Rotterdam prepared for worst when Britain crashes out of EU

In Rotterdam, everyone assumes the UK will leave the single market and customs union. We went to see how it plans to cope with the upheaval

Europe’s largest port, Rotterdam, is counting down to Brexit. “In about 200 days’ time, if nothing else happens… we will need to supervise all the goods coming in and out of the UK market,” says Roel van ’t Veld, Brexit coordinator at the Dutch customs authority.

Hard Brexit or soft? Chequers dead or alive? Does “max-fac” make any sense? The feverish debate in Westminster is distant for officials in Rotterdam, who are working on the assumption the UK will leave the EU’s single market and customs union on 29 March 2019.

I would like the UK to stay within the common market, but it appears that the UK prefers not to

Continue reading…

Cleo, the ‘digital assistant’ that replaces your banking apps, picks up $10M Series A led by Balderton

When Cleo, the London-based “digital assistant” that wants to replace your banking apps, quietly entered the U.S., the company couldn’t have expected to be an instant hit. Many better-funded British startups have failed to “break America.” However, just four months later, the fintech upstart counts 350,000 users across the pond — claiming more than 600,000 active users in the U.K., U.S. and Canada in total — and says it is adding 30,000 new signups each week. All of which hasn’t gone unnoticed by investors.

Already backed by some of the biggest VC names in the London tech scene — including Entrepreneur First, Moonfruit founder Wendy Tan White, Skype founder Niklas Zennström, Wonga founder Errol Damelin, TransferWise founder Taavet Hinrikus and LocalGlobe — Cleo is adding Balderton Capital to the list.

The European venture capital firm, which has previously invested in fintech unicorn Revolut and the well-established GoCardless, has led Cleo’s $10 million Series A round, in which I understand most early backers, including Zennström, also followed on. One source told me the Series A gives the hot London startup a post-money valuation of around £30 million (~$39.7m), although Cleo declined to comment.

In a call with co-founder and CEO Barney Hussey-Yeo, he explained that the new capital will be used to continue scaling the company, with further international expansion the name of the game. Hussey-Yeo says Cleo will be targeting Western Europe, the Americas and Australasia, aiming to launch in a whopping 22 countries in the next 12 months, as Cleo bids to become the “default interface” for millennials interacting and managing their money.

Primarily accessed via Facebook Messenger, the AI-powered chatbot gives insights into your spending across multiple accounts and credit cards, broken down by transaction, category or merchant. In addition, Cleo lets you take a number of actions based on the financial data it has gleaned. You can choose to put money aside for a rainy day or specific goal, send money to your Facebook Messenger contacts, donate to charity, set spending alerts and more.

However, in the context of traction and Cleo’s broader global ambitions, it is the decision not to become a bank in its own right that Hussey-Yeo feels is really beginning to bear fruit. His argument has always been that you don’t need to be a bank to become the primary way users interface with their finances, and that without the regulatory and capital burden that becoming a fully licensed bank brings, you can scale much more quickly. I have a feeling that strategy — and its pros and cons — has a long way to play out just yet.

Facebook and Airbnb told to change their ToS to fix EU consumer rights issues by year’s end

Facebook and Airbnb have been singled out for censure by the European Commission’s head of consumer affairs who has warned the companies she’s running out of patience and said they need to make additional changes to their terms of service before the end of the year to bring them into line with the bloc’s consumer rules.

The Commission has been sounding off about tech and social media platforms’ terms of service impinging on EU consumer rights for almost two years.

In February it warned a raft of companies they needed to do more to respect consumer rights. In July the Commission joined with EU consumer authorities to push Airbnb to make changes.

At the same time the Commission is pushing for an update to modernise EU consumer rules — and is hoping to get the backing of the European Parliament and member states, via the European Council, which is needed to reform EU law.

“I have respect for the work of national consumer authorities but sometimes the powers they have on national level are not sufficient for companies to co-operate efficient with them,” tweeted commissioner Vera Jourova today. “Hence the #NewDealForConsumers we propose strengthening their power and having persuasive sanctions.”

The Commission’s public denouncement of tech giants inexorably, therefore, has a strategic political dimension, as it seeks to garner attention for its reform cause and drum up support for reworking the rules.

Though it clearly also feels that Facebook and Airbnb haven’t done enough to comply with existing EU consumer rules.

Giving an update on its efforts “to ensure fair treatment for consumers in the EU in the online world” at a press conference today, Jourova said the pair are still misleading consumers with terms and conditions that are not clear enough about costs, in the case of Airbnb, and about how user data is passed to third parties in the case of Facebook.

And while she said the pair have agreed to make additional changes she also put them on watch — warning she’s “running out of patience”, having been engaged in negotiations on the matter for almost two years now. 

On Airbnb she said the company has agreed to make additional changes before the end of the year to make it clearer to consumers what the total cost of a stay with a host will be before they hit ‘buy’.

“Following our call in July Airbnb informed us that it accepted to improve transparency of prices — so the consumers can know up front about the final price or additional costs, like cleaning fees or local taxes. Airbnb will also make changes to terms and conditions for instance to be clear that consumers can use all the legal remedies available and in particular their right to sue a host in case of personal harm or other damages,” she said. 

“EU consumers must have guaranteed the same rights in selling and purchasing offline and online,” Jourova added. “We didn’t come with a specific legislation for online selling but we always said offline rules must apply also for the online world. So this is what we are now doing with Airbnb and Facebook where we still see some gaps in their contracts which they use for providing their services to EU consumers.”

Responding to her remarks today in a statement, an Airbnb spokesperson told us: “Airbnb is a community build on trust and transparency is a key part of that. Guests have always been aware of all fees, including service charges and taxes, before booking listings, and we are pleased to work with the CPC to make this even clearer for guests.”

In Facebook’s case the Commission wants to see greater transparency in its ToS on the key characteristics of its services and relations with third parties with whom the company shares consumers’ data — saying a clearer link needs to be made between the actual provision of the service; the fact that consumers’ data constitute the consideration for receiving that service; and the commercial exploitation of the data and user generated content (by providing targeted advertising services to third parties).

It is also not happy about Facebook’s terms granting the company a perpetual licence on user generated content even after a user quits Facebook, saying this is unfair.

It also believes the rights Facebook grants itself over the content users upload is not made sufficiently prominent to consumers when they sign up.

Additionally it criticises Facebook’s terms for not being clear on its obligations to remove user generated content and/or suspend or terminate an account, saying its ToS include vague phrases and do not clarify whether the consumer will be notified in advance.

The Commission also flags the lack of an appeal option for consumers in some cases.

It’s also not happy about Facebook granting itself the power to unilaterally change its terms of service, saying this is contrary to EU consumer legislation which identifies as unfair terms that enable: “the seller or supplier to alter the terms of the contract unilaterally without a valid reason which is specified in the contract”.

Jourova said both Facebook and Airbnb have a deadline of October 18 to propose additional changes — which will then be assessed by the Commission and the Consumer Protection Cooperation Network of EU consumer rights bodies that it’s working with on this issue — with the aim of having an acceptable (“fully functional”) final implementation by December, and new compliant contracts definitely in place by January.

In further remarks about Facebook Jourova said her latest meeting with the company had been “constructive” but pointed to the Cambridge Analytica scandal as a “stark reminder that not many people have clarity on how Facebook uses personal data of its users and how it works with third parties like apps, games or quiz creators”.

“Not many people know that Facebook has made available their data to third parties or that, for instance, it holds full copyright about any picture or content you put on it even after you delete your account,” she continued, saying she had spoken to many Facebook users who were “very surprised” to learn the rights its ToS grant it over user data.

“So we want Facebook to be absolutely clear to its users about how the service operates and makes money. Facebook has almost 380M users in Europe and I expect Facebook to take more responsibility for them.”

“I expect also Facebook to be honest with those that go and try to understand all the consequences of using their services,” she added. “I will not hide that I am becoming rather impatient because we have been in dialogue with Facebook almost two years and I really want to see not a progress, it’s not enough for me, I want to see the results.”

Responding to Jourova’s remarks today, a Facebook spokesperson emailed us the following statement:

People share their most valued moments on Facebook, and we want to make our terms clear and accessible to everyone. We updated Facebook’s Terms of Service in May and included the vast majority of changes the Consumer Protection Cooperation Network and the European Commission had proposed at that point. Our terms are now much clearer on what is and what isn’t allowed on Facebook and on the options people have. We are grateful to the CPC and the Commission for their feedback and will continue our close cooperation to understand any further concerns and make appropriate updates.

At today’s press conference Jourova also raised the spectre of a regime of co-ordinated penalties for consumer rights violations coming down the pipe to strengthen enforcement, saying there’s a need for the EU to have “unified sanctions” (something it does now has for data protection violations, thanks to the GDPR).

Unified sanctions are included in the Commission’s new deal for consumers, which it adopted in April — and which is now on the table as a proposal for the other two EU institutions to consider and (the Commission hopes) support.

She said the proposal is “the package which should improve the enforcement of consumer rights in a very big scope”, adding: “I do hope that the European Parliament and the Member States will adopt the legislation or the position quickly so that we have this done as soon as possible in Spring next year.”

Equifax slapped with UK’s maximum penalty over 2017 data breach

Credit rating giant Equifax has been issued with the maximum possible penalty by the UK’s data protection agency for last year’s massive data breach.

Albeit, the fine is only £500,000 because the loss of customer data occurred when the UK’s prior privacy regime was in force — rather than the tough new data protection law, brought in via the EU’s GDPR, which allows for maximum penalties of as much as 4% of a company’s global turnover for the most serious data failures.

So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months — thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers.

Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.

The UK data protection regulator is involved because up to 15 million UK citizens’ data was also breached in the attack. And while the hack compromised Equifax’s US systems, the UK citizens’ data was being processed in the US.

The UK’s Information Commissioner’s Office (ICO) said today that the UK arm of Equifax failed to take adequate steps to ensure its US parents was protecting this data.

Reporting the result of its investigation, the ICO said Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 — including, failure to secure personal data; poor retention practices; and lack of legal basis for international transfers of UK citizens’ data.

“Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law,” said information commissioner Elizabeth Denham in a statement. “We are determined to look after UK citizens’ information wherever it is held.”

“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce. This is compounded when the company is a global firm whose business relies on personal data,” she added.

The regulator’s investigation, carried out in parallel with the UK’s financial regulator, the Financial Conduct Authority, revealed multiple failures at the credit reference agency.

The ICO says it found that measures that should have been in place to manage personal information were “inadequate and ineffective”, and there were also “significant problems” with data retention, IT system patching, and audit procedures.

It flags the fact that the US Department of Homeland Security had warned Equifax Inc about a critical vulnerability as far back as March 2017, noting that “sufficient steps to address the vulnerability were not taken meaning a consumer facing portal was not appropriately patched”.

“Many of the people affected would not have been aware the company held their data; learning about the cyber attack would have been unexpected and is likely to have caused particular distress,” added Denham, emphasizing the reasons for the ICO to issue the maximum possible penalty for the breach.

The ICO also recently issued Facebook with the same level of fine for allowing user data on up to 87 million Facebook users to be scraped by a third party app which used it to try to build voter targeting models, selling this as a service to a political consultancy involved in US elections.

“Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it,” she continued. “Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine.”

Equifax has responded with disappointment to the ICO’s decision. In a statement responding to the ICO’s ruling, a company spokesperson said: “We have received the Monetary Penalty Notice from the Information Commissioner’s Office (ICO) on Wednesday afternoon and are considering the detailed points made. Equifax has cooperated fully with the ICO throughout its investigation, and we are disappointed in the findings and the penalty.

