Tech News

Sophia Amoruso, the creator of Nasty Gal and Girlboss, has started a movement, has empowered generations of women and done the entrepreneur victory lap – the last of which she doesn’t necessarily recommend to other founders because “it’s a distraction.” She’s also raised down rounds, run out of venture capital funding, filed for bankruptcy and been sued.

“I’ve seen the full gamut of what worked and what didn’t,” the entrepreneur said in an interview with TechCrunch. “It’s the not-so-great stuff that I can often help founders anticipate, or just avoid.”

It’s her high-profile and rocky experience in Silicon Valley’s spotlight that has finally given Amoruso the operating experience needed to launch her own venture firm, Trust Fund.

Trust Fund, named ironically, Amoruso says, because “nobody handed anything” to her, is launching with a $5 million target, targeting a check size between $50,000 to $150,000. She’s already landed checks from the who’s who in tech. Prominent investors include a slew of a16z partners such as Marc Andreessen, Andrew Chen and Chris Dixon, as well as entrepreneur Ev Williams, icon Paris Hilton and support from investors Ryan Hoover and Cleo Capital’s Sarah Kunst.

Trust Fund is looking to back digital consumer companies, and has already put money into an undisclosed workplace collaboration tool. Amoruso has been angel investing for four years, and has put $1 million of her own capital into 23 startups including Pipe, Liquid Death and Public.

“As a small fund, I am not necessarily looking for diamonds in the rough,” Amoruso said. She noted that other funds have the resources to do more due diligence and legitimize companies, while Trust Fund will look for social proof in some way. She prefers lean companies that make money and behave like they’re bootstrapped.

Alongside the launch, Amoruso tells TechCrunch that she is dedicating a $1 million allocation of the fund to people outside of her network. Accredited investors are invited to apply to write checks, between $2,000 and $10,000, into the debut investment vehicle.

She’s looking for diversity on her cap table – “because there’s a lot more women who can write $2,000 checks than there are who can write $200,000 checks.” Community raise aside, she doesn’t have a diversity mandate when it comes to portfolio construction.

“I plan to invest in men and women, and everything in between. And if anything, like why not invest in the privilege and ride the coattails of a dude?” Amoruso said. “As a woman, why wouldn’t I want to invest in the advantage that a man has, like, feel free to publish that – it’s true.”

While the entrepreneur is certainly looking outward to fuel her next venture, she’s also looking inward. A large part of Amoruso’s brand is associated with Girlboss, a word she coined to describe self-made, entrepreneurial women. Girlboss became a memoir, company, Netflix show, and movement associated with empowerment – before it twisted into a sexist trope, used to describe controversies around high-profile women in leadership, often stepping down from their posts.

Amoruso is no exception from this volatility. The entrepreneur stepped down from her company, Nasty Gal, in 2015 after being embroiled in multiple legal suits; as well as the difficulties of a growth at all costs mindset. “I’ve raised too high of a valuation at Nasty Gal, we were doing $12 million in revenue profitably when Index valued us at $350 million. The expectation of the next raise was to be at a billion dollar plus valuation was unrealistic.”

When asked about Girlboss, Amoruso said that it “was a huge part of my story. But also…at what point can I tell a new story?”

The entrepreneur views her past as both a fading story, and a competitive advantage, adding that she doesn’t “consider honesty a risk.” Among the attributes that the Trust Fund advertises as a value-add, she included: “building a non-shitty culture because we’ve done it wrong… and right” and “navigating the media when they love you and when they don’t.”

What’s clear is that similar to her past endeavors, the Amoroso brand is what is getting people to bet on her again. She has over 120,000 people newsletter subscribers, over 100,000 followers on Twitter and well over half a million Instagram followers. It’s a following she believes she can use to “evangelize” her portfolio companies, similar to celebrities, but also with operating experience that founders value during a downturn.

A16z’s Andrew Chen, who says he invested personally in Amoruso’s new fund, described her as a “0-1 founder who’s seen and done it all…[there are] very few people who’ve done all this and want to dedicate their career to helping the next gen of founders.”

Sophia Amoruso launches Trust Fund for founders by Natasha Mascarenhas originally published on TechCrunch

As FTX news subsided in recent weeks, the new CEO of the crypto exchange shared that he is exploring the possibility of restarting the company, according to a report from The Wall Street Journal.

