iceberg since RTB data is broadcast across the Internet — meaning it’s ripe for interception and exploitation by non-officially listed RTB ‘partners’, such as data brokers whose businesses involve people farming by compiling dossiers of data to reidentify and profile individual web users for profit, using info like device IDs, device fingerprinting, location etc to link web activity to a named individual, for example.

Privacy and security concerns have been raised about RTB for years — especially in Europe where there are laws in place that are supposed to prevent such a systematic abuse of people’s information. But awareness of the issue has been rising in the US too, following a number of location-tracking and data-sharing scandals.

The leaked Supreme Court opinion earlier this month which suggested the US’ highest court is preparing to overturn Roe v Wade — removing the constitutional protection for abortion — has further dialled up concern and sent shock waves through the country, with some commentators immediately urging women to delete their period tracking apps and pay close attention to their digital security and privacy hygiene.

The concern is ad tracking could expose personal data that can be used to identify women and people who are pregnant and/or seeking abortion services.

Many US states have already heavily restricted access to abortion. But if the Supreme Court overturns Roe v Wade a number of states are expected to ban abortion entirely — which means people who can get pregnant will be at increased risk from online surveillance as any online searches for abortion services or location tracking or other types of data mining of their digital activity could be used to built a case against them for obtaining or seeking to obtain an illegal abortion.

Highly sensitive personal data on web users is, meanwhile, routinely sucked up and shared for ad targeting purposes, as previous ICCL reports have detailed in hair-raising detail. The data broker industry also collects information on individuals to trade and sell — and in the US, especially, people’s location data appears all too easy to obtain.

Last year, for example, a top Catholic priest in the US was reported to have resigned after allegations were made about his sexuality based on a claim that data on his phone had been obtained which indicated use of the location-based gay hook-up app, Grindr.

A lack of online privacy could also negatively impinge on women’s health issues — making it easier to gather information to criminalize pregnant people who seek an abortion in a post-Roe world.

“There is no way to restrict the use of RTB data after it is broadcast,” emphasizes the ICCL in the report. “Data brokers used it to profile Black Lives Matter protestors. The US Department of Homeland Security and other agencies used it for warrant-less phone tracking. It was implicated in the outing of a gay Catholic priest through his use of Grindr. ICCL uncovered the sale of RTB data revealing likely survivors of sexual abuse.”

The report raises especially cutting question for European regulators since, unlike the US, the region has a comprehensive data protection framework. The General Data Protection Regulation (GDPR) has been in force across the EU since May 2018 and regulators should have been enforcing these privacy rights against out-of-control adtech for years.

Instead, there has been a collective reluctance to do so — likely as a result of how extensively and pervasively individual tracking and profiling tech has been embedded into web infrastructure, coupled with loud claims by the adtech industry that the free web cannot survive if Internet users’ privacy is respected. (Such claims ignore the existence of alternative forms of ad targeting, such as contextual, which do not require tracking and profiling of individual web users’ activity to function and which have been shown to be profitable for years, such as for non-tracking search engine, DuckDuckGo.)

An investigation opened by the Irish Data Protection Commission (DPC) into Google’s adtech three years ago (May 2019), following a number of RTB complaints, is — ostensibly — ongoing. But no decision has been issued.

The UK’s ICO also repeatedly fumbled enforcement action against RTB following complaints filed back in 2018, despite voicing a view publicly since 2019 that the behavioral ad industry is wildly out of control. And in a parting shot last fall, the outgoing information commissioner, Elizabeth Denham, urged the industry to undertake meaningful privacy reforms.

Since then, a flagship adtech industry mechanism for gathering web users’ consent to ad tracking — the IAB Europe’s self-styled Transparency and Consent Framework (TCF) — has itself been found in breach of the GDPR by Belgian’s data protection authority.

Its February 2022 decision, also found the IAB itself at fault, giving the industry body two months to submit a reform plan and six months to implement it. (NB: Google and the IAB are the two bodies that set standards for RTB.)

That consent issue is one (solid) complaint against RTB under Europe’s GDPR. However the ICCL’s concern has been focused on security — as it argues that high velocity, massive scale trading of people’s data to place ads by broadcasting it over the Internet to thousands of ‘partners’ (but also with the clear risk of interception and appropriation by scores of unknown others) is inherently insecure. And, regardless of the consent issues, the GDPR requires people’s information is adequately protected — hence its framing of RTB as the “biggest ever data breach”.

In March, the ICCL announced it intended to sue the DPC — accusing the regulator of years of inaction over RTB complaints (some of which were lodged the same year the GDPR came into application). That litigation is still pending.

It has also approached the EU ombudsperson to complaint that the European Commission is failing to properly monitor application of the regulation — which led to the former opening an enquiry to look at the Commission’s claims to the contrary earlier this year.

A requested deadline for the EU’s executive to submit information to the ombudsperson passed yesterday without a submission, per the ICCL, with the Commission reportedly asking for 10 more days to provide the requested data — which suggests the four-year anniversary of the GDPR coming into force (May 25, 2018) will pass by in the meanwhile (perhaps a little more quietly than it might have done if the ombudsperson had been in a position to issue a verdict)…

“As we approach the four year anniversary of the GDPR we release data on the biggest data breach of all time. And it is an indictment of the European Commission, and in particular commissioner [Didier] Reynders, that this data breach is repeated every day,” Johnny Ryan, senior fellow at the ICCL, told TechCrunch.

“It is time that the Commission does its job and compels Ireland to apply the GDPR correctly,” he added.

We also contacted Google, Microsoft, the DPC and the European Commission with questions about the ICCL’s report but at the time of writing none had not responded.

Ryan told us the ICCL is also writing to US lawmakers to highlight the scale of the “privacy crisis in online advertising” — and specifically pressing the Senate Subcommittee on Competition Policy, Antitrust and Consumer Rights to ensure adequate enforcement resources are provided to the FTC — so it can take urgent action “against this enormous breach”.

In the letter, which we’ve reviewed, the ICCL points out that private data on US citizens is sent to firms across the globe, including to Russia and China — “without any means of controlling what is then done with the data”.

War in Europe certainly adds a further dimension to this surveillance adtech story.

Russia’s invasion of Ukraine earlier this year has fuelled added concern about adtech’s mass surveillance of web users — i.e. if citizens’ data is finding its way back, via online tracking, to hostile third countries like Russia and its ally China.

Back in March, the Financial Times reported that scores of apps contain SDK technology made by the Russian search giant Yandex — which was accused of sending user data back to servers in Russia where it might be accessible to the Russian government. 

In Europe, the GDPR requires that exports of personal data out of the bloc are protected to the same standard as citizens’ information should be wrapped with when it’s being processed or stored in Europe.

A landmark EU ruling in July 2020 saw the bloc’s top court strike down a flagship EU-US data transfer agreement over security concerns attached to US government mass surveillance programs — creating ongoing legal uncertainty around international data flows to risky third countries as the court underscored the need for EU regulators to proactively monitor data exports and step in to suspend any data flows to jurisdictions that lack adequate data protection.

