Using AdWords API to export to third-party ad networks will remain OK as Google keeps terms it adopted in FTC settlement

Though the part of Google’s antitrust settlement with the Federal Trade Commission that had them allow exports of AdWords data through its API expires tomorrow, Matthew Sucherman, Google’s VP and deputy general counsel, announced today that Google will keep the AdWords API terms and conditions as they are currently.

That means Google will continue to allow software that interfaces with its API to export AdWords campaign and ad data, so users will be able to continue mixing that data with other information and integrating it into other ad networks, such as Bing Ads.

“We believe that these policies provide continued flexibility for developers and websites, and we will be continuing our current practices regarding the AdWords API Terms and Conditions and the domain-by-domain opt-out following the expiration of the voluntary commitments,” Sucherman said.

Google explained that this requirement expires tomorrow, December 27, 2017, but they have decided internally to keep the terms and conditions as is.

Additionally, Google will continue to allow websites to keep their crawled content from appearing on Google.com-linked pages for Google Flights, Google Hotels, Google Shopping and in results returned for certain local queries. The provision enables a competing site to allow its pages to be included in web search results while keeping them from appearing on more directly competitive Google offerings — though opting out from the local results would apply globally.

Google wrote:

In 2012, Google made voluntary commitments to the Federal Trade Commission (FTC) that are set to expire on December 27th, 2017. At that time, we agreed to remove certain clauses from our AdWords API Terms and Conditions. We also agreed to provide a mechanism for websites to opt out of the display of their crawled content on certain Google web pages linked to google.com in the United States on a domain-by-domain basis.

We believe that these policies provide continued flexibility for developers and websites, and we will be continuing our current practices regarding the AdWords API Terms and Conditions and the domain-by-domain opt-out following the expiration of the voluntary commitments.

Google facing $1 billion in potential liability with UK class action

In 2012, Google paid $22.5 million to settle an FTC claim that the company “misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking cookies or serve targeted ads to those users . . .” The company bypassed Safari’s cookie-blocking settings, it said, to deliver a “signed-in” user experience.

Google explained that it “used known Safari functionality to provide features that signed-in Google users had enabled,” adding that “advertising cookies do not collect personal information.” Critics took a more skeptical view.

This same conduct is now the subject of a class action lawsuit in the UK. The potential UK class includes 5.4 million people who owned iPhones between June 2011 and February 2012. Google’s hypothetical liability in the matter could exceed $1 billion — considerably higher than the settlement in the US action.

The UK lawsuit is being framed as a privacy case about the “misuse of personal data.” Google says that it believes the suit is meritless and will contest it.

The group pursuing the case is called “Google You Owe Us.” On the group’s website it makes the following statements about the case, called a “representative action” in the UK:

We believe that Google took millions of iPhone users’ personal information illegally in 2011 and 2012. Google did this by bypassing default privacy settings on the iPhone’s Safari browser . . .

We want to ensure that big companies like Google respect our privacy in the future. Our personal information is valuable and it must be used it in a way that is trustworthy and fair.

This case can be seen in the broader context of European privacy complaints against US internet companies. Google and Facebook specifically have been the subject of numerous complaints in different countries.

Europe’s General Data Protection Regulation is coming in May, which will create strict new privacy rules and significant potential liability (millions of euros) for companies that fail to comply or violate its provisions.

CEO who forged court order to get Google to remove defamation faces prison

Note: Since this piece was originally published, we’ve received a statement from the firm Michael Arnstein blames for the reputation attack described. That information has been added to the end of this article. 

Imagine that you own and operate a family business going back three generations. You hired an offshore company to develop your website, but after some years, you sever that contract due to costs and incompetence. And then the nightmare begins.

The offshore company initiates a campaign to try to destroy you by hijacking your website, deploying fraudulent clicks to your ads, defaming your company and making extortion demands.

Your livelihood is under attack! Think the justice system will help? Maybe not. The internet is something like the Wild West in spots, so it’s no wonder some people try to take justice into their own hands.

This story isn’t hypothetical. This really happened, according to the CEO of the Natural Sapphire Company. And now, he is facing jail time after desperately seeking relief from his attackers.

Earlier this year, I reported on how Google apparently suspended acting on most or all defamation removal requests submitted to them. For years now, Google has generally removed defamatory items from search results when presented with a properly executed court order, but it apparently froze that removal process following instances in which people had submitted fraudulently obtained court orders, sometimes involving fake defendants.

