TechCrunch+

Ticketmaster has now enraged the passionate fans of two of the world’s biggest acts: Taylor Swift and Bad Bunny.

Last weekend in Mexico City, the Puerto Rican rapper performed two sold-out shows at the 85,000-seat Azteca Stadium, but over a thousand fans who purchased tickets via Ticketmaster were turned away. Ticketmaster issued a statement saying that ticket holders who were denied entry will be refunded, then claimed that the cause of the problem was fake tickets.

But Mexican regulators tell a different story.

Ricardo Sheffield, Head of Mexico’s Office of the Federal Prosecutor for the Consumer (PROFECO), said in a Spanish-language interview with Radio Fómula that these tickets weren’t fake — Ticketmaster issued all of these tickets, after all. What happened, from Sheffield’s point of view, is that Ticketmaster simply oversold the event. Sheffield said that in addition to full ticket refunds, affected customers will get a 20% compensation fee. PROFECO will also fine Ticketmaster up to 10% of the company’s sales for the year in Mexico.

Sheffield said that about 1,600 fans on Friday and 110 fans on Saturday were turned away despite having tickets.

U.S. regulators are also investigating Ticketmaster’s parent company, Live Nation Entertainment. In November, the Justice Department opened an antitrust investigation into the entertainment giant.

“As we have stated many times in the past, Live Nation takes its responsibilities under the antitrust laws seriously and does not engage in behaviors that could justify antitrust litigation, let alone orders that would require it to alter fundamental business practices,” the company responded in a statement.

Consumers have long bemoaned the frustrating process of securing tickets to a high-demand show on Ticketmaster — it’s one thing when you lose out tickets to other fans, but oftentimes, a show will sellout within minutes, usually due to competition from bots — and then, thousands of tickets instantly reappear on resale sites like Vivid Seats, SeatGeek and StubHub for a way higher price. In the case of the Taylor Swift Eras tour presale, Ticketmaster blamed bots for its issues, despite issuing presale codes to a select group of “verified fans.”

“Historically, we’ve been able to manage huge volume coming into the site to shop for tickets, so those with Verified Fan codes have a smooth shopping process,” Ticketmaster said in a statement. “However, this time the staggering number of bot attacks as well as fans who didn’t have codes drove unprecedented traffic on our site, resulting in 3.5 billion total system requests – 4x our previous peak.”

In total, over two million Taylor Swift tickets were sold on November 15, which broke Ticketmaster’s record for most tickets ever sold for an artist in a single day. But so many fans couldn’t access secure tickets at all, or spent hours waiting in unprecedented virtual lines, only to be turned away.

To quote Federal Trade Commission chair Lina Khan, Ticketmaster’s meltdown during the presale for the Taylor Swift’s Eras tour “converted more Gen Z’ers into antimonopolists overnight than anything I could have done.”

Mexican regulators are fining Ticketmaster after Bad Bunny concert fiasco by Amanda Silberling originally published on TechCrunch

Don’t miss your opportunity to demonstrate your expertise — and teach what you know so well — to hundreds of budding and bootstrapping entrepreneurs. Where? At the TechCrunch Early Stage founder-focused summit on April 20 in Boston, Massachusetts.

If you’re an experienced, later-stage startup founder or ecosystem expert who can offer essential or game-changing advice, we encourage you to throw your hat into the Audience Choice voting ring. Apply here today.

Here’s how the Audience Choice selection process works.

Submit an application outlining the content you’d like to present by January 6. After Team TechCrunch vets the applications, it will select the participants for Audience Choice voting. TC readers will vote for the sessions they want at TC Early Stage.

Here’s the timeline to keep in mind:

Application deadline: January 6
Notify Audience Choice participants: January 23
Voting period: January 30 through February 17
Notify winners: By February 22

Share your hard-earned knowledge and establish yourself as a thought leader with the up-and-coming startup generation. Apply to Audience Choice right now.

TC Early Stage, which takes place on April 20, 2023, in Boston, Massachusetts, provides access to essential information, resources and community connection to help budding, bootstrapping entrepreneurs reach their potential. Buy a pass now — just $149 while supplies last — and join us in Boston!

