Google Agree to CMA Supervision; 'Easy' Default Passwords Banned Under PSTI


In this weekly segment, ExchangeWire sums up key industry updates in media, marketing, and commerce from around the globe. In this edition: Google agree to have their Privacy Sandbox proposal monitored by the CMA; the UK government introduce the PSTI to improve the security of Internet of Things devices; Meta are directed to sell Giphy; and reports show that businesses are becoming reliant on Amazon services due to increasing fees.


Google agree to CMA monitoring on Privacy Sandbox

Google have, somewhat surprisingly, agreed for their Privacy Sandbox third-party cookie replacement to be supervised by the UK competition authority, after a series of pledges by the tech giant to establish more restrictions. As well as monitoring, they have offered the CMA more extensive testing opportunities for the new tracking model, alongside commitments that it will not enforce the “Privacy Budget” prior to the denigration of third party cookies.

The CMA showed concerns towards Google’s Privacy Sandbox proposals, after fearing the new tracking method would destroy competition. Third-parties also voiced concerns, arguing that the change could force rivals to become dependent on the tech giant. In an unpredictable turn of events, the search-engine platform reassured competitors by giving them the chance to offer their views on the testing process, before reporting back to the CMA on how the suggestions have been considered. “We are determined to ensure that the Privacy Sandbox is developed in a way that works for the entire ecosystem,” they commented in a press release announcing the change.

Specific details on the commitments have been published on the government website.

Big tech firms have received scrutiny in recent months from EU watchdogs, over fears that competition is getting squashed. In the latest push, Margrethe Vestager, the European Commissioner for Competition, has urged the European Parliament and European Council to approve regulations to clampdown tech giants’ power, even if incomplete according to the Financial Times. The move marks the desperation EU regulators are feeling, and the lack of action that has been taken to ensure limitations are put in place. Vestager commented ahead of the FT-ETNO Tech and Politics forum, “it’s important that everyone realises that it is best to get 80% now than 100% never. This is another way of saying that perfect should not be the enemy of very, very good.”


Heavy fines for easy-to-guess default passwords under UK’s PSTI

A new package of regulations designed to make smart home devices more secure have been introduced by the UK government. The Product Security and Telecommunications Infrastructure (PSTI) Bill will instigate a number of changes, with substantial fines of up to £10m or 4% of gross revenue for non-compliance.

Proposed last year and largely unchanged after a consultation period, the new rules will, amongst other actions, force device providers to give information about security update releases and forbid the use of easy-to-guess default passwords. Of the former, the bill stipulates that device makers must disclose the minimum amount of time needed to action security patches and updates (or state if this information is unavailable) at point-of-sale and beyond, and provide a public point of contact for security researchers. Regarding the latter, the rules state that all passwords set on new devices “need to be unique and not resettable to any universal factory setting.”

The new bill seeks to clamp down on attempted hacks on Internet of Things (IoT) devices, such as smartphones, routers, and speakers, which reportedly reached 1.5 billion in the first six months of 2020. It will apply not only to manufacturers, but to any business that imports tech products into the UK, and will be policed by a regulatory body which will be confirmed once the bill has been passed into law.


Meta directed to sell Giphy

Meta GiphyMeta, formerly known as Facebook, has been directed by the UK Competition and Markets Authority (CMA) to sell Giphy, after the government body concluded that the acquisition would reduce competition between social media platforms. Moreover, the CMA noted that Meta unfairly muted competition by terminating Giphy's proprietary advertising services, at a time when the New York-based GIF-sharing platform was considering expanding these globally. As noted earlier in the week when initial details of the ruling were reported, the ruling marks a significant change of approach by the UK regulator, given that it has never ordered the divestment of a completed acquisition involving a big tech company prior to now. Meta originally purchased Giphy in May last year for the reported price of USD$400m (£300m), with the CMA initiating its investigation the following month.

A release issued by the CMA reads, "The CMA found that Giphy’s advertising services had the potential to compete with Facebook’s own display advertising services. They would have also encouraged greater innovation from others in the market, including social media sites and advertisers. Facebook terminated Giphy’s advertising services at the time of the merger, removing an important source of potential competition. The CMA considers this particularly concerning given that Facebook controls nearly half of the £7bn display advertising market in the UK."


Concerns over Amazon’s e-commerce control

controlAmazon are exploiting their position as a gatekeeper to inflict heavy fees on third-party sellers, a new report published by the Institute For Local Self-Reliance (ILSR) finds. Amazon’s leading position in the marketplace means that 60% of Americans go to the e-commerce platform to find products, consequently entailing that sellers have little choice but to depend on Amazon’s services. Yet, sellers are starting to feel the weight of Amazon’s climbing fees. Increasing fees have had growing effects on small businesses, with sellers giving the tech giant an estimate of 4.6% of their sales revenue to pay for ad space this year, up from 1.1% in 2016, and 3.4% in 2020.

As reported in the study, CEO Jeff Bezos was questioned about whether the steep inclination of seller fees show that Amazon enjoy market power in a congressional hearing last year, in which he answered, “what’s really happening is that sellers are choosing to use more of our services that we make available.” However, their domination of e-commerce with heavily weighted fees means that businesses are being crushed.

With the suggestion that the commerce industry are facing further obstacles, it has been estimated by cybersecurity company Cheq that over a third of Black Friday online shoppers this year were fake users. The study was conducted over a range of 42,000 websites in Europe, Asia, and North America, and analysed invalid traffic rates (IVT) by industry, threat type, device, and geography. It was concluded that e-commerce platforms were particularly vulnerable to data breaches, fake signups, and other types of turbulent activities. Guy Tytuniovich, CEO of Cheq, commented, "ultimately, cyber crime follows the money, especially in sectors where business activity is on the rise.”


Also in the news:

- Channel Factory’s Jovana Obradovic on Brand Suitability Within User-Generated Content

- Predictions 2022: Media Buying & Brand Marketing

- Unruly's Alex Khan on "App Tracking Protection", CTV, and the Future of Broadcast TV

- ATS London 2021: The Return of Context - Was it Always Better than Cookie-Based Targeting?

- Predictions 2022: DOOH and OOH

- ATS London 2021: MadTech Middleware - Algorithmic Driven Trading