Google subsequently resumed granting some court-ordered removal requests after my article, albeit in a much more conservative manner. The company seems to be assessing each request more skeptically, apparently to better verify that the court orders are bona fide and well-founded.

And now there’s news of the CEO of The Natural Sapphire Company, Michael Arnstein, who has pled guilty to forging a judge’s signature on court documents that he submitted to Google, asking them to remove negative reviews about his business from the search results.

Michael Arnstein, CEO of The Natural Sapphire Company, who forged a judge’s signature on court orders to submit to Google for removing negative reviews. (Photo source: The Natural Sapphire Company online marketing materials.)

Synopsis

The Natural Sapphire Company became victimized by a foreign-based development firm that turned rogue on them, according to the company. They had used this offshore development firm to build out a highly competitive jewel sales website, but, according to the e-commerce site’s CEO, it had “fallen into a state of disrepair.”

After deciding to migrate the programming work to US-based developers, the Natural Sapphire Company said it became the target of widespread and effective online attacks. According to company officials, the offshore firm began sabotaging their website, attempting to hijack their web traffic, attacking their online reputation, harassing clients and employees and performing fraudulent clicks on their ads.

The Natural Sapphire Company and its CEO, Michael Arnstein, sought help against the cyberattacks. The FBI initially assisted them, Arnstein said, but this stalled when they could not persuade foreign authorities to bring the suspect(s) to justice.

Eventually, the company says, it gave up and agreed to extortion payments to get relief.

Separately, the company filed a lawsuit and obtained a default judgment citing the URLs where false, damaging statements were published. The Natural Sapphire Company successfully submitted removal requests for these URLs to Google.

But, when they subsequently discovered more URLs with the same or similar content, Google would not act on these without yet more court orders. Between financial losses attributable to the fake reviews posted online and the mounting costs of addressing the cyberattacks, making extortion payments and paying associated legal fees, the company was in dire straits.

According to Arnstein, the company came up with a solution based on bad advice from a well-known online reputation management firm.  He took the original court order that Google had already acted on, amended it to feature the new URLs and submitted more removal requests to Google.

Unfortunately for Arnstein, Google ascertained that these subsequent court orders were false and notified the Justice Department, which then arrested him and charged him with forging a federal judge’s signature. Arnstein is currently awaiting sentencing after pleading guilty to a reduced charge.

The breadth of the attacks upon the Natural Sapphire Company and Michael Arnstein was extraordinary, according to his account, which I’ll detail below. (Note: the account of the alleged attacker has been added to the end of this column.)

However, if you don’t have time to read all this, skip down to the last section, subtitled “Online reputation victims are largely unprotected,” to read my commentary about what happened and why one should be sympathetic to Michael Arnstein.

Details

The story of The Natural Sapphire Company and its CEO, Michael Arnstein, is, in my view, a cautionary tale about the risks of doing business with some offshore developers.

It’s not at all unusual to use offshore developers — I have done so successfully a great many times and have worked with some fantastic people that I would trust with my life, as well as with my sensitive client projects. But The Natural Sapphire Company apparently had the ill fortune to work with some very bad eggs.

Read below to understand the sorts of pressure that Michael Arnstein experienced as a result of an apparent sophisticated, concerted online reputation attack. The story I’ll tell is based largely upon Arnstein’s version of events, which he backs up with other people’s accounts, as well as with emails allegedly exchanged with the perpetrator.

Sequence of the reputation attack on The Natural Sapphire Company

After working with the TransPacific Software Pvt Ltd company and its founder, Prashant Telang, for about five years and paying them roughly $1 million, The Natural Sapphire Company says it attempted to migrate development to US software developers and discontinue their contract.

To their dismay, they soon discovered that TransPacific Software had apparently embedded back doors into the company’s website and systems, which the contractor then allegedly began to use to sabotage the gemstone company in a variety of ways, through deletions of database entries, deletions of product images, changing prices to be sharply discounted and more.

Additionally, TransPacific Software, according to the Natural Sapphire Company, took one of NSC’s domain name aliases (a variation without “the”: naturalsapphirecompany.com), then pointed the domain to a website defaming The Natural Sapphire Company. The harassers also purchased a number of other domain name variations and set up defaming websites on those as well.

According to Arnstein, Prashant Telang and his Mumbai, India-based company also worked to get The Natural Sapphire Company’s email addresses blacklisted so that customers could not properly receive their communications. Using a copy of the company’s customer database that it had apparently kept, Telang allegedly messaged past customers — including their credit card details — telling them that The Natural Sapphire Company was a scam operation that was selling their private financial account information.