Is your company interested in sponsoring or exhibiting at TC Early Stage 2023? Contact our sponsorship sales team byfilling out this form.

Show what you know at the TechCrunch Early Stage founder summit by Lauren Simonds originally published on TechCrunch

Ask Alan Shreve why he founded Ngrok, a service that helps developers share sites and apps running on their local machines or servers, and he’ll tell you it was to solve a tough-to-grok (pun fully intended) infrastructure problem he encountered while at Twilio. As an engineer there, Shreve was developing on webhooks — automated messages sent from apps when something happens — without an appropriately-tailored development environment, which slowed the deployment process.

Ngrok was his solution. An open source package that grew into a distributed platform, Ngrok aims to collapse various networking technologies into a unified layer, letting developers deliver apps the same way regardless of whether they’re deployed to the public cloud, serverless platforms, their own data center or internet of things devices.

After being bootstrapped for seven years, Ngrok today announced that it raised $50 million in a Series A round led by Lightspeed Venture Partners with participation from Coatue. Shreve tells TechCrunch that, with the fresh capital, Ngrok will grow operations and “make continued investments” to improve its core product offering.

“Developers tape together various open source projects, home-grown proxy layers and combine them with disparate services from cloud-specific vendors like Amazon Web Services, Microsoft Azure and Google Cloud Platform and content delivery networks like Cloudflare. Developers are required to configure unnecessarily low-layer networking resources like IPs, DNS, VPNs and firewalls to deliver their applications,” Shreve told TechCrunch in an email interview. “Ngrok allows developers to avoid that complexity.”

Ngrok acts as a “reverse proxy” for services and apps, fronting web services running in clouds or private networks or on a local dev machine. It gives developers internet access to private systems normally hidden behind a firewall, providing an internet-accessible address anyone can get to and linking the other side of the “tunnel” to functionality running locally.

Effectively, Ngrok adds connectivity, security and observability features to existing apps without requiring any code changes, including features like load balancing and encryption. With Ngrok, developers can deploy or test apps against a development backend, building demo websites without having to deploy them. Or they can access internet of things devices in the field, connecting to private-cloud software remotely.

“When developers build applications and APIs, they need to deliver them to customers on the internet. Ingress is the service that provides application delivery and makes your service available securely to its customers. Ngrok’s ingress is [an] application’s front door,” Shreve said. “The way developers build applications has fundamentally changed. Microservice architectures, serverless platforms and other shifts in the industry have led to a proliferation of new APIs and apps which need their own ingress in different environments.”

Indeed, Shreve appears to have grokked it (I’ll see myself out), growing Ngrok’s user base to five million developers — 30,000 of which are paying customers. Shreve wouldn’t disclose revenue figures, but he said that revenue “doubled” year-over-year thanks in part to well-paying clients like Databricks, Zendesk, Copado, Klaviyo and SonarSource.

Ngrok competes to a degree with startups like Tailscale, ZeroTier, Netmaker and Defined Networking’s Nebula — some of them are well funded. In May, Tailscale raised $100 million for its mesh networking technology that can be installed on a single server and used as a way to share software services.

But if Shreve is concerned, he wasn’t obvious about it.

“Most organizations manage 200 to 1,000 apps. At that scale, delivering apps more quickly moves the needle by keeping developers focused on solving real business problems and not dealing with networking complexities,” Shreve continued. “Ngrok’s API-first ingress-as-a-service platform enables developers to deliver faster by building on top of a single solution across all of these platforms.”

Lightspeed Venture Partners’ Guru Chahal added: “More developers are entering the industry and building more applications, most of which will be delivered over the internet as software-as-a-service services. Today, this involves a complex mix of networking and security technologies that is expensive, time-consuming to manage, and, quite frankly, does not scale … We invested in Ngrok because it is solving this challenge. Ngrok dramatically simplifies how apps are delivered over the internet to users. A developer can deliver their app to users in a secure and scalable manner with one click or a single line of code.”

Ngrok employs 59 people currently across its offices in San Francisco and Seattle and remotely. It’s actively hiring.