Many of the key players in adtech are US-based — raising questions about the legality of any processing of Europeans’ data by the sector that’s taking place over the pond too, given the high standard that EU law requires for data to be legally exported.

Windows 11, the newest operating system from Microsoft, is a breath of fresh air for PC users. Designed to provide a personalized experience, it offers many ways to change your PC’s interface, from how windows look to how apps can be accessed. Here are some Windows 11 customization features that will give you more control over your PC settings.

Change your theme

The easiest way to customize Windows 11 is by changing your theme, including your desktop background and lock screen image. Just right-click anywhere on your desktop, then click on Personalize. This will lead you to the Personalization menu, where you can preview and choose different backgrounds and themes. You can even create new themes by using images from your gallery. You can also see more themes in the Microsoft Store by clicking “Browse more”.

Use dark mode

If light or bright colors are not your thing, Windows 11 is here to the rescue. To change your desktop’s colors, right-click on your desktop, choose Personalize, and click Colors. Then, select Dark under “Choose your default Windows mode”. This changes the colors of your taskbar and Start menu. If you want to change the color of your apps from white to black, pick Dark under “Choose your default app mode”. To restore your default settings, follow the same procedure under “Choose your default app mode” but click Light.

Create virtual desktops

Having trouble separating work files from personal files? Try creating a virtual desktop. You can do this by clicking on the Task view icon on the taskbar. This will display all your open windows. Just drag any window to the “New desktop” space on the lower part of the screen to create another desktop. Repeat the process if you want to add more windows to the new desktop. To add more virtual desktops, hover over the Task view icon and click on the + sign. To remove a virtual desktop, hover over the Task view icon and click the X button on the desktop you want to delete.

Try snap layouts

Snapping is not a new feature, but Windows 11 makes it more efficient by letting you snap any app or window wherever you are on your PC. Access snap layouts by hovering over a window’s maximize button or pressing Win + Z. You can then see which layouts are available to you, and pick the one that best suits your needs.

Reorganize your Start Menu

You can also personalize how your apps are arranged on the Start menu. For one, you can rearrange applications by dragging them anywhere around the Start menu. Or, if you won’t be using a particular application, simply right-click the tile and select Unpin from Start. On the other hand, if you want even faster access to your most-used apps, right-click on an app and choose Pin to taskbar. 

Disable all your notifications

Some people prefer to receive notifications, but some don’t. If you’re one of the latter and wish to never see notifications ever again, click on the gear icon on the taskbar to open Settings. Then, choose System > Notifications. From there, you can switch off whatever app notifications you don’t want popping up on your screen.

Personalize your Windows 11 PC however you like by using some or all of these options. If you want more ways to customize your device or if you need information on anything Windows 11-related, give us a call.

Windows 11 offers a new and improved way to customize your PC. Whether you’re looking to improve your computer’s efficiency or just want to try different settings, there are plenty of options in Microsoft’s latest operating system that will suit you. Read on to find out the many ways you can personalize your Windows 11 PC.

Change your theme

The easiest way to customize Windows 11 is by changing your theme, including your desktop background and lock screen image. Just right-click anywhere on your desktop, then click on Personalize. This will lead you to the Personalization menu, where you can preview and choose different backgrounds and themes. You can even create new themes by using images from your gallery. You can also see more themes in the Microsoft Store by clicking “Browse more”.

Use dark mode

If light or bright colors are not your thing, Windows 11 is here to the rescue. To change your desktop’s colors, right-click on your desktop, choose Personalize, and click Colors. Then, select Dark under “Choose your default Windows mode”. This changes the colors of your taskbar and Start menu. If you want to change the color of your apps from white to black, pick Dark under “Choose your default app mode”. To restore your default settings, follow the same procedure under “Choose your default app mode” but click Light.

Create virtual desktops

Having trouble separating work files from personal files? Try creating a virtual desktop. You can do this by clicking on the Task view icon on the taskbar. This will display all your open windows. Just drag any window to the “New desktop” space on the lower part of the screen to create another desktop. Repeat the process if you want to add more windows to the new desktop. To add more virtual desktops, hover over the Task view icon and click on the + sign. To remove a virtual desktop, hover over the Task view icon and click the X button on the desktop you want to delete.

Try snap layouts

Snapping is not a new feature, but Windows 11 makes it more efficient by letting you snap any app or window wherever you are on your PC. Access snap layouts by hovering over a window’s maximize button or pressing Win + Z. You can then see which layouts are available to you, and pick the one that best suits your needs.

Reorganize your Start Menu

You can also personalize how your apps are arranged on the Start menu. For one, you can rearrange applications by dragging them anywhere around the Start menu. Or, if you won’t be using a particular application, simply right-click the tile and select Unpin from Start. On the other hand, if you want even faster access to your most-used apps, right-click on an app and choose Pin to taskbar. 

Disable all your notifications

Some people prefer to receive notifications, but some don’t. If you’re one of the latter and wish to never see notifications ever again, click on the gear icon on the taskbar to open Settings. Then, choose System > Notifications. From there, you can switch off whatever app notifications you don’t want popping up on your screen.

Personalize your Windows 11 PC however you like by using some or all of these options. If you want more ways to customize your device or if you need information on anything Windows 11-related, give us a call.

Windows 11 offers a wealth of customization features designed to provide users with a truly personalized and intuitive experience. Whether it’s changing the color of your windows or rearranging the apps on the newly designed Start menu, these features will make your Windows PC a better match for your needs and preferences. Check out the following Windows 11 personalization tips.

Change your theme

The easiest way to customize Windows 11 is by changing your theme, including your desktop background and lock screen image. Just right-click anywhere on your desktop, then click on Personalize. This will lead you to the Personalization menu, where you can preview and choose different backgrounds and themes. You can even create new themes by using images from your gallery. You can also see more themes in the Microsoft Store by clicking “Browse more”.

Use dark mode

If light or bright colors are not your thing, Windows 11 is here to the rescue. To change your desktop’s colors, right-click on your desktop, choose Personalize, and click Colors. Then, select Dark under “Choose your default Windows mode”. This changes the colors of your taskbar and Start menu. If you want to change the color of your apps from white to black, pick Dark under “Choose your default app mode”. To restore your default settings, follow the same procedure under “Choose your default app mode” but click Light.

Create virtual desktops

Having trouble separating work files from personal files? Try creating a virtual desktop. You can do this by clicking on the Task view icon on the taskbar. This will display all your open windows. Just drag any window to the “New desktop” space on the lower part of the screen to create another desktop. Repeat the process if you want to add more windows to the new desktop. To add more virtual desktops, hover over the Task view icon and click on the + sign. To remove a virtual desktop, hover over the Task view icon and click the X button on the desktop you want to delete.

Try snap layouts

Snapping is not a new feature, but Windows 11 makes it more efficient by letting you snap any app or window wherever you are on your PC. Access snap layouts by hovering over a window’s maximize button or pressing Win + Z. You can then see which layouts are available to you, and pick the one that best suits your needs.

