We all expect a more private and secure web. The Privacy Sandbox initiative aims to help build it by developing new digital advertising tools to protect people’s privacy and prevent covert tracking, while supporting a thriving ad-funded web. From the start of this project, we have been developing these tools in the open, and sought feedback at every step to ensure that they work for everyone, not just Google. As many publishers and advertisers rely on online advertising to fund their websites, getting this balance right is key to keeping the web open and accessible to everyone.
So when the United Kingdom’s Competition and Markets Authority (CMA) announced its formal investigation of the Privacy Sandbox in January, we welcomed the opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers.
This process has also recognized the importance of reconciling privacy and competition concerns. In a first-of-its-kind review involving converging regulatory authorities and expertise, the United Kingdom’s privacy regulator, the Information Commissioner’s Office (ICO), is working collaboratively with, and providing direct input to, the CMA on Google’s approach.
Today we are offering a set of commitments — the result of many hours of discussions with the CMA and more generally with the broader web community — about how we’ll design and implement the Privacy Sandbox proposals and treat user data in Google’s systems in the years ahead. The CMA is now asking others in the industry for feedback on these commitments as part of a public consultation, with a view to making them legally binding. If the CMA accepts these commitments, we will apply them globally.
Throughout this process, we will engage the CMA and the industry in an open, constructive and continuous dialogue. This includes proactively informing both the CMA and the wider ecosystem of timelines, changes and tests during the development of the Privacy Sandbox proposals, building on our transparent approach to date. We will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals, while the CMA will be getting direct input from the ICO.
Google has always had policies and practices to safeguard the use of people’s data. And we have explicitly stated that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use such identifiers in our products.
Building on this principle, the commitments confirm that once third-party cookies are phased out, our ads products will not access synced Chrome browsing histories (or data from other user-facing Google products) in order to track users to target or measure ads on sites across the web.
Further, our ads products will also not access synced Chrome browsing histories or publishers’ Google Analytics accounts to track users for targeting and measuring ads on our own sites, such as Google Search.
We will play by the same rules as everybody else because we believe in competition on the merits. Our commitments make clear that, as the Privacy Sandbox proposals are developed and implemented, that work will not give preferential treatment or advantage to Google’s advertising products or to Google’s own sites.
We appreciate the CMA’s thoughtful approach throughout the review and their engagement with the difficult trade-offs that this process inevitably involves. We also welcome feedback from the public consultation and will continue to engage with the CMA and with the industry on this important topic. We understand that our plans will be scrutinized, so we’ll also continue to engage with other regulators, industry partners and privacy experts as well.
We believe that these kinds of investments in privacy will create more opportunity, not less. The Privacy Sandbox seeks a way forward that improves people’s privacy online while ensuring that advertisers and publishers of all sizes can continue to succeed.