Ngrok, a service to help devs deploy sites, services and apps, raises $50M by Kyle Wiggers originally published on TechCrunch

Amazon today is introducing a small handful of new features for its digital assistant Alexa that aim to make the device more accessible. The company is launching two new ways to interact with Alexa without speaking including support for Gestures on Echo Show devices that will users to interact with the device by raising their hand — something that can also come in handy for anyone using Echo while cooking who want to quickly dismiss a timer without having to speak. In addition, Amazon is rolling out text-to-speech options and a way to turn on all closed captioning features at once across devices.

The new features are the latest to arrive in a push to make Alexa a more accessible tool, and follow the fall launch of a “Tap to Alexa” option for Fire tablets that allow users to interact with the voice assistant without speaking.

With Gestures, Amazon says users will be able to hold up their hand — palm facing the camera — to dismiss timers on the Echo Show 8 (2nd Gen.) or 10 (3rd Gen) devices. Beyond enabling nonverbal customers to use the device, Amazon also envisions a common scenario where users in the kitchen are cooking while listening to music and don’t want to have to scream over their tunes to be heard by Alexa or touch the screen with messy hands. The gesture could give them an easier way to interact with Alexa, in that case.

Gestures are not enabled by default — you’ll have to visit Settings, then Device Options to access the option. (Presumably, by calling it “Gestures” and not “Gesture,” Amazon has other plans in store for this feature down the road.)

To work, Gestures uses on-device processing to detect the presence of a raised hand during an active timer, Amazon said. Users will not have to enroll in other visual identification features like Visual ID, the Echo Show’s facial recognition system, to use it.

The company is also launching text-to-speech functionality to the new Tap To Alexa feature, which today provides customers with a dashboard of Alexa commands on the Echo’s screen which they can tap to launch. With text-to-speech, customers will now be able to type out phrases on an on-screen keyboard to have them spoken aloud by their Echo Show. These commands can also be saved as shortcut tiles and customized with their own icon and colors.

The feature aims to help customers with speech disabilities, or who are nonverbal or nonspeaking who can use text-to-speech to communicate with others in their home, for example by typing out “I’m hungry.”

The third new addition is called Consolidated Captions, and allows customers to turn on Call Captioning,Closed Captioning, andAlexa Captions at once across all their supported Echo Show devices. This enables customers to turn on captions for things like Alexa calls and captions for Alexa’s responses, which helps those who deaf, hard of hearing, or who are using Alexa in loud or noisy environments, Amazon says.

This feature is enabled by tapping Settings, then Accessibility, and selecting “Captions.”

The new features come at a time when Amazon is trying to determine how to proceed with Alexa, whose division at the company saw significant layoffs and, per anInsider report, is said to be on pace to lose Amazon around $10 billion this year as opportunities to monetize the platform, like voice apps known as Skills, have failed to gain traction with consumers. Alexa owners also tend to only use the device for basic tasks, like playing music, operating smart home devices, using timers and alarms, and getting weather information, among other things.

More recently, Amazon has been positioning its Echo Show devices as more of a family hub or alternative to the kitchen TV. Its wall-mounted Echo Show 15, for example, offers widgets for things like to-do lists and shopping lists and just rolled out Fire TV streaming.

Amazon says the new Echo Show features are rolling out now.

Amazon’s Echo Show adds more accessibility features, including ‘Gestures’ and text-to-speech by Sarah Perez originally published on TechCrunch

Magazine reading app Flipboard is becoming the latest contender in the battle to relocate some of the online conversations taking place on Twitter onto its own platform instead. The company today announced that Flipboard’s curators will be able to publish original content into their magazine in order to engage with their readers in a conversation. The company believes the feature will allow curators to create small communities around a particular theme or interest. This ultimately would deliver a different vibe than when posting on Twitter to a more general audience.

The social magazine app first introduced the ability for users to create their own magazines in 2012, by finding articles and then “flipping” those into a magazine that others could follow in their own feeds. With the launch of the new notes feature, curators will now be able to do more than share articles and other information — they’ll be able to post text notes, which can also include uploaded images or links, and they can even @mention other users to reach outside their own community.