Michael Arnstein says he also began receiving taunting email notes from various aliases, informing him that a click-fraud campaign was being conducted upon his Google Pay-Per-Click (PPC) ads. After reviewing, The Natural Sapphire Company says it discovered a click fraud campaign that they estimated cost the company hundreds of dollars a day for a total of at least $115,000.

As a significant advertiser, they reported the notes and concerns to Google’s AdWords team but were informed that Google’s click fraud detection system had adequately filtered out fraudulent clicks already. (The Natural Sapphire Company says it has averaged about $175,000 in annual ad spend at Google for the past 14 years.)

Threatening note from extortionist harasser that attacked The Natural Sapphire Company with fraudulent PPC ad clicks

Meanwhile, Arnstein says, Prashant Telang and the TransPacific Software company submitted hundreds of fake negative reviews and defamatory forum postings on a variety of sites to harm the reputation of The Natural Sapphire Company. This in and of itself would cause the company to lose customers, but the impact was greater because these defamatory sites and reviews were used to paint the company’s eBay and Amazon stores as scam enterprises, resulting in their removal from those platforms.

Now, how might we assess whether the various hostile actions towards The Natural Sapphire Company all originated from Prashant Telang and his TransPacific Software Pvt company? As you can see in the above email note example, various aliases were used to author the various communications and fake reviews.

In my opinion, it’s pretty clear who was behind all the various prongs of the attack. Arnstein contacted the FBI requesting help a number of times, and they eventually helped investigate the situation. A third-party wedding forum website worked with The Natural Sapphire Company to provide technical information about the defamatory reviews being posted, and one of those reviews, according to Arnstein, used an unmasked IP address linked to Prashant Telang’s home or business address in Mumbai.

Based on this, Arnstein says, the FBI set up a tap on one of The Natural Sapphire Company’s phone lines and recorded Prashant Telang admitting to most of the identified hostile actions and defamatory postings, and records him demanding a payment of $150,000 to stop the attacks.

Unfortunately, the FBI was unable to help further because authorities in India refused to extradite or charge Prashant Telang, according to Arnstein’s account.

The Natural Sapphire Company says it hired an attorney in India for a couple of thousand dollars to try to pursue Prashant Telang via the criminal system there. A case was filed against him in an Indian court, and a judge ordered his arrest. However, the cyber crimes authorities in India let Telang go and dropped the charges, claiming the case should be brought in the US. The Natural Sapphire Company’s Indian lawyer recommended that they offer a bribe to the head of the cybercrime division of $10,000.

Eventually, The Natural Sapphire Company hired an attorney in New York to pursue obtaining a summary judgment against Prashant Telang and the TransPacific Software company to get the fake reviews and other materials removed from various websites and from search engine results. This entailed hiring a private investigator in India to track down Telang to serve him with notice of the lawsuit.

The Natural Sapphire Company prevailed in their court case, obtaining a default judgment, since Telang did not respond to the suit. The default judgment court document ordered TransPacific Software company “… to remove all such false reviews, including, but not limited to, the reviews listed below …” and it then goes on to list 54 URLs which include pages from Scam Informer, Pissed Consumer, Ripoff Report, BadBusinessBureau.com (which now redirects to Ripoff Report), CreditCard Forum, Complaints Board, Facebook, Twitter and Google, among others.

By this point, financial pressures were crushing Michael Arnstein and The Natural Sapphire Company. Costs included time lost by staff members attempting to fight the various attacks, legal fees, click fraud losses, revenue declines due to fake negative reviews and extensive costs of rebuilding (likely completely replacing) sabotaged e-commerce systems.

One can only imagine the stress and pressure upon Arnstein as he strove to protect and repair the legacy of his multigeneration family company.

The company finally gave up on bringing Telang to justice and negotiated a “settlement agreement” with Telang involving paying $72,000 spread out over 24 months. The agreement specifies that Telang and TransPacific Software company will not publicly post about NSC, will desist contacting The Natural Sapphire Company’s clients, will relinquish trademarked domains and will reveal methods used to conduct click fraud. Michael Arnstein characterizes this agreement as “extortion,” and, based on the evidence he’s shared, I believe that this would be a very accurate description.

Difficulties getting Google to help

The Natural Sapphire Company at this point was so financially strapped that it could no longer fulfill its financial obligations. The company was overdue on paying some of its attorney fees, its credit rating dropped, and its bank credit lines were canceled. The Arnsteins’ home was also foreclosed upon by the bank, according to the CEO.

