DOCSLIB.ORG

Notice of Intention to Accept Binding Commitments Offered by Google

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Notice of Intention to Accept Binding Commitments Offered by Google Notice of intention to accept commitments offered by Google in relation to its Privacy Sandbox Proposals Case number 50972 11 June 2021 © Crown copyright 2021 You may reuse this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view this licence, visit www.nationalarchives.gov.uk/doc/open-government- licence/ or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected]. Contents Page 1. Executive Summary .............................................................................................. 2 2. Introduction ........................................................................................................... 6 3. The CMA’s Investigation ....................................................................................... 8 4. Background ......................................................................................................... 15 5. The CMA’s competition concerns ....................................................................... 22 6. The CMA’s assessment of the Proposed Commitments ..................................... 49 7. The CMA’s intentions and invitation to comment ................................................ 69 Appendix 1: The Proposed Commitments ................................................................ 71 Appendix 2: Google’s Privacy Sandbox Proposals................................................... 83 1 1. Executive Summary 1.1 On 7 January 2021, the Competition and Markets Authority (‘CMA’) opened an investigation into suspected breaches of competition law by Google. The investigation concerns Google’s proposals to replace third- partycookies (‘TPCs’) and other functionalities with a range of changes known as the ‘Privacy Sandbox’ Proposals. It follows complaints of anticompetitive behaviour and requests for the CMA to ensure that Google develops its proposals in a way that does not distort competition. 1.2 The Privacy Sandbox Proposals are a set of proposed changes on Chrome that aim to address privacy concerns by removing the cross-site tracking of Chrome users through TPCs and other methods of tracking; and create a set of alternative tools to provide the functionalities that are currently dependent on cross-site tracking. 1.3 The CMA has been working closely with the Information Commissioner’s Office (‘ICO’) who is also assessing the Privacy Sandbox Proposals for compliance with data protection and ePrivacy law. The CMA and the ICO are working collaboratively in their engagement with Google and other market participants to build a common understanding of Google’s proposals, and to ensure that both privacy and competition concerns can be addressed as the proposals are developed in more detail. 1.4 The CMA is concerned that, without sufficient regulatory scrutiny and oversight, the Privacy Sandbox Proposals would: distort competition in the market for the supply of ad inventory and in the market for the supply of ad tech services, by restricting the functionality associated with user tracking for third parties while retaining this functionality for Google; distort competition by the self-preferencing of Google’s own advertising products and services and owned and operated ad inventory; and allow Google to exploit its apparent dominant position by denying Chrome web users substantial choice in terms of whether and how their personal data is used for the purpose of targeting and delivering advertising to them. 1.5 The CMA is also concerned that the announcements of the Privacy Sandbox Proposals have caused uncertainty in the market as to the specific alternative solutions which will be available to publishers and ad tech providers once TPCs are deprecated. The announcements and 2 actions to date have shown (and created the expectation) that Google is determined to proceed with changes in the relevant areas, including by deprecating TPCs within two years of the announcements, in ways which advantage its own businesses and limit competition from its rivals. 1.6 In this regard, the CMA considers that the concerns that third parties have expressed to it regarding the impact that the Privacy Sandbox Proposals are likely to have in the future, reflect in part: the asymmetry of information between Google and third parties regarding the development of the Privacy Sandbox Proposals, including the criteria that Google will use to assess different design options and evidence relating to their effectiveness against these criteria; and a lack of confidence on the part of third parties regarding Google’s intentions in developing and implementing the Privacy Sandbox Proposals, given the commercial incentives that Google faces in developing Google’s Proposals and the lack of independent scrutiny of Google’s Proposals. 