A Next DLP survey (conducted at RSA Conference 2024 and Infosecurity Europe 2024) has revealed how the rise of ‘Shadow SaaS’ and ‘Shadow AI’ may be putting businesses at risk of data loss, lack of visibility, and data breaches.

What Are Shadow SaaS and Shadow AI? 

Shadow SaaS refers to the use of software-as-a-service (SaaS) applications within an organisation without explicit approval from the IT department. Similarly, Shadow AI involves the deployment of AI tools and solutions without official oversight. The issue for businesses is that these shadow technologies often bypass the stringent security protocols and oversight that sanctioned IT solutions are subjected to, thereby creating potential vulnerabilities.

Prevalent 

One notable fact that the Next DLP survey established is the prevalence of SaaS applications in organisations, with almost three-quarters of security professionals (73 per cent) admitting to using SaaS applications that had not been provided by their company’s IT team in the past year.

Key Findings from the Next DLP Survey 

The Next DLP survey, which captured insights from industry professionals at two major conferences, appears to have revealed some of the more potentially negative implications of the use of Shadow SaaS and Shadow AI in organisations. For example, the survey reveals three primary areas of concern – data loss, lack of visibility, and data breaches.

Data Loss 

The unregulated nature of Shadow SaaS and Shadow AI can mean that sensitive data can easily be transferred, shared, or stored outside the secure confines of the company’s IT infrastructure. However, one key issue highlighted by the Next DLP survey, is the apparent disparity between employee confidence in using unauthorised tools and the organisation’s ability to mitigate the risks. For example, 65 per cent of respondents named data loss as a top risk of using unauthorised tools, and it appears that (according to 40 per cent of security professionals) employees may not fully understand the data security risks posed by shadow SaaS and shadow AI.

The survey respondents noted multiple instances where critical business data was inadvertently exposed or lost due to the use of unauthorised applications and AI tools.

This data loss can not only hamper business operations but also puts companies at risk of non-compliance with data protection regulations.

Lack of Visibility 

Another significant challenge highlighted by the survey appears to be the lack of visibility over shadow technologies. Without proper oversight, IT departments cannot track or manage these applications, making it difficult to enforce security policies or detect anomalies.

The survey indicated, for example, that 62 per cent of respondents are concerned about the lack of full visibility and control of the SaaS and AI tools being used within their organisations, thereby leading to unmanaged risks and potential security gaps.

Data Breaches

The integration of unauthorised applications and AI tools also significantly increases the risk of data breaches for organisations. For example, shadow technologies often lack the strong security measures that are standard in approved IT solutions.

The Next DLP survey reflected this by showing that just over half (52 per cent) of respondents see data breaches as a top risk of using unauthorised tools. The survey also reported an apparent surge in security incidents linked to shadow applications, with many businesses experiencing breaches that compromised sensitive information. For example, 10 per cent of respondents admitted they were certain their organisation had suffered a data breach or data loss as a result of Shadow SaaS usage

Data breaches not only result in financial losses but also damage the reputation of the affected companies.

Understanding of Shadow SaaS and AI Risks 

As previously touched upon, the Next DLP survey also revealed gaps in employee training and awareness regarding Shadow SaaS and AI risks in their organisation. For example, it showed that 40 per cent of security professionals believe employees do not understand these risks, and only 37 per cent have developed clear policies and consequences for unauthorised tool use. Also, 20 per cent admitted to being unaware of their company’s policy updates or training on these risks and 20 per cent also said they hadn’t received any guidance and updated policies in the past six months.

Such findings, therefore, appear to highlight the need for improved awareness and education on managing shadow technologies.

What To Do? 

To mitigate the risks associated with Shadow SaaS and Shadow AI, businesses may, therefore, benefit from adopting a proactive approach and using key strategies such as:

– Enhanced monitoring. Implementing advanced monitoring tools to detect and manage unauthorised applications.

– Employee education. Training employees on the risks of using unapproved technology and the importance of adhering to company policies.

– Robust policies. Developing and enforcing clear and comprehensive IT policies that address the use of SaaS and AI tools.

– Promote approved alternatives. For example, encouraging the use of approved and secure alternatives to unauthorised applications can help reduce reliance on risky shadow technologies. Currently, only 28 per cent of organisations promote such alternatives.

– Regular audits. Conducting regular audits to identify and remediate any instances of shadow technology usage.

What Does This Mean For Your Business? 

The findings from the Next DLP survey reveal a critical need for businesses to address the growing risks associated with Shadow SaaS and Shadow AI. The prevalence of unauthorised tools, combined with the significant risks of data loss, lack of visibility, and data breaches, all highlight the urgency for a strategic response.

