Google Takes Another Blow From CMA On Privacy Sandbox Setbacks

Google may need to limit its first-party data capabilities to meet the CMA’s and ICO’s requirements for privacy. The UK’s Competition and Markets Authority released its quarterly report on Privacy Sandbox, detailing further information about Google’s plans for third-party cookie deprecation.

The extensive list explains why Google had to once again delay its plan to drop third-party cookies in Chrome. This time until 2025. The system is complicated, but Google developers believe this is the promised positive outcome for change.

The CMA detailed many issues in the 99-page report, listing about 80 issues that must be resolved. Most are technical, and involve functions of specific Sandbox API and how Google plans to reduce its competitive advantage based on its processes and platforms. 

advertisement

advertisement

For example, the CMA said Google needs to resolve concerns for Topics API, so the company agreed to update the Topics API consent user interface to provide sufficient clarity to individuals with regard to how their data is used by the Topics API.

Google must strengthen developer guidance that highlights the requirement to obtain purpose-specific consent prior to calling the API, and implement ways to monitor potential abuse of the Topics API, particularly where it is used for purposes other than interest-based advertising.

The taxonomy of interests in the Topics API expands sufficiently, but there are a larger number of data points that may have the ability to identify people. "We agree with the ICO that future utility-based changes to the taxonomy could introduce new privacy risks," the CMA report says.

Another concern for Google arises from a new list of concerns raised in the UK Information Commissioner’s Office (ICO) of Privacy Sandbox in the CMA’s report.

The CMA asked the ICO to review Privacy Sandbox to inform its analysis of data-privacy risks that Sandbox tools may pose. The ICO raised more than 25 new issues, and all were highlighted in the report.

One concern comes from the new list of concerns raised in the CMA’s report sparked by the analysis from the UK Information Commissioner’s Office (ICO) of Privacy Sandbox.

The list of “potential concerns” outlined in the report include the Protected Audience (PA) API that enables retargeting and other custom audience use cases. It will eventually use other privacy technologies Google will introduce in the future. The ICO says that without these technologies bad actors can use the PA API to track users across sites. 

Google will move forward with removing third-party cookies -- which will most likely happen in early 2025 -- but whether or not Privacy Sandbox meets the CMA requirements and the overall industry's standards is another story, according to Mathieu Roche, CEO and co-founder of identity provider ID5.

In an email to Media Daily News, he says he regrets that the CMA is still combining the deprecation of third-party cookies and the rollout of Privacy Sandbox into a "packaged deal" and by doing that, they are keeping the industry in a state of dependency that only benefits Google.

he believes the two should be disconnected, so brands and publishers can complete their transition to a fully cookieless digital advertising world and embrace Privacy Sandbox as a way to support their advertising use case if and when it is ready to do so.

2 comments about "Google Takes Another Blow From CMA On Privacy Sandbox Setbacks".
Check to receive email when comments are posted.
  1. Ed Papazian from Media Dynamics Inc, April 29, 2024 at 4:49 p.m.

    Following this exchange between Tony and George---both highly respected members of the broader media community---I am struck by the evident confusion between the terms "impression" and "audience". Are the two really different? I wonder how many media planners think that an "impression" is not a measure of "audience"?

    In the case of an OOH poster, if a person drives by the sign and this is counted as an "impresssion"---not "audience"--- how do we compare this fiinding with a TV commercial "impression" which is currently defined for national TV as a person who supposedly viewed an average minute of content that was on-screen in its entirety and included mostly commercials---or only commercials? Assuming that we believe that the people meter system can actually determine that this is what happened---and I don't believe that it can-----isn't this also an "audience" estimate? And take the example of a digital display ad where simply being shown on a users' screen for at least one second is considered an "impression". In these three cases--a pass by for OOH, actual commercial minute "viewing" for national TV and a brief---very brief---bit of on-screen visibility for digital display---all qualify as "impressions" But are they really comparable? I think not.

    If we really think that"impressions" represent some kind of precursor to "audience" ---which may be true for OOH and, maybe, for digital display---but certainly not for national TV----shouldn't we be defining "audience" for each medium in a comparable manner to start with and then work backwards to develop the prior stages also on a comparable basis?Then media planners and buyers can go to the metric they really care about---which is "audience"----not "impressions", as the latter merely tell you how we got to "audience". And then, perhaps, we will make some progress.

  2. John Grono from GAP Research, April 30, 2024 at 9:32 p.m.

    I agree with that sentiment Ed.

    It is hard enough to get unanimity of media owners, advertisers and media buyers in a single medium,  So I like your use of the phrase "each medium in a comparable manner".   Can I borrow it?

Next story loading loading..