1.7 Google has offered commitments (‘Proposed Commitments’) which seek to address these concerns. The CMA has reached the provisional view that the Proposed Commitments, once implemented, would address its competition concerns as they: (a) Establish a clear purpose of the Proposed Commitments that will ensure that Google’s Proposals are developed in a way that addresses the above competition concerns, by avoiding distortions to competition, whether through restrictions on functionality or self- preferencing, and avoiding the imposition of unfair terms on Chrome’s web users. (b) Establish the criteria that must be taken into account in designing, implementing and evaluating Google’s Proposals. These include the impact of the Privacy Sandbox Proposals on: privacy outcomes and compliance with data protection principles; competition in digital advertising and in particular the risk of distortion to competition between Google and other market participants; the ability of publishers to generate revenue from ad inventory; and user experience and control over the use of their data. 3 (c) Provide for greater transparency and consultation with third parties over the development of Google’s Proposals, including a commitment publicly to disclose the results of tests of the effectiveness of alternative technologies. This would help to overcome the asymmetry of information between Google and third parties regarding the development of the Privacy Sandbox Proposals; (d) Provide for the close involvement of the CMA in the development of Google’s Proposals to ensure that the purpose of the Proposed Commitments is met, including through regular meetings and reports, working with the CMA without delay to identify and resolve any competition concerns before the removal of TPCs, involving the CMA in the evaluation and design of tests of Google’s Proposals. This would ensure that the above concerns about the potential impacts of the Privacy Sandbox Proposals are addressed and contribute to addressing the lack of confidence on the part of third parties regarding Google’s intentions in developing and implementing Google’s Proposals; (e) Provide for a standstill period of at least 60 days before Google proceeds with the removal of TPCs (‘Standstill Period’), giving the CMA the option, if any outstanding concerns cannot be resolved with Google, to reopen its Investigation and, if necessary, impose any interim measures necessary to avoid harm to competition. This provision would strengthen the ability of the CMA to ensure its competition concerns are in fact resolved; (f) Include specific commitments by Google not to combine user data from certain specified sources for targeting or measuring digital advertising on third-party and first-party ad inventory. This would contribute to addressing the competition concerns arising from Google’s greater ability to track users after the introduction of Google’s Proposals; and (g) Include specific commitments by Google not to design any of the Privacy Sandbox Proposals in a way which could self- preference Google, not to engage in any form of self-preferencing practices when using the Privacy Sandbox technologies and not to share information between Chrome and other parts of Google which could give Google a competitive advantage over third parties. This would address the above concerns relating to the potential for discrimination against Google’s rivals. 4 1.8 Overall, the CMA’s provisional view is that, in combination, the Proposed Commitments would address the competition concerns that the CMA has identified in relation to the Privacy Sandbox Proposals, and provide a robust basis for the CMA, ICO and third parties to influence the future development of Google’s Proposals to ensure that the Purpose of the Commitments is achieved. 1.9 The CMA has not reached a final view and invites all interested parties to submit observations and evidence in order to assist the CMA in its final assessment of the Proposed Commitments. How to respond is set out in section 7 with deadline for comments by 8 July 2021 at 5pm. 5 2. Introduction 2.1 On 7 January 2021, the CMA opened an investigation into suspected breaches of the prohibition in Chapter II of the Competition Act 1998 (the ‘Act’) by the undertaking comprising Google UK Limited and Google LLC and any other member of their corporate group1 (‘Google’), in relation to Google’s proposals to withdraw support for TPCs on Chrome and Chromium and replace TPCs and other functionalities with a range of Privacy Sandbox tools, while transferring key functionality to Chrome (the ‘Investigation’).2 2.2 On 28 May 2021, Google offered commitments to the CMA aimed at addressing the CMA’s competition
Load more

Recommended publications
  • The Definitive Guide to Data-Driven Attribution Explore Marketing Performance Measurement Best Practices
    WHITE PAPER | Google Attribution 360 The definitive guide to data-driven attribution Explore marketing performance measurement best practices Google Inc. [email protected] g.co/360suite The definitive guide to data-driven attribution 1 WHITE PAPER | Google Attribution 360 Opportunities for Growth Data-driven attribution helps marketers know more and guess less. If your organization is still focused on crediting only the last touch point for your marketing success, you may be leaving up to 20%-40% of potential return on investment (ROI) on the table.1 This marketing performance measurement best practice offers an unprecedented level of visibility into the customer journey. It helps marketers make fact-based decisions, 5xTop-performing marketing organizations are five times more gain efficiencies, and realize greater returns on marketing investments. likely to use advanced attribution. This introduction to data-driven attribution will explain how and if data-driven attribution tools can help you move your marketing forward. We’ll cover the questions attribution 54% can help answer, how to find the right tool, and tips and tricks on getting started with By contrast, 54% of marketer still a data-driven attribution program. credit the last-click, only. What is attribution? 20–30% Summary: Assumptions about how marketing activities impact customers lead to a Decrease in effective display and retargeting CPA. misinformed marketing strategy. Data-driven attribution reveals the real path-to-purchase, allowing you to fine-tune strategies based on real customer behavior. 25–50% Attribution is the practice of tracking and valuing all marketing touch points that lead to Decrease in level of effort to pull, aggregate, and distribute a desired outcome.
