Tuesday, June 05, 2018

92 Carphone Warehouse Branch Closures

Dixons Carphone, owners of Carphone Warehouse stores has highlighted people not renewing their handsets as frequently and a declining market for long-term mobile contracts as 2 main reasons for the planned closure of 92 stores.

Profits Hit - Shares Down

The decision to close 92 of its more than 700 Carphone Warehouse stores this year was announced by Dixons Carphone after a warning that the next year’s profits could be down £82 million led to shares in the company falling 20.7%. Share values had already fallen by 30% over the last 12 months,

No Jobs Lost?

The human cost of store closures would ordinarily be those employed in the condemned 92 stores (part of a 42,000 workforce worldwide). In this case, Dixons Carphone has stated that no jobs will be lost because staff will be offered the opportunity to move to larger outlets nearby.

Sales Up

The gloomy prediction disguised the fact that total sales were actually 3% higher in the year to 16 April, while like-for-like sales were up 4%, and the sales were up by 2% for the year as a whole, and by 1% in the fourth quarter. International sales e.g. Nordic countries and Greece outstripped those in the UK.

Even though pre-tax profit is expected to come in at £382m, this is actually dramatically down from the £501m in 2017.

What Happened?

According to reported comments by new boss of only 8 weeks, Alex Baldock, that even though it is acknowledged that performance has not been good, the problems are all "fixable".

Market commentators have noted that a fall in the value of the pound (in the wake of Brexit) has made mobile handsets more expensive. Also, technical innovation has slowed, giving shoppers less reason to update their phones, meaning that they have been hanging onto their current handsets for longer.

SIM Free Popular

Market analysts have noted that there is unlikely to be a boost in the market for long-term mobile contracts any time soon. This is partly because many consumers have been opting for the alternative of SIM free phones in an attempt to keep costs down and get the best deals. Sales of SIM free is one area where Dixons Carphone will need to improve in order to make the most of market trends.

A SIM free phone is sold (unlocked) without any SIM card or network attached, so people buy the phone and then choose a SIM only deal for their calls and data, and can choose whichever network they like. The benefits are the ability to own the handset outright and take out a SIM only deal, thereby reducing the cost of a monthly plan as you are only paying the network for your minutes, texts and data allowance. Also, SIM only can give greater flexibility, with 1-month rolling contracts and 12-month contracts are now being commonplace.

What Does This Mean For Your Business?

Many UK businesses, like Dixons Carphone, will have felt the pressure of consumers reeling in some of their spending in the wake of the fall in the value of the pound after the Brexit vote. Also, as in the case of Dixons Carphone, they’re in a market where so much innovation has been focused on phones and their features in recent years that consumers are going to be reluctant to swap unless the new model offers a new technological jump or can give them features that significantly add value.

High street retailers / well-known bricks-and-mortar retailers have taken a battering in recent times (e.g. store closures at e.g. Carpetright, New Look, Mothercare, Byron, Jamie’s Italian Marks & Spencer, and soon House of Fraser, and Carluccio’s) as consumers move more towards online digital. A recent British Retail Consortium (BRC) report, for example, showed that footfall in retail stores fell by 3.3% in April 2018 compared to last year because of a shift in consumer behaviour towards digital shop visits rather than physical ones.
Many retailers have realised that to fight back they must rebalance investment in physical and digital infrastructure, and change the way stores are used e.g. by adopting technology to engage people, and to make stores more like centres for experiences rather than just places for purchasing goods. This is particularly important for younger consumer groups.

In the case of Dixons Carphone, new boss Baldock hasn’t really elaborated beyond saying that the business had been too inward-looking and distracted. As part of his proposed fixes for the problems, Baldock has said that the group would also now be investing £30m in improving customer service by retraining staff in stores and at its call centres, and that it would try to renegotiate contracts with mobile networks to reflect the slowdown in phone sales i.e. to adapt to market trends. Presumably, the company will also benefit from increased efficiency after closing the 42 stores.