“As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect. The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.

“Data security and combatting criminal digital activity is an ongoing battle for all organisations that requires continued innovation and attention. We have acted and continue to act to make things right for consumers. They will always be our priority.”

The company points to a number of changes it says it has made in response to the incident to strengthen its policies and processes, and also highlights ongoing investments in infrastructure and corporate governance procedures, including hiring additional IT staff, which are intended to improve the resilience of its systems to hack attacks.

However it does concede that the breach itself was the result of internal process failings, given that a file containing historical consumer information which should have been deleted was not.

And the key point here is that the ICO’s decision is based on scrutinising exactly what happened that led to the breach occurring.

How a company has acted since a security crisis will be taken into consideration, as part of the overall picture, but having shut the barn door after the horse has bolted is only going to get so much credit vs the reasons for the barn door not being properly secured in the first place. And that’s as it should be given the point of data protection legislation is to encourage companies to prioritize security, not overlook it.

In the Equifax decision the ICO writes: “The Commissioner has also taken into account her underlying objective in imposing a monetary penalty notice, namely to promote compliance with the DPA [data protection act]. She considers that, given the nature, seriousness and potential consequences of the contravention arising in this case, that objective would not be adequately served by an unduly lenient penalty.”

The Guardian view on EU migration: a mutual advantage | Editorial

The privileged access of British and EU citizens to each other’s countries has a value that economic statistics cannot measure

It is impossible to imagine Brexit without debate over immigration. So it is remarkable that the final report by the Migration Advisory Committee (MAC), established to inform post-Brexit policy, presumes that immigration will not be covered by the UK’s final deal with the EU. The report, published earlier this week, does not recommend the exclusion of migration from talks in Brussels. The MAC’s working timetable meant it had to imagine a world without special access of EU and UK citizens to each other’s labour markets. But that loss is not a foregone conclusion, nor is it desirable.

The MAC recommends allowing in fewer low-skilled workers and more high-skilled ones. The latter group currently arrive on tier 2 visas, available to people from outside the European Economic Area, taking up jobs paying £30,000 or more a year. Their less qualified counterparts are said to exert downward pressure on wages and increase demand for public services. Those are the factors commonly cited as drivers of anti-migrant resentment, although it is not easy disaggregating economic considerations from xenophobia and nostalgia for a more ethnically homogeneous society.

Continue reading…

Announcing the agenda for TechCrunch Startup Battlefield MENA 2018 in Beirut

We’re excited to head to Beirut, Lebanon, on October 3rd for TechCrunch Startup Battlefield MENA 2018. Yes, we’re bringing our premier startup pitch competition to the Middle East / North Africa, and as well as launching 15 of the hottest startups in MENA on stage for the first time, we’ll also be joined by some leading lights of the scene.

Tickets to this event — our first in this part of the world — cost $29 (including VAT), and you can buy your tickets right here.

Startup Battlefield consists of three preliminary rounds with 15 teams — five startups per round — who have six minutes to pitch and present a live demo to a panel of expert technologists and VC investors. After each pitch, the judges have six minutes to grill the team with tough questions. This is all after the free pitch-coaching they receive from TechCrunch editors.

One startup will emerge the winner of TechCrunch Startup Battlefield MENA 2018 — and receive a US$25,000 no-equity cash prize and win a trip for two to compete in the Startup Battlefield at TechCrunch Disrupt in 2019 (assuming the company still qualifies to compete at the time).

We still have a few tricks up our sleeves and will be adding some new names to the agenda over the few weeks so keep your eyes open. In the meantime, check out these agenda highlights:

Fireside Chat
With Imad Kreidieh (Ogero Telecom) and Ari Kesisoglu (Facebook)

Startup Battlefield Competition, Session 1
TechCrunch’s iconic startup competition is here and for the first time in MENA, as entrepreneurs from around the region pitch expert judges and vie for the Battlefield Cup.