    [Show full text]
  • Add a Captcha to a Contact Form
    Add A Captcha To A Contact Form Colin is swishing: she sectionalizing aphoristically and netts her wherefore. Carroll hogtying opportunely while unresolved Tre retell uncontrollably or trekking point-device. Contractible Howard cravatted her merrymakers so afire that Hugo stabilised very microscopically. Please provide this works just create customized contact form module that you can add a captcha to contact form element options can process Are seldom sure you want to excuse that? It was looking at minimum form now it to both nithin and service will be used by my front end. Or two parameters but without much! Bleeding edge testing system that controls the add a captcha contact form to. Allows you ever want to disable any spam form script that you to add and choose themes that have a contact form or badge or six letters! Even for contact template tab we work fine, add a plugin. Captcha your print perfectly clear explanation was more traditional captcha as a mix of images with no clue how do exactly what is a contact your website? Collect information and is not backward compatible with a captcha to form orders and legally hide it? Is there a way to gauge my Mac from sleeping during a file copy? Drop the Contact Form element on your desired area. Captcha widget areas in your site. How can never change the production method my products use? Honeypots are essential for our ads for us understand what you have a template is now has a weird of great option only use? This full stack overflow! The mail is sent, email and a message field.
    [Show full text]
  • Privacy Policy Interpretation and Definitions
    Privacy Policy This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. Interpretation and Definitions Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. Definitions For the purposes of this Privacy Policy: • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service. • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Adventure City Inc., 1238 S. BEACH BLVD., SUITE E. For the purpose of the GDPR, the Company is the Data Controller. • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. • Account means a unique account created for You to access our Service or parts of our Service.
    [Show full text]
  • Cookie Swap Party: Abusing First-Party Cookies for Web Tracking
    Cookie Swap Party: Abusing First-Party Cookies for Web Tracking Quan Chen Panagiotis Ilia [email protected] [email protected] North Carolina State University University of Illinois at Chicago Raleigh, USA Chicago, USA Michalis Polychronakis Alexandros Kapravelos [email protected] [email protected] Stony Brook University North Carolina State University Stony Brook, USA Raleigh, USA ABSTRACT 1 INTRODUCTION As a step towards protecting user privacy, most web browsers perform Most of the JavaScript (JS) [8] code on modern websites is provided some form of third-party HTTP cookie blocking or periodic deletion by external, third-party sources [18, 26, 31, 38]. Third-party JS li- by default, while users typically have the option to select even stricter braries execute in the context of the page that includes them and have blocking policies. As a result, web trackers have shifted their efforts access to the DOM interface of that page. In many scenarios it is to work around these restrictions and retain or even improve the extent preferable to allow third-party JS code to run in the context of the of their tracking capability. parent page. For example, in the case of analytics libraries, certain In this paper, we shed light into the increasingly used practice of re- user interaction metrics (e.g., mouse movements and clicks) cannot lying on first-party cookies that are set by third-party JavaScript code be obtained if JS code executes in a separate iframe. to implement user tracking and other potentially unwanted capabil- This cross-domain inclusion of third-party JS code poses security ities.
    [Show full text]
  • Google's March 2021 Announcement
    ACXIOM POINT OF VIEW GOOGLE’S MARCH 2021 ANNOUNCEMENT WHAT YOU NEED TO KNOW EXECUTIVE SUMMARY When Google speaks, everyone listens. It owns over 60% of browser market share and over 29% of the U.S. digital ad revenue.1, 2 Any change that Google makes to its Chrome browser will likely impact all advertisers, publishers and adtech vendors that depend on the internet as a way to make money. Just the facts. 1. What did Google say on March 3? • The company reiterated that third-party cookies will go away on Chrome in March 2022. • Google will not build alternate user-based identifiers to track individuals, nor use them in its products. • As part of Chrome’s Privacy Sandbox proposals, different APIs will be used for different use cases. FLoC (Interest-based targeting), Fledge (Remarketing), and Conversions API (Measurement use cases} are three out of the nine APIs that will be available. All data will be aggregated and no longer used to track and target users at the individual user level. Per Google’s announcement, we have one year to prepare for a world without third-party cookies. While we’ve all known this was coming, we really didn’t know when. Now you can set your countdown timer to March 2022. Google has also clarified that there will be no alternate identifiers used in Google products. In a blog post, David Temkin, Google’s Director of Product Management, made it clear Google would be curbing any attempt by third-party intermediaries to track individuals across sites as they browse the internet.