For businesses, this means taking proactive steps to manage and mitigate these risks. For example, implementing advanced monitoring tools can help detect and control the use of unsanctioned applications and AI tools. By gaining full visibility into the tools employees use, businesses can better enforce security policies and detect anomalies early.

Employee education is another way to mitigate the risks. Training staff about the dangers of using unauthorised technologies and the importance of adhering to company policies can significantly reduce the likelihood of data breaches and other security incidents. Developing and enforcing clear and comprehensive IT policies can also help ensure that all employees understand the consequences of using unapproved tools.

Promoting the use of approved, secure alternatives, encouraging employees to rely on sanctioned applications and having regular audits are also ways that businesses can minimise the risks associated with Shadow SaaS and Shadow AI, identify and address any instances of shadow technology usage, and ensure continuous compliance and security.

Adopting these kinds of proactive strategies may mean that businesses can safeguard against the vulnerabilities posed by unauthorised applications and AI tools, protect their sensitive data, and enhance their overall security posture, thereby helping to avoid the pain of financial losses and reputational damage.

South Korea’s Samsung Electronics has reported that it expects its profits for the three months to June 2024 to have increased by a massive 15-fold on last year.

AI Driving Chip Prices 

Samsung is the world’s largest memory chip, smartphone and TV maker and the company’s (predicted) profit jump to $10.4 trillion from $670 billion last year is attributed to semiconductor prices being driven by the artificial intelligence boom.

The predicted 15-fold increase in profits to June follows a 10-fold increase in the first quarter.

Reversed Inventory Writedown 

Also, Samsung reversing the writedown of the value of its chips / regaining the value of its chips in its books, due to improved market conditions and demand for chips, appears to have been a key contributing factor to the huge surge in predicted profits.

Demand For High-End DRAM Chips Driving Prices Up 

Samsung’s semiconductor sector is expected to have achieved its second straight quarterly profit, improving upon the previous quarter with the boost coming as memory chip prices recover from their decline between mid-2022 and late-2023, which was caused by a drop in post-pandemic demand for electronic devices.

Analysts also credit the rising chip prices to the strong demand for high-end DRAM chips (Dynamic Random-Access Memory chips), such as the high bandwidth memory (HBM) chips used in AI processors, along with chips for data-centre servers and AI-enabled gadgets. DRAM chips are widely used due to their high speed and efficiency.

For example, during the second quarter, memory chip prices increased, with DRAM chips for tech devices rising by around 13 to 18 per cent. Also, prices for NAND Flash chips (which retain data even when the power is turned off) for data storage increased by 15 per cent to 20 per cent (TrendForce).

Not All Good News 

Although Samsung’s profits may be surging due to demand for and rising prices of its AI chips, the company is facing some other potentially serious challenges. For example:

– Labour disputes and worker strikes: Samsung is facing potential labour unrest following a planned three-day and a call for an indefinite strike by over 30,000 workers, including key chip plant workers, all members of The National Samsung Electronics Union (NSEU), which represents nearly a quarter of Samsung Electronics’ workers in South Korea. The union is demanding a more transparent system for bonuses and time off.

– Competitive pressures. Samsung has some fierce competition in the AI chip market. Its latest high bandwidth memory (HBM) chips have struggled to gain certification from Nvidia, a major player in AI hardware and the issue has placed Samsung behind its smaller (also South Korean) rival, SK Hynix, which has become the leading supplier of HBM chips.

– Rising operating costs. The company is dealing with increased operating costs in its mobile business, due to higher parts costs and elevated expenses for marketing and development of AI services.

– Market volatility. The broader semiconductor market is experiencing fluctuations due to macroeconomic trends and geopolitical issues. While demand for AI applications remains strong, these external factors are introducing uncertainties that could affect business conditions in the latter half of the year.

– Technological advancements. As with all tech companies, Samsung is under pressure to maintain its technological edge. The development and mass production of advanced technologies such as 3nm and 2nm chips are crucial for staying competitive and the company is working on enhancing its technology leadership in memory and foundry operations. Nevertheless, it still faces challenges in ramping up production and ensuring high yields.  Investors are also awaiting news of whether Samsung’s latest fourth-generation HBM chips will receive approval to supply Nvidia (the world’s most valuable company last month) after they failed earlier tests because of heat and power consumption problems.

What Does This Mean For Your Business? 

Samsung’s extraordinary profit surge, driven by the booming AI and semiconductor markets, shows Samsung’s robust position in the semiconductor industry, particularly in AI-driven applications. However, despite the huge profit forecast, the company faces notable challenges, including potentially labour disputes and intense competition, especially in high-end memory chips. Samsung’s ability to navigate these issues while continuing to innovate will be critical for sustaining its market dominance and profitability.

