Category: Tech news

Earlier this month, venture capitalist and former Spotify global director of marketing Sophia Bendz announced that she was leaving London-based Atomico to join Berlin’s Cherry Ventures.

Her stated reason for leaving the London VC firm — which mainly does Series A and Series B rounds — is that, having made the difficult transition from seasoned operator to venture capitalist, she wants to focus on seed stage where she can do more deals and work closely with founders and their teams at a much earlier stage.

Bendz is already a prolific angel investor, with a total of 44 deals in the last nine years. However, although she was promoted to partner at Atomico in November 2018 and has helped source and carry out due diligence on a number of deals, she didn’t end up leading any during her time at the firm.

That will quickly change once she starts officially at Cherry, which does far more deals per year than Atomico, being that it is focused on an earlier stage of the startup funding funnel.

To find out more about her latest career move, I caught up with Bendz the day before her announcement. In the conversation that followed, we dug deeper into how she approaches angel investing, why the new focus on seed stage makes sense, and what it’s like to compete for deal flow.

By tearing down bootleg network switches, researchers found ample opportunity for malice—but no signs of a backdoor this time.

FedEx has flirted with robotic technologies before, most notably in the case of Roxo. The delivery robot made its debut in New York City last year, only to get the boot from Mayor Bill de Blasio. These days, however, the prospect of increased automation seems all the more pressing, as COVID-19 has left many reconsidering the human element of the supply chain.

The logistics giant reached out to TechCrunch this week to note that it has been using robots in another matter for a few months now. In March, FedEx installed a quartet of robotic arms from Yaskawa America and Plus One, with the express intent of helping sort the massive numbers of parcels that pass through its Memphis facility.

For reasons that should be clear to anyone who follows the category, human workers still play a key role in the process. The company says several members of its Small Package Sort System team — who previously did the sorting themselves — are operating as supervisors for the new robotic employees.

FedEx says it was actively exploring these technologies prior to COVID-10. “While COVID has not directly played a role in accelerating the tech adoption,” the company tells TechCrunch, “it has exponentially increased the amount of e-commerce packages traveling through the Memphis hub, so COVID has validated the need for this technology and its support for our team members working at the Memphis hub.”

The industry has, after all, been moving in this direction for some time. Amazon, which has made massive investments in and acquisitions of several robotics firms, is probably the best existing model for how humans and robotics can work side by side to process massive volumes of parcels. UPS, too, has looked increasingly toward automation. Last year it announced a goal of processing 80% of packages through automated facilities. With a massive ongoing health crisis like COVID-19 posing a risk to workers and customers alike, additional automation seems like a no-brainer for many such outfits.

To date, FedEx says it has not made any investment in robotics companies.

In the wake of yesterday’s landmark ruling by Europe’s top court — striking down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process — Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.

Countries like the U.S.

The original complaint that led to the Court of Justice of the EU (CJEU) ruling focused on Facebook’s use of a data transfer mechanism called Standard Contractual Clauses (SCCs) to authorize moving EU users’ data to the U.S. for processing.

Complainant Max Schrems asked the Irish Data Protection Commission (DPC) to suspend Facebook’s SCC data transfers in light of U.S. government mass surveillance programs. Instead, the regulator went to court to raise wider concerns about the legality of the transfer mechanism.

That in turn led Europe’s top judges to nuke the Commission’s adequacy decision, which underpinned the EU-U.S. Privacy Shield — meaning the U.S. no longer has a special arrangement greasing the flow of personal data from the EU. Yet, at the time of writing, Facebook is still using SCCs to process EU users’ data in the U.S. Much has changed, but the data hasn’t stopped flowing — yet.

Yesterday the tech giant said it would “carefully consider” the findings and implications of the CJEU decision on Privacy Shield, adding that it looked forward to “regulatory guidance.” It certainly didn’t offer to proactively flip a kill switch and stop the processing itself.

Ireland’s DPA, meanwhile, which is Facebook’s lead data regulator in the region, sidestepped questions over what action it would be taking in the wake of yesterday’s ruling — saying it (also) needed (more) time to study the legal nuances.

The DPC’s statement also only went so far as to say the use of SCCs for taking data to the U.S. for processing is “questionable” — adding that case by case analysis would be key.