Subsequent to submitting the court ordered URLs to Google in a removal request, the company discovered yet more related URLs of fake defamatory content. The company said it could not get Google to respond to inquiries about the original court order, and their court order could not be amended to include the additional URLs without the company spending even more money. The Natural Sapphire Company’s attorney told them that Google likely “ran the clock out” in hopes that they would not submit requests to remove more URLs.

Some of the new URLs were redirecting to the original delisted URLs or were the same content, republished on slightly different URLs from the original court order. This included URLs at PissedConsumer, ComplaintsBoard and Ripoff Report. The Natural Sapphire Company’s attorney kept resubmitting removal requests to Google for around eight months, the company said, with little response back from Google.

By this point, The Natural Sapphire Company was being contacted by a number of reputation management companies, and they were mulling over contracting with Brand.com.

As part of trying to win Arnstein’s business, he says, Brand.com’s “legal services department” informed him that since his court order directed TransPacific Services to “…remove all such false reviews, including, but not limited to…” the listed URLs, the “not limited to” wording allowed the court order to be extended to include additional similar defamatory URLs. They told him that he could simply add the additional URLs to the court order himself for resubmission to Google. Arnstein subsequently agreed to contract for some of their marketing services. (Brand.com is no longer in business.)

Following this conversation, Michael Arnstein directed one of his employees to use Photoshop to make a copy of the original court order and to modify it to add in more of the URLs. Subsequently, he submitted these amended court orders to Google as new URL removal requests.

Michael then modified the document a number of times when new URLs were discovered with defaming material, as well as for URLs that Google did not remove from previous request lists, and he resubmitted takedown requests a number of times.

Meanwhile, Google personnel who reviewed the removal requests noticed that the court orders looked strikingly similar, and they checked back with the court to verify that they were bona fide. When Google discovered that there were no officially amended court orders, they contacted the US Justice Department and alerted them that they had discovered bogus court orders.

In spring of this year, US Marshals arrested Michael Arnstein, and he was charged with forging the signature of a federal judge and conspiracy to forge a judge’s signature.

In a plea arrangement in September, Arnstein pled guilty to one count of conspiracy to forge a federal judge’s signature, and he is awaiting sentencing in the early part of 2018. For his plea deal, the prosecutors are expected to make a recommendation that he go to prison for 12 to 18 months and pay a fine of $55,000.

Online reputation victims are largely unprotected

Unfortunately, I have seen quite a number of online reputation attack cases that are similar to what The Natural Sapphire Company experienced, but on a smaller scale.

Broadly speaking, Michael Arnstein’s problem was twofold. He needed to get an alleged criminal in a foreign jurisdiction to stop harming his company, and he needed companies here in the US to remove damaging false information about his company from the internet. He largely failed at both parts until he paid what he characterizes as a ransom to halt depredations, and he paid a lot of legal fees to get a court order that could be used to get defamatory search results about his company removed from Google.

Arnstein’s story is one of many that reveals a gaping hole in our current legal landscape: Defamatory materials can be published with a high degree of visibility about companies and individuals, yet often, no one is made legally responsible for removing it.

Congress facilitated online reputation attacks and online defamation

This vacuum of legal responsibility for defamation was intentionally created by the US legislature as a subsection of the Communications Decency Act (“CDA”) of 1996, in Section 230, in order to facilitate the growth of internet industry. This section established that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 

For a comparative frame of reference, in the offline world, if someone printed defamatory content in a newspaper or book, the author and publisher might be found legally liable and could be tasked with removing it — but a bookstore or a library, which are considered mere distributors of published materials, likely could not be held liable and would not be required to remove the contents from their shelves.

By enacting Section 230, the legislature essentially made online publishers of third-party-provided materials the equivalent of offline distributors of published materials.

But there is debate as to whether search engines, social media services, forums and online review sites should really be considered equivalent to offline libraries or bookstores.

It’s in this context that Michael Arnstein claims that he was improperly advised by the “legal services department” of Brand.com.

The reputation management company should be held responsible

Even though Brand.com is out of business, one can still see pages from their site via the Internet Archive’s Wayback Machine. Among the products they offered was a “De-Indexing” service. On the description page for De-Indexing, they provided “before” and “after” screen shots of a Google search results page. The “before” screen shot shows a damaging listing from the Complaints Board website, and the “after” shot shows search results without it.

