Testing in combination with other Privacy Sandbox components #323
Comments
|
We are committed to achieving the purpose of the Privacy Sandbox commitments accepted by the CMA in February 2022. We encourage feedback on how to better achieve that purpose through our technical proposals, and we will report publicly on feedback we receive as set out in the commitments. We are in constant dialogue with the CMA on these issues, and members of the web ecosystem are also welcome to discuss these issues with the CMA. In fact, as previously mentioned by the CMA in public and in its communications to Mr Rosewell, the CMA is the sole public body responsible for monitoring Google’s compliance with the commitments accepted on 11 February 2022 in relation to Google’s Privacy Sandbox proposals. We therefore hope that everyone will understand when we decline to participate in public discussions on legal or internal aspects of compliance with the commitments, or to detail our direct exchanges with the CMA. |
|
The commitments Google entered with the CMA in February 2022 prevent Google from implementing Privacy Sandbox changes until the CMA are satisfied or February 2028.[1] The commitments define a role for third parties such as myself to express reasonable views and suggestions.[2] The commitments require Google to provide quarterly reports providing substantive responses.[3] The next report is due in January 2023.[4] The commitments, Privacy Sandbox website, and chrome developers web site, direct third parties to forums such as this one. [5][6] The views and suggestions raised are not related to internal aspects of compliance. They relate to the substance of the proposal and are clearly within scope of the commitments in relation to third parties. Please reopen this issue and retract your misleading statement posted on Friday 9th December 2022. It would be helpful to provide your substantive response in this forum as well as the January 2023 quarterly report so that all third parties can easily understand the response. Once any follow-on observations and viewpoints are addressed then the issue can be closed. [2] “Google will publish on a dedicated microsite a process for stakeholder engagement in relation to the details of the design, development and implementation of the Privacy Sandbox proposals and report on that process publicly, as well as to the CMA through the quarterly reports described in paragraph 32(a) below. As part of that process, Google will take into consideration reasonable views and suggestions expressed to it by publishers, advertisers and ad tech providers, including (but not limited to) those expressed in the W3C or any other fora, in relation to the Privacy Sandbox proposals, including testing, in order to better apply the Development and Implementation Criteria in the design, development and implementation of the Privacy Sandbox proposals.” – Commitments clause 12 – emphasis added [3] “Google will provide the CMA with quarterly reports within three Working Days of the end of each three-calendar-month period following the Effective Date about: progress on the Privacy Sandbox proposals; updated timing expectations; substantive explanations of how Google has taken into account observations made by the CMA and by third parties pursuant to paragraphs 12 and 17(c)(ii) of these Commitments; and a summary of the interactions between the CMA and Google pursuant to paragraphs 17 and 21 of these Commitments, including in particular a record of any concerns raised or comments made by the CMA and the approach retained for addressing such concerns or comments pursuant to paragraphs 17(a)(ii) and 21.” – Commitments clause 32(a) – emphasis added [5] “For the open web, you can contribute to the public discussions in forums such as the W3C….” https://privacysandbox.com/#home-frequently-asked-questions [6] “To participate in conversations with industry representatives, browser vendors and others—for example, to advocate for a particular use case or solution—you can join one or more of the W3C forums where privacy-preserving proposals are being shared and refined. Today most community discussion is happening in the Improving Web Advertising Business Group, the Privacy Community Group and the Web Platform Incubator Community Group.” https://developer.chrome.com/blog/privacy-sandbox-participate |
The objective of Privacy Sandbox includes the removal of “fingerprinting” as a covert tracking technique. If the evidence presented in #314 and #315 and documented in the October 2022 blog from Google, is true then we know that the UA-CH changes do not meet this objective of Privacy Sandbox. Therefore, other proposals that form part of Privacy Sandbox will also need to be tested in combination with UA-CH before companies like ClearSale (@Camila-Villamarin), CyberSource, or VTEX (@tibuurcio) can be satisfied that their solutions are unaffected by Privacy Sandbox.
Given the lack of justification for the UA-CH changes (see #215) from Google there is a possibility that that other components of Privacy Sandbox will have a greater impact on the reduction of "fingerprinting" than the UA-CH changes proposed here. Also there are other proposals, like Trust Tokens, to help mitigate these impacts. It is only when ALL these changes are tested in combination that a conclusion concerning the overall impact can be reached.
Please can Google amend the Privacy Sandbox testing plan to enable ALL the "fingerprint" impacting components to be tested at the same time so that the impact on both competition and privacy can be properly established before harm results?
Please can Google (tagging @miketaylr, @cwilso, @yoavweiss) provide a substantive answer to the question and commentary in the January 2023 quarterly report provided to the CMA and the industry under the commitments which I believe Google employees at W3C have now been trained in.
The text was updated successfully, but these errors were encountered: