Privacy

On Meta’s ‘regulatory headwinds’ and adtech’s privacy reckoning

Comment

Facebook CEO Mark Zuckerberg testifies before the House Judiciary Subcommittee on Antitrust, Commercial and Administrative Law
Image Credits: MANDEL NGAN/POOL/AFP / Getty Images

What does Meta/Facebook’s favorite new phrase to bandy around in awkward earnings calls — as it warns of “regulatory headwinds” cutting into its future growth — actually mean when you unpack it?

It’s starting to look like this breezy wording means the law is finally catching up with murky adtech practices which have been operating under the radar for years — tracking and profiling web users without their knowledge or consent, and using that surveillance-gleaned intel to manipulate and exploit at scale regardless of individual objections or the privacy people have a legal right to expect.

This week a major decision in Europe found that a flagship ad industry tool which — since April 2018 — has claimed to be gathering people’s “consent” for tracking to run behavioral advertising has not in fact been doing so lawfully.

The IAB Europe was given two months to come up with a reform plan for its erroneously named Transparency and Consent Framework (TCF) — and a hard deadline of six months to clean up the associated parade of bogus pop-ups and consent mismanagement which force, manipulate or simply steal (“legitimate interest”) web users’ permission to microtarget them with ads.

The implications of the decision against the IAB and its TCF are that major ad industry reforms must come — and fast.

This is not just a little sail realignment as Facebook’s investor-soothing phrase suggests. And investors are perhaps cottoning on to the scale of the challenges facing the adtech giant’s business — given the 20% drop in its share price as it reported Q4 earnings this week.

Facebook’s ad business is certainly heavily exposed to any regulatory hurricane of enforcement against permission-less Internet tracking since it doesn’t offer its own users any opt out from behavioral targeting.

When asked about this the tech giant typically points to its “data policies” — where it instructs users it will track them and use their data for personalized ads but doesn’t actually ask for their permission. (It also claims any user data it sucks into its platform from third parties for ad targeting has been lawfully gathered by those partners in one long chain of immaculate adtech compliance!)

Fb also typically points to some very limited “controls” it provides users over the type of personalized ads they will be exposed to via its ad tools — instead of actually giving people genuine control over what’s done with their information which would, y’know, actually enable them to protect their privacy.

The problem is Meta can’t offer people a choice over what it does with their data because people’s data is the fuel that its ad targeting empire runs on.

Indeed, in Europe — where people do have a legal right to privacy — the adtech giant claims users of its social media services are actually in a contract with it to receive advertising! An argument that the majority of the EU’s data protection agencies look minded to laugh right out of the room, per documents revealed last year by local privacy advocacy group noyb which has been filing complaints about Facebook’s practices for years. So watch that space for thunderous regulatory “headwinds”.

(noyb’s founder, Max Schrems, is also the driving force behind another Meta earnings call caveat, vis-a-vis the little matter of “the viability of transatlantic data transfers and their potential impact on our European operations“, as its CFO Dave Wehner put it. That knotty issue may actually require Meta to federate its entire service if, as expected, an order comes to stop transferring EU users’ data over the pond, with all the operational cost and complexity that would entail… So that’s quite another stormy breeze on the horizon.)

Ireland’s draft GDPR decision against Facebook branded a joke

While regulatory enforcement in Europe against adtech has been a very slow burn there is now movement that could create momentum for a cleansing reboot.

For one thing, given the interconnectedness of the tracking industry, a decision against a strategic component like the TCF (or indeed adtech kingpin Facebook) has implications for scores of data players and publishers who are plugged into this ecosystem. So knock-on effects will rattle down (and up) the entire adtech ‘value chain’. Which could create the sort of tipping point of mass disruption and flux that enables a whole system to flip to a new alignment. 

European legislators frustrated at the lack of enforcement are also piling further pressure on by backing limits on behavioral advertising being explicitly written into new digital rules that are fast coming down the pipe — making the case for contextual ad targeting to replace tracking. So the demands for privacy are getting louder, not going away.

