In this weekly segment, ExchangeWire sums up key industry updates in media, marketing, and commerce from around the globe. In this edition: the Conseil d’Etat upholds a €100m fine against Google; Sony to buy Bungie in a deal worth USD$3.6bn; the EU plans to outline new tech standards to rival China; and, the DPA fines IAB Europe after ruling its TCF framework does not comply with GDPR.
The Conseil d'Etat, the highest French court, has upheld a €100m (~£74.5m) fine against Google for failing to obtain user consent before the deposit of cookies. Google also reportedly lacked significant information for users about how to refuse the trackers.
The tech giant was sanctioned in December 2020, by the French data protection authority (CNIL), who ordered them to pay two fines totalling €100m (~£74.5m) for breaching the law on information technology, files, and freedoms. The CNIL found that seven cookies were automatically placed on users’ computers on initial entry onto the site, according to the investigation conducted in March 2020. Google subsequently altered their practices in August that year but failed to clearly notify the user how to object.
The Conseil d'Etat have stated that “the amount of fines imposed by the CNIL does not exceed the limit set by the Data Protection Act”, adding that “these fines are not not disproportionate.”
As Google continue their journey towards a cookieless future, reports confirm that the tech giant is planning on scrapping FLoC (Federated Learning of Cohorts), their tool to replace cookies, after complaints that they haven’t done enough to safeguard users’ privacy. As an alternative, Google have introduced Topics, a mechanism designed to identify users by their top three interests, enabling “browsers to give you meaningful transparency and control”. Ben Galbraith, Google’s Privacy Sandbox lead, stated, “Topics replaces our FLoC proposal and I want to emphasise that this whole process of sharing a proposal, doing a trial, gathering feedback, and then iterating on the designs — this is the whole open development process that we wanted for the Sandbox and really shows the process working as intended.”
After Sony’s shares plummeted due to the announcement that Microsoft have bid to acquire Activision Blizzard in an all-cash deal worth USD$68.7bn (~£50.91bn), the Japanese tech giant have upped their game, announcing they will buy Bungie in a deal worth USD$3.6bn (~£2.7bn). According to a blogpost, the Halo and Destiny creator will remain an independent publisher, working alongside Playstation Studios. Sony Interactive Entertainment will have access to Bungie’s expertise about live game services and technology, dramatically increasing their user reach.
Kenichiro Yoshida, chairman, president, and CEO of Sony Group Corporation, commented, “Bungie has created and continues to evolve some of the world’s most beloved video game franchises and, by aligning its values with people’s desire to share gameplay experiences, they bring together millions of people around the world.” He adds, “as part of our Purpose to ‘fill the world with emotion, through the power of creativity and technology’, we will utilise the Sony Group’s diverse array of entertainment and technology assets to support further evolution of Bungie and its ability to create iconic worlds across multiple platforms and media.”
As of 31 January, when Sony announced the acquisition, their shares climbed 4.51% at market close.
The news may come as a blow to Microsoft as the US antitrust review of their acquisition will now be handled by the Federal Trade Commission (FTC), according to Bloomberg. The Justice Department replacement will investigate whether the merger, which has until June 2023 to be completed, will cause harm to competition down the line.
The EU will outline a more aggressive approach to setting global standards for new and green technologies in a direct attempt to counter the influence of China on global markets, according to The Financial Times.
The new strategy follows growing concerns from EU and US officials at China’s success at lobbying key technology standards-setting bodies, including the International Electrotechnical Commission and the International Telecommunication Union. Its intention is to ensure Europe continues to set international benchmarks for the development of technology, ranging from advances in battery power to facial recognition systems.
The importance of this emerging strategy should not be understated, as global companies joining the EU’s internal market have so far had to meet the region’s tough rules around the regulation of products and services. As part of the EU’s plans, European officials will work alongside US authorities to develop a new monitoring system on emerging standards, meeting regularly through the Trade and Technology Council. The partnership aims to utilise joint resources for a united position on tech standards, informing start-ups in the industry of renewed regulations while relying on industry experts to advise on developing technologies.
Speaking to The Financial Times, Margrethe Vestager, the bloc’s competition chief, described the new plans as “strategic”, commenting, “It’s really, really important who sets the standards because they should enable a market to work, but not to make innovation difficult.”
The Belgian data protection authority, the DPA, has found that the Transparency and Consent Framework (TCF) developed by IAB Europe does not comply with GDPR.
TCF is behind the ‘preferences’ pop-ups that appear on 80% of European websites, including those run by Amazon, Google, and Microsoft. IAB Europe has maintained that these pop-ups enable users to make informed choices about what happens to their data. The DPA, however, disagreed, finding multiple breaches of GDPR, including failing to implement "data protection by design and by default"; and failing to establish a legal basis for processing and sharing data.
The DPA’s report concluded that the TCF’s system is not transparent enough to allow users to make informed decisions on the use of their data. The DPA also concluded that IAB Europe’s activities qualify it as a data controller, making the body responsible for safeguarding personal data and accountable for GDPR violations.
In response to these GDPR violations, the DPA fined IAB Europe EU €250,000 (£208,355), in addition to ordering that the TCF be amended to meet GDPR requirements within two months. This decision was made in agreement with 27 other EU data protection authorities, and is effective immediately across the EU. IAB Europe has the opportunity to appeal this decision.
A statement released by IAB Europe reads, “Notwithstanding our grave reservations on the substance of the decision, we look forward to working with the APD [the Belgian DPA] on an action plan to be executed within the prescribed six months that will ensure the TCF’s continuing utility in the market. As previously communicated, it has always been our intention to submit the Framework for approval as a GDPR transnational Code of Conduct. Today’s decision would appear to clear the way for work on that to begin.”
Also this week: