The “Privacy Sandbox” initiative proposed by Google could bring major changes to the online advertising industry, disabling third-party cookies entirely in the Chrome browser and introducing a new system for tracking the personal demographic information needed to deliver targeted ads. However, this plan is not without its legal perils given that it is essentially proposing to upend an entire industry in favor of a proprietary system that Google will run.
Though Google has yet to reveal the full details of this planned new system, the UK’s Competition and Markets Authority (CMA) has announced that it will be investigating the proposal for its potential to stifle competition in the online advertising market.
Chrome to cut cookies by 2022
Though the Privacy Sandbox initiative would only impact Chrome web browsers initially, that would nevertheless send shockwaves through the entire digital ad industry given that Chrome has about 70% of the world’s internet browser market share as of late 2020.
While Google has been definitive about ending third-party cookies, it has yet to fully commit to a a replacement system. Alternative techniques such as browser fingerprinting are available, but the company is presently testing a “trust token” system that would be based on a cryptographic signature. The company is hoping that the system will be viable in roughly a year.
While third party cookies tend to be unpopular with end users due to their own privacy issues, the system does not belong to any one company. Google’s new trust tokens would, presumably, require advertisers to buy into their services in some way in order to reach the massive market share of Chrome users.
CMA’s investigation is considering not just the potential impact of the Privacy Sandbox on publishers, but whether it is truly in the interest of end user privacy. If the agency ultimately determines that competition law has been infringed, it would issue a statement of objections that contains a provisional decision that Google would be obligated to respond to. Any final decision to take legal action or issue fines would then be determined by a case decision group. The CMA allows for fines of up to 10% of a subject’s annual worldwide group turnover, a significantly steeper penalty than the maximum fine under the EU’s General Data Protection Regulation (GDPR).
Google issued the following statement about the investigation: “Creating a more private web, while also enabling the publishers and advertisers who support the free and open internet, requires the industry to make major changes to the way digital advertising works … We welcome the CMA’s involvement as we work to develop new proposals to underpin a healthy, ad-supported web without third-party cookies.”
Would privacy sandbox favor Google’s advertising ecosystem?
In November, a coalition of advertising agencies calling itself the Marketers for an Open Web (MOW) petitioned CMA to block Google’s plans to roll out the Chrome Privacy Sandbox. The broader marketing industry is also planning to replace cookies at some point in the future, but currently favors a standard called the UnifiedOpen ID 2.0 (UID2) meant to address issues of consumer control over personal information that is shared. This proposal is still in its early stages, but early draft documents revealed that the idea of tying user identity to an email address or phone number is being considered. While an industry standard of this nature would solve the issue of Google having an unfair competitive advantage, users would be very unlikely to embrace it from a privacy standpoint.
Default blocking of third-party tracking cookies is already fairly common in web browsers; both Firefox and Safari have done this since 2019, and Chrome allows for blocking to be enabled as well. However, no other entities have proposed viable systems to keep the digital advertising industry afloat. While most people do not care for the collection of personal information that the system entails, personalized advertising is particularly popular among small businesses given the ability to quickly reach interested demographics in an affordable way. It is therefore unlikely that the industry will simply roll over and die due to cookie blocking.
Objections are not necessarily centered on the idea of using anonymized demographic data to serve relevant ads; studies show that consumers tend to overwhelmingly prefer being shown ads that are relevant to them, but also have serious concerns about the ethics of the industry and what is being done with their data. Most of those concerns can be traced back to the major players in the industry, such as Google and Facebook, and the incredible scope of data that they collect on users of their services (making the “privacy sandbox” moniker at least somewhat ironic).
Regulations such as the GDPR have chipped away at personalized advertising in recent years along with the decreasing use of third party cookies, but it remains a major component of digital marketing (particularly in the world of mobile apps). While advertisers can make a shift to contextual or semantic advertising should personalization cease to be viable, Big Tech has such a big investment in personalized ads (over $134 billion in annual revenue for Google) that efforts such as the Chrome Privacy Sandbox are an inevitability that regulators will have to contend with going forward.