"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Alan Chapell, founder of law firm Chapell & Associates.
The UK’s Competition and Markets Authority (CMA) has raised significant issues with respect to the Privacy Sandbox and Google’s proposed depreciation of third-party cookies. The specifics of the investigation and settlement have been well covered, but, essentially, the CMA is concerned that by deprecating third-party cookies, Google could enable a playing field that harms competition and pushes more ad spend to its own coffers. This in turn could undermine the ability of publishers to generate revenue.
The CMA reached an agreement with Google that gives it oversight of the Privacy Sandbox and forces Google to make certain commitments with respect to the deprecation of third-party cookies in Chrome. The CMA has invited comments from the marketplace on Google’s Privacy Sandbox and the commitments Google has made to address competition concerns.
I applaud the CMA’s efforts, but as is the case with many regulatory issues, more clarification is needed. Here are seven areas where we need more information.
Jurisdictional applicability. The CMA should require Google to specify which of the commitments made to the CMA will apply worldwide vs. which will apply only in certain jurisdictions (e.g., in the UK or the EEA). For example, if third-party cookie deprecation will only be offered in select jurisdictions, then competition regulators in other jurisdictions may want similar assurances from Google. Google’s offer that it will honor some or even most of these commitments worldwide just isn’t meaningful. If there are commitments that Google will not honor in certain places, they should indicate what and where.
Clarify scope. The CMA should require that Google define the specific problems that it seeks to address with the Privacy Sandbox. If the designated discussion forum for the Privacy Sandbox is the W3C, then it’s fair to have more clarity regarding the scope of the W3C Improving Web Advertising Business Group (W3C BG) charter. The mission statement of the W3C BG is vague and does not provide tangible or specific criteria by which the group may measure success.
Clarify whose concerns must be addressed. The CMA documents only address Google-authored proposals. It is not clear whether Google is required to address W3C BG concerns as a whole, more general marketplace concerns or only the concerns of the CMA. The CMA should require that Google meaningfully address all outstanding concerns of the W3C BG prior to moving forward (assuming that the W3C BG is “the” forum for Privacy Sandbox discussions).
Understand the scope of Google’s participation in the Privacy Sandbox. This might be the most important unanswered question with respect to alleged anti-competitive activities and the Privacy Sandbox. We all know that Google is building an advertising platform for the Chrome browser. But we don’t know the extent to which Google will ultimately participate in that ad platform. And the answer to that question goes directly to the question of competition. The Privacy Sandbox ad platform will be, by design, more data-constrained than existing advertising platforms. That might be OK – and even a desirable privacy trade-off – if all market participants are on equal footing using the Privacy Sandbox ad platform, including Google.
But if most of Google’s ad revenue will be run through its own channels that are more effective while the rest of the marketplace is required to use the Privacy Sandbox, then Google will have an unfair advantage. Therefore, it is critical that the CMA and other regulators understand the extent to which Google intends to operate in the Privacy Sandbox.
Ensure that the Privacy Sandbox ad platform is run fairly and independently. Google is seeking to transition a significant portion of digital ad spend from a relatively independent marketplace (albeit one dominated by Google) to one that will be controlled by Google’s Chrome browser. Google has tacitly conceded to the CNIL, France’s data-privacy regulatory body, that Google has repeatedly tipped the scales in its own favor in the current marketplace. The only hope for ensuring a fair marketplace under the Privacy Sandbox is to take steps to ensure that Google is not in a position to penalize competitors.
The CMA should therefore require that Google either: (a) create an independent entity to manage the Privacy Sandbox (i.e., a trusted gatekeeper) or (b) divest the Chrome browser from the rest of Google’s portfolio.
Privacy Sandbox testing. Initial tests regarding the Privacy Sandbox announced by Google in late 2020 painted a rosy picture – creating the impression that the Privacy Sandbox advertising efficiency was almost as good as existing practices. Those claims were walked back a bit within the W3C BG, but never clarified with the press. It seems clear that Google has a self-interest in creating a narrative around the success of the Privacy Sandbox. The CMA should require that all tests of the efficacy of the Privacy Sandbox should have their results audited by an independent third party. Or, at the very least, Google should be required to show their work with more detail.
Evaluate similar marketplace behaviors consistently. If Google’s deprecation of third-party cookies is deemed potentially anti-competitive by the CMA, then it begs the question: What about other browsers that have taken similar steps? The CMA should consider imposing similar rules on browsers that have depreciated third-party cookies and mobile operating systems – namely, Apple – that have restricted third-party use of data, particularly where the browsers and/or mobile operating systems offer their own competing advertising services.