In today’s challenging environment, as well as simply investing, retailers must now try to embrace technology in the right way as an opportunity to deliver more value to customers whether in store, at home or on the move. Retail commentators frequently talk about the importance of the need to create a seamless customer experience between online and offline, and to develop an omni-channel platform. Improving and optimising the current experience that retailers offer customers, and replicating these as effectively as possible across all channels could be the key to staying competitive in the evolving retail business environment.

Alexa Records and Sends Private Conversation

A US woman has complained of feeling “invaded” after a private home conversation was recorded by her Amazon's voice assistant, and then sent it to a random phone contact ... who happened to be her husband's employee.


As first reported by US news outlet KIRO 7, the woman identified only as ‘Danielle’ had a conversation about hardwood flooring in the privacy of her own home in Portland, Oregon. Unknown to her, however, her Amazon's voice assistant Alexa via her Amazon Echo not only recorded a seemingly ‘random’ conversation, but then sent the recording to a random phone contact without being expressly asked to do so.

The woman was only made aware that she had been recorded when she was contacted by her husband’s employee, who lives over 100 miles away in Seattle, who was able to tell her the subject of her recent conversation.

How Could It Have Happened?

Last year Amazon introduced a service whereby Amazon Echo users could sign up to the Alexa Calling and Messaging Service from the Alexa app. This means that all of the contacts saved to your mobile phone are linked to Alexa automatically, and you can call and message them using voice commands via your Echo.

In the case of the woman from Portland, Amazon has reportedly explained the incident as being the result of an "unlikely" string of events which were that:
  • Her Alexa started recording after it registered as hearing its name or another "wake word" (chosen by users).
  • Subsequently, in the following conversation (about hardwood floors), Alexa registered part of the conversation as being a 'send message' request.
  • Alexa would / should have said at that point, out loud, 'To whom?’
  • It is believed that Alexa then interpreted part of the background conversation as a name in the woman’s phone contact list.
  • The selected contact was then sent a message containing the recoding of the private conversation.


The woman requested a refund for her voice assistant device, saying that she felt invaded.
Amazon has reportedly apologised for the incident, has investigated what happened, and has determined that was an extremely rare occurrence. Amazon is, however, reported to be “taking steps” to avoid this from happening in the future.

Not The First Time

Amazon’s intelligent voice assistant has made the news in the past for some unforeseen situations that helped to perpetuate the fears of users that their home devices could have a more sinister dimension and / or could malfunction or be used to invade privacy. For example, back in 2016, US researchers found that they could hide commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed commands directly into recordings of music or spoken text.

Also, although Amazon was cleared by an advertising watchdog, there was the case of the television advert for its Amazon’s Echo Dot smart speaker activating a viewer's device and placing an order for cat food.

What Does This Mean For Your Business?

Although it may have been a series of events resulting in a ‘rare’ occurrence, the fact is that this appears to be a serious matter relating to the privacy of users that is likely to re-ignite many of the fears of home digital assistants being used as listening devices, or could be hacked and used to gather personal information that could be used to commit crime e.g. fraud or burglary.

If the lady in this case was an EU citizen, it is likely that Amazon could have fallen foul of the new GDPR and, therefore, potentially liable to a substantial fine if the ICO thought it right and necessary.

Adding the Alexa Calling and Messaging service to these devices was really just the beginning of Amazon’s plans to add more services until we are using our digital assistants to help with many different and often personal aspects of our lives e.g. from ordering goods and making appointments, to interacting with apps to control the heating in the house, and more. News of this latest incident could, therefore, make some users nervous about taking the next steps to trusting Amazon’s Alexa with more personal details and important aspects of their daily lives.

Amazon may need to be more proactive and overt in explaining how it is addressing the important matters of privacy and security in its digital assistant and devices in order to gain the trust that will enable it to get an even bigger share in the expanding market, and successfully offer a wider range of services via Alexa and Echo devices.

Now You Can Opt-Out Of Having Your Medical Data Shared

The introduction of GDPR on 25th May has brought with it a new national data opt-out service which enables people to use an online tool to opt out of their confidential patient information being used beyond their own individual care for research and planning.


