This article is more than 1 year old

Google's first report on Privacy Sandbox hits UK watchdog's inbox

No 'reportable concerns' yet plenty of concerned feedback

As Google's self-imposed "late 2023" deadline to kill all third party cookies in its Chrome browser looms, the giant has handed in its first quarterly Privacy Sandbox report to the UK's competition regulator.

As a reminder, the Competition Market's Authority (CMA) took exception to Google's Privacy Sandbox cookie cull amid worries on several fronts that the project might shut out competing ad companies in favor of the search giant.

Against a backdrop of added scrutiny from lawmakers and regulators in the US, Europe, and the UK at a time when Google faces broad antitrust scrutiny and litigation, the search giant made a number of commitments to the UK's CMA, one of which was a regular report on progress with its Privacy Sandbox proposals.

The first quarterly report covering February 11 to May 16 was published this week, and says ING Bank, the Monitoring Trustee, "has not identified any reportable concerns to the CMA."

Google's compliance commitments relate to its use of data, discrimination, and circumvention.

The report, a 20-page PDF, details how Google is taking account of third-party observations, provides timing updates, and summarizes interactions between the CMA and Google.

The timeline for Q1 2022 includes the addition of the Topics API. As for observations, discussions between the Chrome team and interested parties included questions around API availability for testing and traffic levels.

The testing theme continued into a section headed "Google's Interactions with the CMA". In this the CMA noted stakeholder concerns and a potential lack of understanding regarding functional testing of APIs and a suggestion that Google's Ads business might: "benefit from internal testing on the impact of the Privacy Sandbox tools before these are announced to the market."

Google's Ben Galbraith fields an awkward question at the Chrome Dev Summit

Awkward. At Chrome summit, developer asks: Why should anyone trust Google?


There are plenty of concerns raised from third parties in the doc, including at least five from stakeholders around First Party Sets (FPS), a proposal where multiple domains owned by the same entity – eg,, and – would be grouped into sets which "allow related domain names to declare themselves as the same first-party."

These included worries over a common privacy policy requirement and concerns that the Independent Enforcement Entity (IEE) was "likely to receive a large number of challenges of FPS validity." To both issues, Google responded that "Chrome is still defining our policy requirements; and will keep this feedback in mind."

The report shows Google is complying with the commitments made to the CMA around its Privacy Sandbox. The next report is due in July (along with another from ING Bank) and the CMA remains keen for third parties concerned about the proposals to get in touch. ®

More about


Send us news

Other stories you might like