Of course Meta/Facebook is not alone in being especially prone to regulatory headwinds; the other half of the adtech duopoly — Alphabet/Google — is also heavily exposed here.

As Bloomberg reported this week, digital advertising accounts for 98% of Meta’s revenue, and a still very chunky 81% of Alphabet’s — meaning the pair are especially sensitive to any regulatory reset to how ad data flows.

Bloomberg suggested the two giants may yet have a few more years’ grace before regulatory enforcement and increased competition could bite into their non-diversified ad businesses in a way that flips the fortunes of these data-fuelled growth engines.

But one factor that has the potential to accelerate that timeline is increased transparency.

Follow the data…

Even the most complex data trail leaves a trace. Adtech’s approach to staying under the radar has also, historically, been more one of hiding its people-tracking ops in plain sight all over the mainstream web vs robustly encrypting everything it does. (Likely as a result of how tracking grew on top of and sprawled all over web infrastructure at a time when regulators were even less interested in figuring out what was going on.)

Turns out, pulling on these threads can draw out a very revealing picture — as a comprehensive piece of research into digital profiling in the gambling industry, carried out by researcher Cracked Labs and just published last week, shows.

The report was commissioned by UK based gambling reform advocacy group, Clean Up Gambling, and quickly got picked up by the Daily Mail — in a report headlined: “Suicidal gambling addict groomed by Sky Bet to keep him hooked, investigation reveals”.

What Cracked Labs’ research report details — in unprecedented detail — is the scale and speed of the tracking which underlies an obviously non-compliant cookie banner presented to users of a number of gambling sites whose data flows it analyzed, offering the usual adtech fig-leaf mockery of (‘Accept-only’) compliance.

The report also explodes the notion that individuals being subject to this kind of pervasive, background surveillance could practically exercise their data rights.

Firstly, the effort asymmetry that would be required to go SARing such a long string of third parties is just ridiculous. But, more basically, the lack of transparency inherent to this kind of tracking means it’s inherently unclear who has been passed (or otherwise obtained) your information — so how can you ask what’s being done if you don’t even know who’s doing it?

If that is a system ‘functioning’ then it’s clear evidence of systemic dysfunction. Aka, the systemic lawlessness that the UK’s own data protection regulator already warned the adtech industry in a report of its own all the way back in 2019.

The individual impact of adtech’s “data-driven” marketing, meanwhile, is writ large in a quote in the Daily Mail’s report — from one of the “high value” gamblers the study worked with, who accuses the gambling service in question of turning him into an addict — and tells the newspaper: “It got to a point where if I didn’t stop, it was going to kill me. I had suicidal ideation. I feel violated. I should have been protected.”

“It was going to kill me” is an exceptionally understandable articulation of data-driven harms.

Here’s a brief overview of the scale of tracking Cracked Lab’s analysis unearthed, clipped from the executive summary:

“The investigation shows that gambling platforms do not operate in a silo. Rather, gambling platforms operate in conjunction with a wider network of third parties. The investigation shows that even limited browsing of 37 visits to gambling websites led to 2,154 data transmissions to 83 domains controlled by 44 different companies that range from well-known platforms like Facebook and Google to lesser known surveillance technology companies like Signal and Iovation, enabling these actors to embed imperceptible monitoring software during a user’s browsing experience. The investigation further shows that a number of these third-party companies receive behavioural data from gambling platforms in realtime, including information on how often individuals gambled, how much they were spending, and their value to the company if they returned to gambling after lapsing.”

A detailed picture of consentless ad tracking in a context with very clear and well understood links to harm (gambling) should be exceedingly hard for regulators to ignore.

But any enforcement of consent and privacy must and will be universal, as the law around personal data is clear.

Which in turn means that nothing short of a systemic adtech reboot will do. Root and branch reform.

Asked for its response to the Cracked Labs research, a spokeswoman for the UK’s Information Commissioner’s Office (ICO) told TechCrunch: “In relation to the report from the Clean Up Gambling campaign, I can confirm we are aware of it and we will consider its findings in light of our ongoing work in this area.”