John Ray III, the new FTX CEO, said in an interview that “everything is on the table,” in regards to reviving the bankrupt company’s international exchange and he has set up a task force to explore that opportunity.

WSJ also reported that Ray is looking into whether reviving the main international exchange would provide greater value to company’s customers and creditors as he and others try to return funds lost.

Earlier this week, FTX debtors identified $1.7 billion of cash and $3.5 billion of crypto assets and $3 million of securities, according to a company statement. This totals about $5.5 billion in liquid assets, which Ray referred to as a “herculean” effort to assess the firm’s financial position.

“We are making important progress in our efforts to maximize recoveries, and it has taken a Herculean investigative effort from our team to uncover this preliminary information,” Ray said in a statement on Tuesday. “We ask our stakeholders to understand that this information is still preliminary and subject to change. We will provide additional information as soon as we are able to do so.”

The debtors also provided context to both the international and US-based entities of FTX and its shortfalls. Debtors identified $1.6 billion of digital assets associated with the international exchange, FTX.com, $323 million of which was subject to unauthorized third-party transfers after it filed for Chapter 11 bankruptcy in November. About $426 million was transferred to cold storage under the control of The Securities Commission of The Bahamas, $742 million went to cold storage under FTX debtors control and $121 million is pending transfer to the debtors as well, according to the release.

Meanwhile, debtors identified $181 million of digital assets associated with the US-based entity, FTX US. About $90 million was subject to unauthorized third-party transfers after the bankruptcy filing, $88 million is in cold storage under FTX debtor control and $3 million is pending transfer to debtors’ control, it added.

Ray and the former FTX CEO Sam Bankman-Fried have clashed over the exchange’s position and whether or not it should have filed for bankruptcy. Bankman-Fried has shared his regrets in filing for bankruptcy for FTX and said in a recent Substack newsletter, Bankman-Fried insisted that if he were not “forced” to declare bankruptcy that the company would have been able to repay all its customers.

Bankman-Fried added, “there were numerous potential funding offers — including signed LOIs post chapter 11 filing totaling over $4b. I believe that, had FTX International been given a few weeks, it could likely have utilized its illiquid assets and equity to raise enough financing to make customers substantially whole.”

In the past, Ray said Bankman-Fried has “no ongoing role at FTX” and does not speak on the company’s behalf. In mid-December during a U.S. House Financial Services Committee meeting, Ray said there were “virtually no internal controls” for FTX’s risk management systems.

There were no audits of Alameda or its venture silo. But there were audits of FTX US and FTX.com, Ray said. The audits were done by Prager Metis and Armanino. “I can’t speak to the integrity or quality of those audits,” Ray said. “I don’t trust a single piece of paper in this organization.”

FTX’s new CEO says there’s possibility for exchange to restart by Jacquelyn Melinek originally published on TechCrunch

Sling TV, the DISH-owned streaming service, finished the year off with a substantial drop in subscribers, ending Q4 2022 with a loss of 77,000 subs.

As reported in an SEC filing on January 17, Sling TV now has a total of 2.33 million subscribers, down from 2.41 million in the previous quarter. While the company momentarily gained subscribers in Q3 2022, Sling TV now seems like it’s stuck in 2018 with its current subscriber base when it also had 2.33 million subs. In the fourth quarter of 2021, the live TV streamer had 2.49 million.

The drop in subscribers is likely due to the recent price hike and increased competition. Sling TV bumped up its plans by $5. Sling Orange and Sling Blue now each cost $40/month, whereas the bundle (Sling Orange + Blue) is $55/month. The main reason that customers switch over to live TV streaming services is that they no longer have to pay an arm and a leg for cable. However, it seems like no one can escape the high prices of live TV.

It’s also possible that some customers canceled their subscriptions when 17 Disney-owned channels briefly disappeared from Sling TV over a carriage dispute in October 2022. The channels, which included ABC, the Disney Channel, ESPN, FX, Freeform and National Geographic, were restored two days later. However, it’s possible that some customers never re-subscribed.

Dish reported in the SEC filing that it has 9.75 million pay-TV subscribers in total, with 7.41 million customers subscribed to Dish TV, its satellite service. Dish TV lost approximately 200,000 subscribers.

The company has yet to report its financials, which will be revealed in its official fourth-quarter earnings report (no release date has been announced).

However, Sling TV is confident that 2023 will be a promising year for the streamer. In a recent interview with TechCrunch, Sling TV President Gary Schanman hinted at the possibility of a free offering, which could help to boost its audience.