The new ‘Manage Your Choice’ online tool that is a part of the national data opt-out service, follows recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott, and is a replacement for the previous 'type 2' opt-out that was introduced on 29th April 2016. That opt-out service meant that NHS Digital would remove certain patient records from data provided where a patient had requested an opt-out.

About The New National Opt-Out Service

The new service applies to those patients in England who are aged 13 or over, and have an NHS number e.g. from previous treatment. Opting out using the new service will not apply to your health data where you have accessed health or care services outside of England, such as in Scotland and Wales.

The opt-out service covers data-sharing by any organisation providing publicly-funded care in England. This includes private and voluntary organisations, and only children's social care services are not covered.

Using The Online Tool

The online tool for opting-out can be accessed at:
To use the online tool, you will (obviously) need access to the Internet, and access to your email or mobile phone to go through the necessary steps.

What Else Is Your Data Used For?

According to the NHS, as well as being used for patient care purposes, confidential patient information is also used to plan and improve health and care services, and to research and develop cures for serious illnesses. The NHS has stressed that, for much of the time, anonymised data is used for research and planning, so your confidential patient information often isn't needed anyway.

The NHS currently collects health and care data from all NHS organisations, trusts and local authorities. Data is also collected from private organisations e.g. private hospitals providing NHS funded care. Research bodies and organisations can also request access to this data. These bodies and organisations include university researchers, hospital researchers, medical royal colleges, and even pharmaceutical companies researching new treatments.

Past Controversy

The new service is likely to be welcomed after several past data-sharing controversies dented trust in the handling of personal data by the NHS. For example, NHS Digital were criticised after agreeing to share non-clinical information, such as addresses or dates of birth, with the Home Office, and a report highlighted how the Home Office used patient data for immigration enforcement purposes.

Also, there were serious public concerns and an independent panel finding a "lack of clarity" in a data-sharing agreement after it was announced that Royal Free Hospital in London shared the data of 1.6 million people with Google's DeepMind project without the consent of those data subjects.

What Does This Mean For Your Businesses?

The introduction of GDPR has been an awareness raising, shake-up exercise for many businesses and organisations, and has driven the message home that data privacy and security for clients / service users is an important issue. Where our medical data is concerned, however, we regard this as being particularly private and sensitive, and the fact that it could be either shared with third-parties without our consent, or stolen / accessed due to poor privacy / security systems and practices is a source of genuine worry. For example, many people fear that whether shared or stolen, their medical data could be used by private companies to deny them services or to charge more for services e.g. insurance companies. Data breaches and sharing scandals in recent times mean that many people have lost trust in how many companies and organisations handle their everyday personal data, let alone their medical data.

The introduction of this new service is likely to be welcomed by many in England, and it is likely that the opt-out tool will prove popular. For the NHS, however, if too many people choose to opt-out, this could have some detrimental effect on its research and planning.

GDPR will continue to make many companies and organisations focus on which third-parties they share data with, and how these relationships could affect their own compliance.

7-Fold Rise in Mobile Fraud

It seems that as we spend more time using mobile devices, the fraudsters are following us as a new RSA Security report shows a massive rise in mobile fraud over the last 3 years.

Up Nearly 700%!

The latest quarterly report by fraud and risk intelligence experts at RSA Security shows that as the volume of mobile app transactions has risen by 200% since 2015, accordingly the growth rate for fraudulent transactions has increased to a massive 680%.

New Accounts and ‘Burner Phones’

One of the key trends at the heart of the rise in mobile fraud is the apparent rise of the use of fake new accounts and ‘burner / burn phones’ to commit fraud.

A burner / burn phone is a mobile phone handset that is acquired for temporary use, is usually prepaid / without a contract in order to retain the user’s anonymity, and can be discarded if necessary.

Alongside the burner phone, fraudsters are also known to use stolen identities to set up fake ‘money mule’ accounts, purely for the purpose of collecting the cash from their fraudulent activities.

The RSA report shows that new accounts and new devices have been used in this way in 32% of all the fraudulent transactions in the last quarter.

Phishing Still Top

The report shows that phishing is still the top fraudulent activity accounting for 48% of all fraud attacks in Q1 of 2018.