We also asked the ICO why it has failed to take any enforcement action against the adtech industry’s systemic abuse of personal data in real-time bidding ad auctions — following the complaint it received in September 2018, and the issues raised in its own report in 2019.

The watchdog said that after it resumed its “work” in this area — following a pause during the coronavirus pandemic — it has issued “assessment notices” to six organisations. (It did not name these entities.)

“We are currently assessing the outcomes of our audit work. We have also been reviewing the use of cookies and similar technologies of a number of organisations,” the spokeswoman also said, adding: “Our work in this area is vast and complex. We are committed to publishing our final findings once our enquiries are concluded.”

But the ICO’s spokeswoman also pointed to a recent opinion issued by the former information commissioner before she left office last year, in which she urged the industry to reform — warning adtech of the need to purge current practices by moving away from tracking and profiling, cleaning up bogus consent claims and focusing on engineering privacy and data protection into whatever for of targeting it flips to next.

So the reform message at least is strong and clear, even if the UK regulator hasn’t found enough puff to crack out any enforcement yet.

UK privacy watchdog warns adtech the end of tracking is nigh

Asked for its response to Cracked Labs’ findings, Flutter — the UK-based company that owns Sky Betting & Gaming, the operator of the gambling sites whose data flows the research study tracked and analyzed — sought to deflect blame onto the numerous third parties whose tracking technologies are embedded in its websites (and only referenced generically, not by name, in its ‘Accept & close’ cookie notice).

So that potentially means onto companies like Facebook and Google.

“Protecting our customers’ personal data is of paramount importance to Sky Betting & Gaming, and we expect the same levels of care and vigilance from all of our partners and suppliers,” said the Sky Bet spokesperson.

“The Cracked Labs report references data from both Sky Betting & Gaming and the third parties that we work with. In most cases, we are not — and would never be — privy to the data collected by these parties in order to provide their services,” they added. “Sky Betting & Gaming takes its safer gambling responsibilities very seriously and, while we run marketing campaigns based on our customers’ expressed preferences and behaviours, we would never seek to intentionally advertise to anyone who may potentially be at risk of gambling harm.”

Regulatory inaction in the face of cynical industry buck passing — whereby a first party platform may seek to deny responsibility for tracking carried out by its partners, while third parties which also got data may claim its the publishers’ responsibility to obtain permission — can mire complaints and legal challenges to adtech’s current methods in frustrating circularity.

But this tedious dance should also be running out of floor. A number of rulings by Europe’s top court in recent years have sharpened guidance on exactly these sorts of legal liability issues, for example.

Moreover, as we get a better picture of how the adtech ecosystem ‘functions’ — thanks to forensic research work like this to track and map the tracking industry’s consentless data flows — pressure on regulators to tackle such obvious abuse will only amplify as it becomes increasingly easy to link abusive targeting to tangible harms, whether to vulnerable individuals with ‘sensitive’ interests like gambling; or more broadly — say in relation to tracking that’s being used as a lever for illegal discrimination (racial, sexual, age-based etc), or the democratic threats posed by population scale targeted disinformation which we’ve seen being deployed to try to skew and game elections for years now.

Google and Facebook respond

TechCrunch contacted a number of the third parties listed in the report as receiving behavioral data on the activities of one of the users of the Sky Betting sites a large number of times — to ask them about the legal basis and purposes for the processing — which included seeking comment from Facebook, Google and Microsoft.

Facebook and Google are of course huge players in the online advertising market but Microsoft appears to have ambitions to expand its advertising business. And recently it acquired another of the adtech entities that’s also listed as receiving user data in the report — namely Xandr (formerly AppNexus) — which increases its exposure to these particular gambling-related data flows.

(NB: the full list of companies receiving data on Sky Betting users also includes TechCrunch’s parent entity Verizon Media/Yahoo, along with tens of other companies, but we directed questions to the entities the report named as receiving “detailed behavioral data” and which were found receiving data the highest number of times*, which Cracked Labs suggests points to “extensive behavioural profiling”; although it also caveats its observation with the important point that: “A single request to a host operated by a third-party company that transmits wide-ranging information can also enable problematic data practices”; so just because data was sent fewer times doesn’t necessarily mean it is less significant.)