“Free is part of our thoughts about how we think about that engagement with the customer. We want a lifelong relationship with the subscriber where they see value in what we provide — and [free content is] a piece of that,” Schanman said.

While it’s unclear exactly what Sling TV has in the pipeline, if the company were to offer free streaming options, there’s no doubt that more customers would flock to the service. It would also put Sling TV in better competition with free, ad-supported services like Roku, Freevee, Pluto TV, Xumo and Plex. YouTube was the latest company to experiment with a free ad-supported TV channel offering.

Sling TV also just launched new features like user profiles and a Sports Scores feature.

Sling TV’s subscriber base continues to tank, loses over 75K subs in Q4 by Lauren Forristal originally published on TechCrunch

Private investment in the space economy dropped by 58% in 2022 compared to the year prior, with macroeconomic headwinds battering private and public markets, according to a new analysis from New York-based Space Capital.

But while 2023 is shaping up to be another hard year for startups, Space Capital’s report maintains that the external pressures on companies will be a net positive for the industry overall.

“Quality companies with product market fit, positive unit economics, and strong leadership will continue to get funded, although valuations will be more in line with historical averages,” Space Capital managing partner Chad Anderson said in the report. “We believe that less speculation will result in fewer competitors, and a larger talent pool that will make the next two years an attractive time to start and invest in space tech companies.”

Despite the overall bearish market environment, there was one clear winner last year: SpaceX, which managed to raise $2 billion, its second-largest annual raise since the company was founded in 2002. Notably, other companies that landed major rounds are explicitly targeting the defense sector: these include defense technology startup Anduril, which closed a $1.5 billion Series E; Shield AI’s $225 million Series E; and Slingshot Aerospace’s $40 million Series A.

Overall, late- and growth-stage companies were most highly impacted by the more conservative venture investing environment last year, while early-stage investments declined only 4% year-over-year. The total number of rounds in 2022 also decreased by 30% compared to the year prior.

While the overall picture from last year is negative, investing did pick up in the fourth quarter: 63% of the year’s deals were made in the last quarter, representing $2.6 billion.

The United States continues to lead in total private investment in space companies, with 46% of deals happening here, the report found. China comes in second place with 29%. China’s investment in space infrastructure, which includes launch and tech to build and operate satellites and other space-based assets, continues to climb.

The report also looks at emerging industries, like private space stations, in-orbit servicing, and mining companies. These companies saw a 63% drop in investment. The majority of the rounds in the fourth quarter of 2022 were early stage, which reflects that the industry is still very much in its beginnings.

Space Capital tracks 1,791 companies across the space sector. Over the last ten years, investors have now poured $273.3 billion of private equity into these companies.

Private investment in space dropped 58% last year, even with SpaceX, Anduril monster raises by Aria Alamalhodaei originally published on TechCrunch

Trunk, a startup that aims to build a toolkit that helps developers build and ship their code faster, today announced the launch of its latest product: CI Analytics. The new service helps developers understand how their CI Workflows (currently with a focus on GitHub Actions) perform in the real world — and if there are any trends they should be aware of.

Founded in 2021 by a group of former Uber engineers, Trunk already offers Trunk Check, a tool for checking code quality, and Trunk Merge, a service that orchestrates merging pull requests. With CI Analytics, it’s now expanding this feature set with another tool that tries to help developers work more efficiently.

“I’d run these surveys and the number one issue coming back from folks is ‘the hardest part of my job is landing code and merging code into main.’ That’s insane. We’re trying to build future-forward tech to make cars drive themselves and the hardest thing for the engineers is to put their code into the codebase,” Trunk co-founder and co-CEO Eli Schleifer told me of his time at Uber. “Every company has to invest a tremendous amount of money into this stuff and you really don’t want to hire 30 engineers — that’s how many were at Uber — to build this solution, because it’s not germane to your problem space. It’s just the core tax you pay.”

Schleifer described the new analytics service as an “engineering intelligence solution” that helps developers fix broken engineering workflows. He noted that while GitHub Actions has become very popular in a short amount of time, it’s also a bit of a black box. “There are a lot of engineering intelligence tools out there that will tell you that this engineer wrote this many lines of code or this many commits. We see engineering intelligence more as a tool to help the productivity of all the engineers,” Schleifer said. If Trunk can help these engineers find inefficiencies in their CI processes, then, he argues, it will make everybody in the engineering organization more efficient.