Trojan Malware & Payment Card Compromise

Other popular frauds involve the use of Trojan malware to steal financial credentials. This method was used in one in four fraud attacks in Q1 2018.

Also, using details from compromised cards is still a very common activity among fraudsters, and the RSA researchers who compiled the report claim to have recovered more than 3.1 million unique compromised cards and card details (which included verification numbers) on offer from online sources in Q1.

Mobile App Security

It is believed that poor security in mobile apps is allowing many criminals to hijack mobile applications and siphon off credentials and funds from many unwitting users.

What Does This Mean For Your Business?

These figures show that our increasing use of mobile devices and apps has opened the door to even more channels for fraudsters. There is clearly a responsibility among mobile app developers and those commissioning mobile apps to deliver their services to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used. Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.

As users of mobile devices and apps, we also need to pay attention to our own levels of security. For example, we can take precautions to stop ourselves from falling victim to mobile fraud by using mobile security and antivirus scan apps, only using trusted apps / trusted app sources, uninstalling old apps and turning off connections when not using them, locking our phones when not in use, using 2-factor authentication, and using a VPN rather than just the free Wi-Fi when out and about.

Instant GDPR Complaints For Web Giants

In an almost inevitable turn of events, the social media and tech giants Facebook, Google, Instagram and WhatsApp faced a barrage of accusations that they were not compliant within hours of GDPR being introduced on May 25th.

What’s Wrong?

The complaints, spearheaded by Privacy group noyb.eu led by Max Schrems centred around the idea that the tech and social media giants may be breaking the new data protection and privacy guidelines by forcing users to consent to targeted advertising in order to use their services i.e. by bundling a service with the requirement to consent (Article 7(4) GDPR).

Not Necessary?

It has been reported that the crux of the privacy group’s argument is that, according to GDPR, any data processing that is strictly necessary to use a service is allowed and doesn’t require opting in. If a company then decides to adopt a “take it or leave it approach” by forcing customers to agree to have additional, more wide-reaching data collected, shared and used for targeted advertising, or delete their accounts, the argument is that this goes against GDPR which requires opt-in consent for anything other than any data processing that is strictly necessary for the service.

Austria, Belgium, France and Germany

It is alleged in this case that the four tech giants may be doing just that, and, therefore, could be in breach of the Regulation, and possibly liable to fines if the accusations are upheld after investigation by data protection authorities in Austria, Belgium, France and Germany.

A breakdown of the four complaints over “forced consent” made by noybe.eu shows that in France the complaint has been made to CNIL about Google (Android), in Belgium the complaint has been made to the DPA about Instagram (Facebook), in Germany the complaint has been made to the HmbBfDI about WhatsApp, and in Austria the complaint has been made to DSB about Facebook. Under GDPR, the maximum penalties for this issue could be billions of Euros.

What Does This Mean For Your Business?

Many commentators had predicted that popular tech and social media giants would be among the first organisations to be targeted by complaints upon the introduction of GDPR, and some see these complaints as being the first crucial test of the new law.

GDPR should prohibit companies from forcing customers to accept the bundling of a service with the requirement to consent to giving / sharing more data than is necessary, but it remains to be seen and proven whether these companies are guilty.

As noyb.eu pointed out in their statement, GDPR does not mean that companies can no longer use customer data because GDPR explicitly allows any data processing that is strictly necessary for a service. The complaint, in this case, is that using the data additionally for advertisements or to sell it on, needs the users’ free opt-in consent.

Noybe.eu has also pointed out that, if successfully upheld, their complaints could also mean an end to the kind of annoying and obtrusive pop-ups which are used to claim a person’s consent, but don’t actually lead to valid consent.

Another benefit (if the complaints are upheld) against the tech giants could be that corporations can’t force users to consent, meaning that monopolies should have no advantage over small businesses in this area.

Noybe.eu seem set to keep the pressure on the tech giants, and has stated that its next round of complaints will centre around the alleged illegal use of user data for advertising purposes or "fictitious consent’ e.g. such as when companies recognise "consent" to other types of data processing by solely using their web page.