“It’s kind of like doing a regular post on Twitter or Facebook, but it’s going into a magazine,” explains Flipboard co-founder and CEO Mike McCue. “So it’s like a post into a micro-community…And it allows people who care about something, who are following this magazine or contributing to this magazine, to be able to talk to each other, communicate and build a stronger sense of community,” he says.

The notes have a colorful, blue background to make them stand out and can be liked, commented on, shared, or flipped into other magazines.

While curators can write in the notes without worrying about a tight character limit — another change possibly coming to Twitter — the idea is not to create another newsletter or blogging platform, like Substack or Medium. Instead, Flipboard’s notes are designed to be more like a Facebook post in length. They can be used to write an introduction to the magazine, similar to an editor’s note, or to ask questions of the community, and answer readers’ questions, among other things.

McCue says the feature has been in development for around six months, so it wasn’t necessarily built to capitalize on the chaos at Twitter, which has prompted a portion of its user base to try out various social apps, including Mastodon, Tumblr, Post News, Cohost, Hive and others.

Still, he says, the launch’s timing could become one of those things where “preparedness meets opportunity,” as it turns out.

Flipboard is not the only publishing platform to target Twitter users in recent days. Substack also announced a discussions feature of its own in November called Substack Chat which has a similar purpose of connecting creators and readers in a community conversation.

But in Flipboard’s case, the goal may be to gain further reach by adding a social element. The magazine app is a more mature company, having been founded back in 2010 to offer a more polished news reading experience that’s also customized to users’ personal interests. The company today claims to have north of 100 million monthly active users, but this includes not only web and mobile users, but also those who open Flipboard’s news emails. It’s possible that the addition of the community notes feature could encourage users who now only read news via email to re-engage with the app more directly.

The company says there are “millions” of Flipboard magazines available, but on any given month, only around 25-50% are active as not all are updated regularly.

Ahead of today’s launch, the feature was piloted with a handful of Flipboard-run group magazines, which are curated by multiple people, including The Recipe Exchange, The Travel Exchange, and The Photography Exchange. In tests beginning in July, those saw a 40% in social activity (likes, comments, flips, and shares) from August to September and a 28% increase in October, compared with September. In addition, a handful of curators also tested the feature, including the magazines Photowalkers by Jefferson Graham, Hiking the World by Kym Tyson of 33andFree, and The Breadship by Maurizio Leo.

Alongside this rollout, Flipboard is adding a new Community tab inthe app next to its For You feed to showcase the best magazine and curators, it says.

The notes feature is launching today on the web and will reach iOS and Android over the next few weeks.

Magazine app Flipboard adds support for original content with new notes feature by Sarah Perez originally published on TechCrunch

Thetrillion-dollar construction industry is often tarred with the inefficiency brush, accused of failing to move with the times and ignoring digitization in favor of legacy tools. But there is plenty of evidence that things are changing, with countless startups raising large sums of cash to help the construction industry modernize.

Venture capital (VC) funding in U.S. construction tech startups alone reportedly hit $1.3 billion in the first half of 2022, representing a 44% increase on the previous six months. In tandem, a slew of new funds and initiatives have emerged to support a fresh swathe of entrepreneurs, with Building Ventures recently closing a new $95 million fund for construction tech and real estate startups, while Agya Ventures announced a $32 million fund. Brick & Mortar Ventures, meanwhile, launched an early-stage accelerator billed as the “Y Combinator of construction tech.”

It’s against that backdrop that German VC firm Foundamental today unveiled its new fund, targeting $85 million at early-stage construction tech startups globally and building on the early success it has seen from its inaugural $65 million fund which closed back in 2019.

Exits and unicorns

Foundamental said it has seen four exits and one unicorn over the past three years, with the likes of Procore acquiring Indus.ai and Faro buying Holobuilder, while India’s Infra.Market hit a hefty 2.5 billion dollar valuation last August.

On top of that, Foundamental says that seven of its 64 investments have hit a $100 million-plus run-rate, while 81% have gone on to raise subsequent funding.

Founded out of Berlin in 2018, Foundamental counts three general partners, each focused on distinct regions. Patric Hellermann covers Europe, while Shub Bhattacharya is all about Asia-Pacific (APAC) and Adam Zobler targets North America.