Konstantinos Papamiltiadis (Facebook)
Hear from Facebook’s Director of Developer Platforms & Programs about how his team supports Facebook’s product and platform strategy through partnerships with technology companies and programs for startups.

Startup Battlefield Competition, Session 2
TechCrunch’s iconic startup competition is here and for the first time in MENA, as entrepreneurs from around the region pitch expert judges and vie for US$25,000 no-equity cash prize and a trip for two to compete in the Startup Battlefield at TechCrunch Disrupt in 2019.

Lessons 10 Years On
With Omar Gabr (Instabug), Nour Al Hassan (Tarjama) and Ameer Sherif (Wuzzuf)
Ten years ago the Middle East and North Africa’s tech ecosystem was worth perhaps tens of millions of dollars. Today it’s in the hundreds of millions, and beyond. A decade ago the societal landscape was very different from today. Let’s discuss the huge changes that have happened and challenges and opportunities ahead.

Startup Battlefield Competition, Session 3
TechCrunch’s iconic startup competition is here and for the first time in MENA, as entrepreneurs from around the region pitch expert judges and vie for the Battlefield Cup.

Fireside chat
With Magnus Olsson (Careem)
How do you scale a big startup in MENA? We hear from Magnus Olson, founder and Managing Director of ride-hailing giant Careem on how they joined the unicorn club with Lyft and Uber.

Where Will the Exits Come From?
With Henri Asseily (Leap Ventures), Priscilla Elora Sharuk (Myki), and Kenza Lahlou (Outlierz Ventures)
Both VCs and startups in MENA alike are furiously building the companies of the future. But you can’t have a startup without an acquisition or IPO, so where are these going to come from? We’ll hear from both the founder and investor perspectives.

Startup Battlefield Competition – Final Round
TechCrunch’s iconic startup competition is here and for the first time in MENA, as entrepreneurs from around the region pitch expert judges and vie for the Battlefield Cup.

MENA Content Plays
with Hussam Hammo (Tamaten) and Rami Al Qawasmi (Mawdoo3)
A little-known fact about the MENA market is the sheer lack of Arabic language content online for consumers, whether it be media, music, games or events. Arabic-specific sites have appeared, tailor-made to the market. We’ll get the perspective of key entrepreneurs in this space.

Startup Battlefield Closing Awards Ceremony
Watch the crowning of the latest winner of the Startup Battlefield

Waitrose switches up a gear to launch two-hour grocery deliveries in London

Up market UK supermarket chain Waitrose will start trialing two-hour or same day delivery options in certain London postcodes from tomorrow.

It’s partnering with CitySprint Group courier delivery spin-out On the Dot for the deliveries which will be made by electric and hydrogen vans and push bikes and cargo bikes (billed as a zero-emission fleet).

The supermarket says the service is being launched in response to customer demand for more ‘little and often’ shopping trips rather than the traditional weekly haul.

Waitrose has long had its own online supermarket, Waitrose.com (and prior to 2010 via Ocado), but the new on-demand delivery option (which it’s calling Waitrose Rapid Delivery) looks intended to supplement that and fill in any competitive gaps opened up as a result of young shoppers not being so keen to commit to a big weekly shop — with the supermarket flagging “flexibility and convenience” as the drivers.

It cites research it commissioned which found two-thirds of UK shoppers regularly or occasionally visit a supermarket more than once a day, saying the trend is particularly prevalent among 18-to 24-year olds who it found to be twice as likely to visit a supermarket twice a day as the over-55s.

Other UK supermarkets have already made moves to cater to Brits’ changing grocery shopping habits, with Sainsbury’s first to the punch to offer a 60-minute delivery service (called Chop Chop) for small food shops in London in 2016, before extending it to additional London postcodes last year.

Tesco responded with its own one-hour delivery service in summer 2017, including in central London.

