A survey by ContractorCalculator has revealed that many private sector companies may be at risk of legal action through misinterpreting the new IR35 tax reforms.

What Is IR35?

The IR35 tax reform legislation, set to be introduced this April, is designed to stop tax avoidance from ‘disguised employment’, which occurs when self-employed contractors set up their own limited company to pay themselves through dividends (which are not subject to National Insurance).  IR35 will essentially mean that, from April 2020, medium-to-larger private sector organisations become responsible for determining whether the non-permanent contractors and freelancers should be taxed in the same way as permanent employees (inside IR35) or as off-payroll workers (outside IR35), based upon the work they do and how it is performed.

Also, the tax liability will transfer from the contractor to the fee-paying party i.e. the recruiter or the company that directly engages the contractor. HMRC hopes that the IR35 reforms will stop contractors from deliberately misclassifying themselves in order to reduce their employment tax liabilities.

The idea for the introduction of the legislation dates back to 1999 with Chancellor Gordon Brown and Chancellor Philip Hammond introduced IR35 for public bodies using contractors from April 2017.

National Insurance

One of the potential problem areas for private sector companies revealed by the ContractorCalculator questionnaire, answered by some 12,000 contractors, is that some may be unlawfully deducting employers’ national insurance contributions (NICs) from their contractors’ pay.  This means that they are effectively imposing double taxation on these contractors.

Given that 42% of contractors said they weren’t aware that such deductions were unlawful, the survey appears to show that although these companies have been acting unlawfully, it is likely to be because they have simply misinterpreted the new tax reforms given the complicated nature of the IR35.

Tribunal Threat

The survey also showed that 58% of survey participants are classified as ‘inside’ IR35 (taxed in the same way as permanent employees) said that they would consider taking their client to an employment tribunal because, if they have to pay the same amount of tax as a permanent employee, they feel that they should receive the same benefits as permanent employees e.g. sick pay and a pension.

Contractor Loses Case

On this subject, there was news this week that an IT contractor who had worked through his limited company Northern Light Solutions for Nationwide for several years and been treated as outside IR35 has lost an appeal to HMRC against a £70,000 tax demand whereby HMRC had argued, successfully, that he should have been categorised as inside IR35.

What Does This Mean For Your Business?

When the IR35 tax reforms were first announced, many business owners thought that the reforms appeared to be very complex and that not enough had been done by the government to raise awareness of the changes and to educate businesses and contractors about the implications and responsibilities.  This survey appears to support this and shows that this lack of knowledge and awareness of IR35 by businesses could be leaving them open to the risk of legal action.  Contactors and the companies that use their services need to learn quickly about the dangers of hiring freelance workers long-term and companies that use freelancers need to conduct correct due diligence in order to ensure that the business relationship they have with them complies with IR35.

To have access to Google’s many features and services, as with other platforms, we need to give some personal information and then sign-in, but have you ever wondered just how much information Google keeps about you and your activities?

Google

This article looks as some of the many different types of personal information that Google stores, and how you can manage the situation, and reduce any potential risks that you may perceive as coming from your personal data being stored by Google.

Your Personal Data

Many of us accept that certain personal information needs to be stored privately with Google, but you may wish to know which information Google categorises as ‘public’.  To check this, login to your Google account, go to ‘Manage Your Google Account’, click on ‘Personal Info’, scroll down to ‘Choose What Others See’ and click on ‘Go to About me’.  Here you’ll be able to see which information is ‘hidden’ e.g. with a padlock icon, or ‘visible’ with an earth icon.  From here you can also click on ‘Privacy Check-up’ link so that you can manage other aspects of what information is stored about you and your Google-based activities.

‘Data and Personalisation’ Section

When you log into your Google account, go to your account page and click on the ‘Data and Personalisation’ link.  At this point, you will be able to see if your ‘Web & App Activity’, ‘Location History’ and ‘YouTube History’ are switched on or off.  If they in the ‘On’ position on tick-box control, then you can assume that Google is tracking and storing plenty of your data relating to these factors.

Web & App Activity

As the name suggests, this relates to your activity on Google sites and apps, and this also includes your location. The stated reason for collecting this information (with your consent, via the toggle control) is to give you “personalised experiences”.  Within the ‘Activity Controls’ section here you should also be able to see tick-box controls for the tracking and storing of your Chrome history and activity from sites, apps and devices that use Google services, and for including any voice and audio recordings.