One blurb touted, “Through the proprietary, patent-pending process cultivated by Brand.com, they can help individuals and brands to remove unwanted search listings.” One wonders how a litigation process and request submission to Google could be patentable.

The page went on to offer: “Have your case presented to Google, Yahoo, or Bing by a legal team retained by Brand.com, fully devoted to removing your unwanted listing.” It’s not clear if Brand.com had internal counsel that helped to obtain court orders. More likely, they had partnered with one or more external law firms to provide litigation support. I searched for attorneys on LinkedIn that listed Brand.com as part of their career history and did not find any.

The Justice Department should perhaps open an investigation into the employees at the former Brand.com and see whether there were other clients that were similarly led into shady practices due to the company’s advice.

While it’s completely unacceptable to forge a judge’s signature or a court order, and ignorance of the law is not a valid excuse, acting on bad legal advice should be considered a significant factor toward considering leniency, in my opinion.

Final take: The law needs to change

First, we saw fraudulent lawsuits filed to get Google to take down damaging content, and now a desperate CEO has descended to forging a judge’s signature. It’s clear that the pressure seems to be mounting for reputation victims seeking redress.

Section 230 of the CDA likely needs to be modified in some way to close the hole in our system that allows reputation attack materials to live on indefinitely and prominently associated with people’s names.

While Michael Arnstein committed a criminal act, he’s also a victim of laws that were stacked against him. Congress’s effort to facilitate the growth of internet companies is resulting in a great number of tragic unintended consequences.

UPDATE: After this column was published, we were contacted by Prashant Telang, who pointed us to a statement about the dispute between his company and The Natural Sapphire Company.

When we heard that Michael Arnstein CEO Of The Natural Sapphire company was arrested for forging a Federal Judge’s signature and facing 5 years Jail term we were NOT surprised. But when we learned that his advocate Steven Brounstein blabbering in Trade Magazines like National Jeweler that “Arnstein was “clearly victimised” in the case involving Telang and his company. We were truly agitated. What on earth a case which was settled in 2012 has to do with Arnstein forging Judge’s signature between 2014-2017 to save his SEO and online reputation ???

Prashant Telang, writing on LinkedIn

In the statement, Telang says his company has had nothing to do with NSC since the settlement in 2012 and contends that negative reviews on various sites, “could have been posted by genuine buyers.” Telang admits that his company had legal disputes with NSC but said it related to Arnstein stealing copyrighted software code and attempting to pay off key engineers from the Indian developer.

Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.

Missouri Attorney General initiates Google antitrust investigation

Missouri Attorney General Josh Hawley has reportedly initiated an investigation into whether Google has violated Missouri consumer protection or antitrust laws.

According to a press release, the Missouri Attorney General’s office is looking at data collection, “misappropriation” of third-party content and promotion of “websites owned by Google” to the detriment of third-party competitors:

The business practices in question are Google’s collection, use, and disclosure of information about Google users and their online activities; Google’s alleged misappropriation of online content from the websites of its competitors; and Google’s alleged manipulation of search results to preference websites owned by Google and to demote websites that compete with Google.

Hawley is a Republican and a candidate for US Senate next year. In this political climate, its hard not to see everything through the lens of cynicism and political calculation. But while Hawley may be seeking publicity and populist credibility from the investigation, he’s not the only Attorney General looking at Google and antitrust issues.

In late January 2016, Attorneys General from Utah and Washington, DC, urged the Federal Trade Commission (FTC) to reopen an antitrust investigation against Google on the question of the company unfairly promoting its own content in search results. This is the issue which triggered the record $2.7 billion fine in Europe in June of this year.

Google settled with the FTC in 2013. At the time, the FTC said there was insufficient evidence under the law to support any sort of complaint against the company on the grounds of “search bias.”

Google is currently appealing the European Commission decision. There are two other antitrust cases pending in Europe against Google (focused on AdSense and Google Play), which could equally result in large fines.

US court orders Google not to comply with Canadian court's order delisting search results

A federal court in California has blocked implementation of a Canadian Supreme Court ruling that ordered Google to delist websites associated with a company called Datalink from Google’s global index. The Canadian decision (Google Inc. v. Equustek Solutions) was an example of a court in one country asserting authority over global activity outside its jurisdiction.

Because Google exhausted its appeals in Canada, the company filed an action in the US District Court in Northern California, asserting that the Canadian decision violates US law. The US federal court agreed with Google and issued a preliminary injunction — effectively overruling the Canadian Supreme Court:

Congress recognized that free speech on the internet would be severely restricted if websites were to face tort liability for hosting user-generated content . . . It responded by enacting Section 230 [of the Communications Decency Act], which grants broad immunity to online intermediaries . . .