The regulator remains the focus of sustained criticism in Europe over its enforcement record for major cross-border data protection complaints — with still zero decisions issued more than two years after the EU’s General Data Protection Regulation (GDPR) came into force, and an ever-growing backlog of open investigations into the data processing activities of platform giants.

In May, the DPC finally submitted to other DPAs for review its first draft decision on a cross-border case (an investigation into a Twitter security breach), saying it hoped the decision would be finalized in July. At the time of writing we’re still waiting for the bloc’s regulators to reach consensus on that.

The painstaking pace of enforcement around Europe’s flagship data protection framework remains a problem for EU lawmakers — whose two-year review last month called for uniformly “vigorous” enforcement by regulators.

The European Data Protection Supervisor (EDPS) made a similar call today, in the wake of the Schrems II ruling — which only looks set to further complicate the process of regulating data flows by piling yet more work on the desks of underfunded DPAs.

“European supervisory authorities have the duty to diligently enforce the applicable data protection legislation and, where appropriate, to suspend or prohibit transfers of data to a third country,” writes EDPS Wojciech Wiewiórowski, in a statement, which warns against further dithering or can-kicking on the intervention front.

“The EDPS will continue to strive, as a member of the European Data Protection Board (EDPB), to achieve the necessary coherent approach among the European supervisory authorities in the implementation of the EU framework for international transfers of personal data,” he goes on, calling for more joint working by the bloc’s DPAs.

Wiewiórowski’s statement also highlights what he dubs “welcome clarifications” regarding the responsibilities of data controllers and European DPAs — to “take into account the risks linked to the access to personal data by the public authorities of third countries.”

“As the supervisory authority of the EU institutions, bodies, offices and agencies, the EDPS is carefully analysing the consequences of the judgment on the contracts concluded by EU institutions, bodies, offices and agencies. The example of the recent EDPS’ own-initiative investigation into European institutions’ use of Microsoft products and services confirms the importance of this challenge,” he adds.

Part of the complexity of enforcement of Europe’s data protection rules is the lack of a single authority; a varied patchwork of supervisory authorities responsible for investigating complaints and issuing decisions.

Now, with a CJEU ruling that calls for regulators to assess third countries themselves — to determine whether the use of SCCs is valid in a particular use-case and country — there’s a risk of further fragmentation should different DPAs jump to different conclusions.

Yesterday, in its response to the CJEU decision, Hamburg’s DPA criticized the judges for not also striking down SCCs, saying it was “inconsistent” for them to invalidate Privacy Shield yet allow this other mechanism for international transfers. Supervisory authorities in Germany and Europe must now quickly agree how to deal with companies that continue to rely illegally on the Privacy Shield, the DPA warned.

In the statement, Hamburg’s data commissioner, Johannes Caspar, added: “Difficult times are looming for international data traffic.”

He also shot off a blunt warning that: “Data transmission to countries without an adequate level of data protection will… no longer be permitted in the future.”

Compare and contrast that with the Irish DPC talking about use of SCCs being “questionable,” case by case. (Or the U.K.’s ICO offering this bare minimum.)

Caspar also emphasized the challenge facing the bloc’s patchwork of DPAs to develop and implement a “common strategy” toward dealing with SCCs in the wake of the CJEU ruling.

In a press note today, Berlin’s DPA also took a tough line, warning that data transfers to third countries would only be permitted if they have a level of data protection essentially equivalent to that offered within the EU.

In the case of the U.S. — home to the largest and most used cloud services — Europe’s top judges yesterday reiterated very clearly that that is not in fact the case.

“The CJEU has made it clear that the export of data is not just about the economy but people’s fundamental rights must be paramount,” Berlin data commissioner Maja Smoltczyk said in a statement [which we’ve translated using Google Translate].

“The times when personal data could be transferred to the U.S. for convenience or cost savings are over after this judgment,” she added.

Both DPAs warned the ruling has implications for the use of cloud services where data is processed in other third countries where the protection of EU citizens’ data also cannot be guaranteed too, i.e. not just the U.S.

On this front, Smoltczyk name-checked China, Russia and India as countries EU DPAs will have to assess for similar problems.

“Now is the time for Europe’s digital independence,” she added.

