We intend to use and leverage open source technology in which may create risks of security weaknesses.
Some parts of our technology may be based on open-source technology. There is a risk that the development team or other third parties may intentionally or unintentionally introduce weaknesses or bugs into the core infrastructure elements of our technology solutions interfering with the use of such technology or causing loss to us.
We may not be able to develop new products or enhance our product to keep pace with our industry’s rapidly changing technology and customer requirements.
The industry in which we operate is characterized by rapid technological changes, new product introductions, enhancements, and evolving industry standards. Our business prospects depend on our ability to develop new products and applications for our technology in new markets that develop as a result of technological and scientific advances, while improving performance and cost-effectiveness. New technologies, techniques or products could emerge that might offer better combinations of price and performance than the blockchain technology solutions that are being developed by us. It is important that we anticipate changes in technology and market demand. If we do not successfully innovate and introduce new technology into our anticipated technology solutions or effectively manage the transitions of our technology to new product offerings, our business, financial condition and results of operations could be harmed.
Domestic and foreign government regulation and enforcement of data practices and data tracking technologies is expansive, broadly defined and rapidly evolving. Such regulation could directly restrict portions of our business or indirectly affect our business by constraining our customers’ use of our technology and services or limiting the growth of our markets.
Federal, state, municipal and/or foreign governments and agencies have adopted and could in the future adopt, modify, apply or enforce laws, policies, and regulations covering user privacy, data security, technologies that are used to collect, store and/or process data, and/or the collection, use, processing, transfer, storage and/or disclosure of data associated with individuals. The categories of data regulated under these laws vary widely, are often broadly defined, and subject to new applications or interpretation by regulators. The uncertainty and inconsistency among these laws, coupled with a lack of guidance as to how these laws will be applied to current and emerging indoor positioning analytics technologies, creates a risk that regulators, lawmakers or other third parties, such as potential plaintiffs, may assert claims, pursue investigations or audits, or engage in civil or criminal enforcement. These actions could limit the market for our services and technologies or impose burdensome requirements on our services and/or customers’ use of our services, thereby rendering our business unprofitable.
Some features of our services may trigger the data protection requirements of certain foreign jurisdictions, such as the EU General Data Protection Regulation (the “GDPR”), and the EU ePrivacy Directive. In addition, our services may be subject to regulation under current or future laws or regulations. For instance, the EU ePrivacy Directive is soon to be replaced in its entirety by the ePrivacy Regulation, which will bring with it an updated set of rules relevant to many aspects of our business. If our treatment of data, privacy practices or data security measures fail to comply with these current or future laws and regulations in any of the jurisdictions in which we collect and/or process information, we may be subject to litigation, regulatory investigations, civil or criminal enforcement, financial penalties, audits or other liabilities in such jurisdictions, or our customers may terminate their relationships with us. In addition, data protection laws, such as the GDPR, foreign court judgments or regulatory actions could affect our ability to transfer, process and/or receive transnational data that is critical to our operations, including data relating to users, customers, or partners outside the United States. For instance, the GDPR restricts transfers of personal data outside of the European Economic Area, including to the United States, subject to certain requirements. Such data protection laws, judgments or actions could affect the manner in which we provide our services or adversely affect our financial results if foreign customers and partners are not able to lawfully transfer data to us.
This area of the law is currently under intense government scrutiny and many governments, including the U.S. government, are considering a variety of proposed regulations that would restrict or impact the conditions under which data obtained from individuals could be collected, processed, stored, transferred, sold or shared with third parties. In addition, regulators such as the Federal Trade Commission and the California Attorney General are continually proposing new regulations and interpreting and applying existing regulations in new ways. For example, in June 2018, California passed the California Consumer Privacy Act (the “CCPA”), which provides new data privacy rights for consumers and new informational, disclosure and operational requirements for companies, effective January 2020. Fines for non-compliance may be up to $7,500 per violation. The burdens imposed by the GDPR and CCPA, and changes to existing laws or new laws regulating the solicitation, collection, processing, or sharing of personal and consumer information, and consumer protection could affect our customers’ utilization of our services and technology and could potentially reduce demand, or impose restrictions that make it more difficult or expensive for us to provide our services.