Google's first report on Privacy Sandbox hits UK watchdog's inbox

No 'reportable concerns' yet plenty of concerned feedback

As Google's self-imposed "late 2023" deadline to kill all third party cookies in its Chrome browser looms, the giant has handed in its first quarterly Privacy Sandbox report to the UK's competition regulator.

As a reminder, the Competition Market's Authority (CMA) took exception to Google's Privacy Sandbox cookie cull amid worries on several fronts that the project might shut out competing ad companies in favor of the search giant.

Against a backdrop of added scrutiny from lawmakers and regulators in the US, Europe, and the UK at a time when Google faces broad antitrust scrutiny and litigation, the search giant made a number of commitments to the UK's CMA, one of which was a regular report on progress with its Privacy Sandbox proposals.

The first quarterly report covering February 11 to May 16 was published this week, and says ING Bank, the Monitoring Trustee, "has not identified any reportable concerns to the CMA."

Google's compliance commitments relate to its use of data, discrimination, and circumvention.

The report, a 20-page PDF, details how Google is taking account of third-party observations, provides timing updates, and summarizes interactions between the CMA and Google.

The timeline for Q1 2022 includes the addition of the Topics API. As for observations, discussions between the Chrome team and interested parties included questions around API availability for testing and traffic levels.

The testing theme continued into a section headed "Google's Interactions with the CMA". In this the CMA noted stakeholder concerns and a potential lack of understanding regarding functional testing of APIs and a suggestion that Google's Ads business might: "benefit from internal testing on the impact of the Privacy Sandbox tools before these are announced to the market."

Google's Ben Galbraith fields an awkward question at the Chrome Dev Summit

Awkward. At Chrome summit, developer asks: Why should anyone trust Google?


There are plenty of concerns raised from third parties in the doc, including at least five from stakeholders around First Party Sets (FPS), a proposal where multiple domains owned by the same entity – eg,, and – would be grouped into sets which "allow related domain names to declare themselves as the same first-party."

These included worries over a common privacy policy requirement and concerns that the Independent Enforcement Entity (IEE) was "likely to receive a large number of challenges of FPS validity." To both issues, Google responded that "Chrome is still defining our policy requirements; and will keep this feedback in mind."

The report shows Google is complying with the commitments made to the CMA around its Privacy Sandbox. The next report is due in July (along with another from ING Bank) and the CMA remains keen for third parties concerned about the proposals to get in touch. ®

Other stories you might like

  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading
  • It's a crime to use Google Analytics, watchdog tells Italian website
    Because data flows into the United States, not because of that user interface

    Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.

    The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.

    So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.

    Continue reading

Biting the hand that feeds IT © 1998–2022