You can stop Google from tracking this further by turning off the blue toggle switch in the ‘Activity Controls’ section relating to your Web & App Activity which then gives you the option to ‘pause’ this type of tracking.

If you’d like Google to automatically delete this data either every 3 or every 18 months, you can select the gear icon and choose the ‘Automatically Delete’ option and then choose which timeframe. Once this has been done Google will immediately delete current data that’s older than the timeframe specified by you.  Also, you choose to Delete activity by either Last hour, Last day, All time or a custom range.

Location History

By allowing Google to track your location history, Google can record and display information about where you’ve been with your devices, even if you haven’t been using a specific Google service at the time.

The positive aspects of Google storing this information is that you can get personalised maps and recommendations from Google based on places that you’ve visited, and if you click on the ‘Manage Activity’ link in your location history section in Google, it can be interesting to see where you’ve been on holiday and checked in with your location.  Google lists all of what it calls the ‘confirmed’ places you’ve visited (which Google gives you the option to confirm yourself) and the so-called ‘unconfirmed’ places.

The disadvantage of Google storing (and of you reviewing) this kind of information is that if it fell into the hands of criminals or those you would specifically not want to know where you are the data could be a threat damaging e.g. showing a burglar that you’re away from your home on holiday.  You may also feel personally that the information stored about your habits is a little bit too much like ‘big brother’ or borders on an infringement of your privacy.

You can stop Google from tracking this further by turning off the blue toggle switch in the ‘Activity Controls’ section relating to your Location History which then gives you the option to ‘pause’ this type of tracking.

If you’d prefer Google to automatically delete this data either every 3 or every 18 months, you can select the gear icon and choose Automatically delete Location History, then choose which timeframe. Once this has been done Google will immediately delete current data that’s older than the timeframe specified by you. You can go back over these steps and check that the visual location timeline is empty is you really want to be sure that Google has complied with your request.

Your YouTube History

Google tracks your YouTube search and watch history i.e. what videos you’ve searched for, watched and when, and this is used by Google to show videos at the top of the page when you next visit YouTube that you may be interested in based on your History.  There could, however, be several downsides to this e.g. on a shared computer, not wanting others to see which videos you have been watching, or the suggestions may not be things you are actually interested in at that point in time.

As with the other aspects of what Google stores and tracks, it’s a case of following the arrow next to ‘YouTube History’ link in your ‘Data & personalisation’ section of Google and setting your preferences from there.

Your Purchase History

CNBC research in May 2019 highlighted how Googlemail creates a (difficult to delete) page of your purchase history which it was believed was created by tracking your purchase receipt emails, and perhaps details stored in locations other than the inbox.

Google states in its accounts help section that “Your Google Account includes purchases and reservations made using Search, Maps, and your Assistant” (note that there’s now no mention of Googlemail) and according to Google, the feature is included as a way of organising things “to help you get things done”.  Getting things done, for example, means asking your Google Assistant about the shipping status of a purchase, or asking your Google Assistant to show you your flight reservations, or using Google’s search to ask questions like, “Is my flight on time?”

Deleting From Your Purchases Page

In Google’s help section here https://support.google.com/accounts/answer/7673989 and in the subsection ‘delete your purchases and reservations’, Google provides instructions on how to delete them i.e. sign in to your Google account, go to the Purchases page (for which a link is provided),  view your purchase details and select ‘Remove Purchase’, and follow the on-screen deletion instructions.

Downloading Your Data

If you’d like to download the data from the Google ‘products’ you’ve used, Google lets you do this here: https://support.google.com/accounts/answer/3024190?hl=en&ref_topic=7188671

Beware

Even though Google does appear to allow you to manage most aspects of what data is collected about you and your activities when signed in, there have been suggestions, reports and stories published online that may indicate that you could still be tracked by Google when signed-out.  For example, back in August 2018, An Associated Press report accused Google of recording the locations of its users via their mobile devices, even when they had requested not to be tracked by turning their “Location History” off. Also, some have suggested that cookies have been used to help track YouTube activity when you’re signed out, that Google can use information from Wi-Fi and other wireless signals near your phone to keep tracking you, and that there appear to be some contradictions between Google’s statements on certain privacy issues.

Looking Forward

For many of us, we’d like to have control of our personal data (if we had the time to check it all) and are pleased that there are now laws (e.g. GDPR) to help us to do this, but we’re also aware of the value of personal data to legitimate businesses e.g. for personalisation of services, and in marketing communications which have always been valuable in gaining, retaining, and maximising the value of customers.