“Construction is the biggest, undisrupted market in the world,” Zobler said in a statement. “It’s a 12 trillion-dollar market — 10% of the world’s GDP — which employs one in fourteen workers globally. Yet the construction and built-world industry is massively inefficient, and it’s getting worse.”

With its latest fund, Foundamental says that it’s looking to double-down on emerging regions such as Latin America, while focusing on “historically neglected verticals” that impact everyone, including housing, skilled labor, and public / private infrastructure. It noted that it’s aiming for a “larger portfolio” of around 40-50 companies, and plans to invest across pre-seed, seed, Series A and Series B rounds, with check sizes maxing out at around $3.5 million.

“The time to invest is now,” Zobler continued. “Technology that fundamentally reshapes the world of construction and the built environment is needed now more than ever — and it can drive great returns — but is currently underserved and underfunded.”

While Foundamental touted the fund’s limited partners (LPs) as “global names from the building and construction ecosystem,” it said that it wasn’t at liberty to reveal who they actually are.

Foundamental closes $85M fund for early-stage construction tech startups by Paul Sawers originally published on TechCrunch

Consumer tastes are always shifting, but while traditional soft drink giants continue to dominate in the beverage space, many smaller players are finding success in developing soft drink-like offerings that also have a healthier function.

Some venture capitalists say most beverage companies won’t end up being big players, but Poppi, a prebiotic soda brand, is joining companies like Olipop to prove they can be successful in a global functional soda category expected to be valued at $173 billion by 2025.

The company’s drinks combine real fruit and apple cider vinegar and have less than five grams of sugar and 20 calories. The ingredients target digestion aid, immunity and glowing skin.

When we last caught up with Poppi co-founder Allison Ellsworth, it was when the Dallas-based company raised a $13.5 million round in 2021. At the time it was about a year old, had nine flavors and had achieved a presence in more than 7,500 retail locations, including Target, Safeway, Kroger, Publix, Whole Foods and Amazon.com.

“A big change is the functional pop fast-growing category,” Ellsworth told TechCrunch. “Last year, we were at proof of concept, but now we are past that. We are seeing real revenue growth, real penetration and real trial. It’s been exciting to see. We’re here to play and a hot new brand.”

Indeed, the company had 148% revenue growth over the past 12 months and also saw online sales increase 250%, Ellsworth said. Poppi is also somewhat of a TikTok sensation, garnering more than 1 billion views so far.

She also said that what has set the company apart from its competitors is Poppi’s distribution approach of establishing a direct store delivery network. That was one of the first pieces of advice Rohan Oza, co-founder and managing partner of CAVU Consumer Partners, who has been an investor in Poppi since its first day, gave to Ellsworth and her co-founder husband, Stephen, back in 2020.

“By the end of January, we will have pieced together, in the U.S., a full DSD network where no other brand of our size has done this,” Ellsworth said. “Now, we have our cans in the refrigerated section, on the shelves and doing a pallet drop in the lobby of retailers. That has made a major difference we can see.”

All of that growth is why Oza decided to double down on additional funding, Ellsworth added.

That new cash infusion is a round of $25 million led again by CAVU. Poppi has now raised more than $40 million in total. Ellsworth declined to divulge the company’s valuation, but did say it was an increase over the company’s previous round.

It’s also back with a lot of changes, including new additions to the executive team this year. CEO Chris Hall (no relation to the reporter who wrote this) came to the company in May after 15 years at Talking Rain Beverage, most recently as chief executive of the Sparkling Ice brand for the past five years.

Meanwhile, Lana Buchanan joined as chief marketing officer after serving in various vice president roles at Anheuser-Busch and Campari, while Chuck Czerkawski joined as CFO. Ellsworth said Czerkawski had taken Essentia Water through an exit in 2021, and would “help to get us on the road to profitability.”

Poppi still has nine flavors, but has doubled its reach to more than 20,000 locations and is poised to reach 30,000 doors next year, Ellsworth said.

The company launched during the height of the pandemic in March 2020 and dealt with aluminum shortages and the like, but now has been able to staff up, put an executive team in place and, as Ellsworth put it, “invested in the right people so we are a well-oiled machine.”

That new capital will go into building brand equity — “getting more cans in hands,” she added.