Samsung’s success is also likely to put pressure on competitors to accelerate their own innovation and production capabilities. Companies like SK Hynix, which have already made strides in high-bandwidth memory (HBM) chips, must now continue to advance their technologies to maintain their competitive edge. This competitive landscape drives technological advancements, benefitting the broader industry but also intensifying market rivalry.

For the businesses that rely on semiconductors, e.g. those in the electronics, automotive, and data storage industries, the rising prices and demand for memory chips are unwelcome news. Manufacturers face increased costs for components, most likely prompting them to explore more cost-efficient supply chain solutions or pass on the increased costs to consumers. Collaboration with semiconductor suppliers and investment in alternative technologies could, however, mitigate some of these impacts.

For us as consumers, the rising prices of memory chips look likely to lead to higher costs for consumer electronics, including smartphones, laptops, and other gadgets. However, the improved capabilities of AI-driven devices might offset some of the pain of the price increases, i.e. consumers could benefit from enhanced performance and new features in their tech products, driven by the advancements in semiconductor technology.

Looking ahead, despite the impressive predicted profit figures, Samsung’s path forward currently appears to be fraught with challenges. The company clearly needs to resolve pressing labour disputes amicably to avoid production disruptions. Also, gaining certification for its HBM chips from industry leaders like Nvidia is crucial for maintaining its competitive stance in the AI market. Samsung’s continued investment in advanced technologies, such as 3nm and 2nm chips, will be vital for future growth. The company’s strategic focus on AI and high-performance computing, however, positions it well for more success, but it must remain agile in addressing both market opportunities and challenges.

It’s been reported that WhatsApp may soon be introducing voice-note transcriptions, which should save time, make it easier for users in noisy environments, and improve the efficiency of communications.

Voice Notes 

WhatsApp’s’ Voice notes (introduced in 2013) is a feature whereby users can record audio messages within the chat interface. Users simply press and hold the microphone icon to record a message, which is then sent instantly to a contact upon release.

One of the main benefits of voice notes is their usefulness for users on the go, allowing communication without the need to type. Voice notes can speed up communication when a lot of information needs to be shared quickly and are helpful for those who find typing cumbersome or who may have their hands occupied. They also convey tone, emotion, and nuances often lost in text, making conversations feel more intimate and reducing misunderstandings, all of which allows for more expressive and personal communication compared to text messages.

The Problem With Voice Notes 

Although convenient for the sender, long voice notes for the receiver can be frustrating. For example, in situations where listening to the note isn’t possible (without headphones), such as on public transport or where there’s a lot of background noise, they leave the receiver essentially unable to access the message. Also, a lengthy voice note requires undivided attention (unlike multitasking while typing) plus remembering all the details of a long message may be a challenge.

Enter ‘Transcriptions’ 

Thankfully, it appears (as reported by ‘WABetaInfo’) that “WhatsApp is rolling out a feature to transcribe voice messages”, and the feature is reportedly available to some beta testers. Due to roll out through the Google Play Beta Program- Android (bringing the version up to 2.24.15.5), WABetaInfo reports that “voice transcripts are generated on-device, so nobody else can hear your voice notes or read the transcripts”. The website also reports that while it’s still in beta, voice transcripts only support the English, Spanish, Portuguese, Russian, and Hindi languages, and may currently be available only to a limited number of users in some countries where those languages are widely spoken/supported. However, it is thought that the feature will be expanded to support more languages in the future.

When? 

It’s been reported that although the voice transcripts feature is only available to a limited number of beta testers now, it looks likely to be more widely rolled out to more people over the coming weeks.

The Benefits 

As previously mentioned, the benefits of transcribing voice notes can help in noisy environments, enabling users to read the text instead of struggling to hear the audio as well as making it more convenient for users to quickly read lengthy messages, thereby improving efficiency. However, the feature can also enhance accessibility for users with a hearing impairment and also offers a quick reference for searching and reviewing content without replaying the audio.

What Does This Mean For Your Business? 

The introduction of voice note transcriptions on WhatsApp brings significant benefits to both business communication and individual users. For businesses, improved accessibility ensures that everyone, including those with hearing impairments, can fully participate in conversations, enhancing team cohesion and productivity.

Transcribing voice notes addresses common issues faced by individuals in noisy environments or those constantly on the move. Users can quickly read the content of messages without needing a quiet space to listen, maintaining productivity and responsiveness. This feature allows for efficient handling of lengthy messages, making it easier to digest and respond to critical information promptly.

From an individual user’s perspective, the convenience of quickly reading transcribed voice notes will save time and effort and reduce frustration. This will be especially valuable in fast-paced or challenging environments where quick access to information is crucial. Transcriptions for WhatsApp notes will also offer a quick reference for searching and reviewing content without having to replay the audio, thereby enhancing personal and professional communication efficiency.