Some commentators (including Schrems himself) have also suggested the ruling could see companies switching to local processing of EU users’ data. Though it’s also interesting to note the judges chose not to invalidate SCCs — thereby offering a path to legal international data transfers, but only provided the necessary protections are in place in that given third country.

Also issuing a response to the CJEU ruling today was the European Data Protection Board (EDPB). AKA the body made up of representatives from DPAs across the bloc. Chair Andrea Jelinek put out an emollient statement, writing that: “The EDPB intends to continue playing a constructive part in securing a transatlantic transfer of personal data that benefits EEA citizens and organisations and stands ready to provide the European Commission with assistance and guidance to help it build, together with the U.S., a new framework that fully complies with EU data protection law.”

Short of radical changes to U.S. surveillance law, it’s tough to see how any new framework could be made to legally stick, though. Privacy Shield’s predecessor arrangement, Safe Harbour, stood for around 15 years. Its shiny “new and improved” replacement didn’t even last five.

In the wake of the CJEU ruling, data exporters and importers are required to carry out an assessment of a country’s data regime to assess adequacy with EU legal standards before using SCCs to transfer data there.

“When performing such prior assessment, the exporter (if necessary, with the assistance of the importer) shall take into consideration the content of the SCCs, the specific circumstances of the transfer, as well as the legal regime applicable in the importer’s country. The examination of the latter shall be done in light of the non-exhaustive factors set out under Art 45(2) GDPR,” Jelinek writes.

“If the result of this assessment is that the country of the importer does not provide an essentially equivalent level of protection, the exporter may have to consider putting in place additional measures to those included in the SCCs. The EDPB is looking further into what these additional measures could consist of.”

Again, it’s not clear what “additional measures” a platform could plausibly deploy to “fix” the gaping lack of redress afforded to foreigners by U.S. surveillance law. Major legal surgery does seem to be required to square this circle.

Jelinek said the EDPB would be studying the judgement with the aim of putting out more granular guidance in the future. But her statement warns data exporters they have an obligation to suspend data transfers or terminate SCCs if contractual obligations are not or cannot be complied with, or else to notify a relevant supervisory authority if it intends to continue transferring data.

In her roundabout way, she also warns that DPAs now have a clear obligation to terminate SCCs where the safety of data cannot be guaranteed in a third country.

“The EDPB takes note of the duties for the competent supervisory authorities (SAs) to suspend or prohibit a transfer of data to a third country pursuant to SCCs, if, in the view of the competent SA and in the light of all the circumstances of that transfer, those clauses are not or cannot be complied with in that third country, and the protection of the data transferred cannot be ensured by other means, in particular where the controller or a processor has not already itself suspended or put an end to the transfer,” Jelinek writes.

One thing is crystal clear: Any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished like summer rain.

In its place, a sense of déjà vu and a lot more work for lawyers.

The venture capital world is constantly changing, and its evolution can sometimes flip pieces of conventional wisdom on their heads. For example, a recent flurry of extension rounds from Silicon Valley’s hottest startups like Stripe and Robinhood seem to signal that the investment type has suddenly become cool.

Extensions evolving from unloved to hot is not the first time that a type of VC deal has gained, or lost luster. In past times, for example, raising consecutive rounds from the same lead investor was often perceived as a negative signal; why couldn’t the startup find a new, different lead investor? Today, in contrast, venture capitalists are using inside rounds to double-down on winning startups, a way of helping ensure returns for their own backers.

The recent phenomenon of extensions becoming vogue is a tale of the times, in which the best startups get to play offense, and startups that can’t show accelerating growth are left behind. Let’s explore what has changed.

A series of fortunate extensions

TechCrunch first wrote about the new extension-round trend after seeing what felt like a wave of the deals crop up. Some were large, like MariaDB’s huge $25 million add-on to its Series C, or Robinhood’s biblical $320 million addition to its Series F.

But most were smaller events like Sayari adding $2.5 million to its Series B, or CALA adding $3 million to its seed round. Even more recently, Eterneva raised another $3 million on top of its seed round, and also out this week was a million pounds more for Edinburgh-based Machine Labs’ seed round.

One reason for the growth of extension rounds in 2020 has been runway — making sure that a startup has enough. Upstarts often raise on an 18-month cadence. But because of COVID-19 and its constituent economic disruptions, many have reduced costs in a bid to bolster how long they have until their cash stores reach zero.