Next up, Poppi is exploring club retailers, like Costco and Sam’s Club, working on how to sell in multipacks and developing some new flavors, with the potential for two to come out next year. The company launched a Cherry Limeade flavor earlier this year.

“We will continue to lean in on the traditional soda flavors,” Ellsworth said. “We see Poppi as a soda for the next generation, and we see people wanting to drink it everyday because it tastes good and is a soda replacement.”

Poppi raises a can to fresh capital to support its functional beverage growth by Christine Hall originally published on TechCrunch

The European Commission has announced a draft decision on US adequacy, paving the way for a replacement EU-US data transfer deal to be adopted next year.

The draft adequacy decision for the EU-US Data Privacy Framework (DPF), as it’s called, can be downloaded here.

The Commission’s draft is a key step in years of tortuous bilateral process which the EU’s executive body and US counterparts hope will finally bring legal certainty to transatlantic exports of EU personal data — which have been shrouded in risk after earlier agreements were invalidated by the bloc’s top court, back in July 2020 and October 2015, over the legal disconnect between European privacy rights and US surveillance powers.

Resolving that schism has been — and remains — the key sticking point for EU-US data transfers. It means any new deal on transatlantic data transfers will undoubtedly face legal challenges to test whether this fundamental clash has really been resolved.

But even just getting a replacement agreed on paper, after the last two deals were torn up by the Court of Justice of the EU (CJEU), has been a major effort and challenge.

Yesterday the EU’s justice commissioner, Didier Reynders, told aPolitico event that he hoped the new pact would be finalized before July next year — and he gave it a ‘7 or 8 out of 10’ chance of withstanding legal challenge. So even the Commission is not 100% on this surviving.

In a statement accompanying the announcement of the draft decision today, Reynders said:

Today’s draft decision is the outcome of more than one year of intense negotiations with the US that I led together with my US counterpart Secretary of Commerce Raimondo. Over the past months, we assessed the US legal framework provided by the Executive Order as regards the protection of personal data. We are now confident to move to the next step of the adoption procedure. Our analysis has showed that strong safeguards are now in place in the U.S. to allow the safe transfers of personal data between the two sides of the Altlantic. The future Framework will help protect the citizens’ privacy, while providing legal certainty for businesses. We now await for the feedback from the European Data Protection Board, Member States’ experts and the European Parliament.

In another supporting statement, Věra Jourová, Commission VP for values and transparency, added:

Our talks with the US have resulted in proposing a Framework that will further improve safety of personal data of Europeans transferred to the US. It builds on our good cooperation and progress we have made over the years. The future Framework is also good for businesses and it will strengthen Transatlantic cooperation. As democracies, we need to stand up for fundamental rights, including data protection. This is necessity, not a luxury in the increasingly digitalised and data driven economy.

Keenly watching developments will be a number of tech giants — including Meta, which is at risk of a suspension order being slapped on its EU-US data transfers following a long-running complaint that’s still grinding through the EU’s General Data Protection Regulation’s (GDPR) enforcement procedures (so it’s a race against time to see which will arrive first); Google, whose analytics product has been hit with warnings by DPAs around the bloc over illegal transfers of personal data; and Microsoft, whose cloud-based productivity suite 365 is under GDPR review by German DPAs that’s further complicated by the data transfers issue, to name three high profile examples.

But the transfers issue of course touches thousands of companies that rely on exporting personal data from the EU to the US and have been left in legal limbo since the demise of Privacy Shield.

Negotiations between the EU and the US to replace the most recently defunct Privacy Shield deal took until this March to arrive at a political agreement, and until October before US president Joe Biden signed an executive order (EO) to implement the replacement data transfer agreement.

The signing of the EO handed the baton back to the Commission — and now it’s produced a draft adequacy agreement, as the bloc dubs such deals, based on the text signed by the US administration (and accompanying regulations issued by the US Attorney General Merrick Garland), which implemented into US law the agreement-in-principle signed by the EU and US back in March.

The next stage in the process is a review of the draft decision by other EU institutions, including the European Data Protection Board (EDPB) and a committee of EU Member States, along with scrutiny by members of the European Parliament. However the final decision to adopt adequacy is up to the Commission alone — so today’s draft decision marks a significant step along the road to sealing a new deal.