“Without a proper engineering intelligence solution, DevOps and engineering teams are left operating in the dark and engineers are left to guess at what parts of their build and test workflows are slowing down engineering,” said Schleifer. “Trunk CI Analytics eliminates the guesswork with beautiful trend lines, anomaly alerting, and the ability to perform deep historical analysis within a few clicks. Operating without this level of engineering intelligence can be the difference between shipping code on time and slowly grinding to a halt.”

The new service is now available to all Trunk users, with pricing starting at $7 per month and user (after a free two-week trial).

Trunk extends its developer toolkit with CI analytics by Frederic Lardinois originally published on TechCrunch

Yum Brands, the parent company of fast food chains KFC, Pizza Hut and Taco Bell, has confirmed that company data was stolen in a ransomware attack.

TechCrunch first learned of an apparent incident affecting Yum Brands earlier this week, which the Kentucky-based company confirmed in a statement on Thursday.

Yum Brands said a ransomware attack impacted “certain information technology systems,” prompting the chain to take some of its systems offline. The incident also led to the closure of roughly 300 restaurants in the United Kingdom for 24 hours, the company said.

Although the ransomware attack largely affected the company’s U.K. operations, Yum Brands said it notified U.S. federal law enforcement as its investigation continues.

Yum Brands said that the unidentified intruder responsible for the ransomware attack stole data from the company’s network, but added it had “no evidence” that customer data was stolen. It’s not clear if the company has the technical means, such as logs, to determine what specific data was exfiltrated.

It’s also unclear when the ransomware attack began or how the company’s systems were initially compromised. Yum Brands spokesperson Rob Poetsch declined to provide more details about the incident, referring TechCrunch to the company’s statement.

“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” the company’s statement said.

Lorenzo Franceschi-Bicchierai contributed reporting.

Taco Bell, KFC owner says data stolen during ransomware attack by Carly Page originally published on TechCrunch

If you thought the fourth quarter of 2022 felt slow when it came to investment activity in the fintech space, that’s because it was. In fact, the three-month period marked the lowest quarter for U.S. fintech funding since 2018, according to CB Insights’ State of Fintech 2022 report.

But overall, while total fintech funding globally was down markedly last year compared to 2021, numbers were still higher than 2020.

Specifically, global fintech funding amounted to $75.2 billion in 2022, down 46% compared with 2021, but up 52% compared to 2020. The second half of the year was especially bleak. Only $10.7 billion of investment dollars went to fund fintech startups in the fourth quarter. About $3.2 billion of that, or nearly 30%, flowed into U.S.-based companies.

Meanwhile, global venture funding reached $415.1 billion in 2022, marking a 35% drop from a record 2021.

Overall, fintech deal volume fell 8% globally year-over-year to 5,048 in 2022. Notably, Africa was the only major region to see deals climb compared to 2021 – with a record 227 deals in 2022, a 25% increase year-over-year. A staggering 89% of 2022 deals in Africa were early-stage – a 5-year high for the continent and the highest among all other regions.

Still, funding on the continent remained lower than 2021 levels, noted Anisha Kothapa, CB Insights’ lead fintech analyst.

“This is due to increased access to technology in the region such as mobile devices and internet connectivity,” she wrote via email. “Currently, there’s a large proportion of Africa’s population that doesn’t have adequate access to financial products compared to other regions, so the potential deployment of fintech solutions exploded as access to technology like mobile phones and internet increased.

In the U.S, fintech funding in 2022 was down 50% to $32.8 billion. Yet deal size was only down 9%, signaling another trend we saw last year: early-stage deal share continued to dominate. On the flip side, mega round funding and deals fell 60% and 52% year-over-year, respectively.

Kothapa wasn’t surprised by the overall drop in investment activity given the macro-economic environment and recovery from COVID, which resulted in higher inflation and the Fed raising interest rates.

“2021 was a unique year that resulted from digital transformation needs during the pandemic,” she wrote. “However, on the positive side, 2022 numbers were higher than 2020. Therefore, investors did not shy away from giving capital. Instead, funding was given more to smaller, earlier-stage deals versus bigger, later-stage deals like we saw in 2021.”

Notably, the world saw a drastic decline in the number of new unicorns in 2022. Fintech specifically saw a total of just 69 total unicorn births in 2022, “a huge drop” (58%) compared to 166 births in 2021, according to Kothapa.

