When Google said this week it will delay the deprecation of third-party cookies in Chrome for the third time, it cited the need to give the U.K.-based Competition and Markets Authority sufficient time to review the cookie-replacement tools it’s developing.
These tools are called the Privacy Sandbox and the CMA, a regulatory body that must approve Google’s cookie deprecation plan before it can happen, wants to make sure that it doesn’t benefit Google at the expense of the rest of the ad industry.
The CMA’s quarterly report, published today, said that Google still needs to do more to prove the Privacy Sandbox isn’t anti-competitive, and it raises new concerns around consumer privacy, which it adopted from a preliminary assessment from another U.K. regulatory body, the Information Commissioners Office (ICO).
The combination of the longstanding concerns around anti-trust and new concerns around privacy in the latest CMA report doesn’t bode well for Google’s cookie deprecation plan.
“Google is further away than they were a quarter ago,” said Don Marti, vp of ecosystem innovation at publisher network Raptive.
Here are three of the biggest things Google must do before regulators will greenlight its cookie deprecation plan.
Google must prove that Privacy Sandbox is transparent with users that they are being tracked
The latest CMA report adopts some of the ICO’s consumer privacy concerns. The CMA wants Google to make the consent interface clearer for Topics API, and make sure partners using Protected Audiences API and Attribution API get user consent. All three APIs are part of Google’s Privacy Sandbox suite of cookie replacement solutions.
The report notes the ICO’s concern that the remarketing solution Protected Audience API will not incorporate many privacy-enhancing technologies until 2026, after the planned deprecation of third-party cookies.
“In the short term, the ICO has expressed concern that [Protected Audience] will not mitigate key privacy risks identified,” the report reads. “Longer term, we await sight of Google’s proposed governance process to determine if it provides sufficient assurance that planned controls will be delivered as currently outlined in the product roadmap.”
In a statement, Google said: “We welcome the dialogue with the ICO and are already working to address its feedback on how Chrome can best communicate to users about Privacy Sandbox. We also affirm the ICO’s expressed desire for sites and ad tech companies calling the Privacy Sandbox APIs to communicate clearly with their users and offer appropriate controls.”
The CMA wants Google to restrict the use of its first-party data, so it doesn’t grab all the ad spend
The CMA is keenly aware that the loss of third-party cookies in Chrome could cause more ad spend to flow to Google, and it wants Google to limit the use of its data to attract that spend.