For WhatsApp, the rollout of voice note transcriptions should enhance the app’s functionality, making it more versatile and user-friendly. This feature may attract more users and increase engagement by addressing common pain points associated with audio messages. By expanding the availability of transcriptions to support more languages, WhatsApp should further broaden its user base and improve the overall user experience.

Being able to finally use voice note transcriptions as part of your business communications, therefore, may not only improve accessibility and efficiency but also help create a more inclusive and responsive work environment. For individual users, it could mean a more streamlined and less frustrating way to handle voice messages and for WhatsApp, it signifies another small step forward in enhancing user satisfaction and expanding its capabilities in what many will see as a value-adding way.

Apple has warned iPhone users to be on their guard against a new ‘smishing’ (SMS phishing) scam where the perpetrators are posing as Apple. The scam involves the scammers contacting iPhone users with the excuse of needing to sort out a login issue.

The targeted users are sent a URL which actually leads to a fake iCloud phishing page with the intention of stealing the user’s login details, accessing their account, and stealing other personal details and financial information.

Apple has warned that criminals are now using sophisticated versions of social engineering tactics like phishing in the form of fraudulent emails, misleading pop-ups and ads, scam phone calls or voicemails (impersonating Apple Support or Apple partners), fake promotions, and unwanted calendar invitations and subscriptions.

Apple has issued advice on a support page of how users can protect themselves. The advice includes the suggestion that if customers are suspicious about an unexpected message, it’s best to assume it is a scam and to contact that company directly if they need to. Other key pieces of advice suggest that users should never share personal data or security information (e.g. passwords or security codes), protect Apple ID’s (with 2FA), and it’s also suggested not to use Apple Gift Cards to make payments to other people.

Start-up Oxford Ionics (founded 2019) recently reported that its new quantum chip breaks global quantum performance records, providing over twice the performance of previous world records, and without using error correction. What’s more, the company reports that the new quantum chip can be built at scale in existing semiconductor factories.

Dr Michael Cuthbert, Director of the UK’s National Quantum Computing Centre, said: “The new results mark a pivotal step forward in ion trap quantum computing and validates the scalability of the technology.” 

However, although advances in quantum computing and its scalability offer many advantages, they may also increase risks to current encryption methods. For example, algorithms like RSA and ECC, which rely on difficult mathematical problems, could be easily broken by quantum computers using Shor’s algorithm. This makes the development and implementation of quantum-resistant encryption, such as lattice-based cryptography or quantum key distribution, urgently necessary. Immediate action is required to safeguard sensitive data against future quantum threats.

Amazon recently boasted reaching its 100 per cent renewable energy goal seven years earlier than the 2030 goal. However, with Microsoft and Google disclosing an increase in greenhouse gasses due to infrastructure expansion, we look at whether the prospects of hyperscalers actually hitting their renewable energy targets (and carbon reduction targets) are realistic.

Amazon Hits Target Seven Years Early 

Amazon announced that it had achieved its goal of matching all the electricity consumed by its global operations with 100 per cent renewable energy, seven years ahead of the original 2030 target. Given that Amazon’s AWS is the largest cloud provider globally, holding 31 per cent share of the global cloud infrastructure market, and is one of the key “hyperscalers”, along with Microsoft (Azure) and Google (Cloud Platform – GCP), it sounds like an amazing feat.

Amazon’s milestone towards sustainability includes all its data centres (more than 100 in 24 regions globally) corporate buildings, fulfillment centers, and physical stores.

How? 

The company attributes this hugely accelerated achievement to its significant investments in over 500 solar and wind projects across 27 countries, which have been capable of generating enough energy to power the equivalent of 21.9 million EU homes. Amazon has become the largest corporate purchaser of renewable energy for four consecutive years, investing billions of dollars in renewable energy projects globally. Such projects not only help reduce carbon emissions but also contribute to economic growth in the communities where they are developed.

What Was The Target? 

The target that Amazon claims to have hit (surprisingly) was its goal to match all electricity consumed across its operations by 2030. Amazon has also committed to The Climate Pledge, which aims to reach net-zero carbon emissions by 2040.

Nuclear War 

However, Amazon’s $650 million deal made back in March whereby AWS acquired Talen Energy’s data centre campus, right next to the 2.5-gigawatt Susquehanna nuclear power station in Pennsylvania (intended to meet the growing AI power requirements) has hit a (temporary) wall. Protests from American Electric Power (AEP) and Exelon have been lodged with the Federal Energy Regulatory Commission (FERC). These companies are essentially arguing that the interconnection service agreement (ISA) between Talen and AWS could allow the data-centre to benefit from the transmission system without paying the appropriate fees – a potential cost shift of up to $140 million per year. They argue that this would unfairly impact other ratepayers. They have also highlighted issues with grid availability.