Clearly, data security and privacy laws perform an important role of protection, and technology giants, as well as other companies and organisations, need to continue abiding by these laws and it is helpful to allow customers easy access to see and to personally manage what information is held about them both privately and publicly.

Security fears about Huawei products being used in the new 5G networks are still being expressed by the Trump administration, while Google has clarified its position on the matter.

What’s So Bad About Huawei?

Back in July 2018,  espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecoms company Huawei (the world’s biggest producer of telecoms equipment) because of the threat that it could be using its phone network equipment to spy for China.  This led to the US, Australia and New Zealand barring Huawei Technologies Ltd. (with Japan more or less joining the ban) as a supplier for fifth-generation networks.

At the time, the Trump administration drew attention to the matter when Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran.

Since then, other countries have joined the ban and other allegations have been made against Huawei e.g. the US Department of Justice (DOJ) charged Huawei with bank fraud and stealing trade secrets back in January 2019.

What About The UK

As for the UK government, it will allow Huawei equipment to be used in the country’s 5G network, but not in core network functions or critical national infrastructure, and not in nuclear and military sites.  This has led to White House chief of staff Mick Mulvaney visiting just last week to help dissuade the UK from using Huawei’s products in phone networks.

Latest Warning From the US

The latest warning about Huawei products from the US has been voiced by Robert Strayer, who is the US deputy assistant secretary for cyber and communications. Mr Strayer, who is on a tour of Europe this week, warned that allowing Huawei to provide key aspects of the 5G network infrastructure could allow China to undermine it and to have access to “sensitive data”.  Mr Strayer piled on the pressure by warning that if the UK adopts Huawei as a 5G technology vendor it could threaten aspects of intelligence sharing between the US and UK.

Google Clarifies

As a US company, tech giant Google has been banned by the Trump administration since May 2019 from working with Huawei which last year led to Google confirming (via blog post) that it wouldn’t be working with Huawei on new device models or providing any Google apps (Gmail, Maps, YouTube, Play Store) for preload or download on Huawei devices.

In the light of more recent allegations and warnings about Huawei, Google has chosen to clarify its position in an article on its support pages (find it here https://support.google.com/android/thread/29434011?hl=en).  The article states that “To protect user data privacy, security, and safeguard the overall experience, the Google Play Store, Google Play Protect, and Google’s core apps (including Gmail, YouTube, Maps, and others) are only available on Play Protect certified devices”.

Google says in the article that sideloaded Google apps will not work reliably on Huawei devices.  Sideloaded apps are those which haven’t been through a certification process to appear in the Store and to run on a Windows device.  The fear is that sideloading apps could mean that apps could be installed which appear to be genuine and normal, but which may have been altered or tampered with in ways that could compromise user security.

What Does This Mean For Your Business?

The Trump administration in the US is keeping the pressure on as regards discouraging countries with which it has security and defence connections, and leverage as an ally or friend with to avoid installing Huawei products in networks, particularly in critical parts.  Clearly, a Republican administration (and in this case, and apparently inward-looking one championing US companies) in a country which has traditionally seen communist China as a threat is likely to be at least suspicious of Huawei products.  It is of course, unknown exactly what evidence exists to support the idea, and it should also be remembered that it is not long since President Trump launched a trade war with China, and may also be additionally conscious of spying issues from foreign powers after the allegations of Russian influence possibly influencing his own election as president.

For US, European, and other trusted tech network product companies from elsewhere, less for Huawei could mean more for them, and the rub-off bad publicity for Huawei also seems to have negatively affected Huawei’s sales of phone handsets, which has meant that US, Japanese and other phone suppliers have picked up more phone business.

In the run-up to next US presidential election, and with UK looking for trade deals outside the EU, it is likely that the US will continue to try and bring the UK and other countries round to its way of thinking about Huawei.

A journalist has reported on Twitter that WhatsApp groups may not be as secure as users think because the “Invite to Group via Link” feature allows groups to be indexed by Google, thereby making them available across the Internet.

Links Visible

Chats conducted on the end-to-end encrypted WhatsApp can be joined by people who are given an invite URL link but until now it has not been thought that invite links could be indexed by Google (and other search engines) and found in simple searches. However, it appears that group links that have been shared outside of the secure, private messaging app could be found (and joined).

Exposed

The consequences of these 45,000+ invite links being found in searches is that they can be joined and details like the names and phone numbers of the participants can be accessed.  Targeted searches can reveal links to groups based around a number of sensitive subjects.

