All posts in “Entrepreneurship”

Walmart-Amazon Rivalry Turns Into Food Fight

Walmart on Wednesday said it would expand its Online Grocery Delivery service, currently available in six markets, to more than 100 metro areas across the United States. Its plans call for covering more than 40 percent of U.S. households by the end of the year.

Walmart will use more than 800 of its stores to fulfill orders, and it will add thousands of personal shoppers to the more than 18,000 already employed. The shoppers have to undergo a three-week training program on food selection.

Walmart’s Online Grocery Delivery service offers same-day delivery. The minimum order is US$30, and there’s a $9.95 delivery fee. There are no price markups and no subscription requirements.

“With the help of our personal shoppers and third-party delivery services, customers can have quality groceries delivered right to their doorstep,” said Walmart spokesperson Molly Blakeman.

Walmart has been working with third parties such as Uber and Deliv, which it will add to its lineup soon, she told the E-Commerce Times.

Throughout the coming year, Walmart will add another 1,000 stores offering its Online Grocery Pickup service to the 1,200 already offering it.

Worth a Ten-Spot

In some respects, Walmart’s fee structure gives it a competitive edge, said Ray Wang, principal analyst at Constellation Research.

“No markup, reasonable minimum, $10 service charge — more like the Uber Eats business model,” he told the E-Commerce Times. “People are willing to spend the $10 instead of spending 30 to 60 minutes to find everything they want.”

However, Walmart’s $9.95 fee and $30 minimum will face serious challengers.

Its major competition will come “from a few models,” Wang observed. “Target is the big one, but we’ll also see intermediary delivery networks like Instacart and Google Express, grocery chains like Safeway and Aldi, and of course Amazon and Whole Foods.”

Instacart Express, for example, reportedly offers a $5.99 one-hour delivery program for orders of $35 or more from a number of stores and chains. The minimum for a delivery order is $10.

Google Express reportedly charges $10 a month or $95 a year for membership in a program that provides free delivery on eligible orders or charges a $3 small-order fee. Non-members pay $4.99 per delivery. Google Express also delivers from Target and Costco.

Costco has no minimum for delivery, but charges a fee for orders under $35.

Walmart has a better reach than Amazon in terms of brick-and-mortar stores, but it needs to build up its delivery infrastructure, Wang noted. Safeway is the grocery store chain with the most advanced model, and Google Express is the delivery service driving innovations.

Walmart’s Bumpy Road

“Walmart’s move into grocery delivery is a clear sign of the competitiveness in the grocery category, which has seen tremendous growth in the past year,” said Karin Borchert, CEO of 1WorldSync.

It “also showcases [Walmart’s] expanding delivery ambitions as it moves to compete more heavily in e-commerce and sync with the way consumers shop,” she told the E-Commerce Times

However, the path won’t be smooth.

“Quality, freshness and ripeness are factors consumers traditionally have control over when shopping in brick-and-mortar stores, but this is not the case when purchasing groceries online,” Borchert noted. “Walmart will need to find a way to ensure their product information is trusted and accurate … to be successful with this new endeavor.”

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology.
Email Richard.

Google to Weed Out Cryptocurrency Ads

By John P. Mello Jr.
Mar 15, 2018 3:57 PM PT

Google on Wednesday said it will stop serving ads for cryptocurrencies and related content in June.

The ban includes, but is not limited to, initial coin offerings, cryptocurrency exchanges, cryptocurrency wallets and cryptocurrency trading advice.

Google also will bar aggregators and affiliates from serving ads for cryptocurrencies and related content.

Facebook adopted a similar policy earlier this year when it began prohibiting ads for binary options, initial coin offerings and cryptocurrency, on the grounds that they frequently were associated with misleading or deceptive promotional practices.

Following the Google announcement, bitcoin prices dropped 9 percent to a one-month low of US$8,252.39. They dropped 12 percent when Facebook declared its ban.

Not for Retail Investors

Because of the complexity of cryptocurrency products, consumers may need to be protected from themselves, as Google and Facebook appear to be doing, suggested Josh Crandall, CEO of NetPop Research.

“This is a very speculative space and people are being taken advantage of,” he told the E-Commerce Times. “People are jumping into this like it’s gambling, so Google is trying to protect consumers.”

Speculative investments like cryptocurrencies really aren’t suitable for retail investors, said Daniele Bianchi, an assistant professor of finance at the University of Warwick.

“The Google ban will limit the exposure of the cryptocurrency market to retail investors, which do not necessarily have sufficient instruments to judge and evaluate the risk they can be expose investing in cryptocurrencies,” he told the E-Commerce Times.

ICO Confusion

One particularly complex virtual money product is the initial coin offering, or ICO, which is similar to a stock’s initial public offering, or IPO, but in place of shares, an investor gets cryptocurrency tokens.

ICOs recently have come under increased scrutiny from federal regulators, because they believe it’s too easy for investors to get ICOs confused with IPOs.

“People believe they’re getting stock, not a crypto token,” said Carolina Abenante, founder of NYIAX, an advertising exchange.

Some ICOs are packaged in a way that makes them look like an IPO, she told the E-Commerce Times.

Although Google shouldn’t be an arbiter of risk, it should pay attention to potential regulatory trends, Abenante maintained. “At this point in time, they should be restricting themselves, because there’s enough noise in the environment that says there will be restrictions on this.”

Good PR Move

There may be motives other than consumer protection driving Google’s cryptocurrency ad ban.

“Google is looking after and tending to the health of online ads overall,” Netpop’s Crandall said.

“While it could be making money from these speculative cryptocurrency providers, it’s more concerned about the long-term health of the online advertising ecosystem,” he noted.

“It doesn’t want consumers to react in a negative way to all online ads because they were taken advantage of by one for cryptocurrency,” Crandall said.

The ban is a smart public relations move by Google, noted John Carroll, a mass communications professor at Boston University.

“It’s smart to try to get out in front of any fraudulent advertising that might emerge in this category,” he told the E-Commerce Times.

Sliding Reputation

Google also may be reacting to growing suspicions among consumers about big tech companies, Carroll suggested.

“All the controversy swirling around tech companies lately has made the public increasingly skeptical about the effect these companies have had on society,” he said.

Signs of that were evident in a recent reputation poll released by the Harris organization, Carroll noted, which showed Google dropping from No. 8 to No. 28 in the ranking.

“This seems to be a preemptive move to avoid the kind of publicity that could attach to Google and Facebook because of the unpredictability and unreliability of the cryptocurrency market,” he observed.

Minimal Damage

Despite the large declines in cryptocurrency prices following the Google and Facebook announcements, it remains to be seen whether the ad bans will have a lasting impact on the virtual money market.

“I don’t think it’ll hurt the cryptocurrencies,” said Jeffrey Carr, managing director of Reel Holdings.

“They’ll find other ways to get the word out that don’t require paid advertisements, which aren’t necessarily the best way to run a marketing campaign anyway,” he told the E-Commerce Times.

The ban isn’t likely to have much impact on Google either.

“Perhaps Google will lose some ad revenues,” Warwick’s Bianchi said, “but nothing that will affect Google profits or market share in a major way.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

German Court’s Privacy Ruling Against Facebook Will Have Far-Reaching Effects

Facebook has millions of users in the European Union, and a German court recently ruled against the company in a case involving its Privacy Policy. Few ever read privacy policies except judges, who must examine them when challenges arise.

The new EU General Data Protection Regulations, which go into effect on May 25, will make things even more complicated.

If you have any customers who are EU residents, the new GDPR will impact you.

What Happened to Facebook?

The GDPR, an overhaul of the 1995 European Data Protection Directive (Directive 95/46/EC), extends extraterritorial jurisdictions and unambiguously affirms certain decisions asserted by European case law.

However, the language of the GDPR does not mean there are not still outstanding questions. A German court earlier this year ruled that Facebook’s terms of use did not comply with informed consent.

Informed consent is specific under EU rules. Article 4(11) of the GDPR defines consent as

“any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Five criteria must be met to constitute consent:

  • freely given
  • specific
  • informed
  • unambiguous
  • affirmative

Unambiguous consent must include a statement or a clear affirmative action indicating agreement, which is primarily where Facebook ran afoul.

Facebook and many U.S. websites use default privacy settings. The German court found several of those settings were difficult for the user to find and change. By implementing default settings, Facebook had failed to get informed consent.

What Did Facebook Do?

The intent of this article is not to attack Facebook. In fact, Facebook has made several changes to the way it handles privacy protections since the German case was filed. It is meant to be a wake-up call to other companies that may have a similar approach to pushing privacy settings by default and assuming that privacy declarations buried in their terms-of-service will suffice.

“If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given,” states Article 29 of the Data Protection Working Party Guidelines on Consent under Regulation 2016/679.

Said another way, if a party cannot make use of a good or service without accepting terms of service that contain privacy declarations, the consent is not freely given and violates the elements of informed consent. This approach to security is contrary to the way many U.S. companies operate.

U.S. companies commonly include their data handling and protection terms within a long, legalese-heavy terms of service policy. These “click-through” terms, while commonly upheld in U.S. courts, likely would not pass muster in the EU.

“Blanket acceptance of general terms and conditions cannot be seen as a clear affirmative action to consent to the use of personal data,” states Article 29 of the Data Protection Working Party Guidelines on Consent. “The GDPR does not allow controllers to offer pre-ticked boxes or opt-out constructions that require an intervention from the data subject to prevent agreement (for example ‘opt-out boxes’).”

A U.S.-based company may use an alert box full of legalese and an “OK” box, but this is not considered an affirmative action under the EU rules.

Achieving Compliance

So, what must an entity do to comply with the EU rules? This may be the most difficult part of compliance. The Article 29 guidelines propose a methodology that would impact most U.S. businesses:

“The term explicit refers to the way consent is expressed by the data subject. It means that the data subject must give an express statement of consent. An obvious way to make sure consent is explicit would be to expressly confirm consent in a written statement. Where appropriate, the controller could make sure the written statement is signed by the data subject, in order to remove all possible doubt and potential lack of evidence in the future.”

Clearly, requesting a written statement from the data subject is well outside the normal business practices of U.S. companies and likely would be impractical for many online activities.

Online businesses, instead, likely would need to implement a multi-step approach to gaining consent. As an example, a data subject could be asked to fill out a form online, which would generate an email, which in turn would require the data subject to reply with specific text. That would allow the business to show — and maintain a record of — explicit consent.

Of course there would be shortcomings with this approach as well. How long would the consent be valid? How would a company update privacy terms? What if there were multiple components of personal information involved? Would a business need to develop multiple steps for each data value?

As court cases like the Facebook decision evolve and interpret the GDPR, businesses will have to stay nimble and responsive in their data gathering processes and procedures.

Eddie BlockEdward Block has been an ECT News Network columnist since 2017. His focus is on information security and data privacy. Block is a senior attorney at Gardere Wynne Sewell. Before practicing law, he spent 20 years as an information security professional in a variety of roles, from network security management to chief information security officer for the State of Texas. His
blog covers information security and data privacy topics.

Peter VogelPeter Vogel has been an ECT News Network columnist since 2010. His focus is on technology and the law. Vogel is a partner at Gardere Wynne Sewell, and Chair of its Internet, eCommerce & Technology Team. He tries lawsuits and negotiates contracts dealing with IT and the Internet. Before practicing law, he received a master’s in computer science and was a mainframe programmer. His blog covers IT and Internet topics. Email Peter.

Eric LevyEric Levy has been an ECT News Network columnist since 2017. His focus is on compliance, privacy and data security. Levy is a senior attorney at Gardere Wynne Sewell, where he assists clients with HIPAA, FERPA and Gramm-Leach-Bliley compliance, and with responses to data intrusions and breaches.

Healthcare, CRM’s New Vertical

Healthcare might offer the best example of the potential for vertical market or industry-oriented customer relationship management, but most people in CRM may not understand or realize this. Healthcare is, after all, a bit of a stretch from what we do in the enterprise or small and mid-sized business world, but perhaps it shouldn’t be.

In both spheres we see a relatively small number of highly paid and overworked people addressing the needs of a vast number of people — and their data — who need something. The big difference between industry and healthcare is that in industry we deal with products and services, and in healthcare we deal with ideas and services.


Yes. The entire healthcare industry can be reduced — somewhat simplistically, I admit — to disseminating the idea of wellness. This idea is as concrete as a product, if only to an individual. The healthcare model most of us probably grew up with is break-fix, so wellness needs some explaining.

Plan Monitoring

Break-fix is just what it sounds like, and for a long time healthcare has been about getting better. However, over many years we’ve discovered that getting better is very hard to do. It’s expensive, potentially uncomfortable, and it can take a while.

Germs become resistant to antibiotics, and cancer is a tough challenge from any angle. Better to avoid getting sick, if you can, in the first place. That’s the essential point of wellness. No doubt we’d all vote for wellness in 10 out of nine elections, but wellness is not foolproof. It competes with other needs — like “won’t this taste good?” and “I want/need this even if it’s bad for me.”

At the end of the day we all want to be well in the same way that Saint Augustine wanted to be good — just not yet. So, the idea of wellness must be sold and maintained, which is where CRM comes in.

At its core, CRM is a set of applications that address the horizontal needs of most businesses. We all need to market, sell to and service customers, and verticalizing a CRM system to support line-of-business amounts to building-in the proper process rules.

In healthcare too, many processes are oriented to manual compliance. We have systems of record that capture all sorts of treatment data, but for implementing treatment plans we rely on human beings. Patients have to remember to take their meds, go to physical therapy, and generally follow a treatment plan.

Supply Management

A story on the opioid crisis, published last week in The New York Times, shows how the manual parts of following treatment plans can be a weak link. The story deals with a court case in an Ohio federal court, where bright minds have been trying to deal with the crisis.

The strong implication is that we need to get some of the opioids out of the patient side of the distribution channel, but that’s proving to be difficult. Many people get opioids for a variety of pains but fail to take all the pills or misplace them, or they get stolen. Taking some of these pills out of the distribution channel won’t be done easily, because the manual system needs pills sloshing around in it to ensure that when a patient really needs a pill one is available.

If you apply a CRM approach to the problem, you might discover that the distribution channel can shrink with no adverse effects on the patient. Outbound calling tied into a patient CRM database not only can remind people to take their meds but also can manage the inventory in a patient’s possession and deliver a new batch when appropriate, or pick up unused pills when needed.

As luck would have it, Salesforce last week made some announcements that can get us closer to that goal. At the Healthcare Information and Management Systems Society conference in Las Vegas, Salesforce introduced Health Cloud Care Gaps, a solution that enables providers to monitor a patient’s adherence to a care plan. The CRM-based system captures a patient’s data and compares it to the patient’s plan, noting gaps or deficiencies to be followed up.

Using such an approach can speed recovery and reduce the number of re-admissions to hospital caused by not following post-care plans, which can save money. At the same time, Cerner, a major software vendor in the space, announced it was including Salesforce with its HealthIntent platform for population health management.

My Two Bits

In a certain way, the opioid crisis is the outgrowth of over-reliance on a manual system that desperately needs computerization. The healthcare industry is bursting with great ideas for how to help people live longer and healthier lives — but in some cases, it has been slow to adopt information technologies that enable better processes, partly because of issues like cost and security.

A cloud computing approach that leverages CRM’s systems-of-engagement approach is a good fit for some of the things that ail healthcare IT. It is likely that in a short time, approaches like Salesforce’s and Cerner’s will become a standard of care that will advance the idea of wellness. It will cause all organizations to adopt similar solutions or risk not being aligned with best practices. Ending the opioid crisis might be an incidental benefit.

Denis Pombriant is a well-known CRM industry researcher, strategist, writer and speaker. His new book, You Can’t Buy Customer Loyalty, But You Can Earn It, is now available on Amazon. His 2015 book, Solve for the Customer, is also available there.
Email Denis.

Data Storage, Privacy and Metaphysics: SC Weighs Arguments in MS Case

By John K. Higgins
Mar 13, 2018 10:29 AM PT

How far does the long arm of U.S. law enforcement extend when government agencies seek electronically processed information?

The U.S. Supreme Court recently addressed that issue in an intriguing session involving terms that bordered on the metaphysical applied to global electronic connectivity, the law, and the significance of national borders.

The discussion came during last month’s oral arguments in U.S. v. Microsoft, a lawsuit stemming from Microsoft’s refusal to comply with a federal court order compelling it to release information resting at a computer facility outside the U.S. — in this case, Ireland. The U.S. Department of Justice sought the order in connection with its investigation of a criminal narcotics case.

Microsoft essentially claimed that by turning over data held outside the U.S., the company would run the legal risk of violating another country’s privacy laws, even if the content would be useful to U.S. authorities for catching criminals. Microsoft also said it feared a major business risk: the potential loss of huge numbers of customers who no longer would trust it to protect customer privacy.

“If customers around the world believe that the U.S. government has the power to unilaterally reach in to data centers operated by American companies, without reference or notification to their own government, they won’t trust this technology,” argued Microsoft Chief Legal Officer Brad Smith in an online post published just before the Supreme Court session.

The importance of the case to the IT sector was reflected by the submission of amicus curiae briefs in support of Microsoft by major companies such as Google, Cisco and Verizon, as well as several business associations.

Microsoft Challenges Enforcement

The case boils down to a few basic assertions. For Microsoft to prevail, the company must prove that the action sought through the court order necessarily must take place at the Irish facility where privacy laws applicable in that country could come into play. The company simultaneously must prove that the governing U.S. law — the Stored Communications Act — was not intended by Congress to apply outside of the U.S. under a legal concept awkwardly referenced as “extraterritoriality.”

In opposition, the Justice Department has accused Microsoft of peddling a false contention about action required outside of the U.S. The information easily could be obtained with a few computer key strokes from a U.S. site connected electronically to the Irish facility, according to the DoJ.

Even if the court were to buy the foreign site argument, the SCA still would be enforceable abroad, the Justice Department maintained.

Microsoft and advocacy groups such as the Electronic Privacy Information Center (EPIC) have characterized the case as major privacy showdown. However, the actual legal arguments before the Supreme Court deal less with privacy issues than with the enforceability of the SCA.

“The case is simply not about whether the U.S. authorities have probable cause to ask for the contents of this email account,” said Andrew Woods, assistant professor at the University of Kentucky College of Law.

Instead, the case is about which country’s authorities ought to be able to compel that account information,” he told the E-Commerce Times.

With that legal stage set, the Supreme Court justices entered the fray. While it is risky to predict a Supreme Court ruling based on oral arguments, it is notable that the geographic issue figured prominently in the discussions.

Location, Location, Location!

Several justices pursued the DoJ’s assertion that the information required by the court order could be disclosed simply by accessing the Irish facility from a computer in the U.S.

“This is not an international problem here. This is a mirage that Microsoft is seeking to create,” said Michael Dreeben, deputy U.S. solicitor general on behalf of the DoJ during a dialog with Associate Justice Sonia Sotomayor.

Tapping into the storage unit from the U.S. eliminates the involvement of another country and meets the “disclosure” requirement of the law since the activity would occur in the U.S., the DoJ contended.

Chief Justice John Roberts underscored that point, observing that the applicable section of the SCA is titled “Required Disclosure of Customer Communications or Records,” and noting that Congress intentionally inserted the heading.

“It seems to me that the government might have a strong position there that the statute focuses on disclosure. And disclosure takes place in [the state of] Washington, not in Ireland,” Roberts said, referring to Microsoft’s headquarters site.

Associate Justice Samuel Alito verged into the metaphysical: “I guess the point is when we’re talking about this information, which … yes, it physically exists on one or more computers somewhere, but it doesn’t have a presence anyplace in the sense that a physical object has a presence someplace. And the Internet service providers can put it anywhere they want and move it around at will. The whole idea of territoriality is strained.”

Microsoft’s counsel asserted that a physical element was involved.

“I would not agree with that, Justice Alito,” said Joshua Rosenkranz, partner at Orrick, Herrington and Sutcliffe. “First, I disagree with the premise. These emails have a physical presence. They are actually on a hard drive. Are they movable? Yes, but letters are movable as well — and they are under protection of foreign laws, which, by the way, are really quite robust.”

Criminal Procedure Linked to Case

Just to cover all the bases, the justices discussed criminal law procedure surrounding the designation of warrants and subpoenas related to the case. They also addressed the enforceability of the SCA in an international context, touching on the use of agreements among countries.

Microsoft and the DoJ agreed that the SCA was “silent” on international enforcement, with Microsoft asserting that lack of specific authority meant the law could not be invoked for the Ireland location.

The DoJ argued the reverse: that because the act did not specifically prohibit its use abroad, then the department was correct to cite the SCA to get the desired information.

The scope of the court’s eventual decision theoretically could include a broad consideration of the powers of the SCA. However, that is not likely, according to Jennifer Daskal, professor of law at American University Washington College of Law.

“This case is primarily about the rules that govern law enforcement access to data pursuant to a warrant,” she told the E-Commerce Times. “I imagine the Court will stick to that issue, which is big enough on its own, without reaching out to address other parts of the SCA.”

Some justices wondered aloud if recently introduced legislation, designed to protect privacy without seriously frustrating law enforcement on a reciprocal basis between the U.S. and other countries, might be the answer.

Both President Donald Trump and British Prime Minister Theresa May thought the issue significant enough that they discussed the legislation by phone last month.

The DoJ pressed the court for a decision, noting that legislative initiatives frequently are uncertain, and arguing that the court had a responsibility to deal with the issue before it. Ordinarily the court would issue a decision by the end of the relevant term — in this case by June 2018.

The SCA needs some updating due to advances in technology, Daskal said. The pending Senate legislation, titled “Clarifying Lawful Overseas Use of Data,” or CLOUD Act, “recognizes this reality,” she wrote in an online post for the Harvard Law Review.

The act “separates access to data from the question of where the data happens to be held,” Daskal pointed out.

“Fingers crossed that Congress acts quickly, thereby mooting the Supreme Court case,” she added. “If not, the Court should rule in a similar way. It should recognize that location of data should not dictate access, as Justice Alito seemed to argue, while at the same time highlighting the importance of comity if and when such demands for data create a conflict of laws.”

Such a ruling would reduce international discord, Daskal asserted, while establishing “the kind of precedent the United States would and should demand when foreign governments seek U.S.-held data.”

John K. Higgins has been an ECT News Network reporter since 2009. His main areas of focus are U.S. government technology issues such as IT contracting, cybersecurity, privacy, cloud technology, big data and e-commerce regulation. As a freelance journalist and career business writer, he has written for numerous publications, including
The Corps Report and Business Week.
Email John.