“US companies will be able to join the EU-U.S. Data Privacy Framework by committing to comply with a detailed set of privacy obligations, for instance, the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties,” the Commission writes. “EU citizens will benefit from several redress avenues if their personal data is handled in violation of the Framework, including free of charge before independent dispute resolution mechanisms and an arbitration panel.

“In addition, the US legal framework provides for a number of limitations and safeguards regarding the access to data by US public authorities, in particular for criminal law enforcement and national security purposes. This includes the new rules introduced by the US Executive Order, which addressed the issues raised by the Court of Justice of the EU in the Schrems II judgment: Access to European data by US intelligence agencies will be limited to what is necessary and proportionate to protect national security; EU individuals will have the possibility to obtain redress regarding the collection and use of their data by US intelligence agencies before anindependent and impartial redress mechanism, which includes a newly created Data Protection Review Court. The Court will independently investigate and resolve complaints from Europeans, including by adopting binding remedial measures.”

“European companies will be able to rely on these safeguards for trans-Atlantic data transfers, also when using other transfer mechanisms, such as standard contractual clauses and binding corporate rules,” the Commission added.

All that said, how long the reupped deal will last remains to be seen.

The EU-US Privacy Shield survived less than four years before the CJEU struck it down. And a third challenge over the same issue may not take so long to arrive at a high level legal reckoning.

In a statement on the Commission’s draft decision announcement, noyb, the privacy and digital rights not-for-profit advocacy group founded by Max Schrems — whose surname has become synonymous with successful challenges to EU-US data transfer deals — predicts the DPF will fail in front of the CJEU.

“The CJEU required (1) that US surveillance is proportionate within the meaning of Article 52 of the Charter of Fundamental Rights (CFR) and (2) that there is access to judicial redress, as required under Article 47 CFR. Updated US law (Executive Order 14086) seems to fail on both requirements, as it does not material change the situation from the previously applicable PPD-28. There is continuous ‘bulk surveillance’ and a ‘court’ that is not an actual court. Therefore, any EU ‘adequacy decision’ that is based on Executive Order 14086 will likely not satisfy the CJEU,” noyb said in a press release.

Its analysis of the deal-in-principle between the two sides, based on the text of the US EO, is that changes “seem rather minimal” and the agreement “underperforms when it comes to the protection of non-US persons”, as it puts it — hence it’s predicting the third deal won’t pass muster with the CJEU either.

Commenting in a statement, Schrems added: “We will analyze the draft decision in detail the next days. As the draft decision is based on the known Executive Order, I can’t see how this would survive a challenge before the Court of Justice. It seems that the European Commission just issues similar decisions over and over again — in flagrant breach of our fundamental rights.”

Still, not everyone deeply involved in data protection is so down on this ‘third time less unlucky’ attempt to nail down an EU-US data transfers deal.

Hamburg’s Data Protection commissioner put out a somewhat positive-sounding statement on the contents of the EO last month — welcoming how, for the first time, US secret service activities would be subject to “a proportionality proviso” — and also welcoming the US’ seeming willingness to (at least) limit the scope of government data collection — while also hitting out at what it dubbed “knee-jerk” criticism of the agreement.

At the same time, though, it emphasized that thorough scrutiny of the deal will be required to determine whether crux elements — such as how US secret services will interpret ‘proportionality’; and the functioning of the data protection court — will actually meet the CJEU’s requirements or not. Notably, it also described it as “problematic” the fact that US bulk collection (aka “the instrument of mass surveillance”) is expressively retained.

It will certainly be interesting to see what the EDPB makes of the DPF.

A thumbs down from the Board — which the Commission confirmed has received its draft decision so it can now begin working on its opinion — would be highly indicative of legal troubles ahead. But a more positive verdict from the EDPB would of course be a very different story.

A spokeswoman for the Board told us it will not be issuing a statement at this stage of the process.

She also said the timeframe for the EDPB adopting an opinion on the draft decision is not clear. “At this moment, we cannot say when this will be. No deadline is foreseen under the GDPR but the European Commission can decide to set a deadline,” she added.