The Canadian order would eliminate Section 230 immunity for service providers that link to third-party websites. By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 and threatens free speech on the global internet.

Google will likely get a permanent injunction. It can then take that injunction to the Canadian court and seek to modify the latter’s ruling to apply to Google’s Canadian index alone. It’s not clear what would happen if the Canadian court refused to do so.

This issue also exists in France in the context of the “right to be forgotten,” where French privacy regulators want Google to remove content from its global index. Google is now before the highest European court to attempt to limit de-indexing to Europe.

Echo and Home will probably have to tell you they're always listening — in Europe

A number of Google Home Mini devices that were distributed to members of the press had a defect that caused them to record everything being said around them. This discovery renewed privacy concerns surrounding smart speakers as surreptitious listening devices in our homes.

The problem was first discovered by Android Police. Once being notified, Google investigated and fixed the issue:

The Google Home team is aware of an issue impacting a small number of Google Home Mini devices that could cause the touch control mechanism to behave incorrectly. We immediately rolled out a software update on October 7 to mitigate the issue.

Who is affected: People who received an early release Google Home Mini device at recent Made by Google events. Pre-ordered Google Home Mini purchases aren’t affected.

As a general matter, Google Home and Amazon Alexa devices must “listen” to surrounding conversations to capture “wake words” (e.g.,”Alexa,” “OK Google”) that activate them. Some privacy advocates have sounded alarms about this and expressed concern that these devices could be abused by unscrupulous law enforcement or other malevolent state actors (see Orwell’s Telescreen).

In a well-publicized criminal case in Arkansas, local prosecutors sought recordings on an Amazon Echo in a murder investigation. Amazon fought to prevent authorities from getting access to these recordings without a warrant. The defendant in the case ultimately consented to the release of any stored data, so the warrant issue was never formally ruled on by a court.

As Internet of Things devices proliferate, privacy warnings about personal data collection will intensify. It’s very likely that there will be more than 30 million smart speakers in US homes by year-end. Google and Amazon are competitively discounting and aggressively marketing them. Google’s $49 Home Mini was introduced as a low-cost answer to the Amazon Echo Dot, which Amazon just discounted to be $5 cheaper than the Mini.

These devices are also widely available in Europe, which raises the question of how they will be addressed under the forthcoming General Data Protection Regulation (GDPR) taking effect in May 2018. Millions of smart speakers will be installed in European homes by then.

In order to process “personal data,” companies must obtain opt-in consent from users:

Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​ Explicit consent is required only for processing sensitive personal data — in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.

It’s safe to say that these devices will be “processing sensitive personal data” and that explicit consent will be required in every case.

There’s no explicit mention of smart speakers in the GDPR documentation. However, artificial intelligence is addressed to some degree in Article 22 (“Automated individual decision-making, including profiling”), which says:

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her [unless explicit consent is provided].

Most consumer-facing AI technologies, including smart speakers and self-driving cars, will require explicit opt-in consent in Europe. For Echo or Home, it might be as simple as a verbal statement played upon setup, which asks for the owner to OK use of his or her personal data. Alternatively, there might need to be ongoing or periodic disclosures and consent.

There’s currently a lack of clarity about what will be specifically required from smart speaker makers. We’ll likely see some guidance, however, from the EU or NGOs in the next several months. The consumer question will be: how do I feel about a third-party recording device in my home?

Investors anxious about Google traffic acquisition costs, which regulation could further increase

Google’s traffic acquisition costs (TAC) have been climbing. As Google’s ad revenues grow, so does the money it pays to partners and distributors. Investors are particularly sensitive to this issue.

In response to investor questions, Alphabet CFO Ruth Porat explained recently that Google’s increasing traffic costs are partly about mobile and programmatic growth, which have different payment structures and higher TAC. Last year, Google’s ad revenues were $90.3 billion; its TAC was $16.8 billion (other cost of revenues was $18.3 billion).

Alphabet cost of revenues, including TAC

Source: Google 10K filing 2016

As Bloomberg reports, investors worry that increasing TAC will squeeze margins and make Google less profitable. In Alphabet’s 10K filing from 2016, the company said the following about rising TAC:

In this multi-device world, we generate our advertising revenues increasingly from mobile and newer advertising formats, and the margins from the advertising revenues from these sources have generally been lower than those from traditional desktop search. We also expect traffic acquisition costs (TAC) paid to our distribution partners to increase due to changes in device mix between mobile, desktop, and tablet, partner mix, partner agreement terms, and the percentage of queries channeled through paid access points. We expect these trends to continue to put pressure on our overall margins.