Reorganize your Start Menu

You can also personalize how your apps are arranged on the Start menu. For one, you can rearrange applications by dragging them anywhere around the Start menu. Or, if you won’t be using a particular application, simply right-click the tile and select Unpin from Start. On the other hand, if you want even faster access to your most-used apps, right-click on an app and choose Pin to taskbar. 

Disable all your notifications

Some people prefer to receive notifications, but some don’t. If you’re one of the latter and wish to never see notifications ever again, click on the gear icon on the taskbar to open Settings. Then, choose System > Notifications. From there, you can switch off whatever app notifications you don’t want popping up on your screen.

Personalize your Windows 11 PC however you like by using some or all of these options. If you want more ways to customize your device or if you need information on anything Windows 11-related, give us a call.

Google and SAP have partnered around a number of different projects over the years and Google Cloud, just like its competitors, is a strategic cloud partner for RISE with SAP, the German enterprise software company’s program to help its customers move to the cloud. Today, the two companies announced a rather substantial expansion of their partnership that introduces a deep integration between SAP S/4HANA Cloud, SAP’s flagship enterprise resource planning (ERP) system, and Google Workspace. This new native integration will allow SAP users to access data from S/4HANA and work with it collaboratively in Google Docs and Sheets, all while seamlessly importing and exporting this data between the two systems.

Philipp Herzig, the SVP and Head of Intelligent Enterprise and Cross Architecture at SAP, told me that SAP’s customers asking for these features, especially as Google continues to attract more large enterprise customers. S/4HANA obviously holds a lot of valuable data and documents, so users were already exporting this data and working with it in other word processing and spreadsheet applications. But what’s maybe most important here is that this is a two-way integration that doesn’t just involve extracting data but also syncing it back into the ERP system as a new version so that the ERP system still functions as the system of record.

“The two-way integration is actually what many customers are asking for because, for sure, you can already extract the data today into whatever spreadsheet. But then, it is just a document that resides on a hard drive or Google Drive or wherever, right? That is okay for a small company, but big companies around the world need more structure for those documents. This is why the combination is so essential,” Herzig said.

He also noted that this is part of SAP’s work on improving its integration posture with third-party applications in general and that the company has built a standardized way to do so. Indeed, SAP is using its Business Technology Platform — the company’s own integration service — in the middle between S/4HANA and Google Workspace to power the connection between the two companies.

On the Google side, Workspace VP and GM Javier Soltero, who joined the company from Microsoft in 2019, noted that this integration also highlights that Workspace is ready for the enterprise. “For me, as somebody who has been now been steering this business for almost three years, seeing SAP’s support and conviction and working with us on this, as well as the reaction in the market and the requests that we’re getting for this, is evidence of the enterprise viability of Workspace, a topic, that for the longest time, even before I came here, was something that was harder to see,” he said.

Soltero also noted that Google has always tried to provide a surface for developers to build on top of the Workspace/G Suite ecosystem. “Seeing somebody like SAP take advantage of that is truly a big milestone for us and certainly evidence that we want to keep going through this,” he explained.

With SAP already supporting S/4HANA on Google Cloud’s infrastructure, it’s probably no surprise that the two companies also started to think about how they could build additional integrations that went beyond making use of Google Cloud’s core infrastructure services and that’s maybe also a good example why Google is keeping both its cloud infrastructure services and Workspace under the same corporate umbrella

“What this particular partnership represents for a business like Workspace is more than just this technical aspect of ‘hey, can you share data between a big important ERP system like S/4HANA and a product like Google Workspace,” he said. “Through the eyes of our existing and prospective customers, it represents the opportunity to truly realize something that’s greater than the sum of its parts and what I mean by that is that in giving a user of SAP the ability to access that data through a surface like Google Docs or Google Sheets, you are marrying an inherently collaborative hybrid work-friendly surface with this very important business dataset. And the resulting usage patterns, for us, especially, are bound to be very different and exciting, in part because of what it means when you have a real-time collaborative surface that is in constant synchronization with large scale enterprise data.”

While the two companies are currently piloting the integration with a select number of customers, the initial set of features will launch as a standard feature for S/4HANA Cloud later this year.

Here is some news that is both straightforward and still a long time out but nevertheless important: by the end of 2023, GitHub will require all users who contribute code on the platform to enable one or more forms of two-factor authentication (2FA).

And that’s pretty much it for the news. Today, the Microsoft-owned company says, only 16.5% of active GitHub users and 6.44% of npm users use 2FA. That is not a lot, and frankly fewer than I would have expected.

“Compromised accounts can be used to steal private code or push malicious changes to that code. This places not only the individuals and organizations associated with the compromised accounts at risk, but also any users of the affected code. The potential for downstream impact to the broader software ecosystem and supply chain as a result is substantial,” Mike Hanley, GitHub’s chief security officer, writes in today’s announcement.

He also notes that the company is trying to make sure that the extra layer of security doesn’t come at the expense of the user experience. Hence the long time between today’s announcement and when it will enforce this. “Our end of 2023 target gives us the opportunity to optimize for this,” Hanley explains. Switching to 2FA involves some changes to the user experience both on the command line and the GitHub web interface.

It’s worth noting that earlier this year, GitHub also enrolled the maintainers of the top-100 npm packages in mandatory 2FA to prevent software supply chain attacks. It plans to expand to the maintainers of top-500 packages this month and then later expand that to all packages with more than 500 dependents or 1 million weekly downloads.

Mozilla launched version 100 of its Firefox browser today, but more so than a day for celebration, it feels like a day for nostalgia.

That’s a nostalgia for a time when Firefox was truly revolutionary after it broke out of the Mozilla Application Suite back in 2002 and quickly threatened the hegemony of the utterly dismal Internet Explorer. But also a nostalgia for the open web, which Mozilla was able to champion when Firefox still had a dominant market share. It’s much easier to lead when your product has 30% market share and growing (like Firefox had around 2010) and your biggest competitor is declining quickly, but it’s hard to make your voice heard when you are under 4%.

Today’s Mozilla, after many lean years, seems to be on a path to a better financial future, but its dependence on Google makes for an uneasy alliance as Mozilla tries to champion online privacy in a world dominated by the giant advertising company it utterly depends on.

Firefox, too, is now a perfectly competent browser — but so is every other browser. It’s no secret that over the years, Mozilla got distracted. There were efforts to build a Firefox OS for affordable smartphones (which still lives as a fork under the KaiOS banner), VR browsers, arguments over whether there should be sponsored tiles on Firefox’s new tab page, a WebRTC video chat service and much more.

Today, with Firefox Relay and the Mozilla VPN, it seems the organization has refocused a bit. Its focus on privacy resonates more today than it ever did — but for now, that hasn’t changed the browser’s fortune. Even today, for most users, privacy is a nice to have but not a reason to switch browsers, especially when there are plenty of extensions that can essentially do the same (though Firefox’s Multi-Account Containers are a game changer and should be available in every browser, as far as I’m concerned).