Not directly mentioned in Waitrose’s PR for the rapid delivery launch, but likely also on its mind, is additional competition from ecommerce giant Amazon — which launched its AmazonFresh grocery delivery service for Prime members in London two years ago.

Prime members must pay an additional subscription to sign up for Prime Fresh, with the subscription business model acting as a sort of double lock-in.

Waitrose’s rapid delivery option is being launched in the following London postcodes initially: SW5, SW6, SW10, WC1, WC2, EC1, CR5 and CR8 — with a wider rollout slated as “likely” next year, if the trial goes to plan. 

Customers in the trial areas can choose up to 20 items per delivery from more than 1,500 products at rapid.waitrose.comThey then get the option of receiving their shopping within two hours of placing the order or they can specify a one-hour time slot that same day.

The service has a £10 minimum spend and there is also a £5 charge applied for delivery in either two hours or the same day.

Waitrose says products will be hand-picked and prepared for delivery by Waitrose Partners — at either its London shops in Fulham and Bloomsbury or at its dot.com distribution centre in Coulsdon, Surrey.

On-demand grocery delivery may now be increasingly on offer to urban dwellers from UK supermarket giants but five years ago startups were toying with offering Instacart-style personal shopper services.

It now looks like grocery deliveries will be mostly folded into the existing supermarket mix via add-on services — depending on the size of grocery pie-slice Amazon can carve itself.

Twitter’s former Head of People EMEA joins VC firm Atomico as Partner

Atomico, the European venture capital firm founded by Skype’s Niklas Zennström, is announcing a number of new hires to its investment team, including new Partner Caroline Chayot, who previously led the EMEA HR team at Twitter.

I’m told she’ll be working alongside existing Atomico Partner Dan Hynes, who was formerly the Director of Global Staffing at Skype, with the pair helping meet increased demand from Atomico’s portfolio companies for talent support.

At Twitter, Chayot is said to have supported the leadership team in scaling the social media behemoth from two to six markets, growing the team from 80 based in London to 500 across the region. Prior to that she worked at Google in HR for 9 years.

In addition, Irina Haivas has joined Atomico as Principal. The former surgeon and former surgical fellow at Harvard Medical School (yes, you read that correctly) previously worked at healthcare investor GHO Capital Partners. She’ll focus on sourcing investment opportunities in machine intelligence-enabled businesses, synthetic biology, robotics and other “frontier technologies”.

The other new members of the 30-strong Atomico investment team are:

  • Senior Associate Annalise Dragic, a recent Stanford MBA graduate and who was a member of LinkedIn’s Strategy & Analytics Leadership Program’s inaugural class. She’ll be focusing on the U.K.
  • Associate Luca Eisenstecken, a German native who spent the last two years in San Francisco with Vector Capital. He’ll be covering Germany, Austria and Switzerland.
  • Associate Christina Fa, who grew up in Australia and New Zealand and joins Atomico from Google’s Corporate Finance team in Mountain View. She’ll be focusing on the Nordics and Baltic regions.
  • IR Associate Gunita Bhasin, who joins Atomico from Deutsche Bank and has lived and studied in India, Singapore, Turkey, and the U.K. She’ll support long-time Head of IR Camilla Richards in managing Atomico’s relationships with its global investor base.

Finally, it would be remiss of me not to mention Atomico’s new addition to its communications team. Eleanor Warnock, formerly with the Wall Street Journal, has joined the VC firm as Communications Manager. The hack-turned-flack will work alongside Atomico’s Head of Communications Bryce Keane to help raise the profile of the firm’s portfolio companies internationally.

Meanwhile, it’s that time of year again. Atomico has launched its latest State of European Tech survey, where it seeks your help in capturing a data-driven snapshot of the current European tech ecosystem and to confront a number of myths along the way. You can read TC’s analysis of the 2017 report here, and if you’d like to contribute, this year’s survey can be found here.