“An important goal of the Privacy Sandbox is developing technology to protect people from opaque or hidden techniques that share data about individual users and allow them to be tracked in a covert manner”, says Google’s Chetna Bindra in her 2021 blog post on the topic. On the surface this might appear to be a laudable claim, were it in any way justified by the truth.
The fact is that Google’s Privacy Sandbox is founded on a bed of hypocrisy. It claims to enhance user privacy whilst supporting Google-operated technologies that do exactly what its Sandbox is supposedly intended to prevent. At the same time, it actively blocks other businesses from using far less privacy-invasive approaches to compete against Google’s advertising business.
Customer match
The most egregious example of Google’s active use of what it defines as ‘tracking’ is its Customer Match product. This product allows businesses to transfer highly personal information from customers – including name, phone number, email and more – to Google, which then uses this personally identifiable data to improve Google’s monetization of their owned and operated properties.
Google might claim that it has consent to use people’s identity as a common linking mechanism with its advertisers in its vast T&Cs but it seems deeply unlikely that the average user is actively aware of Customer Match, implying that it is essentially ‘covert’, ‘hidden’ and ‘opaque’. Moreover, Google does not provide consumers an easy choice mechanism to cease Google’s use of their identity for such transfers. In short, Google is encouraging advertisers to use a new product, in combination with highly personal information on their customers, as means to go around the restrictions imposed by Google’s own Sandbox.
Blocking alternatives
What is particularly egregious about Google’s hypocrisy in decrying tracking whilst also enabling it is that it is also trying to prevent others from using less invasive data to facilitate real-time communication between businesses using open web standards.
The use of deidentified, non-personal data to for business purposes without requiring user consent is an established precedent that Google of all companies should understand. It’s settlements with the German Bundeskartellamt and 41 US State Attorney Generals make it clear that consent is not needed for data collection and use when the data is not linked to an individual’s identity in a Google Account.
Despite this, Google’s Sandbox seeks to effectively block rivals’ ability to use local storage files such as cookies for all information, rather than requiring consent when only identity-linked personal data will be used. Its approach is overbroad, blocking safer, real-time data even when it acknowledges that deidentified signals are not sensitive information.
A simple alternative solution would be to create a labelling system that identifies whether the organizations controlling local storage files, like cookies, do or do not have the appropriate safeguards to keep the data in these files separate from individuals’ identity. This is what determines whether or not the contents are personal data or not. This mechanism, far simpler to understand than Google’s recommendation of labeling such storage as “SameSite”, would enable the safe exchange of non-sensitive data, whilst genuinely improving consumer privacy.
Google encourages tracking
The fact is that Google’s approach, far from preventing ‘tracking’ as Google defines it, actually encourages far more invasive use of personal data by shifting communication to mechanisms like its own Customer Match. Blocking the use of non-sensitive, deidentified data for real-time business-to-business communication actively encourages other organizations to use far more sensitive personally identifiable information to support this needed function.
Google’s Sandbox, far from preventing ‘hidden techniques that share data about individual users and allow them to be tracked in a covert manner’ actively promotes them, from Google and others.
It is publicly calling for an end to what it calls “tracking” whilst promoting its own services that do just that.
It is, at the same time, unilaterally blocking the signals that would enable other businesses to communicate in less privacy-invasive ways, resulting in pressure for them to use more – not less – personally identifiable information in their businesses.