Yet with all of the resources being poured into Chromium, it’s hard to see how Firefox and its Gecko engine will remain competitive in the long run. Browsers today are incredibly complex pieces of software. With Servo, Mozilla started a project to build a new engine from scratch. That was in 2012. Ten years later, we’re only seeing pieces of that in Firefox — and when Mozilla laid off many of its employees in 2020, that included the Servo team.

There also hasn’t been a lot of innovation around Firefox lately, all while Chromium-based browsers are finding their niches, with Vivaldi, for example, tapping into the market for advanced users who want endless customizability, Brave going for the privacy-conscious crypto fans and Microsoft keeping the Windows faithful happy after finally ditching Internet Explorer (despite occasional missteps into bloatware).

It doesn’t help that Mozilla never made it easy to build new user experiences around its browser engine while Chromium made it a core feature. Users may not care about the engine underneath their browsers, but developers who want to experiment with new browser paradigms will always opt for Chromium.

The web is better off today because of what Mozilla built with Firefox. I hope we’ll see version 200 eight years from now.

It’s not exactly shocking news at this point that the cloud infrastructure market had another standout quarter. After the big 3 vendors — Amazon, Microsoft and Google — reported earnings this week, we were once again provided a big result with Synergy Research estimating that the market reached $53 billion for the quarter, up 34% from the prior year.

Perhaps the most surprising thing about these numbers is that Microsoft is creeping ever closer to Amazon, the long-time market leader.

Amazon has steadily controlled a third of this market for years. Of course, it’s important to understand that the Seattle-based e-commerce giant has maintained a steady percentage of a pie that is dramatically expanding. Microsoft, on the other hand, has been growing slowly but surely over time. This quarter the company accounted for 22% of public cloud revenue, according to Synergy, up from around 20% in the year ago period.

Amazon pioneered the public cloud market in 2006 and was out there all alone for years before Microsoft began competing in earnest, especially after Satya Nadella came on board in 2014, and has pushed closer to Amazon in recent years.

The last of the big 3, Google is working hard as well and has now cornered around 10% of the market. In fact, the research firm reports that the three companies account for 65% of the entire cloud market.

Image Credits: Synergy Research

Yet even with Microsoft’s hard push into the market and impressive growth, when you add up Microsoft and Google’s growing market share percentages, Amazon still controls a tick more than the other two combined. It shows the amazing staying power of first-to-market advantage, even when you have well capitalized giants competing with one another. And also speaks to Amazon’s ability to fend off the growing competition to this point.

Numbers from Canalys were right in line with Synergy’s with the total coming in a tad higher at just under $56 billion. The differences are due to the models and formulas each firm uses, but are close enough that the divergence barely matters.

As for market share percentages, Canalys had Amazon at 33%, Microsoft at 21% and Google at 8%, again with very slight differences from Synergy.

These companies are looking at revenue from infrastructure, platform and hosted private cloud services. Neither is counting Software as a Service (SaaS) in these numbers, which could account for differences in reported numbers.

In terms of the numbers, for Synergy, it breaks down this way: $17.67 billion for Amazon, $11.66 billion for Microsoft and $5.3 billion for Google.

For Canalys, it’s Amazon with $18.45 billion, Microsoft with $11.74 billion and Google with $4.47 billion.

The numbers here are so large that it’s easy to forget just how big the public cloud market really is. The category is on an astonishing $212 billion run rate (using Synergy’s number) and continues to grow at a surprisingly rapid rate as more companies push more workloads to the cloud. Consider that total revenue last year was $178 billion.

Growth has accelerated since the pandemic hit in March 2020, and if you believe the numbers out there, cloud adoption still has a long way to go, especially when you consider many companies are adopting a multi-cloud strategy. The growth can’t go on forever, but considering that the need for cloud services isn’t a finite amount, it’s likely it will continue to experience substantial growth for quite some time.

BlocPower founder Donnel Baird grew up in the Bedford-Stuyvesant neighborhood of Brooklyn in the 1980s. The area was so poor that buildings often lacked decent heating systems. People would turn on the stove or use electric heaters to compensate for ineffective central heating.

It wasn’t safe or efficient, but it was reality for many families, most of whom were Black, living in these deficient buildings at the time. Baird says that the sense of inequity and inequality of the situation stuck with him. When he grew up, he recognized that the problem persisted in many poorer neighborhoods, impacting quality of life for the people living there as well as harming the broader environment.

There was also another element at play. Many people living in these same neighborhoods faced a lack of decent jobs, fueling a cycle of poverty that was hard to break. Baird not only wanted to replace inefficient systems that burned fossil fuels, he also wanted to create high-quality, stable jobs for folks who were often left behind by the economy.

He launched BlocPower in 2014 with the goal of replacing fossil fuel-burning heating and cooling systems with cleaner, more efficient electric air source heat pumps, water heaters and solar panels. As of January, BlocPower had updated more than 1,200 buildings in 26 cities, and the work continues.

To this point, the company has raised over $100 million. That includes over $50 million from Goldman Sachs to help back the company’s green building financing, as well a $30 million investment from Microsoft’s Climate Innovation Fund. In spite of this, he faced an uphill battle when it came to fundraising, and came perilously close to shutting the company’s doors in 2018.

I spoke to Baird about the challenges he faced launching the business, especially as a Black founder, convincing the financial sector and venture capitalists to back his vision and get his idea off the ground.

Building a greener alternative

The roots of the idea for what became BlocPower began when Baird was working on a green jobs program in conjunction with the Obama-era Department of Energy. “My job was to act as outside intermediary between the Department of Energy and a bunch of labor unions and pension funds to figure out if we could co-invest labor union pension funds to create jobs, greening buildings using stimulus funding,” he explained.

Donnel Baird, CEO and founder at BlocPower. Image Credits: BlocPower

They hoped to put unemployed union members to work updating buildings, but the technology was much more expensive in this 2009 time frame, and it proved difficult to make the economics work for everyone.

When Baird was in graduate school in 2014, he began to explore the idea of creating a financial instrument to make it easier for more people to update buildings with green energy systems, particularly in poorer neighborhoods. He felt that the lack of a purpose-built financial instrument to finance these projects was the missing piece in bringing his vision to life, but it required financial institutions to provide external investments in neighborhoods that most banks and financial services companies tended to steer clear of.

“That’s when I realized if I was going to do green buildings in low-income communities, I’d have to do it myself. And while I was in business school, I began writing up a business plan and halfway through business school, Cheryl Dorsey, the president of Echoing Green Foundation, gave me $100,000 of seed capital, and I was able to launch the company while in my second year,” Baird said.

The company makes money in a couple of different ways today, starting with the financial instrument he based the company on when he came up with the idea in 2014.

“We borrow money from Wall Street. We purchase the equipment and we identify the local contractor who’s qualified to install it. And then we manage the project as they install that equipment in the building (getting project management fees as part of the deal). And we lease the equipment, just like you lease a car, to the building owner for 10 years or 15 years or 20 years. And so there’s a stream of lease payments that come back to our company from that building owner,” Baird explained. That flow of payments gives the company predictable, recurring revenue.

