Wednesday, December 18, 2024

The CMA Wants Updated Privacy Sandbox Commitments From Google By Next Month | AdExchanger

Must read

Somewhere between 5 billion and 7 billion years from now, the Earth will crash into the sun, our planet will vaporize, and humanity will cease to exist, save for the super-rich and their chattel living in terraformed space colonies.

But until that day, Google and the UK’s Competition and Markets Authority (CMA) will continue their colloquy on Chrome, competition and cookies.

On Monday, the CMA published its most recent quarterly report on Google’s implementation of the Chrome Privacy Sandbox.

The report, which covers Q2 and Q3, was originally slated to come out at the end of July. But it was postponed after Google’s surprise announcement that it plans to introduce a user choice mechanism in Chrome instead of deprecating third-party cookies.

The CMA spent the rest of the summer and early autumn collecting feedback from world-weary ad tech companies and other market participants about the potential competition implications of Google’s revised approach.

And this is the TL;DR: The CMA is mostly satisfied that Google is adhering to its previous commitment not to design or implement new Privacy Sandbox tools in a way that advantages its own advertising business.

But it has competition concerns about the proposed choice mechanism in Chrome and it wants Google to update its Sandbox commitments before making any further moves.

‘Competition concerns remain’

Google is hammering out its new Chrome Privacy Sandbox commitments with the CMA now with an eye on releasing them for public comment by Q4.

But what exactly is the CMA worried about if third-party cookies aren’t being removed from Chrome anymore?

Keeping cookies doesn’t automatically erase competition issues.


Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

According to the report, ad tech and publisher groups “were almost unanimously of the opinion that competition concerns remain.”

For example, yes, replacing third-party cookie deprecation with a user choice experience “is likely to change the scale of the impact on the ad tech ecosystem,” because some users will allow cookies and the Privacy Sandbox won’t be the only show in town.

But, as the CMA puts it, “for the proportion of traffic where third-party cookies are unavailable, the Privacy Sandbox tools will remain important for the ad tech ecosystem to target and measure advertising.”

Unresolved issues

Which is why pretty much every industry stakeholder that submitted feedback believes the CMA should continue to oversee the Chrome Privacy Sandbox.

Not least because there are also unresolved issues that predate Google’s about-face on third-party cookie deprecation.

Take the Topics API, which is the Sandbox proposal for privacy-safe interest-based targeting. Ad industry folks are concerned that Google will be less reliant on Topics than other market participants “given its access to first-party data.”

As part of its existing commitments, Google already agreed to certain restrictions on its use of first-party data, including not using first-party data from Chrome or Android to track users after the removal of third-party cookies.

But the CMA still appears to have reservations about whether this does enough to curb Google’s potential advantage.

In the CMA’s words: “We are continuing to discuss this issue with Google.”

In Google’s words, shared with AdExchanger in the form of a statement: “We believe our approach supports healthy competition across the industry while improving user privacy. This approach, which lets people make an informed choice that applies across their web browsing, is still being discussed with regulators and we will share more details at the appropriate time.”

The tricky dance

Meanwhile, competition regulators aren’t the only ones monitoring goings-on in the Privacy Sandbox.

The Information Commissioner’s Office (ICO), which is the UK’s data protection authority, is collaborating with the CMA to audit the Sandbox, including to consider any privacy and design issues related to the new cookie choice mechanisms in Chrome.

For its part, the ICO was far from enthused by Google’s decision not to deprecate cookies. After Google’s announcement to that effect over the summer, Stephen Bonner, the ICO’s deputy commissioner, said the ICO was “disappointed that Google has changed its plans” and “that blocking third-party cookies would be a positive step for consumers.”

The CMA and ICO do a tricky dance. What might be considered good for privacy purposes – getting rid of third-party cookies – has the potential to create competition problems, and vice versa.

Going forward, the CMA will continue consulting and dancing its tricky dance with the ICO, but the ICO retains the right to take its own independent regulatory action “against all parties where non-compliance is identified, including by Google and organizations that use the Privacy Sandbox tools.”

Next up: Stay tuned for Google’s updated commitments to the CMA before the end of the year, as well as to a hopeful final resolution to the cookie question while the human race still wanders this dusty planet, amen.

Updated at 1:20 p.m. with the comment from Google.

Latest article