UK regulators accept Google's Privacy Sandbox promises
ICO and CMA say they will oversee cookie-free adtech product
British competition regulators have accepted promises by Google that its cookie-killing Privacy Sandbox project won't shut other adtech companies out of the market.
In a statement this morning the Competition and Markets Authority (CMA) said it had intervened "over concerns that the proposals would cause online advertising spending to become even more concentrated on Google, weakening competition and so harming consumers."
Google has promised to send data about its Privacy Sandbox cookie replacement project to the CMA at regular intervals, also allowing the regulator to inspect key APIs for the service. It has also promised to give the CMA two months' notice before pulling the plug on cookies.
"We will design, develop and implement Privacy Sandbox with regulatory oversight and input from the CMA and the ICO," said Google's William Malcolm and Oliver Bethell in a blog post coordinated with the CMA statement today.
The move updates previous commitments made in November by Google under very similar circumstances.
Privacy Sandbox is supposed to replace user-tracking cookies in Google products and services by late next year. Rivals to Google are worried that these plans will leave them in the dark, therefore having to buy even more data from Google to regain the status quo.
The CMA said today that Google's pledges include restricting data-sharing within itself "to ensure that it doesn't gain an advantage over competitors when third-party cookies are removed; and commitments to not self-preference its advertising services."
- Google updates timeline for unpopular Privacy Sandbox, which will kill third-party cookies in Chrome by 2023
- Privacy proves elusive in Google's Privacy Sandbox
- Google's Privacy Budget doesn't add up, says Mozilla CTO - amazingly enough
- Google Chrome 97 relaxes privacy protection just a little to help out Microsoft
The former may provoke a hollow laugh from privacy campaigners. Last year we reported that a Microsoft software engineer spotted a flaw in Google's plans allowing a crafty person to identify and track individual web users across different websites. If implemented, that flaw would break the very privacy-protecting purpose of Google's First Locally Executed Decision over Groups (FLEDGE) remarketing product.
Similar plans from Google aimed at its dominant Chrome browser have drawn fire from rivals. Mozilla, maker of the only widely used browser engine that isn't based on Chromium, said last year that Google's proposed Privacy Budget feature itself risked creating a new user-tracking mechanism.
Lest anyone get the idea that Microsoft has become a crusader for consumer privacy, Redmond is just as bad as the rest of them, as the inclusion of a Microsoft-backed "high entropy fingerprinting surface" in a January Chrome release showed.
While today's announcement shows British regulators flexing their muscles at Google has worked for now, questions remain over whether Privacy Sandbox will truly reduce the amount of data collected by advertising companies. Privacy advocates will be hoping the CMA and ICO will keep Google honest. ®