SenseTime Postponed IPO; Big Tech to be Responsible for Ads

In this weekly segment, ExchangeWire sums up key industry updates in media, marketing, and commerce from around the globe. In this edition: SenseTime have postponed their IPO; UK lawmakers want big tech to be accountable for ads on their platform; a previously undetected vulnerability in the open-source software, Log4j, has left companies exposed; and OpenX have been fined for "unintentional error".

 

SenseTime forced to postpone IPO

Chinese AI startup, SenseTime Group, have postponed their initial public offering (IPO) after being added to a US blocklist, labelling the firm as a “non-SDN Chinese military-industrial complex company”. SenseTime were added to a US blocklist due to fears that they have developed facial recognition to determine a users’ ethnicity, specifically focussing on identifying ethnic Uyghurs. The platform have denied these claims and reassured that they have “complied with the applicable laws and regulations”. The Hong Kong-based company addressed the announcement on Saturday (12 December), commenting that they “strongly oppose” the allegations and “regret to have been caught in the middle of geopolitical tension.” They remain committed to accomplishing their USD$767m (£579) IPO, which is expected to be the biggest listing in Hong Kong in months, aiming to publish a supplemental prospectus and an updated listing timetable.

According to their regulatory filings, SenseTime were intending to sell around 1.5 billion shares, priced between HK$3.85 (£0.37) and HK$3.99 (£0.39). They had hoped to set the listing price last Friday (10 December), but instead were liaising with their lawyers and the Hong Kong Stock Exchange about the future of the deal. It has been suggested that the platform hopes to complete the IPO in the near future to avoid having to refile the IPO after 9th January.

 

UK lawmakers declare that big tech should be responsible for ads

A cross-party group of British lawmakers have declared that online services, such as Google and Facebook, should be held legally responsible for advertisements on their platforms in an attempt to rein in online fraud. The new draft legislation aims to “finally” make internet service providers accountable for what is featured on their site, and to do this The Committee have agreed that they need to clarify what is considered illegal online. Child abuse, fraud, racist abuse, self-harm promotions, and violence against women (to which there was previously little enforceable sanction) will also be included in these new rules.

The Joint Committee urge that “major changes” need to be made to the Online Safety Bill, a legislation that aims to make the internet a safer space for consumers, as “big tech has gotten away with being the land of the lawless.” Damian Collins MP, Chair of the Joint Committee on the draft Online Safety Bill, has voiced that “The Committee has set out recommendations to bring more offences clearly within the scope of the Online Safety Bill, give Ofcom the power in law to set minimum safety standards for the services they will regulate, and to take enforcement action against companies if they don’t comply.” It is believed that tech giants have failed their chance to self-regulate, after MPs heard from a long list of online victims including Rio Ferdinand, and strongly demand that they must obey the upcoming decisions. The regulations will be put to Parliament for approval in 2022.

Clamping down on the “Wild West online” is an action that has seen considerable inclination in recent months. At the end of November, Facebook, now Meta, were ordered to sell Giphy by the UK Competition and Markets Authority (CMA), marking this significant ruling as the first time the CMA have unwound a completed acquisition. Concerns that the pairing could harm competition is what pushed the UK regulators to act against the USD$400m (£302m) deal. A release issued by the CMA reads, "The CMA found that Giphy’s advertising services had the potential to compete with Facebook’s own display advertising services.”

 

Vulnerability in Log4j has left professionals flustered

There have been over 1.2 million online attacks on companies since last Friday, according to researchers, due to a previously undetected vulnerability in the open-source software, Log4j. Hackers, including Chinese state-backed groups, have taken advantage of the flaw in code developed by non-profit Apache Software Foundation, named Log4shell, stealing data and installing cryptominers on exposed systems running Java, reports from Microsoft conclude. The vulnerability, which has reportedly been exploited by hackers since the start of the month, has been described in a phone briefing by Cybersecurity and Infrastructure Security Agency Director Jen Easterly as being “one of the most serious...if not the most serious.” Tech giants, including Amazon Web Services and Google Cloud, have found some of their services to be vulnerable.

Nicholas Sciberras, head of engineering at vulnerability scanner Acunetix has informed that through Log4shell, hackers have “almost unlimited power” to access sensitive information. Although this vulnerability was exploited earlier this month, it has been revealed that it has unknowingly existed since 2013, due to a faulty code. 

According to research conducted by Identity Theft Resource Center (ITRC), 2021 has hit a record breaking number of data breaches, with 1,291 breaches in 2021 (so far), compared to 1,108 breaches in 2020. Reports have, however, disclosed that 2021 has claimed far fewer victims of these breaches, with 2018 topping that list.

 

 

OpenX fined USD$2m (£1.5m) after illegally collecting child data

Programmatic advertising platform, OpenX, have agreed to pay a USD$2m (£1.5m) fine after collecting personal information on children under the age of 13. The move violates the Children’s Online Privacy Protection Act Rule (COPPA) which requires websites, apps, and online services that knowingly collect personal data to obtain parental consent beforehand for children under 13.

The FTC found that OpenX knowingly reviewed hundreds of child-directed apps, categorising the intended audience as “for toddlers”, “for kids”, or “preschool learning”, but failed to flag the data as child-directed. Subsequently, the personal information collected  in their ad exchange was passed onto third-parties who used it for ad targeting purposes. The government body also alleged that the ad platform breached the FTC Act by falsely claiming they did not collect geolocation data from non-consensual users.

Samuel Levine, director of the FTC’s Bureau of Consumer Protection, has commented, “OpenX secretly collected location data and opened the door to privacy violations on a massive scale, including against children.” He adds, “digital advertising gatekeepers may operate behind the scenes, but they are not above the law.”

In addition to the sanction, OpenX have been ordered to delete all ad request data they have collected and enforce a privacy policy program. The FTC have requested for periodical reviews to be carried out by the tech firm, to ensure additional child-directed apps are banned from their exchange, which OpenX have agreed to: "we will continue to follow strict criteria of both qualitative and quantitative attributes." In a statement issued by OpenX, the violation was described as a "mistake", underlining that "in this situation, an unintentional error was made." In addition to outlining the importance of resolving and progressing from this issue, the programmatic ad tech platform are putting their efforts into making sure the ecosystem is a "safe and ethical one for consumers, publishers, and advertisers alike."

 

Also in the news:

- Simon Halstead on Criteo’s Acquisition, Global Advertising, and Zero-Party Data

- Predictions 2022: SPO - Bolstering Transparency

- The Future of Programmatic will be Curated