Throughout much of 2019, Internet tech giant Google has attempted to portray itself as a public champion of web privacy. Yet, behind the scenes, a very different view of Google is emerging. In August 2019, at approximately the same time that Google was rolling out its much-hyped “Privacy Sandbox” privacy framework, it was also working to block efforts of the World Wide Web Consortium (W3C) standards body to bolster the web privacy features of new technical specifications.
Google’s efforts to limit the web privacy powers of PING
Most notably, Google was the only member of the W3C to vote “No” to a proposed charter change for the Privacy Interest Group (PING), a working group of the W3C dedicated to web privacy matters. Concerned that web privacy issues were being routinely ignored by many working groups of the W3C, the Privacy Interest Group sought to expand its charter, such that it would have the ability to block any new technical specification that it felt would have negative implications for web privacy. PING, for example, had earlier voiced its concerns about the Internet of Things (IoT), and how new IoT web standards failed to address important web privacy issues.
In response to the vote request on changing the PING charter, 24 W3C members voted “Yes” and Google (via its parent company, Alphabet, Inc.) was the only member to vote “No.” Since the W3C is based on a system of consensus, even a single “no” vote was enough to veto the proposal. Some have compared the voting system of the W3C to that of the UN Security Council, where even a single “no” vote from a member like the United States, Russia or China is enough to veto a proposal. Thus, Google basically torpedoed a well-intentioned effort to inject a discussion of web privacy into more of the technical working groups of the W3C with a single vote.
The 24-1 vote would seem to clearly indicate that Google is not quite as serious about web privacy matters as it would like the public to believe, and that Google is becoming increasingly isolated in its policy stances. That’s especially the case, given that Google has worked time and time again to preserve the ad tracking powers of web cookies, warning that an eliminated of ubiquitous ad-tracking cookies would mean the end of the web as we know it.
And, as might be expected, as soon as word of the 24-1 vote on the status of PING began to leak to the media, Google went into full damage control mode. According to Google, it is simply not the case that they are against PING or against new web privacy measures. Rather, it is the case that Google is against the “sweeping powers” of an “authoritarian review group” that might “cause significant unnecessary chaos in the development of the web platform.” In short, Google says that it is the voice of reason here, fighting against the creeping powers of an “authoritarian” tech body.
Google vs. the W3C
It now appears that Google is attempting to impose its own web privacy ideas on the W3C, and will simply use its equivalent of a “veto” to block any efforts to introduce web privacy measures that might be detrimental to its overall business model. This has very profound consequences for the future development of the web, since Google now appears to be fighting against mainstream sentiment in the business and consumer worlds.
In contrast to Google, some big tech companies – including Apple – are now racing to champion new web privacy measures. And many of Google’s Chrome browser rivals – including both Mozilla’s Firefox and Brave – are now pushing ahead with privacy-first initiatives, including the automatic blocking of ad-tracking web cookies.
There have even been rumors and suggestions that the Privacy Interest Group (PING) has become a place for these rivals to limit or handicap the ability of Google to compete against them. Most notably, Brave has attempted to take on a co-chair role of PING, presumably in a move designed to weaken its top competitor, Google.
The important point to keep in mind, of course, is just how important third-party tracking for ad targeting purposes is to Google’s business model. Being able to sidestep important privacy concerns is the key to Google being able to churn out billions of dollars in revenue each quarter. And being able to keep the web privacy status quo alive and well is key for Google’s future profitability. Thus, from a purely business perspective, it is easy to see why Google might be looking to limit any initiative from the W3C regarding web privacy standards. It’s hard to see Google giving up its de facto veto privilege any time soon.
The future of web privacy
The current system of the W3C is based on a “horizontal review” process, which is one that Google says it still supports. In a horizontal review, the Privacy Interest Group (PING) is able to make suggestions about technical specifications, but is not actually able to block these technical specifications from moving ahead. According to Google, this system is preferable to the one being proposed by an overwhelming majority of W3C members (basically, everyone except Google) because it does not have the potential to stop a web specification from being dismissed at the last minute.
One potential compromise – and one that Google has, in fact, suggested – is the creation of a series of “self-serve guiding principles.” In many ways, this is what the Google Privacy Sandbox was supposed to be – a framework for privacy that would not be officially binding for W3C members, but that would help to spell out certain rules of the road for web privacy.
Importantly, the tide finally appears to be turning in favor of web privacy. Not too long ago, the 24-1 vote against the expanding web privacy powers of PING might have been much closer. Now, it is only Google that appears to be fighting what appears to be an inevitable and irreversible trend toward greater web privacy and less third-party tracking across the web.