Talen, however, argues that the consortium’s claims are false and has urged ERC to ignore the consortium’s request for a hearing.

Microsoft And Google’s GHG Emissions Up 

Although Amazon is busy claiming success in terms of renewable energy sustainability goals, reports showing an increase in GHG emissions from two other hyperscalers, Microsoft and Google are casting doubts on whether their carbon reduction commitments can be reached. For example, Microsoft’s 2024 Environmental sustainability report (May 2024) showed that its GHG emissions for 2023 were 29.1 higher than its 2020 baseline, calling into question whether it will hit its pledge to become carbon-negative by 2030. The company blamed the rise on the construction of more data-centres and the associated carbon in the building materials.

Similarly, Google’s 2024 Environmental report showed that an increase in data-centre energy consumption in 2023 led to its 2023 GHG emissions being up by 13 per cent on the previous year. Google has blamed the increased consumption on the rapid advancements on AI.

How Do Renewable Energy Project Investments Help The Hyperscalers Reduce Their Carbon Emissions And Hit Targets? 

Investments in solar and wind projects by hyperscalers like those from AWS, not only help them to become more sustainable with their energy requirements but can help also help them to achieve carbon emission reduction targets in a number of ways. These include:

– Direct emission reductions. Replacing fossil fuels with renewable energy directly cuts carbon emissions, powering operations with carbon-free sources.

– Energy efficiency. Projects include energy storage and advanced management systems, optimising use and ensuring reliable power for data centres.

– Economic and environmental benefits. Renewable energy investments can create jobs, foster technological advancements, and reduce environmental impacts from traditional energy production.

– Industry influence. The commitment of the hyperscalers to renewables can also help drive broader adoption and influences other companies to follow suit.

– Complementary technologies. Investments in battery storage, AI for energy management, and grid optimisation also enhance renewable energy integration.

Investments in renewable energy projects, such as those by AWS are, therefore, a way to focus on direct emission reductions rather than compensating for emissions through external projects (not just carbon offsetting), lowering operational carbon intensity and hopefully contributing to a sustainable future.

What About Putting Nuclear Power Stations Next To Data Centres? 

Nuclear power may be a low-carbon energy source, with significant benefits for reducing greenhouse gas emissions but it is not technically classified as ‘renewable energy’. This is because of its reliance on finite fuel resources and the environmental challenges associated with radioactive waste management. In this sense, it can’t be seen as contributing to the sustainability targets of AWS, and whether nuclear power is ‘sustainable’ is a more nuanced subject.

However, in terms of how/whether having a nuclear power station next to a data-centre can help meet the huge demand that technology such as AI is creating while also minimising carbon emissions, the facts are that nuclear power generates electricity without emitting carbon dioxide during operation. Therefore, as is the idea (currently being contested) of the Talen Energy data-centre campus project, by powering a data-centre with nuclear energy, a hyperscaler can dramatically reduce its carbon footprint compared to relying on fossil fuels as well as meeting the high and constant power demands of the data-centre.

The Challenge 

However, as identified by Amazon’s chief sustainability officer, Kara Hurst, when announcing hitting its 100 per cent renewable energy target seven years early, “We also know that this is just a moment in time, and our work to decarbonise our operations will not always be the same each year – we’ll continue to make progress, while also constantly evolving on our path to 2040”. The challenge identified here is how, with rising demand for data-centres (fuelled by a rapidly growing AI), Amazon can stay sustainable and have enough renewable energy to do so, not to mention keeping a close eye on all carbon emission targets.

Hurst has acknowledged that in order for AWS to do so, it will need to keep investing in more solar and wind projects, “while also supporting other forms of carbon-free energy, like nuclear, battery storage, and emerging technologies” to help power its operations in the right ways in the coming decades.

In the case of Google’s GHG emissions rising last year, it has also acknowledged the challenge of trying to reduce emissions while compute intensity increases, and technical infrastructure investment needs to grow to support the AI transition.

How Realistic Is The 100 Per Cent Renewable Energy Target? 

In terms of how realistic achieving 100 per cent renewable energy all the time is, the answer is that this is a challenging goal for the hyperscalers due to the inherent intermittency and variability of renewable sources like solar and wind. While Amazon has apparently successfully matched its electricity consumption with renewable energy through its significant solar and wind project investments, this achievement doesn’t necessarily mean that renewable energy is continuously supplying their power needs at every moment. Instead, they’re likely to be matching their overall energy use over time with renewable energy generation, relying on energy storage and grid integration to balance supply and demand.