    [Show full text]
  • Getting Your Google Analytics ID to Get a Google Analytics ID, Do the Following: 1
    ECinteractivePLUS®: Setting Up Google Analytics™ for Your Site You can use Google Analytics™ to learn how visitors interact with your site. Google Analytics gives you free reports on your site visitors, including their referring sites, search engines, search keywords, time on each page, pages per visit, geographic location, browser versions, and much more. This analysis can help you make informed decisions about your marketing campaigns, increase conversions from guest to loyal customer, and empower you to grow your business online. Google offers a basic set of Analytics services free of charge. For more details and to sign up, see www.google.com/analytics/. To make Google Analytics easy to implement in ECinteractivePLUS®, your Admin site has a Google Analytics ID box in Site Preferences. After you update your Google Analytics tracking code, the ECinteractivePLUS system automatically enters it onto every page of your front-end site so that Google Analytics can track your traffic. Getting Your Google Analytics ID To get a Google Analytics ID, do the following: 1. Go to the Google Analytics sign-up page and log in to your Google account. If you don’t already have a Google account, click Create Account and complete the sign-up process. 2. Complete the Google Analytics sign-up process. When prompted for your site URL, enter your site URL including the directory path that has your ECI DDMS® account number (www.ecinteractive. com/#####). The Google Analytics page displays instructions for adding a script block to each page. In this script block, look for your tracking code that begins with UA- followed by a series of numbers.
    [Show full text]
  • Apache Shindig V
    ...................................................................................................................................... Apache Shindig v. 1.0 User Guide ...................................................................................................................................... The Apache Software Foundation 2012-03-11 T a b l e o f C o n t e n t s i Table of Contents ....................................................................................................................................... 1. Table of Contents . i 2. Introduction . 1 3. Download . 3 4. Overview . 6 5. Getting Started . 16 6. Documentation Centre . 22 7. Java . 23 8. Building Java . 24 9. Samples . 28 10. PHP . 29 11. Building PHP . 30 12. Features . 32 13. Community Overview . 35 14. Getting Help . 37 15. Code Conventions . 38 16. Jira Conventions . 39 17. SVN Conventions . 40 18. Shindig Release Process . 42 19. FAQ . 46 20. Powered By . 48 21. Resources . 49 © 2 0 1 2 , T h e A p a c h e S o f t w a r e F o u n d a t i o n • A L L R I G H T S R E S E R V E D . T a b l e o f C o n t e n t s ii © 2 0 1 2 , T h e A p a c h e S o f t w a r e F o u n d a t i o n • A L L R I G H T S R E S E R V E D . 1 I n t r o d u c t i o n 1 1 Introduction ....................................................................................................................................... 1.1 Welcome To Apache Shindig ! Apache Shindig is an OpenSocial container and helps you to start hosting OpenSocial apps quickly by providing the code to render gadgets, proxy requests, and handle REST and RPC requests.
    [Show full text]
  • What the Floc?
    Security Now! Transcript of Episode #811 Page 1 of 30 Transcript of Episode #811 What the FLoC? Description: This week we briefly, I promise, catch up with ProxyLogon news regarding Windows Defender and the Black Kingdom. We look at Firefox's next release which will be changing its Referer header policy for the better. We look at this week's most recent RCE disaster, a critical vulnerability in the open source MyBB forum software, and China's new CAID (China Anonymization ID). We then conclude by taking a good look at Google's plan to replace tracking with explicit recent browsing history profiling, which is probably the best way to understand FLoC (Federated Learning of Cohorts). And as a special bonus we almost certainly figure out why they named it something so awful. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-811.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-811-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson is here. We've got a new fix for the Microsoft Exchange Server flaw. This one's automatic, thanks to Microsoft. We'll also take a look at some nice new features in Firefox 87. You can get it right now. And then, what the FLoC? We'll take a look at Google's proposal for replacing third-party cookies. Is it better? It's all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 811, recorded Tuesday, March 23rd, 2021: What the FLoC? It's time for Security Now!, the show where we cover your privacy, your security, your safety online with this guy right here, Steve Gibson from GRC.com.