For its part, noyb said it does not expect the new pact to be finalized before spring 2023. Once that happens, it notes that users will be able to challenge the DPF via national and European courts — thereby setting a new clock ticking on fresh regulatory risk.

The Commission will also monitor the functioning of the EU-U.S. Data Privacy Framework — via a process of “periodic reviews” — which it will conduct itself, with input from European data protection authorities, and along with the competent US authorities.

“The first review will take place within one year after the entry into force of the adequacy decision, to verify whether all relevant elements of the US legal framework have been fully implemented and are functioning effectively in practice,” it noted.

The Commission has also produced a short Q&A offering more detail on its draft decision.

EU confirms draft decision on replacement US data transfer pact by Natasha Lomas originally published on TechCrunch

Privileged access management (aka PAM) provides the ability to control access to sensitive parts of your technology environment. Rather than giving everyone access to these resources (or conversely, no one), you should be able to apply permissions granularly.

But it is challenging without the right tools. Common Fate, an Australian startup from a couple of former cyber security consultants, wants to help with an open source tool and an early access cloud service.

Today, the company announced a $3.1 million seed investment.

Co-founder Fraser Ricupero says the company provides engineers with quick access to the tools they need. “We exist to ensure that employees in organizations, namely, engineering teams and security professionals within the organization, can get access to the correct level of internal services,” he said.

That could be cloud infrastructure services or critical applications like 1Password, GitHub, Salesforce and other SaaS applications. “And it’s about getting the correct level of access that they need to do their job when they need it and in a secure fashion,” he said.

Co-founder Chris Norman says that when they were working as consultants prior to starting the company, the two founders saw the need for a product like this. “We’ve seen through our own backgrounds as consultants, a real proliferation of internal access and a proliferation of over privileged access and the folks that we’re talking about, these engineers, they need this access at a very high velocity to build applications and serve users for the digital products that they’re building,” Norman said.

He says they differ from other PAM products on the market because of their focus on developers. “We differ in the sense that we are developer- and practitioner- first and developer-focused, and for us this means directly integrating with internal command line tooling, and a huge focus on command line user experience,” he said.

The company has an open source tool called Granted, and it’s launching an early access program for the SaaS version of the product.

With 7 employees, the plan is to keep it lean for the time being with just one open rec at the moment for a community success engineer, but when it comes to hiring, the founders understand the importance of diversity. “We are very much aware of those issues in technology, and seemingly these issues are considerably more pronounced in cloud security,” Ricupero said.

“From the research that we’ve done internally, we see that diverse teams perform better quite simply. And one of the hiring criteria [for the open role] is we need to ask ourselves is the candidate bringing a new perspective and background to our team, or is it just more of the same? So obviously, we’re looking for a diverse mix of talented people within our company,” he said.

Today’s $3.1 million investment was led by Work-Bench with participation from Haystack Ventures and Essence VC.

Common Fate wants to make it easier to manage privileged access for developers by Ron Miller originally published on TechCrunch

News that former FTX CEO Sam Bankman-Fried was arrested yesterday in the Bahamas set the technology world alight.

After the dramatic implosion of FTX’s crypto empire, which resulted in the loss of hundreds of millions of invested capital and billions of paper wealth, many in the larger crypto community were incensed that he was not instantly arrested.

Now, with Bankman-Fried in custody and a complaint in hand, it is clear that the former startup executive had not purchased political protection, something alleged by humble anonymous Twitter accounts and the man who recently bought the social service alike.

The Exchange explores startups, markets and money.

Read it every morning on TechCrunch+ or get The Exchange newsletter every Saturday.

Legal folks will carefully dissect the complaint and provide more capable commentary on its aggregate claims. This morning, we’re going to take a different angle. What matters is that the FTX empire was, effectively, bullshit. It was, per the complaint, built on fraud.

This matters for startups because information about how other companies are doing is scarce and competition is intense. That means the leading startups’ business results carry outside influence — they become the cultural leaders in their market. When it turns out a screaming success was no more than smoke and mirrors, it means that a key signal in the tech startup market was actually quite specious.

Ah, so SBF’s FTX was all BS by Alex Wilhelm originally published on TechCrunch