The challenges become more pronounced with the rapid growth of data-centres and emerging technologies like AI, which demand constant and reliable power. Hyperscalers may need to complement renewable energy with other low-carbon sources, such as nuclear power, to ensure a stable energy supply. Nuclear power, for example, provides a steady base load of electricity (without carbon emissions), but it is not really renewable energy. Therefore, while 100 per cent renewable energy all the time is an aspirational goal, achieving it realistically will require a diversified energy mix, incorporating renewables, nuclear, and other advanced technologies to ensure both sustainability and reliability.

What Does This Mean For Your Organisation? 

Amazon’s achievement of reaching 100 per cent renewable energy seven years ahead of its target sets a high benchmark for other hyperscalers and demonstrates the potential impact of significant investments in renewable energy. Amazon’s accomplishment also shows that ambitious renewable energy goals can be attainable with substantial investment and strategic planning. However, the rapid expansion of infrastructure to meet the growing demand for AI and data services poses significant challenges. Microsoft and Google’s recent increases in greenhouse gas emissions highlight the difficulties in balancing expansion with sustainability.

Amazon’s achievement of reaching 100 per cent renewable energy seven years ahead of its target sets a high benchmark for hyperscalers and demonstrates the potential impact of significant investments in renewable energy. For hyperscalers, this accomplishment shows that ambitious renewable energy goals can be attainable with substantial investment and strategic planning. However, the rapid expansion of infrastructure to meet the growing demand for AI and data services poses significant challenges. Microsoft and Google’s recent increases in greenhouse gas emissions highlight the difficulties in balancing expansion with sustainability.

Achieving continuous 100 per cent renewable energy remains a complex challenge due to the intermittent nature of solar and wind power. For your organisation, this evolving energy landscape means it may be crucial to align with partners who are committed to sustainability and are proactively investing in innovative energy solutions.

Want to send HD videos? Well, now you can with WhatsApp …

You may not know that the Windows Calculator app also includes several hidden features such as scientific, programmer, date calculation modes, a currency converter, and more … making it a versatile tool for various tasks. Here’s how to use the hidden features:

To Open The Calculator

– Press Win + S and type Calculator, then open the app.

To Access Different Modes

– Click the menu icon (three horizontal lines) in the top left corner.

– Select from different modes like Scientific, Programmer, Date Calculation, Currency Converter, Volume Converter, and more.

– Use these modes for advanced calculations, converting between number systems, or calculating the difference between dates.

Following an investigation into whether the big tech companies are complying with the new Digital Markets Act (DMA) rules, the European Commission’s preliminary findings say that Meta’s ‘Pay or Consent’ model for data-sharing is in breach of its new rules.

Investigation 

The European Commission (EC) launched an investigation into Google, Apple, and Meta to determine if their practices comply with the DMA. This (still ongoing) inquiry has been focused on potential violations by these tech giants that may undermine fair competition and consumer protection in the digital market.

Google and Apple, for example, are under scrutiny over their app store policies and possible restrictions on third-party developers, which could inhibit competition. The investigation into Meta centres on its ‘pay or consent’ model.

The Commission is essentially aiming to ensure these companies do not misuse their ‘gatekeeper’ positions to engage in unfair practices, restrict consumer choice, or impose discriminatory conditions. The investigation could result in significant penalties and mandated changes to their business practices to comply with the DMA.

What Is Meta’s Pay Or Consent Model? 

The ‘pay or consent’ model is a business practice where users are given a binary choice between two options – either pay a fee for a service or consent to having their data collected and used for targeted advertising. In November 2023, in response to regulatory changes in the EU, Meta introduced its binary ‘pay or consent’ offer. This means that EU users of Facebook and Instagram must choose between: (i) the subscription for a monthly fee to an ads-free version of these social networks or (ii) the free-of-charge access to a version of these social networks with personalised ads.

The Preliminary Findings – Why Is ‘Pay or Consent’ Not Acceptable Under The DMA Rules? 

The European Commission says it has informed Meta of its preliminary findings that its ‘pay or consent’ advertising model fails to comply with the Digital Markets Act (DMA). The Commission says, in its preliminary view, “this binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalised but equivalent version of Meta’s social networks”. 

According to the European Commission, Meta’s ‘pay or consent’ model breaches Article 5(2) of the Digital Markets Act (DMA) because:

– It doesn’t allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the “personalised ads” based service.

– It doesn’t allow users to exercise their right to freely consent to the combination of their personal data.

The EC says that to ensure compliance with the DMA, “users who do not consent should still get access to an equivalent service which uses less of their personal data, in this case for the personalisation of advertising.” 

What Next For Meta? 

Further to being informed of the EC’s preliminary findings, Meta can now exercise its rights of defence, i.e. by examining the documents in the EC’s investigation file and replying in writing to the EC’s preliminary findings. The EC’s investigation is scheduled to conclude within 12 months from the opening of proceedings (on 25 March 2024).

What If Meta Is Found To Be Breaching EU Rules? 