Financial analyst Mark Mahaney recently estimated, according to Bloomberg, that each percentage point of TAC growth for Google/Alphabet represents nearly $300 million in decreased profit. In 2016, TAC as a percentage of Google advertising revenues was 21 percent; as of Q2 2017, it was 22 percent.

In the past, however, TAC has been higher as a percentage of overall revenues. In 2010, it was 26 percent of ad revenues, and in 2009, it was 27 percent. Yet Google’s ad revenues are much higher now, and so are the real dollars it pays to partners.

TAC has been increasing partly because of these distribution and rev share payments, which Google makes to Apple and various Android ecosystem partners. It has been estimated they will approach $10 billion by year-end, up from roughly $3.5 billion five years ago.

Another wild card that could impact TAC, according to Bloomberg, is regulation. In its 10K filing late last year, Google said new litigation or regulations, including the elimination of various safe harbors, could impact Google’s performance and increase costs:

The General Data Protection Regulation (GDPR), coming into effect in Europe in May of 2018, creates a range of new compliance obligations and increases financial penalties for noncompliance significantly.Court decisions, such as the “right to be forgotten” ruling issued by the European court, which allows individuals to demand that Google remove search results about them in certain instances, may limit the content we can show to our users and impose significant operational burdens.Various US and international laws restrict the distribution of materials considered harmful to children and impose additional restrictions on the ability of online services to collect information from minors.Data protection laws passed by many states and by certain countries outside the US require notification to users when there is a security breach for personal data, such as California’s Information Practices Act.Data localization laws generally mandate that certain types of data collected in a particular country be stored and/or processed within that country.

According to Reuters, the UK government is considering removing one of Google’s safe harbors. It’s contemplating regulating Google and Facebook as traditional news publishers, with all the associated burdens and potential liabilities. An increasing percentage of the population gets its news from these sources, even though they’re not the generators of the news.

Partly this is a response to a number of traditional publishers and media outlets which are lobbying UK regulators to treat Google and Facebook as they’re treated. That would almost certainly increase Google’s operational and legal costs as well.

CSEs will compete head-on with Google Shopping in EU search results

Ads from Comparison Shopping Engines will start appearing in Google Shopping results on September 27, 2017.

In response to the European Commission’s antitrust ruling — and record $2.7 billion fine — against Google for favoring its own content, the search giant is making some changes to the way it handles Google Shopping results in the EU.

Starting today, Comparison Shopping Engines/Services (CSEs) such as Kelkoo, Shopzilla and Twenga will be able to run product listing ads in Google Shopping results as retailers do so currently.

The EC’s ruling required Google to deliver a solution to provide “equal treatment” to CSEs within 90 days or face further penalties. That deadline has now arrived. The EC doesn’t have a specific approval process, but Google believes the changes it’s making put it in compliance with the order.

How is the auction changing?

The biggest change isn’t in how the results are displayed but in who competes in the auction.

CSE’s will compete in the auction against each other — and against Google Shopping.

As was previously reported, Google Shopping will operate as a separate business unit with a separate team in the EU that will be responsible for its own operating budget. It must operate profitably and will be reviewed regularly by the Commission to ensure the unit is competing on equal terms.

All of the ad slots will be available to all bidders; no ad slots are reserved for either Google Shopping or CSEs.

This brings up several questions about how this will actually play out for merchants now that Google Shopping and the CSEs are in effect bidding on their behalf.

A good percentage of merchants are likely participating in Google Shopping and at least one or more CSE. The visibility in Google Shopping will now depend, not just on the merchant’s own bid and quality metrics, but on how well it performs for Google Shopping and the CSEs for a given query. Google’s bids will have to make sense for it as a marketer, just as they do for CSEs.

How this new bidding dynamic will affect merchants’ own bidding strategies will be interesting to watch.

We have learned that there are controls in place to keep merchants that are running ads through Google Shopping and through participating CSEs from bidding against themselves for a given query.

How are the Shopping ad results changing?

As the example above shows, ads will appear with the name of the service that is serving up the ad — either Google or a CSE.

The ads themselves each link to the product page on the retailer’s site, just as they do now.

Clicking on “By Kelkoo” or “By Google,” for example, takes the user to the product results on the given engine. There is no longer a “Shop for … on Google” link a the top of the shopping results.

