The CMA’s latest quarterly update report contains some green shoots of progress 

On January 31st, the CMA and Google published their quarterly update reports on Google’s compliance with the Privacy Sandbox Commitments (see Google’s Q4 report linked here and the CMA’s linked here).

First Party Sets

Google seems to have conceded ground on its proposal for First-Party Sets (FPS). They have, for instance, partially dropped the evasive stance apparent in the previous report, which mischaracterised objections to FPS’s domain limit of three as a GDPR related complaints. MOW expects these limits to be removed during 2023.

Google has now acknowledged the root of CMA and stakeholder concern – that FPS with single ownership restrictions favour large conglomerates. Google “encourage[s] developers to test out FPS functionality to provide feedback on how the domain limit for the associated subset would impact the usability of FPS for their use cases”.

Questions remain regarding how Google will manage the administrative burdens of managing registration and fraud prevention. 

We would also note that stakeholders are yet to show interest in the proposal. Since Google released its submission guidelines on December 1st, 2022, only one set has been created.


The CMA have committed to consider the role of the W3C and “monitor developments” in the standards-making organisation. This is a crucial point. A lack of procedural rigour has compounded the effect of Big Tech’s numerical dominance at the W3C. This has given a handful of companies, including Google, the ability to establish industry-wide standards, which exist only to benefit gatekeeper platforms.


MOW has repeatedly raised concerns regarding the likely delays associated with the switch from User Agent String (UAS) to User Agent Client Hints (UA-CH).

Incremental latency increases have a dramatic effect on search rankings and online visibility, which is naturally of enormous consequence to publishers. UA-CH does not propose any measures to mitigate the delays inherent in its design.

Our complaint has been noted by the CMA, who stated that “some stakeholders have told us that UA-CH introduces latency”.

However, we remain concerned that Google’s approach to the “latency assessment” of UA-CH does not consider the impact on competition associated with the overall delays introduced by their change. As such, the CMA are likely to conclude during the next review cycle that the latency impact to competition is greater than Google originally stated. MOW’s test show an average delay of 100ms associated with UA-CH usage in highly optimised web environments.

Distraction tax complaint

Paragraph 16 of the CMA’s report references stakeholder concern that Google’s presentation of the Privacy Sandbox significant adjusts industry expectations.

By making unrealistic claims regarding functionality and the implementation timeframe, Google undermines industry confidence in solutions built on those technologies marked for obsoletion and encourages stakeholders to devote their limited resources to fruitless testing.


The CMA has reported that Google will no longer default Gnatcatcher (IP cloaking). “Full implementation is now not expected until 2026 at the earliest”.

MOW welcome more tripartite meetings between Google, CMA, and ourselves in order to expedite resolution. 2022 was, unfortunately, wasted by Google and CMA reporting cycles. In order to make meaningful progress towards our goal of securing a private and safe open web, we must make 2023 count.

Header image courtesy of flickr (licensed for free under the flickr free license).