The Netflix animated series has been pretty solid for three seasons now. But does it have anything left to say?

Even the world’s second largest smartphone market isn’t immune to COVID-19.

Smartphone shipments in India fell 48% in the second quarter compared with the same period a year ago, the most drastic drop one of the rare growing markets has seen in a decade, research firm Canalys reported Friday evening.

About 17.3 million smartphone units shipped in Q2 2020, down from 33 million in Q2 2019 and 33.5 million in Q1 2020, the research firm said.

You can blame coronavirus, more than a million cases of which has been reported in India.

New Delhi ordered a nationwide lockdown in late March to contain the spread of the virus that saw all shops across the country — save for some of those that sell grocery items and pharmacies — temporarily cease operation. Even e-commerce giants such as Amazon and Flipkart were prohibited from selling smartphones and other items classified as “non-essential” by the government.

The protracted lockdown lasted until mid-May, after which the Indian government deemed that other stores and e-commerce deliveries could resume their services in much of country. New Delhi’s stringent measure explains why India’s smartphone market dipped so heavily.

China, the world’s largest smartphone market, in comparison, saw only an 18% drop in shipments in the quarter that ended in March — the period when the country was most impacted by the virus. In Q1, when India was largely not impacted by the virus, smartphone shipments grew by 4% in the country. (Globally, smartphone shipments shrank by 13% in Q1 — a figure that is projected to only slightly improve to a 12% decline this year.)

“It’s been a rocky road to recovery for the smartphone market in India,” said Madhumita Chaudhary, an analyst at Canalys. “While vendors witnessed a crest in sales as soon as markets opened, production facilities struggled with staffing shortages on top of new regulations around manufacturing, resulting in lower production output.”

Despite the lockdown, Xiaomi maintained its dominance in India. The Chinese smartphone vendor, which has been the top smartphone vendor in India since late 2018, shipped 5.3 million smartphone units in the quarter that ended in June this year and commanded 30.9% of the local market, Canalys estimated.

With 3.7 million units shipped and 21.3% market share in India, Vivo retained the second spot. Samsung, which once ruled the Indian smartphone market and has made major investments in the country in recent months, settled for the third spot with 16.8% share.

Nearly every smartphone vendor has launched new handsets in India in recent weeks as they look to recover from the downtime, and several more new smartphone launches are planned in the next month.

But for some of these players, the virus is not the only obstacle.

Anti-China sentiment has been gaining mindshare in India in recent months, ever since more than 20 Indian soldiers were killed in a military clash in the Himalayas in June. “Boycott China” — and variations of it — has been trending on Twitter in India as a number of people posted videos destroying Chinese-made smartphones, TVs and other products. Late last month, India also banned 59 apps and services developed by Chinese firms.

Xiaomi, Vivo and Oppo, which now assumes the fourth spot in India, and other Chinese smartphone vendors command nearly 80% of the smartphone market in India.

Canalys’ Chaudhary, however, believes these smartphone firms will be able to largely avoid the backlash as “alternatives by Samsung, Nokia, or even Apple are hardly price-competitive.”

Apple, which commands only 1% of the Indian smartphone market, was the least impacted among the top 10 vendors as iPhone shipments fell just 20% year-on-year to over 250,000 in Q2 2020, Canalys said.

Do you need a tablet for around the house? For your kids? Should you buy the Fire HD 8 or the Fire HD 10? We’ve got the answers.

We’ll have to don them for a while, so here are the WIRED team’s favorite cloth coverings for running, walking, and going to work.

Plus: Early accounts from Vancouver, the endless surprises of tech journalism, and a new low for the White House.

The annual confab is going online this year—and there’s a chance it will never recover.

This week, Recode’s Peter Kafka joins us to talk about Netflix’s dominance over the entertainment industry and how the streaming landscape continues to change.

The inflated price of the anti-Covid drug may not bother hospitals, insurance companies, or even patients. But it’s still not justified.

As campuses reopen, the logistics of preventing an outbreak are posing thorny questions: Who to test? How often? And will students buy in?

Officials in three countries believe a state-linked group is trying to steal intellectual property and information about potential vaccine candidates.