Of the third parties we contacted, at the time of writing only Google had provided an on-the-record comment.

Microsoft declined to comment.

Facebook provided some background information — pointing to its data and ad policies and referring to the partial user controls it offers around ads. It also confirmed that its ad policies do permit gambling as an targetable interest with what it described as “appropriate” permissions.

Meta/Facebook announced some changes to its ad platform last November — when it expanded what it refers to as its “Ad topic controls” to cover some “sensitive” topics — and it confirmed that gambling is included as a topic people can choose to see fewer ads with related content on.

But note that’s fewer gambling ads, not no gambling ads.

So, in short, Facebook admitted it uses behavioral data inferred from gambling sites for ad targeting — and confirmed that it doesn’t give users any way to completely stop that kind of targeting — nor, indeed, the ability to opt out from tracking-based advertising altogether.

While its legal basis for this tracking is — we must infer — its claim that users are in a contract with it to receive advertising.

Which will probably be news to a lot of users of Meta’s “family of apps”. But it’s certainly an interesting detail to ponder alongside the flat growth it just reported in Q4.

Facebook will no longer allow advertisers to target political beliefs, religion, sexual orientation

Google’s response did not address any of our questions in any detail, either.

Instead it sent a statement, attributed to a spokesperson, in which it claims it does not use gambling data for profiling — and further asserts it has “strict policies” in place that prevent advertisers from using this data.

Here’s what Google told us:

“Google does not build advertising profiles from sensitive data like gambling, and has strict policies preventing advertisers from using such data to serve personalised ads. Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.”

Google’s statement does not specify the legal basis it is relying upon for processing sensitive gambling data in the first place. Nor — if it really isn’t using this data for profiling or ad targeting — why it’s receiving it at all.

We pressed Google on these points but the company did not respond to follow up questions.

Its statement also contains misdirection that’s typical of the adtech industry — when it writes that its tracking technologies “are never allowed to transmit personally identifiable information”.

Setting aside the obvious legalistic caveat — Google doesn’t actually state that it never gets PII; it just says its tags are “never allowed to transmit” PII; ergo it’s not ruling out the possibility of a buggy implementation leaking PII to it — the tech giant’s use of the American legal term “personally identifiable information” is entirely irrelevant in a European legal context.

The law that actually applies here concerns the processing of personal data — and personal data under EU/UK law is very broadly defined, covering not just obvious identifiers (like name or email address) but all sorts of data that can be connected to and used to identify a natural person, from IP address and advertising IDs to a person’s location or their device data and plenty more besides.

In order to process any such personal data Google needs a valid legal basis. And since Google did not respond to our questions about this it’s not clear what legal basis it relies upon for processing the Sky Betting user’s behavioral data.

“When data subject 2 asked Sky Betting & Gaming what personal data they process about them, they did not disclose information about personal data processing activities by Google. And yet, this is what we found in the technical tests,” says research report author Wolfie Christl, when asked for his response to Google’s statement.

“We observed Google receiving extensive personal data associated with gambling activities during visits to skycasino.com, including the time and exact amount of cash deposits.

“We did not find or claim that Google received ‘personally identifiable’ data, this is a distraction,” he adds. “But Google received personal data as defined in the GDPR, because it processed unique pseudonymous identifiers referring to data subject 2. In addition, Google even received the customer ID that Sky Betting & Gaming assigned to data subject 2 during user registration.

“Because Sky Betting & Gaming did not disclose information about personal data processing by Google, we cannot know how Google, SBG or others may have used personal data Google received during visits to skycasino.com.”

“Without technical tests in the browser, we wouldn’t even know that Google received personal data,” he added.

Christl is critical of Sky Betting for failing to disclose Google’s personal data processing or the purposes it processed data for.

But he also queries why Google received this data at all and what it did with it — zeroing in on another potential obfuscation in its statement.