In addition, governments and utilities hire companies like BlocPower to encourage and help building owners update their heating and cooling systems. “Utility companies and local governments have budgets, and so they will pay us for greening buildings in their community,” he said.

As an example, the company has a contract with the city of Ithaca, New York, to make every building in town green. “Building electrification is a major part of Ithaca’s Green New Deal, one of the most aggressive decarbonization programs in New York State. The program will benefit Ithaca residents through job creation, lower energy costs, reduced pollution and greenhouse gas emissions, and more energy-efficient homes and buildings,” the company wrote in a statement announcing the deal.

Getting off the ground

As he built the company, he wanted to get that external investment to help drive it, but before that could happen, he had to come up with a proof of concept, and the way he was able to do that was with some government contracts. The first was a $2 million grant from the Department of Energy. He also would close a $6 million, three-year deal in 2017 with New York City, but he found getting financial institutions involved proved more challenging.

The company was able to take the grant monies from NYC and the Department of Energy and really show that with proper financial backing, it could begin to have a real impact greening buildings.

“So we had a $2 million contract with the Department of Energy that my startup won in a competitive process. We used that money to construct a real-world portfolio of actual clean energy projects by greening like 40 buildings, and then we were able to submit the data that we generated to Goldman Sachs to see that our financial models were tracking with what we were seeing in the real world,” he said.

As the company wrote in a report on the NYC project, which was called Community Retrofit NYC, it concentrated in poor areas in Brooklyn and Queens where the startup could work with the utility companies to help identify buildings that needed updating in these areas:

BlocPower’s strategy was to engage community stakeholders who completed projects to refer building owners to the Community Retrofit NYC with a focus in areas with the most robust Con Edison incentives. The second step was to use data to build a targeting score to identify buildings in need of upgrades. Targeting, in partnership with leveraging existing relationships, allowed us to connect to building owners in need of upgrades. It also allowed us to build a persona of who our average building owner looks like.

The original plan called for BlocPower to work with 554 properties, where it would initiate or ideally complete a project, but it was actually able to complete projects on 629 buildings over the three-year contractual period from 2017-2019, according to the company. It was able to make progress in a few key ways.

First of all, once it got some building owners involved, there was a big word of mouth effect, and that helped get more owners on board. Secondly, using the company’s proprietary software, the team was able to identify buildings most in need of updating. Finally the startup also created a much more streamlined approach to project management using a digital model.

“What building a digital model of the building allows us to do is basically create one web page, where we have the digital model of the building and all of its data, and we could integrate all of the disparate pieces of electrical engineering, mechanical engineering, construction and financial data into one digital profile for that building. That allows us to figure out what the financial returns would be from investing in green energy in that building,” he said.

Meanwhile, he raised a couple of tranches of money from Andreessen Horowitz and Kapor Capital. The first was for $1 million in 2015 just after he started the company. The next was a $2 million bridge round, which Baird says might have saved the company at a time when he was struggling. The two firms were instrumental in helping the company get started and then stay in business, he said.

Pushing ahead

With the portfolio of projects under his belt from the DoE and NYC programs, it began to pry open some doors with some big investors, but it wasn’t easy, and it took years for it to come together.

But last year, Goldman Sachs Asset Management Urban Investment Group provided the company with more than $50 million to finance more green building projects. But he hasn’t been able to get other banks and financial institutions to go along, and the frustration of fundraising has never really gone away.

He says the company has 860 employees, a figure that includes almost 800 workers his company has trained to install green energy solutions. “They are our employees. We pay them, we supervise them, we project manage them. We do interesting projects, like we’ve decarbonized some churches and synagogues. We put solar panels on Rikers Island, the jail in New York City.”

He says the latter project was particularly gratifying because some of the folks he hired had been incarcerated there at one time or another or knew people who were. “That was interesting because a lot of our workers have been locked up in Rikers Island, or had family members that had been locked up in Rikers Island, but they were able to go there and do something positive and get paid for working on Rikers Island,” he said.

While he met people along the way who invested in his vision, he described fundraising in general as “horrific.”

“I’ve had people get up and walk out of meetings. I’ve had people pull out their phone in the middle of my presentation and start checking it. I’ve had people lecture me on capitalism, and how BlocPower isn’t capitalist, and because we’re trying to help people, we’re never going to make any money.” And climate tech investors were no better, he said, with one in particular accusing Baird of outright lying when he presented the investor with data about his completed projects.

He believes the only way to fix the financing problem is for people from underrepresented groups to gain capital and invest in one another. “We can’t wait around and hold our breath and say, ‘Oh George Floyd happened,’ so the venture capital category is going to follow through and change…They’re going to do what they do. Our job is to create a whole new cohort of people who can actually deliver the social impact change that we need, and deliver the change on climate that we need,” he said.

In spite of the obstacles, BlocPower has come up with a way to make buildings more efficient, while creating good jobs and making life better in neighborhoods that are too often left behind, all while making money and doing right by the planet.

RelationalAI, a startup that wants to change the way data-driven applications are built by combining a database system with a knowledge graph, today announced that it has raised a $75 million Series B funding round led by Tiger Global. Previous investors Madrona Venture Group, which led the company’s Series A in 2021, Addition and Menlo Ventures also participated in this round, which brings RelationalAI’s total funding to $122 million.

The company also today announced that it is adding Bob Muglia, the former CEO of Snowflake, to its board.

The idea here is to bring the power of knowledge graphs, that is, the technology that powers things like Google’s knowledge panel feature in its search results, to every business. As RelationalAI co-founder and CEO Molham Aref (who was previously the CEO of LogicBox and Predictix) noted, data lakes (in all of their variations) now allow businesses to consolidate all of their data from a multitude of siloed systems into a single place.

“Unfortunately, you can only move the data into Snowflake — you can’t move the application logic that sits in those applications,” he said. “So you have de-siloed data. You had all these data silos and you put them in one place, but your knowledge still lives in silos. And by knowledge here, I mean application logic, business logic, etc.”

Image Credits: RelationalAI

Former Microsoft exec and Madrona managing director S. Somasegar echoed this and noted that while businesses now have a data stack that is heavily influenced by how the hyper-scale cloud providers are building their systems, the ability to support what Somasegar calls “composite AI” workloads is still missing. These workloads, which he defines as graph analytics, reasoning and neuro symbolic AI (symbolic AI + deep neural networks), are not part of what a traditional database system was built to support, so they tend to be handled by systems outside of the database.

That’s where RelationalAI comes in. Using its system, developers can run queries and generate ML predictions using Rel, the company’s declarative language. RelationalAI says it can reduce the number of lines a developer needs to write by 10-100x. Using Rel, developers can model domain knowledge to built out these knowledge graphs and “reflect over data, meta-data and logic,” the company says.

“Tiger Global backs dynamic entrepreneurs operating market-leading growth companies,” said John Curtius, Partner at Tiger Global. “We approached RelationalAI because we believe their system is mission-critical to the modern data landscape and just as important, they have an unbeatable team.”