Links

Even though WhatsApp group admins can invalidate existing links, WhatsApp generates a new link meaning that the original link isn’t totally disabled.

Only Share Links With Trusted Contacts

Users of WhatsApp are warned to share the link only with trusted contacts, and the links that were shown in Google searches appeared because the URLs were publicly listed i.e. shared outside of the app.

Changed

Although Google already offers tools for sites to block content from being listed in search results, since the discovery (and subsequently publicity) of the WhatsApp Invite links being indexed, some commentators have reported that this no longer happens in Google.  It has also been reported, however, that publicly posted WhatsApp Invite links can still be found using other popular search engines.

Recent Security Incident

One other high profile incident reported recently, which may cause some users to question the level of security of WhatsApp was the story about Amazon CEO Jeff Bezo’s phone allegedly being hacked by unknown parties thought to be acting for Saudi Arabia after a mysterious video was sent to Mr Bezo’s phone.

Also, last May there were reports of an attack on WhatsApp which was thought to be a ‘zero-day’ exploit that was used to load spyware onto the victim’s phone.  Once the victim’s WhatsApp had been hijacked and the spyware loaded onto the phone, for example, access may have been given to encrypted chats, photos, contacts and other information.  That kind of attack may also have allowed eavesdropping on calls and turning on the microphone and camera, as well as enabling attackers to alter the call logs and hide the method of infection.  At the time, it was reported that the attack may have originated from a private Israeli company, The NSO Group.

What Does This Mean For Your Business?

In this case, although it’s alarming that the details of many group members may have been exposed, it is likely to be because links for those groups were posted publicly and not shared privately with trusted members as the app recommends.  That said, it’s of little comfort for those who believed that their WhatsApp group membership and personal details are always totally private.  It’s good news, therefore, that Google appears to have taken some action to prevent it from happening in future. Hopefully, other search engines will now do the same.

WhatsApp has end-to-end encryption, which should mean that it is secure, and considering that it has at least 1.5 billion users worldwide, surprisingly few stories have emerged that have brought the general security of the app into question.

ABC News in Australia has reported how a Melbourne dentist has convinced a Federal Court Judge to order tech giant Google to produce identifying information about a person who posted a damaging negative review about the dentist on Google’s platform.

What Happened?

The dentist, Dr Matthew Kabbabe, alleges that a reviewer’s comment posted on Google approximately three months ago advised others to “stay away” from his practice and that it damaged his teeth-whitening business and had a knock-on negative impact on his life.

Even though Google provides a platform to allow reviews to be posted in order to benefit businesses (if reviews are good), perhaps encourage and guide businesses to give good service, and to help Google users to decide whether to use a service, the comment was the only bad one on a page of five-star reviews. In addition to the possibly defamatory nature of the comment, Dr Kabbabe’s objection to the anonymity that Google offers comment posters, and that it could, as such be, something posted by a competitor or disgruntled ex-employee to damage his (or any other business) drove him to take the matter to the Federal Court after, it has been reported, his requests to Google to take the comment down were unsuccessful.

Landmark Ruling

Not only did Federal Court Judge Justice Bernard Murphy request that Google divulge identifying information about the comment poster, listed only a “CBsm 23″ (name, phone number, IP addresses, location metadata), but also the tech giant has been ordered to provide any other Google accounts (name and email addresses)  which are from the same IP address during the period of time in question.

Can Reply

Reviews posted on Google can be replied to by businesses as long as the replies comply with Google’s guidelines.

Dealing with some apparently unfair customer comments online is becoming more common for many businesses.  For example, hotels and restaurants have long struggled with how to respond to potentially damaging criticism left by customers on TripAdvisor. Recently, the owner of the Oriel Daniel Tearoom in Llangefni, Anglesey made the news when they responded to negative comments with brutal responses and threats of lifetime bans.

What Does This Mean For Your Business?

For the most part, potential customers are likely to be able to take a balanced view of comments that they read when finding out more about a business, but the fact that a Federal judge ruled in favour of not allowing those who have posted potentially damaging comments to hide behind online anonymity means that there may well be an argument for platforms to amend rules to try to redress the balance more in the favour of businesses.  It does seem unfair that, as in the case of the dentist, where the overwhelming majority of comments have been good, an individual, who may be a competitor or person with an axe to grind is allowed to anonymously and publicly publish damaging comments, whether justified or not, for a global audience to see and with no need to prove their allegations – something that would be subject to legal scrutiny in the offline world.  It will be interesting to see Google’s response to this ground-breaking ruling.