“Google claims that it does not ‘build advertising profiles from sensitive data like gambling’. Did it build advertising profiles from personal data received during visits to skycasino.com or not? If not, did Google use personal data received from Sky Betting & Gaming for other kinds of profiling?”

Christl’s report includes a screengrab showing the cookie banner Sky Betting uses to force consent on its sites — by presenting users with a short statement at the bottom of the website, containing barely legible small print and which bundles information on multiple uses of cookies (including for partner advertising), next to a single, brilliantly illuminated button to “accept and close” — meaning users have no choice to deny tracking (short of not gambling/using the website at all).

Under EU/UK law, if consent is being relied upon as a legal basis to process personal data it must be informed, specific and freely given to be lawfully obtained. Or, put another way, you must actually offer users a genuine choice to accept or deny — and do so for each use of non-essential (i.e. non-tracking) cookies.

Moreover if the personal data in question is sensitive personal data — and behavioral data linked to gambling could certainly be that, given gambling addiction is a recognized health condition, and health data is classed as “special category personal data” under the law — there is a higher standard of explicit consent required, meaning a user would need to affirm every use of this type of highly sensitive information.

Yet, as the report shows, what actually happened in the case of the users whose visits to these gambling sites were analyzed was that their personal data was tracked and transmitted to at least 44 third party companies hundreds of times over the course of just 37 visits to the websites.

They did not report being asked explicitly for their consent as this tracking was going on. Yet their data kept flowing.

It’s clear that the adtech industry’s response to the tightening of European data protection law since 2018 has been the opposite of reform. It opted for compliance theatre — designing and deploying cynical cookie pop-ups that offer no genuine choice or at best create confusion and friction around opt-outs to drum up consent fatigue and push consumers to give in and ‘agree’ to give over their data so it can keep tracking and profiling.

Legally that should not have been possible of course. If the law was being properly enforced this cynical consent pantomime would have been kicked into touch long ago — so the starkest failure here is regulatory inaction against systemic law breaking.

That failure has left vulnerable web users to be preyed upon by dark pattern design, rampant tracking and profiling, automation and big data analytics and “data-driven” marketers who are plugging into an ecosystem that’s been designed and engineered to quantify individuals’ “value” to all sorts of advertisers — regardless of individuals’ rights and freedoms not to be subject to this kind of manipulation and laws that were intended to protect their privacy by default.

By making Subject Access Requests (SARs), the two data subjects in the report were able to uncover some examples of attributes being attached to profiles of Sky Betting site users — apparently based on inferences made by third parties off of the behavioral data gathered on them — which included things like an overall customer “value” score and product specific “value bands”, and a “winback margin” (aka a “predictive model for how much a customer would be worth if they returned over next 12 months”).

This level of granular, behavioral background surveillance enables advertising and gaming platforms to show gamblers personalized marketing messages and other custom incentives tightly designed to encourage them return to play — to maximize engagement and boost profits.

But at what cost to the individuals involved? Both literally, financially, and to their health and wellbeing — and to their fundamental rights and freedoms?

As the report notes, gambling can be addictive — and can lead to a gambling disorder. But the real-time monitoring of addictive behaviours and gaming “predilections” — which the report’s technical analysis lays out in high dimension detail — looks very much like a system that’s been designed to automate the identification and exploitation of people’s vulnerabilities.

How this can happen in a region with laws intended to prevent this kind of systematic abuse through data misuse is an epic scandal.

Facebook isn’t growing anymore

While the risks around gambling are clear, the same system of tracking and profiling is of course being systematically applied to websites of all sorts and stripes — whether it contains health information, political news, advice for new parents and so on — where all sorts of other manipulation and exploitation risks can come into play. So what’s going on on a couple of gambling sites is just the tip of the data-mining iceberg.

While regulatory enforcement should have put a stop to abusive targeting in the EU years ago, there is finally movement on this front — with the Belgian DPA’s decision against the IAB Europe’s TCF this week.