“This drop in unicorn births [for fintech] was actually smaller than what we saw for all VC-funded companies in 2022,” she told TechCrunch. “Unicorn births for all VC-backed companies dropped 86% year-over-year.

Other interesting tidbits from the report:

Insurtech M&A exits surged by 40% in 2022 to 81, up from 58 in 2021. Despite a poor showing in the public markets, insurtech was the only fintech sector to see a year-over-year increase in M&A exits. Overall, global fintech M&A exits dipped 20% year over year to a total of 742. We also saw a 72% YoY decline in fintech IPOs, from 82 in 2021 to just 23 in 2022. There were no IPOs or SPACs in the insurtech space in all of 2022 for the first time since the second quarter of 2020.
After a record-setting year, funding to LatAm & Caribbean-based fintechs declined 71% from $13.9 billion in 2021 to $4 billion in 2022. This was the greatest percentage drop in fintech funding for any region year-over-year. However, deals only fell 5% YoY – the lowest regional drop along with Canada.
Average global deal size dropped 40% to $18.7 million

While some are saying that 2022 saw a popping of the fintech bubble, Kothapa disagrees.

“This was more of a correction that resulted from an unforeseen event like the pandemic,” she said. “Digital transformation is extremely important for organizations now as they navigate more seamless ways to operate and fintech is a huge part of any business’s digital transformation.”

Want more fintech news in your inbox? Sign up here.

Got a news tip or inside information about a topic we covered? We’d love to hear from you. You can reach me via Signal at 408.404.3036. Or you can drop us a note at tips@techcrunch.com. If you prefer to remain anonymous, click here to contact us, which includes SecureDrop (instructions here) and various encrypted messaging apps.)

Fintech in 2022: a story of falling funding, fewer unicorns and insurtech M&A by Mary Ann Azevedo originally published on TechCrunch

A €390M privacy fine for Meta announced earlier this month in the European Union — for running behavioral ads on Facebook and Instagram in the region without a valid legal basis — was several billion dollars smaller than it should have been, and orders of magnitude too tiny to be a deterrent for others going big on breaking the bloc’s privacy laws, according to the not-for-profit which filed the original complaint over Facebook’s ‘forced consent’ back in May 2018.

This week the privacy rights group, noyb, has written to the European Data Protection Board (EDPB) to raise fresh hell — arguing that the Irish regulator which issued the final decision on its complaint against Meta’s ads failed to follow the Board’s instructions to investigate the financial benefits it accrued off of the unlawful data processing.

It argues the Irish Data Protection Commission (DPC) has failed to implement the EDPB’s binding decision from December — which instructed the regulator to both find the legal basis Meta had claimed for running behavioral ads unlawful and significantly increase the size of the fine the DPC had proposed in its earlier draft decision.

In the final decision which the DPC issued earlier this month, the DPC declined to act on the Board’s direction to ascertain an estimate of the financial benefit Meta gained from targeting EU users with behavioral ads in breach of EU data protection law.

And while the Irish regulator did top-up the level of fine on Meta to €390M — vs the €28M to €36M it had originally proposed for transparency failures — the revised fine neither reflects the seriousness of the systematic breach of European users’ fundamental rights, per noyb — nor does it implement the Board’s requirement that the DPC determine the unlawful financial benefits accrued by Meta from running ads that break EU privacy law.

noyb notes that, per EDPB guidelines on calculation of fines (and the text of the final decision put out by the DPC incorporating the Board’s binding decisions), the Irish regulator needed to ensure any fines “counterbalanc[e] the gains from the infringement” and also “impose a fine that exceeds that [unlawfully obtained] amount”.

“In the absence of directions, the [DPC] is unable to ascertain an estimation of the matters identified above. Accordingly, I am unable to take these matters into account for the purpose of this assessment,” is how the DPC’s Helen Dixon dryly dismissed the EDPB’s instruction — a few lines of text that essentially let Meta off the hook on what noyb calculates should have been a penalty set at the maximum possible under the EU’s General Data Protection Regulation (GDPR): 4% of annual revenue. (Or over €4BN in Meta’s case.)

noyb’s letter lays out how it has estimated the total revenue Meta generated, over the 4.5+ year infringement period, on users in the European Economic Area (EEA) — a figure it puts at circa €72.5BN. It says it’s arrived at this estimate by looking at the publicly listed company’s financial reports (and adjusting revenue figures to only reflect users in the EEA, not the European continent as a whole) — querying why the DPC’s far more numerous staff couldn’t have done the same.

