-
CMA raises concerns about Google’s implementation of the Privacy Sandbox, a suite of advertising application programming interfaces.
-
Google plans to revamp ad targeting with a privacy-enhanced technology, but there are doubts on its effectiveness in address privacy concerns.
-
Privacy advocates and regulators are skeptical about the Privacy Sandbox privacy claims and potential misuse of data.
The UK Competition and Markets Authority (CMA) has expressed reservations regarding Google’s advertising toolkit, Privacy Sandbox. This might explain why the company has postponed dropping third-party cookies in Chrome until 2025.
Google has been trying to recreate the software that offers targeted ads online because of the privacy concerns of the legacy approach. It depends on cookies to track and measure ads.
Privacy Sandbox is Google’s collection of advertising Application Programming Interfaces (APIs). Although privacy groups and regulators doubt the software’s ability to uphold privacy-centric claims.
Rivals in the Ad industry, who are not particularly concerned about the privacy aspect of the whole situation, fear that Google’s reinvented tech gives them a lower competitive advantage by denying them access to the data they use to make more effective ads.
The previous year, Google began releasing early versions of the Privacy Sandbox APIs, like Topics API, in its Chrome browser for testing. Subsequently, the ad-targeting technology has been accessible to Android apps.
Moreover, the Topics API enables advertising to target users of Edge (soon), Chrome, and Android devices based on interests discovered through online interactions. The API employs an on-device categorization model to produce a list of interests based on browsing activity. It is based on a publicly available taxonomy containing 469 subjects, including ‘Arts & Entertainment’.
Every week, the API determines an individual’s top five topics based on websites accessed using the Topics API. Third-party ad providers on websites that support the Topics API and website publishers get a random list of up to three of the visitor’s top five from the previous three weeks, up to a maximum of five. They then use such interest to display ads visitors presumably want to see.
However, the system is complex, and Google’s claims concerning the privacy benefits of its method have not persuaded everyone, possibly due to the firm’s constant association with privacy scandals.
Furthermore, CMA released an update regarding Google’s dedication to implementing its Privacy Sandbox ad technology in a way that does not disadvantage its competitors.
The report integrates ideas from the UK Information Commissioner’s Office (ICO), which supervises privacy concerns. An ICO’s Privacy Sandbox assessment leaked draft showed that the regulatory body still believes the technology isn’t trustworthy.
In addition, the CMA report lists about 80 issues Google hasn’t resolved to satisfy UK regulators.
“The regulators are concerned about some specific areas – from the role of cloud providers, latency, to governance and privacy. These fundamental issues cannot be resolved overnight. The fact that more issues are coming up as the technology gets closer is a sign that Google bit more than it can chew”
James Rosewell, co-founder of an Open Web Movement (ad interest group)
Rosewell claims that Google has not adequately studied the governance of the new proposed ad regime – most competitors oppose Google’s intention of granting itself additional gatekeeping authority – and that competing ad targeting plans should provide fair competition in an open market.
One of the CMA’s concerns about Google’s technology is that the Topics (interest-based ad mechanism) isn’t well explained.
“There are concerns that the Topics consent user interface might not sufficiently inform users about the utilization of their personal data or how generated topics could serve broader purposes than interest-based advertising”.
The report
It is also possible that the Topics data about people’s preferences might be used for other malicious purposes rather than in advertising.
“According to the ICO’s initial evaluation, we are concerned about the potential use of the topics data for purposes beyond what the API specifies, which could harm the user and violate applicable data protection laws,” while also noting that “Google acknowledges that entities might use the API data for other purposes.”
The report
Another concern is that as the Topics API taxonomy of interests expands, there might be many data points that hackers can exploit.
“We concur with the ICO assessment that future utility-based modifications to the taxonomy might present new privacy risks”
The CMA report
Web publishers have their own list of concerns they wish could be fixed, like a method to rectify a wayward Topic classification of a website and associated interests. The report also discusses other APIs like Fenced Frames and Protected Audience API. This means Google has a lot of work to do.
In a recent statement, Google said it anticipates the Privacy Sandbox will improve on privacy concerns continually.
“We’ve maintained close engagements with the ICO and other privacy and competition regulators worldwide, and we are committed to finding a solution that serves the users and the entire ecosystem”.
The biz
Given the intense scrutiny by the regulatory bodies, it appears like Google doesn’t have many options.