CMA secures commitments from Google on future of cookies

The Competition and Markets Authority (CMA) has secured a number of commitments from Google on the design and development of its Privacy Sandbox proposals for the replacement of third-party cookies in the Chrome web browser, and will now consult with other stakeholders on whether or not to accept them.

This comes following an enforcement action launched against Google at the beginning of 2021, after businesses and other organisations complained that Privacy Sandbox – the proposed replacement for third-party cookies, which are due to be phased out of its Chrome browser later in the year – could be developed and implemented in ways that actually impede competition in digital advertising markets.

Among the concerns were that the proposals could cause advertising spend to become even more concentrated with Google, hurting consumers and undermining the ability of organisations such as online publishers to generate income.

“The emergence of tech giants such as Google has presented competition authorities around the world with new challenges that require a new approach,” said CMA chief executive Andrea Coscelli.

“That’s why the CMA is taking a leading role in setting out how we can work with the most powerful tech firms to shape their behaviour and protect competition to the benefit of consumers.

“If accepted, the commitments we have obtained from Google become legally binding, promoting competition in digital markets, helping to protect the ability of online publishers to raise money through advertising and safeguarding users’ privacy.”

The commitments secured by the CMA – which has been working closely alongside the Information Commissioner’s Office (ICO) throughout – are as follows:

• That Google will develop and implement the Privacy Sandbox proposals in a way that avoids distortion to competition and the imposition of unfair terms on Chrome users, and that the CMA and ICO will both be involved in the development of proposals to ensure this objective is met;
• That Google will offer increased transparency on how and when the Privacy Sandbox proposals will move forward and on what basis they will be assessed, including a commitment to publish the results of tests of how effective alternative technologies may be;
• That Google will accept “substantial” limits on how it uses and combines individual user data for the purposes of digital advertising once third-party cookies are removed from Chrome;
• That Google won’t discriminate against rivals in favour of its own advertising and adtech businesses when designing or implementing Privacy Sandbox.
• And that Google will accept a standstill period of at least 60 days before it proceeds to remove third-party cookies from Chrome, giving the CMA the opportunity to reopen investigations or impose interim measures to protect competition if needed.

In its consultation, the CMA said it was particularly interested in hearing any opinions on whether or not Google’s proposed commitments adequately address its concerns about unequal access to user-tracking functionality, self-preferencing Google’s own adtech operations and its owned and operated ad inventory, and the potential imposition of unfair terms on Chrome users.

The CMA’s ultimate decision is likely to have a significant impact on the implementation of Google’s Privacy Sandbox on a global basis. According to statistics supplied by AtlasVPN, correct to 26 May 2021, Chrome has approximately 3.26 billion internet users, or 41% of the global population, making it the most popular web browser on the planet by a country mile; its closest competitor, Apple’s Safari, can muster only 944.6 million users; followed by Firefox with 181.4 million; and Microsoft Edge with 171.3 million.

Farhad Divecha, managing director and founder of AccuraCast, a digital marketing agency, said: “The call from the CMA is good news for advertisers because Google has been very vague with advertisers about how these cookie changes will affect reporting, targeting and optimisation within the Google Ads and DV 360 platforms.

“All [Google’s] press around the matter focuses on its privacy spiel, which is well and good, but then it has Google Tag Manager server-side, which could potentially bypass all the restrictions imposed by cookie blockers; it has FLoC, which seems like this nebulous concept of a remarketing/lookalike audience to most advertisers and has been criticised by smaller publishers; and it has Project Turtledove. 

“But what Google hasn’t yet done is tell advertisers clearly what they need to do to prepare for a cookieless future,” said Divecha. “This is especially stark in contrast to Facebook which set up Conversions API, have extensive documentation to prepare advertisers for IDFA and cookie changes, and have even invested a lot of money to help ensure its advertisers can minimise the impact of these changes.”

In a statement responding to the CMA's announcement, Google's director of legal, Oliver Bethell, said: “From the start of this project, we have been developing these tools in the open, and sought feedback at every step to ensure that they work for everyone, not just Google. As many publishers and advertisers rely on online advertising to fund their websites, getting this balance right is key to keeping the web open and accessible to everyone. 

“So when the United Kingdom’s CMA announced its formal investigation of the Privacy Sandbox in January, we welcomed the opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers.”

Bethell added: “We appreciate the CMA’s thoughtful approach throughout the review and their engagement with the difficult trade-offs that this process inevitably involves. We also welcome feedback from the public consultation and will continue to engage with the CMA and with the industry on this important topic. We understand that our plans will be scrutinised, so we’ll also continue to engage with other regulators, industry partners and privacy experts as well.”