Google has agreed to work with the Competition and Markets Authority (CMA), a UK regulator, on their Privacy Sandbox. The CMA launched an investigation into Google’s FLoC in January of this year when advertisers voiced concerns about both the privacy and competition implications of Google eliminated third-party cookies in Chrome.
“The CMA was concerned that, without regulatory oversight and scrutiny, Google’s alternatives could be developed and implemented in ways that impede competition in digital advertising markets,” said the CMA website. The idea is that if Google has full control over how advertisers and publishers use data, then there is little insight into how the data is used. “This would cause advertising spending to become even more concentrated on Google, harming consumers who ultimately pay for the cost of advertising.”
Google’s commitments. The CMA is now reviewing Google’s commitments and, “If accepted, the commitments would be legally binding,” according to the CMA’s announcement.
Google has agreed to engage with the CMA and the industry on changes, timelines, tests, etc. The company also firmly states that they “will not build alternate identifiers to track individuals as they browse across the web, nor will we use such identifiers in our products. Further, our ads products will also not access synced Chrome browsing histories or publishers’ Google Analytics accounts to track users for targeting and measuring ads on our own sites, such as Google Search.”
Lastly, Google commits to not giving themselves any advantages: “As the Privacy Sandbox proposals are developed and implemented, that work will not give preferential treatment or advantage to Google’s advertising products or to Google’s own sites,” wrote Oliver Bethell, Director, Legal.
Why this matters. “This marks the start of a public consultation on these commitments and if they are formally accepted at the end of this process, we will apply them globally. It’s also the first-of-its-kind investigation combining forces from both the competition and privacy regulators,” a Google spokesperson told Search Engine Land.
Why we care. Depending on how the engagement plays out, this could mean that Google doesn’t implement FLoC as quickly as anticipated and could stick with third-party cookies for longer. This isn’t the only scrutiny Google and FLoC are under. Back in March, we saw that Google’s FLoC tests were not GDPR compliant. And multiple sources have written pieces on why FLoC may not actually protect users’ privacy. Implementation is likely inevitable, but regulatory review may delay it.