“While ‘behavioural advertisement’ does not make up all the revenue of Meta’s overall advertising, it is clear that in any realistic scenario, the revenue from ‘behavioural advertisement’ in the EU overshot the maximum [possible, under GDPR] fine of €4.36BN,” noyb also argues.

In a statement, its honorary chairman, Max Schrems, adds: “By not even checking publicly available information, the DPC gifted €3.97BN to Meta.”

“It took us an hour and a spread sheet to make the calculation,” he went on. “I am sure the Irish taxpayers would not mind having that extra cash, if a DPC employee would have just opened a search engine and done some research.“

noyb’s letter also questions why the DPC apparently failed to use its statutory powers under the regulation to ask the data controller for any information required for the performance of its tasks — which could have provided it with a precise route to estimate how wealthy Meta got by unlawfully processing Europeans’ data.

“Given that SAs [supervisory authorities] can only fine based on the revenue of the last year, and the Irish DPC has taken more than 4.5 years to issue a final decision, Meta has made substantial revenue from violating the law, even if the maximum fine of 4% of the annual turnover is applied,” noyb goes on. “The estimated revenue from advertisements in the EEA of €72,53BN, would only be reduced to €68,17BN if the full 4% would be applied. This clearly makes even a maximum fine of 4% not even remotely ‘effective, proportionate and dissuasive’ in comparison to the unlawful revenue made by Meta IE [Ireland].

“Nevertheless the EDPB and the DPC are bound by Articles 83(1), (2)(k) and (5) GDPR at the same time, meaning that the maximum fine of 4% may not be overstepped but must also be used fully to comply with the conflicting requirements of the GDPR.”

So — tl;dr — even the maximum possible financial penalty under GDPR would not have been remotely dissuasive to Meta in financial terms — given how much more money it was minting by trampling all over European users’ privacy. Yet, the kicker is,Meta didn’t even get fined that (inadequate) maximum amount! Lol!

noyb’s letter presents a neatly calculated and — frankly — damning assessment of high profile enforcement flaws in the GDPR. Flaws that enable Big Tech to play the system by forum shopping for ‘friendly’ regulators who can find endless ways to chew the cud around complaints and spin claims of protocol and procedure into a full blown dance of dalliance and delay, and whose convenient decisions can, at the last, be relied upon to help minimize any damage — in a cynical mockery of due process that’s turned the EU’s flagship data protection framework into a paper tiger where Big Tech’s users’ rights are concerned.

noyb is calling on the EDPB to take “immediate action” against the DPC — to ensure its binding decision “is fully implemented in [or, well, by] Ireland”.

“Given the clear evidence that Meta IE [Ireland] has profited from the violation of Article 6(1) GDPR in vast excess of the maximum fine of 4% under Article 83(5) GDPR and the Irish DPC’s clear breach of the binding decision in this respect, we urge the EDPB and its members to take immediate action against the Irish DPC to ensure that the EDPB decision is fully implemented in Ireland,” it urges.

However this (meta – ha!) complaint by noyb — about the outcome of its 2018 complaint about Meta’s ads — most likely lands at the end of the road as far as regulators are concerned. Next stop: Class-action style litigation?

noyb’s call joins a pile of complaints (and legal actions) targeting the Irish regulator’s failure to rigorously enforce the GDPR against abusive Big Tech business models — including litigation over inaction (also vis-a-vis the behavioral ads industry) and an accusation of criminal corruption (also from noyb), to name two of the barrage of slings and arrows fired at the DPC since the GDPR came into application (on paper) and complainants started the clock on their interminable wait for enforcement.

The DPC was contacted for comment on noyb’s complaint to the EDPB — but it declined to offer a response.

We also reached out to the EDPB. A spokeswoman for the Board told us it “takes note” of noyb’s letter — but declined further comment at this time.

It remains to be seen what action — if any — the steering body will take. Its powers are limited in this context since its competence to intervene in the GDPR enforcement process relates to any objections raised to a lead supervisor’s draft decision (as happened in the Meta ads case).

After a final decision is issued the Board does not carry out a full re-evaluation of a case. So the chance of it being able to do much more here looks slim.