If the EC’s preliminary views are found to be confirmed and it decides Meta’s model really doesn’t comply with Article 5(2) of the DMA, it could impose fines up to 10 per cent of Meta’s total worldwide turnover! For repeated infringement, this fine could even be increased to 20 per cent. In the extreme case of “systematic non-compliance”, the EC could take additional measures such as obliging Meta to sell a business (or parts of it) or to ban Meta from acquisitions of additional services related to the systemic non-compliance.

Constructive 

For the moment, however, the EC says it is continuing “constructive engagement with Meta” to identify a satisfactory path towards compliance.

What Does This Mean For Your Business? 

The European Commission’s investigation into Meta’s ‘pay or consent’ model is a significant development with broad implications for businesses in the UK and beyond. The Commission’s findings highlight the increasing regulatory scrutiny on how tech giants manage user data and the necessity for compliance with stringent data protection laws like the Digital Markets Act (DMA).

For Meta, this scrutiny could potentially lead to substantial operational and financial changes. If the investigation confirms the preliminary findings, Meta may face hefty fines, as much as 10 per cent of its global revenue, or even 20 per cent for repeated offences. Such financial penalties would not only impact Meta’s profitability but could also mean a restructuring of its business model in the EU – certainly things that Meta would want to avoid.

At the moment, however, these are only preliminary findings and ‘constructive’ negotiations are under way. It has nevertheless sent a warning shot across their bows that the EC is watching and is serious about enforcement from the outset, thereby underscoring the importance of adhering to regulatory requirements and maintaining transparent data practices.

Other big tech companies, particularly those operating within the EU, should take note of this investigation. The EC’s rigorous approach is also a signal of a broader regulatory trend that takes consumer rights and fair competition more seriously. Google, Apple, and similar companies must therefore ensure their policies align with DMA provisions to avoid similar investigations and potential penalties. This will mean proactive compliance strategies, where businesses regularly audit and adjust their data handling practices to meet evolving regulatory standards.

For UK businesses, particularly those in the tech and digital sectors, the implications are twofold. First, understanding and complying with EU regulations remains crucial, especially for businesses with a significant user base or operational presence in Europe. The DMA’s focus on fair competition and consumer protection could lead to stricter data governance requirements, necessitating adjustments in how data is collected, stored, and utilised.

Secondly, this development may offer a competitive edge to businesses that adhere to ethical data practices and who are transparent. By aligning with regulatory standards and demonstrating a commitment to user privacy, UK businesses can build trust and differentiate themselves in a market increasingly concerned with data protection.

In essence, therefore, this ongoing investigation into Meta’s practices (as well as Google and Apple) serves as a reminder of the critical importance of regulatory compliance in the digital age, and that the EU area is getting serious about data protection and competition where tech firms are concerned. Businesses should, therefore, stay informed about legal developments, proactively engage with regulatory frameworks, and pay serious attention to matters of user privacy and data governance.

In this insight, we look at how recent reports have revealed how the UK’s public sector is facing the dual challenges of potentially losing £300 million through restrictive cloud licensing and the limitations of an open-source software skills gap.

Restrictive Cloud Licensing Costs 

A report from the cross-party think tank, The Social Market Foundation (SMF), has shown that due to restrictive rules on cloud software licensing, the public sector looks set to waste more than £300 million over the next 5 years (£60 million per year over the next five years). According to the report, this is because current software licensing rules are making it harder to switch between providers, thus keeping public sector organisations locked into pricey deals.

The SMF says its report has only accounted for the costs of restrictions to users’ ability to freely use Office 365 and the overcharge of using SQL Server on third-party infrastructure, yet the actual additional costs incurred by all software licensing practices may be much higher.

The Benefits Of One Provider Wiped Out By Costs 

The UK government mandates that central departments adopt cloud services and, therefore, encourages public sector organisations to improve technological efficiency and to find savings within public services. One method of achieving savings in the public sector has been to choose one central (cloud) provider that delivers the full range of services required. However, as one IT professional (quoted by the SMF) recently pointed out, there’s “positives to having one provider with a suite of things that work together very well, but the challenge of that is you’re tied in”. 

Effect Worse On Public Sector 

The SMF says that while licensing costs and complications also affect the private sector, the overall detriment is likely to be worse in the public sector. For example, excess costs are financed by the taxpayer and may mean diverting resources from other government objectives or budgets, thereby resulting not just in direct financial costs but also in preventing the UK from achieving its technological, economic, and security goals.

An Economic, Technical, and Social Issue 

Jake Shepherd, Senior Researcher at SMF, said of the report’s findings: “Our research shows that restrictive software licensing practices squander millions of pounds – taxpayers’ money that could fund vital public services and boost national productivity – while interviews with public sector IT professionals reveal the ‘real’ day-to-day operational costs. Software licensing isn’t just a technical issue – there’s an economic and social imperative to ensure it works smoothly and prevents needless wastage of public resources in the future.” 