The service is now in early access and the company expects to be able to open it up for self-service in early 2023.

A new report has peeled back the curtain on big tech’s frenzied lobbying of European Union lawmakers as they finalize a major series of updates to the bloc’s digital rulebook.

It reveals some of the arguments used by tech giants including Apple, Amazon, Google, Meta (Facebook) and Spotify to press their interests behind the scenes in a bid to reshape key components of the EU’s Digital Markets Act (DMA) and Digital Services Act (DSA) — targeting areas such as surveillance advertising and access to platform data for researchers — with the clear intent of shielding their processes and business models from measures that could weaken their market power.

The report, which is based on lobbying documents obtained by civil society groups Corporate Europe Observatory and Global Witness via freedom of information requests, also highlights how tech giants have ramped up their spending on regional lobbying since the DMA and DSA were proposed back in December 2020 — with the big five collectively spending over €27M (close to $30M) last year alone.

It concludes with a series of recommendations for how policymakers can better protect the democratic process from undue influence by the best resourced corporate giants.

Spend, spend, spend!

Citing publicly disclosed data, the report shows that Apple has increased its spending on EU lobbying the most — almost doubling how much it’s shelling out from €3.5M in 2020 to €6.5M in 2021, meaning it also pulled into the lead among platform peers for total regional lobbying spend last year.

Facebook (Meta) had the next biggest increase, growing the size of its EU lobbying budget from €5.5M in 2020 to €6M in 2021. Google also topped up its outlay from €5.8M in 2020 to €6M. While Amazon and Microsoft both made similar increases in regional spending over this period.

Image credit: Corporate Europe Observatory

The DMA, which gained political agreement last month, will apply only to the largest and most powerful intermediary platforms — so called “gatekeepers”; a designation that’s likely to apply to the five ‘big spenders’ in the above chart — introducing a set of operational obligations these giants must abide by up-front.

The pan-EU regulation, which is expected to come into force in October, aims to reboot competition in digital markets dominated by gatekeepers and ensure they remain open and fair.

Its sister regulation — the DSA — applies more broadly, setting rules for all sorts of digital services which are intended to harmonize online approaches to tackling illegal content and products. This means it touches on areas like content moderation, consumer protection and transparency. And while it applies across digital services a subset of so-called “very large online platforms” (aka VLOPs) will be subject to additional oversight under the regulation — meaning that tech giants will face additional DSA compliance hurdles vs smaller players.

At the time of writing the DSA is still pending political agreement — although a deal is expected after Friday’s (April 22) trilogue meeting — so the impact of big tech’s lobbying on EU policymaking should become clearer in the coming days.

So what have tech giants been spending their millions on lobbying for as EU lawmakers finalize the DSA and DMA?

Read on for a breakdown of their focus areas from the report…

Surveillance advertising

One major target for Big Tech lobbyists, per the report, has been around surveillance advertising as tech giants marshalled their millions to block off an attempt to get an outright ban on tracking-based advertising into EU legislation.

They succeeded in that goal as an earlier push by some MEPs for an outright ban did not gain full backing of the parliament so did not make it into the trilogue discussions. But the European Parliament did vote to incorporate limits on tracking ads into both the DSA and the DMA — with MEPs backing a ban on processing of minors’ data for targeting ads and a ban on use of sensitive categories of personal data.

However the Council position diverged from parliament, toeing closer to the Commission’s original proposal — which had merely suggested ads transparency requirements — so tech giants sought to exploit this to try to water down restrictions on tracking ads, per the report.

Documents obtained for the report show that Google directly lobbied the Commission in a series of high level meetings with top commissioners between November and early January in which the adtech giant raised concerns about the European Parliament’s proposals on advertising — suggesting limits on trackings would be detrimental to SMEs and harm news publishers. 

“This marked a continuation of Google and Facebook’s strategy throughout the whole discussion on new digital regulations — trying to reframe it away from Big Tech’s immense profits and business model and to instead hype up potential negative impacts for smaller businesses and consumers,” the report notes. “As Google’s leaked lobbying strategy showed, one of its priorities was to focus the discussion on the costs to the economy and consumers.”

Between January to the end of March, lobby documents show that Google remained in frequent contact with the Swedish government — arguing on four different occasions against Parliament’s proposal to ban advertising targeted at minors and other limits, per the report. “Their recommendation to national governments was to ‘support the Council / Commission position (i.e. no restraints on targeted ads’). Google argued ‘that the DSA is not the right forum to deal with these issues’,” it adds. 

There’s a special irony here given Google also led big tech lobbying efforts to delay an update to the bloc’s ePrivacy rules — which explicitly cover tracking technologies like cookies. That update remains stalled even now (the Commission proposal was presented all the way back in January 2017!). So if the tech giant were to have its way there would, it seems, be no ‘appropriate’ legal forum to rein in its surveillance ads empire. Funny that!

But as it turns out, EU lawmakers in the Council and Parliament were able to agree — through the trilogue process — on including limits to tracking ads.

At least that was the position announced last month, at the moment of political agreement on the DMA.

At the time of writing the Commission is signalling that limits on targeting advertising will be included in the DSA, with internal market commissioner, Thierry Breton, including a ban on targeted advertising to children or based on sensitive data in a tweet storm highlighting “10 things you need to know” about the regulation, for example…

Under the political deal reached between EU co-legislators last month, the DMA requires gatekeepers to gain explicit consent from users to combine their personal data for advertising.

But the French presidency of the Council also said then that they had agreed complementary provisions to limit tracking ads would also be included in the text of the DSA (still to be agreed via trilogue) — signalling that the parliament’s goal of limits on processing children’s data for ads or using sensitive data for ads would make it into EU law. 

So what did Google’s lobbyists do next? According to the report, the tech giant continued pushing against any/all limits on surveillance ads — but also evolved the lobbying tactic, by suggesting to Member States governments ways in which restrictions could be watered down in the final text to limit their impact on its ability to track and target web users.

“On 22 March 2022, the day of the final DMA trilogue, Google sent the Swedish government its thoughts for future trilogue meetings,” notes the report. “Google’s positions reflected the up to date state of the ongoing discussions. Google continued to oppose concrete new proposals regarding user consent to tracking and banning the use of sensitive data for advertising. Perhaps more interesting though, Google now seemed to understand that likely there would be some new limits to targeted advertising. So Google offered suggestions about how these should be drafted: the ban on targeting minors should be limited to ‘known minors’ and behaviour advertising should be defined as the use of individual profiling.”

As the report points out, Google’s fall back positions here are no accident — given that the tech giant has been working for several years to retool its tracking apparatus — under its so-called Privacy Sandbox plan — which proposes to switch from individual-level tracking and targeting to cohort or (now) topic-based targeting which will continue to subject web users to behavioral targeting just now putting them into buckets of eyeballs, not solo pairs.

