Google agreed to a set of commitments with the UK Competition and Markets Authority (CMA) regarding its Privacy Sandbox on 11 February 2022, binding the tech giant to the scrutiny and oversight in changes to its ad technology bundled in the Chrome browser. As part of these commitments, Google is required to produce quarterly reports on the development of the Privacy Sandbox.
The monitoring trustee, ING, last week certified the first of these reports as compliant with the commitments. However, Movement for an Open Web’s (MOW) analysis of this report demonstrates Google are not compliant in many areas.
An explicit purpose of the commitments is to ensure greater transparency and consultation with third-parties over the Privacy Sandbox. This report fails to provide any adequate or meaningful transparency for the CMA, or for other players in online markets who stand to be significantly impacted by the Privacy Sandbox.
The report is riddled with insufficiencies and, in some cases, complete omissions of key detail. There are remarkably few specific details on how the Privacy Sandbox will impact the market and competitors. The report simply fails to mention internal training to ensure awareness of – and compliance with – the commitments taking place, and makes reference to testing of technologies without mentioning oversight from the CMA. These points are all contrary to Google’s obligations detailed in the commitments and undermine the spirit of collaboration with regulators.
Tim Cowen, Chair of the Antitrust Practice at Preiskel & Co and a leading competition/regulatory lawyer, states, “The report fails to serve its intended purpose in enabling the CMA and everyone else to assess the impact on competition and privacy of its proposed changes and keeping the CMA and interested properly informed.”
Cowen adds, “This initial quarterly report has Google making statements that it knows the CMA and ICO have ruled on in the past so see who is paying attention. As if attempting to prove this point, Google continues to restate a false distinction between third- and first-party data in the report, which has been rejected by both the CMA and the Information Commissioner’s Office.”
These shortcomings must be taken seriously. Google has clearly demonstrated with this report that it has failed to properly act in accordance with the commitments, and the CMA must not be given a passing grade for such a clear failure. The fact this report has been certified by the monitoring trustee is similarly deeply concerning. Action must now be taken by the CMA to ensure that Google is put back on the right track and similar failings in the future are avoided.
Notes for Editors
For a link to the final commitments between Google and the CMA, click here.
For a link to the CMA document formally accepting Google’s commitments, click here.
For a further example of Google’s stance on Privacy being contrary to that of the CMA and ICO, click here. Though uploaded prior to the commitments being accepted, this document again sees Google publicly briefing marketers with an anti-third-party, pro-first-party line. Again, this view of privacy and the ‘parties’ of data and cookies, used as a rationale for Google’s planned removal of third party cookies, is explicitly not endorsed by the CMA or ICO.
Header image courtesy of Nathana Reboucas via Unsplash (Licensed for free use under the Unsplash license)
Copyright © Movement For An Open Web Limited (12888602). All Rights Reserved. Logos.