The Open Source Challenge 

Open source is integral to the UK’s digital economy, contributing significantly to business growth and competitiveness and the public sector is encouraged to increase its participation in open source projects to leverage these benefits further.

However, the recent ‘State of open report’ from OpenUK, a UK-based organisation promoting open source software, hardware, and data, has also highlighted how there is a gap in the skills and understanding of open source in the public sector.

Substantial Public Engagement With Open Source 

OpenUK’s report, which uses a collection of data from NHS Digital, Government Digital Service, and the Department of Business, Energy and Industrial Strategy has revealed the existence of 1780 GitHub repositories with 14,910 stars and 745,000 commits. OpenUK says this is evidence of “substantial public sector engagement with open source software in the UK” and highlights how the public sector embracing open source “aligns with government digital transformation goals, driving better public services and fostering a culture of continuous improvement”. Also, OpenUK says by leveraging open source, the UK public sector can address “complex challenges more effectively, ensuring robust, scalable, and secure digital infrastructure that supports economic resilience and growth”. 

Not Enough 

Despite these levels of engagement in open source by the public sector, OpenUK’s ‘Phase Two: The Open Manifesto Report’ highlights the need for policymakers to build skills in open source software to help the UK (public sector) make better use of open source and to improve AI openness. Some of the challenges to achieving this, identified in the report, include:

– A skills shortage / a significant lack of expertise in open source technologies within the public sector. This skills gap hinders the effective implementation and management of open-source projects. Training and upskilling initiatives could help address this issue. For example, OpenUK’s CEO, Amanda Brock, has said that working with people who learn to code in open source and contribute to open source code repositories is one way to help tackle the UK skills gap.

– A lack of coherent policies and governance frameworks for managing open-source contributions within many public sector organisations. This results in inconsistent practices and potential compliance issues and highlights the need for comprehensive policies and standardisation.

– Security concerns. For example, security is a significant concern with open-source adoption and public sector organisations often struggle with balancing cost and security, leading to vulnerabilities. Security in the development and deployment of open-source solutions is, therefore, crucial.

– Resistance to the cultural shift required for adopting open source technologies. Traditional public sector environments find it challenging to move towards more collaborative and transparent working practices.

– Resource Allocation. Financial constraints and competing priorities make it difficult for public sector organisations to allocate the necessary resources for open-source initiatives. Strategic investment and prioritisation are needed to overcome these barriers.

OpenUK has, therefore, called on the public sector to develop skills to curate open source well, and on policymakers to gain a greater understanding of open technologies to avoid a continued reliance upon multi-year contracts from “legacy IT providers and consultancies”.

AI Too 

In the report, Jennifer Barth, chief research officer at OpenUK, also points to the growth of the UK’s AI repositories as evidence of “the dynamism and innovation within the UK’s AI community, bolstered by open source principles”.

What Does This Mean For Your Business? 

For UK businesses, the insights from these reports show a pressing need to address both the challenges of restrictive cloud licensing and the open-source skills gap within the public sector. The repercussions of these issues are multifaceted, affecting financial efficiency, technological advancement, and overall competitiveness.

The substantial costs associated with restrictive cloud licensing (estimated at £300+ million over the next five years) highlight the importance of flexibility in software procurement. Businesses can learn from this by advocating for more open and competitive licensing agreements. This approach not only reduces costs but also fosters innovation by avoiding vendor lock-in. By negotiating contracts that allow easier transitions between providers, businesses can ensure they are not overpaying for services and can quickly adapt to better solutions as they emerge.

The public sector’s struggle with open-source software adoption due to a skills shortage could be seen as an opportunity for businesses to invest in training and upskilling their workforce. Open-source technologies can offer significant benefits, including cost savings, enhanced security, and the ability to drive innovation through collaboration. By developing in-house expertise in open source, the public sector and the private sector, businesses can improve their technological resilience and reduce dependency on proprietary solutions. This, in turn, can lead to more agile and responsive IT strategies, essential in today’s fast-paced digital landscape.

The identified lack of coherent policies and governance frameworks for open source usage in the public sector could also be seen as a cautionary tale for private enterprises. The challenges faced by the public sector in allocating resources to open-source initiatives show a need for strategic investment in technology. Businesses should, therefore, look at investment in open-source projects and technologies to remain competitive.

These findings from the SMF and OpenUK reports appear to offer valuable lessons not just for the public sector, but for all UK businesses. Embracing flexible licensing agreements, investing in open-source skills, establishing robust governance, fostering a collaborative culture, and strategically allocating resources can improve flexibility, scalability, security, and cost-efficiency.