So — to spell it out — if EU lawmakers were to limit the definition of behavioral advertising as Google suggests it could simply circumvent any limits on its flavor of behavioral advertising by saying it does not target individuals ergo the legal restriction simply doesn’t apply.

Similarly, a final text that would ban advertising to “known minors” would allow Google to claim it does not know the age of users who are not logged into its services (and potentially even users who are logged in as it does not explicitly age verify users) — again avoiding the need to restrict its behavioral targeting by default across most services (barring any it directly targets at children, such as YouTube kids).

Per the report, Google’s lobbyists didn’t stop there. They also sought to water down ad transparency requirements — pushing back against proposals that would allow users to know the criteria used to target them specifically, including when ads were targeted at kids and — in “detailed suggestions” to national governments — proposed that they should “seek to delete the obligation to disclose the criteria used for targeting, even when ads target vulnerable people like children”.

“The documents show Google taking a central position lobbying against limits to surveillance ads,” the report adds. “But they weren’t alone. Facebook, and other European companies [including Spotify] and publishers also resorted to trying to persuade national governments to oppose the Parliament’s position.”

Another big target for Big Tech tech lobbying was around data access for NGOs and public scrutiny…

Public scrutiny

On this issue, which is core to the DSA’s ability to deliver on the goal of ramping up accountability around major platforms, the report details particular moves by Spotify and Google to limit how much access external researchers can gain to platform data — such as to carry out research into the societal impact of recommender algorithms.

Civil society groups have been pushing to strengthen the Commission proposal in this area — to increase external scrutiny of VLOPs by forcing them to give access to data on algorithmic content ranking systems to vetted external researchers so they can study their function.

But Spotify and Google have been busy pushing back against closer scrutiny of how their AIs rank and recommend content to users, per the report.

“The world’s biggest music streaming service didn’t want the transparency requirements to include detailed lists of parameters, as was introduced by the Parliament. On the other hand, it welcome the Parliament’s last-minute introduction of exceptions to recommender transparency, including the protection of intellectual property and trade secrets,” runs one section on Spotify’s lobbying.

“In March this year, Spotify followed up to add its comments ‘regarding the latest compromise proposals on Recommender Systems’. The company supported the ‘evolution of the text’ regarding recommender transparency and welcomed ‘a clarification in a Recital that these rules do not prejudice IP [intellectual property] rights and trade secrets’,” it adds.

Google, meanwhile, was lobbying Member State governments to limit data access for public authorities and vetted researchers to urgent health threats. So in this scenario Europeans might have to wait for the next pandemic to get external scrutiny of YouTube’s recommender engine!

Where the DSA will actually end up on this issue isn’t clear at the time of writing.

Google also questioned whether non-profits organizations should get data — seeking to spread fear that this could put “user data and privacy and confidentiality of information at risk”, according to lobbying documents obtained for the report.

“The company asked national governments to oppose the Parliament’s position and instead support the Council’s mandate. Taken all together, Google’s suggestions would make external scrutiny of the ways in which services like Youtube amplify or de-prioritise content nearly impossible,” it adds. 

The report also reveals Google opposed proposals that would require platforms to “make the information on the main parameters for recommender systems and the functionality to opt-out from personalised recommendations directly accessible from the content itself” — presumably because that would make it too easy for users to figure out how to turn off unwanted content recommendations.

‘DMA? Er, just give us a chance to explain first…’

On the DMA, Google, Amazon, Apple and Facebook were all spotted in documents obtained for the report trying to soften the proposal during its last stage. 

Apple, for example, brought its (now) familiar argument against moves to force it to open up its App Store and mobile OS, such as by allowing sideloading of apps or other types of interoperability, to discussion tables in the region.

“The company’s main argument was that increasing data access, sideloading and interoperability would reduce user privacy and security,” the report notes, going on to conclude: “While Apple could not successfully stop interoperability and sideloading entirely, the final text does introduce a security safeguard, which will enable the company to try to justify not complying with these obligations.”

It also highlights one particular strand of collective lobbying by Big Tech targeting the DMA that looks intended to enable a repeat show of an oft used tactic against enforcement of existing EU laws which threaten how they like to operate — such as the GDPR (General Data Protection Regulation). This tactic boils down to one word: Delay.

Per the report:

“[T]he top level message from the Big Tech companies to policy-makers regarding the DMA was the same across the board: Big Tech wanted to build a dialogue between the DMA’s regulator — the European Commission — and the companies covered by it — the gatekeepers, into the text and the regulatory approach.

“They brought this wish up consistently at the high level meetings, such as the December meeting between Google and [Margrethe] Vestager’s cabinet. There Google said that regarding the DMA their ‘core argument towards the Parliament was the need for regulatory dialogue and the opportunity to individually justify certain practices’. Google repeated the same message to Breton’s cabinet in January — ‘Proper regulatory dialogue is important to ensure the enforcement of the DMA’.

“On the very same day, Nick Clegg, Facebook’s head lobbyist, told Commissioner [Didier] Reynders, that for Facebook ‘it would be helpful to have the possibility of having a dialogue with regulators on questions concerning compliance’.

“Amazon, in turn, told the Swedish government that it was ‘more comfortable with content of the Council compromise proposal than with the European Parliament’s amendments.’ The company also raised concerns that specific measures had been moved from Article 6 to Article 5, which would mean they would be automatically applicable and not dependent on a regulatory dialogue.”

Thing is, the whole point of the DMA is to bring in an ex ante competition regime for the bloc — via a set of ‘dos and don’ts’ that are supposed to apply up front for companies designated as gatekeepers, i.e. rather than antitrust authorities having to do the slow and painstaking work of building a case against a particular abusive behavior while the market suffers.

But there is — potentially — a sliver of wiggle room, at least for obligations set out in Article 6 of the DMA. For those requirements, the regulation allows for a dialogue between the Commission and relevant companies over how best to comply.

Which, well, sounds like it could be spun into delay heaven.

The report summarizes the main aim of Big Tech’s lobby campaign against the DMA as being to “expand this dialogue as much as possible”, with Corporate Europe Observatory noting it fingered this as a key priority for Facebook, Google and Apple since last summer. It also quotes another lobby transparency group, Lobbycontrol, which has argued that Big Tech’s aim here is to “gain time — and first of all an entrance point for challenging the DMA’s obligations.”

The painstakingly slow ‘regulatory dialogue‘ which Facebook and other tech giants have managed to establish with their lead EU privacy regulator — Ireland’s Data Protection Commission — since (and, indeed, even before) the GDPR came into force in 2018, enabling them to successful delay enforcement despite multiple open investigations into a variety of aspects of their businesses, is likely providing Clegg & co with plentiful inspiration for the sort of friction-filled conversation they want signed off and baked into the DMA to create a legally viable ‘back and forth’ that lets them delay actually changing abusive practices for as long as humanly possible.

It’s not yet clear how successful the tech giants have been in this regard.