However where the UK might go on this front is rather more murky — as the government has been consulting on wide-ranging post-Brexit changes to domestic DP law, and specifically on the issue of consent to data processing, which could end up lowering the level of protection for people’s data and legitimizing the whole rotten system.

Asked about the ICO’s continued inaction on adtech, Rai Naik — a legal director of the data rights agency AWO, which supported the Cracked Labs research, and who has also been personally involved in long running litigation against adtech in the UK — said: “The report and our case work does raise questions about the ICO’s inaction to date. The gambling industry shows the propensity for real world harms from data.”

“The ICO should act proactively to protect individual rights,” he added.

A key part of the reason for Europe’s slow enforcement against adtech is undoubtedly the lack of transparency and obfuscating complexity the industry has used to cloak how it operates so people cannot understand what is being done with their data.

If you can’t see it, how can you object to it? And if there are relatively few voices calling out a problem, regulators (and indeed lawmakers) are less likely to direct their very limited resource at stuff that may seem to be humming along like business as usual — perhaps especially if these practices scale across a whole sector, from small players to tech giants.

But the obfuscating darkness of adtech’s earlier years is long gone — and the disinfecting sunlight is starting to flood in.

Last December the European Commission explicitly warned adtech giants over the use of cynical legal tricks to evade GDPR compliance — at the same time as putting the bloc’s regulators on notice to crack on with enforcement or face having their decentralized powers to order reform taken away.

So, by hook or by crook, those purifying privacy headwinds gonna blow.

*Per the report: “Among the third-party companies who received the greatest number of network requests while visiting skycasino.com, skybet.com, and skyvegas.com, are Adobe (499), Signal (401), Facebook (358), Google (240), Qubit (129), MediaMath (77), Microsoft (71), Ve Interactive (48), Iovation (28) and Xandr (22).”

This report was updated to correct a typo: Flutter is a UK-based company, not “US-based” as we wrote originally

Behavioral ad industry gets hard reform deadline after IAB’s TCF found to breach Europe’s GDPR

Facebook’s lead EU privacy supervisor hit with corruption complaint

More TechCrunch

A new crop of early-stage startups — along with some recent VC investments — illustrates a niche emerging in the autonomous vehicle technology sector. Unlike the companies bringing robotaxis to…

VCs and the military are fueling self-driving startups that don’t need roads

When the founders of Sagetap, Sahil Khanna and Kevin Hughes, started working at early-stage enterprise software startups, they were surprised to find that the companies they worked at were trying…

Deal Dive: Sagetap looks to bring enterprise software sales into the 21st century

Keeping up with an industry as fast-moving as AI is a tall order. So until an AI can do it for you, here’s a handy roundup of recent stories in the world…

This Week in AI: OpenAI moves away from safety

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine

IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…

IndieBio’s SF incubator lineup is making some wild biotech promises

YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…

YouTube TV’s ‘multiview’ feature is now available on Android phones and tablets

Featured Article

Two Santa Cruz students uncover security bug that could let millions do their laundry for free

CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

1 day ago
Two Santa Cruz students uncover security bug that could let millions do their laundry for free

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…

Harness the TechCrunch Effect: Host a Side Event at Disrupt 2024

Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.

Pitch Deck Teardown: Goodcarbon’s $5.5M seed deck

Slack is making it difficult for its customers if they want the company to stop using its data for model training.

Slack under attack over sneaky AI training policy

A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…

Healthcare company WebTPA discloses breach affecting 2.5 million people

Featured Article

Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.

1 day ago
Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.

Embedded finance is still trendy as accounting automation startup Ember partners with HSBC UK

Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.

Kudos lands $10M for an AI smart wallet that picks the best credit card for purchases

The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.

EU warns Microsoft it could be fined billions over missing GenAI risk info

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo

Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…

Sony Music warns tech companies over ‘unauthorized’ use of its content to train AI

Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.

GrubMarket buys Butter to give its food distribution tech an AI boost

The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.

Bolt founder Ryan Breslow wants to settle an investor lawsuit by returning $37 million worth of shares