What else you need to know about this update

It only affects results in EU countries where Google Shopping is available: Austria, Belgium, Czech Republic, Denmark, Germany, France, Italy, Ireland, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland and the United Kingdom.A handful of CSEs have been testing the new offering and are queued up to start showing ads now. Other CSEs can get started with the service today.CSEs upload their product feeds to Google Merchant Center just as retailers do now.CSE feeds are held to the same data requirements as retailer feeds.

Google is continuing its appeal of the EC ruling. That appeal process could take years.

Alphabet to create separate business unit in Europe to run Google Shopping

According to Bloomberg, Google is going to create a separate business unit to manage shopping content in search results to comply with the European Commission’s recent antitrust decision. This unit will reportedly be required to compete in the auction against shopping competitors.

The unit will apparently use its own budget and revenues to bid in the auction and will only exist in the EU. Shopping search will continue as is in other markets, including the US.

Reuters had earlier reported that Google was going to “display rival shopping comparison sites via an auction.” That approach appeared to be similar to the earlier “rival links” proposal that failed to settle the antitrust dispute before the formal complaint (statement of objections) was filed in 2015.

Google was fined roughly $2.7 billion (€2.4 billion) for abuse of market position in shopping search. The fine was the largest antitrust penalty in EU history. The previous record was $1.3 billion against Intel. As part of the decision, Google is compelled to offer a remedy, even as it appeals that decision. Failure to comply would subject Google to daily financial penalties.

The specifics in the Bloomberg article suggest the new business unit concept is an updated proposal vs. the earlier Reuters report. However, Reuters may have incompletely or inaccurately described the Google proposal.

Here’s what shopping search results in France currently look like:

According to Bloomberg’s report, the new configuration will feature 10 slots that would be made available through the auction. Each result would display the name of the shopping site offering the product and link to those websites.

You can see some potential presentations of Google Shopping results on the s360 blog and below:

Google Shopping results will be branded “by Google,” and those from other sites will be labeled accordingly.

Bloomberg quotes several shopping site competitors who express displeasure with the proposed solution because it involves paid advertising rather than organic traffic. However, the report also says “[EU] regulators have accepted that the panel is for advertising and slots cannot be given away.”

How the Russian search market looks now

As Search Engine Land first reported in October of 2015, Russia’s Federal Antimonopoly Service (FAS) determined that Google violated Russian competition laws by banning phone manufacturers from preinstalling competitors’ apps, and requiring those same phone manufacturers to preinstall selected Google apps on Android in exchange for access to the Google Play Store.

Well, after nearly 20 months of negotiations, a voluntary settlement was reached on April 17 of this year. According to the FAS press release:

Google will no longer demand exclusivity of its applications on Android-based devices in Russia; Google will be obliged not to restrict pre-installation of any competing search engines and applications (including on the default home screen); Google will refrain from stimulating pre-installation of the Google search as the only general search engine[…].

Additionally — and probably more applicable to the present-day international digital marketer — the FAS release also states, “Google will develop an active ‘choice window’ (example below) for the Chrome Browser which at the time of the next update will provide the user with the opportunity to choose their default search engine.” That updated Chrome Browser arrived in August 2017, and the impact on the marketplace is already visible.

Because Russia is home to one of the world’s largest internet audiences, any shift in search market share can have a significant impact on an advertiser’s strategy. Recent years have seen a substantial increase in Western companies advertising in Russia, so let’s take a peek at the current market dynamics.

According to tracking platform Yandex.Radar, Google owns a 56 percent share on Android devices, three percentage points down from the day the “choice window” was introduced. Not coincidentally, Yandex has gained roughly three points since the “choice window” introduction.

Russia is considered by many to be a desktop-first market, but as noted in Greg Sterling’s original article on the topic, Android is the heavy market leader in mobile operating systems. So, the impact of a shift in search share on Android devices affects total search share as well.

Here’s a look at the overall market trends since the August 1 update:

We can see that Yandex had the majority share of 54 percent for the total combined desktop and mobile market prior to the “choice window” introduction, and it has already climbed to 56 percent since the introduction of the “choice window.”

In a country with 100 million internet users, a two-point swing has a significant impact on consumer reach.

The digital ecosystem in Russia is evolving, but smartphone penetration remains considerably less than in more mature markets like the US. Not surprisingly, internet penetration in Russia is strongest in the 12-17 age demographic, and as the younger users age, smartphone penetration is expected to skyrocket.

Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.