However the Commission has, in recent weeks, been spotted making some concerning noises on the topic of DMA enforcement to anyone who actually wants to see regulators crack down on Big Tech, as consumer protection experts have observed…

“Ultimately the scope of regulatory dialogue in the DMA has been changed to allow the gatekeepers to initiate it. However, it will still be up to the Commission to decide whether or not to engage. We will have to wait and see how this plays out in practice,” is the report’s cautious conclusion on this.

In recent days, others have raised concerns about another potential loophole in the DMA — which, if they’re right, could see a history of failed GDPR enforcement against Big Tech tech being leveraged by the self-same giants to avoid freshly inked obligations in the DMA. Earlier this month, the Irish Council for Civil Liberties (ICCL) drew together signatures from a long list of competition and privacy experts to a letter that warns of “a severe flaw in Article 5(1)a of the latest DMA text” which they suggest will “help Big Tech firms undermine data protection and competition”.

The concern is that gatekeepers will continue to evade the GDPR’s purpose limitation principle by bundling consent for combining user data across multiple services into a single opt-in — thereby making it harder for users to deny — which is essentially how adtech giants like Facebook have evaded existing EU regulations, continuing to track and target web users in the region despite the GDPR’s requirement for unbundled consent (Facebook does not offer an opt out of behavioral advertising; to use its service you have to ‘agree’ to being profiled for ads).

The parliament’s rapporteur on the DMA file, MEP Andreas Schwab, has rejected the concern in recent days — suggesting that the DMA does not change the GDPR. And indeed, in a letter responding to the ICCL which we’ve reviewed, that “the consent requirement under the DMA builds on the GDPR consent”. He has also claimed there’s “no need to fear circumvention” because the Commission will be in charge of enforcement. Aka, no more forum shopping.

However signatories to the letter continue to warn that gaps in GDPR enforcement create a problem for effectively enforcing the DMA — unless the Commission acts quickly to provide guidance and bring cases.

“Gatekeepers will try to use the ambiguity to their advantage,” warns the ICCL’s Johnny Ryan. “It is essential that the Commission issues quick and clear guidance and enforcement decisions to stop that.”

Structural weakness?

How EU lawmaking is structured means the Commission’s legislative proposals are typically modified, via a co-legislative process, which loops in the (directly elected) European Parliament and Member States’ national government representatives, via the European Council — which together amend, vote and negotiate to try to reach a compromise on the final details of the law.

This means that there are, at least from one perspective, multiple point at which lobbyists can seek to influence — or indeed block — EU policymaking.

This starts with the Commission itself, as the EU’s executive body drafts and thus frames legislative proposals; moving on to MEPs who play a key role by voting for amendments and to set the parliament’s negotiating position (typically prefigured via committee vote/s); and extending to Member States’ governments which are represented on the Council and lead the so-called trilogue negotiations with the Parliament and Commission to seek a compromise via a rotating presidency structure that sees one Member State (currently France) responsible for producing compromise texts on behalf of the Council.

So, in short, it’s a lobbyists’ picnic!

The latter stage trilogue negotiations are especially problematic, being conducted entirely behind closed doors — thereby reducing transparency on how exactly policy is being reshaped, as the report underlines:

“This process is one of the most secretive stages of EU policy-making, held entirely behind closed doors and with nearly no public access to the discussions. The EU Institutions have argued that this secrecy is needed in part to prevent lobbying pressure on the policy-makers.

“New lobby documents obtained from the European Commission and the Swedish government via freedom of information requests show that intense corporate lobbying is happening regardless of the lack of transparency.”

The details that the civil society groups were able to glean on big tech’s lobbying around the DMA and DSA are only partial, as the report notes that responses to freedom of information requests varied.

However they say the documents they did obtain showed that tech giants like Google continued to target the trilogue process even after the Council had agreed its negotiating positions — meaning they are shown trying to grasp a very last minute, non-transparent opportunity to favorably water down measures that could shrink their market power.

“We can now confirm that corporate lobbying of EU capitals continues even after the Council agrees its positions and starts trilogue negotiations with the Parliament and Commission,” the report authors write. “While only Sweden gave us extensive access to these documents, we can expect that all EU governments must be on the receiving end of similar lobby efforts.”

“The lobby documents also reveal that Google remained in frequent contact with the Swedish government from January to the end of March (the time when we placed our freedom of information request). During this period, the tech giant would send in analysis of the difference positions, adding the company’s own analysis, and all the while replicating the EU Institutional format of documents with four columns,” they go on. “As the discussions went on behind closed doors, Google pitched in with ‘specific language on articles currently discussed’ and suggested ‘concrete amendments’, showing a strikingly live knowledge of what was happening in the negotiation process.”

According to the report, Google, Apple, Amazon and Facebook — alongside European firms such as Spotify and the copyright industry — actively sought to influence the trilogues themselves, meaning they were trying to exert influence during the least transparent point of the co-legislative process. 

The lobbying tactics they are reported to have used included:

• pitting the EU Institutions against one another;
• becoming more technical and offering amendments to the text;
• using meetings to gain access to information that was not available to the public;
• going high level: bringing in the CEOs to meet Commissioners, inviting them to off the record dinners.

Corporate Europe Observatory and Global Witness argue that this evidence of lobbying taking place during trilogues “shows how the lack of transparency benefits big corporate lobbies and adds weight to the urgency of finally opening the trilogues process up to the public” — further suggesting: “This secrecy means that only the well-resourced and well-connected lobbying actors can follow and intervene in trilogues, and excludes citizens from crucial discussions that will have an impact on their lives.”

“National governments have a say in EU policy-making via the Council. This is often referred to as the EU’s ‘black box’, as it is difficult for citizens to know who is lobbying their national government on EU policies, or even what position their national government takes in the Council. This approach, combined with the fact that lobbying at member state level requires massive resources and good connections, creates the conditions for undue corporate influence,” they add.

The report makes a series of recommendations to protect EU policymaking against undue influence by the most well-resourced lobbyists, based on the NGOs’ tracking and analysis of the DSA and DMA process since the drafting stages.

Its suggestions include shedding light into the trilogues by publishing an up-to-date calendar of meetings, including summary agendas, and proactively publishing the four-column document (which details co-legislator positions and amendments) on a rolling basis; boosting transparency and democratic accountability at the Member State and Council level including by requiring disclosure of each country’s position; putting limits on one-to-one lobby meetings and replacing them with public hearings as much as possible; and requiring EU institutions to proactively seek out those who have less resources, such as SMEs, independent academics, civil society and community groups.

Other recommendations include beefing up the existing EU Transparency Register to improve transparency on lobbying; putting in place proper funding transparency requirements that mandate think tanks and other organisations to reveal their funding sources; strengthening ethics rules to block the revolving door between EU institutions and Big Tech firms and establishing an independent ethics committee which can launch investigations and implement sanctions.

The report authors also urge EU officials and policymakers to be sceptical of those lobbying them — writing that they “should question their funding sources, check their information and data sources and denounce any type of wrongdoing or non-transparent/unethical lobbying they encounter”.

They also recommend they should not attend or participate in events or debates that are closed to the public, held under Chatham House rules, or that do not disclose their sponsorship.