EU law enshrines the independence of Member States’ data protection regulators so the Board essentially has to work with whatever it’s given in a draft decision (and/or any objections raised by other DPAs). Which is why the DPC also sees mileage in challenging the portion of the Board’s binding decision that instructed it to further investigate Meta’s data processing — as it argues that’s jurisdictional overreach.

This structure effectively means a lead DPA can do considerable work to shape GDPR outcomes that impact users all over the bloc — by, for starters, minimizing what they investigate and then, even if they do open a probe, by narrowly scoping these enquiries and limiting what they factor into their preliminary decisions.

In the case of Meta, the DPC did not provide any data on the estimated financial benefit it amassed from its unlawful behavioral ads. Which — once again — looks terribly convenient for the tech giant.

While there’s not much Internet users can do about such a gaping enforcement gap — aside from hoping litigation funders step in and spin up more class-action style lawsuits to sue for damages on these major breaches — EU lawmakers themselves should be very concerned.

Concerned that a flagship piece of the EU’s digital rulebook — one that’s now also a key component at the heart of an expanding tapestry of regulations the bloc has been building up in recent years around data governance, to try to foster trust and get more data flowing in the hopes of fuelling a revolution in homegrown AI innovation — is proving to be such a jelly in the face of systematic law breaking.

Rules that can’t protect or correct aren’t going to impress anyone over the long run. And that means the paper tiger may yet have some teeth: If the GDPR enforcement failures keep stacking up, the sour taste that leaves for EU citizens tired of watching their rights trampled might risk toppling people’s trust in the whole carefully constructed ‘European project’.

Meta dodged a €4BN privacy fine over unlawful ads, argues GDPR complainant by Natasha Lomas originally published on TechCrunch

Twitter finally broke its silence over the first security incident of the Musk era: an alleged data breach that exposed the contact information of millions of users.

In late December, a poster on a popular cybercrime forum claimed to have scraped the email addresses and phone numbers of 400 million Twitter users by way of a zero-day security flaw in Twitter’s systems, previously blamed for exposing at least 5 million Twitter accounts before it was fixed in January 2022. The subsequent sale of another, smaller dataset containing the email addresses associated with more than 235 million Twitter accounts is said to be a cleaned-up version of the alleged dataset of 400 million Twitter users. Researchers warned that the email addresses, which included the details of politicians, journalists and public figures, could be used to dox pseudonymous accounts.

Twitter, or what’s left of the company, addressed the situation last week.

In an unattributed blog post, Twitter said it had conducted a “thorough investigation” and found “no evidence” that the data sold online was obtained by exploiting a vulnerability of Twitter’s systems. An absence of evidence, however, is not vindication, as it’s unclear if Twitter has the technical means, such as logs, to determine if any user data was exfiltrated. Rather, the company said that hackers had likely been circulating a collection of data pulled from past breaches and said the data did not correlate to any of the data obtained by way of exploiting the bug that was fixed in January 2022.

What Twitter is saying may very well be true, but it’s difficult to have confidence in the company’s statement. Twitter’s erratic response raises many of the same questions that regulators will want to know: Who was tasked with investigating this breach, and does Twitter have the resources to do a thorough job?

An important lesson in what not to do

Twitter’s data leak response is a lesson in how not to do cybersecurity by Carly Page originally published on TechCrunch

Britishvolt, a battery manufacturer startup, announced Tuesday that it was declaring bankruptcy, dealing a punishing blow to the United Kingdom’s automotive sector.

The company had been championed by U.K. leaders, who had hoped it would provide a laundry list of benefits: good paying jobs, advanced manufacturing know-how and homegrown battery packs to support the domestic automotive industry. But Britishvolt was beset with delays, and it never came close to its goal of opening a factory that could crank out 38 gigawatt-hours of lithium-ion batteries every year.

In some ways, Britishvolt’s story echoes that of A123 Systems, the U.S. startup that went bust over a decade ago. The upstart battery company pitched a grand vision for bringing large-scale, cutting-edge manufacturing on shore. Politicians latched onto the idea, supporting a company that could provide jobs in a politically advantageous region. They piled on praise and promised lavish subsidies if the company could deliver. But the startup put the cart before the horse, beginning work long before firm demand materialized.

A123 went bankrupt in 2012, and while its collapse was tragic, it didn’t kill the U.S. battery sector. The same might not be true of Britishvolt.

Britishvolt’s bankruptcy is the death knell for the UK’s battery industry by Tim De Chant originally published on TechCrunch