    [Show full text]
  • Choosing the Right Digital Device
    Choosing the Right Digital Device Image: Core Education This guide will provide you with information that will help you as you decide which devices to choose for your school. It is important to consider not just the devices but how your students and teachers use them and which device is best for which sorts of activities for effective teaching and learning. It will also be useful for schools providing advice to parents about which type of device to purchase for a BYOD environment. This guide is intended for School Leaders, e-learning leaders and technical support staff. It is not necessary to have a background in technology but it is important to have a good pedagogical understanding of why you want to use digital devices and what your learning outcomes are. Overall, to make a choice, you should: 1 - Be clear about purpose 2 - Weigh up options and make decisions 3 - Implement, support and evaluate Choosing the right digital device 1 of 15 Contents Are you clear about the purpose? What features do you need? Health considerations How will you implement, support and evaluate ? Useful Links Appendix - Shared Use of Devices Once you have read this guide you are welcome to contact the Connected Learning Advisory to get more personal assistance. We aim to provide consistent, unbiased advice and are free of charge to all state and state-integrated New Zealand schools and kura. Our advisors can help with all aspects outlined in this guide as well as provide peer review of the decisions you reach before you take your next steps.
    [Show full text]
  • Questionnaire to Google
    Questionnaire to Google 1. Definitions The following terms will be used for the purpose of this questionnaire: a) “Google service ”: any service operated by Google that interacts with users and/or their terminal equipment through a network, such as Google Search, Google+, Youtube, Analytics, DoubleClick, +1, Google Location Services and Google Android based software. b) “personal data ”: any information relating to an identified or identifiable natural person, as defined in article 2(a) of Directive 95/46/EC, taking into account the clarifications provided in recital 26 of the same Directive. c) “processing ”: the processing of personal data as defined in article 2(b) of Directive 95/46/EC. d) “Sensitive data ”: any type of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life, as defined in article 8(1) of Directive 95/46/EC (“special categories of data”). e) “new privacy policy ”: Google’s new privacy policy which took effect on 1 March 2012. f) “non-authenticated user ”: a user accessing a Google service without signing in to a Google account, as opposed to an “authenticated user ”. g) “passive user ”: a user who does not directly request a Google service but from whom data is still collected, typically through third party ad platforms, analytics or +1 buttons. h) “consent ”: any freely given specific and informed indication of the data subjects wishes by which he signifies his agreement to personal data relating to him being processed, as defined in article 2 (h) of Directive 95/46/EC.
    [Show full text]
  • Google Analytics User Guide
    Page | 1 What is Google Analytics? Google Analytics is a cloud-based analytics tool that measures and reports website traffic. It is the most widely used web analytics service on the Internet. Why should we all use it? Google Analytics helps you analyze visitor traffic and paint a complete picture of your audience and their needs. It gives actionable insights into how visitors find and use your site, and how to keep them coming back. In a nutshell, Google Analytics provides information about: • What kind of traffic does your website generate – number of sessions, users and new users • How your users interact with your website & how engaged they are – pages per session, average time spent on the website, bounce rate, how many people click on a specific link, watch a video, time spent on the webpage • What are the most and least interesting pages – landing and exit pages, most and least visited pages • Who visits your website – user`s geo location (i.e. city, state, country), the language they speak, the browser they are using, the screen resolution of their device • What users do once they are on your website – how long do users stay on the website, which page is causing users to leave most often, how many pages on average users view • When users visit your website – date & time of their visits, you can see how the user found you. • Whether visitors came to your website through a search engine (Google, Bing, Yahoo, etc.), social networks (Facebook, Twitter, etc.), a link from another website, or a direct type-in.
    [Show full text]
  • Maximizing Conversion Value with Marketing Analytics and Machine Learning a Braintrust Insights Case Study
    Maximizing Conversion Value with Marketing Analytics and Machine Learning A BrainTrust Insights Case Study Executive Summary The promise of digital marketing and the democratization of publishing tools was to put all brands on equal footing. The brands with the most skill at digital marketing and content creation would win, regardless of size. As advertising crept into the Internet, larger companies seized the advantage with big budgets and resources. However, the introduction of machine learning technology is leveling the playing field once more. Bigger brands, plagued with inertia and aging infrastructure, are not able to adopt new technologies as quickly, creating an opening for more nimble companies to use machine learning to seize market share. With machine learning, attribution analysis is more precise and nuanced; brands will understand the true impact of digital marketing channels, even with dozens or hundreds of steps leading to a conversion. Once a brand understands what truly drives business impact, it can extend its advantage using machine learning and predictive analytics to forecast likely business outcomes. Predictive forecasts give us a starting point, a roadmap for planning that’s truly data-driven. Instead of guessing when things are likely to happen in general, predictive analytics give us specificity, granularity to allocate budget and resources with precision. Nimble brands spend only when they need to, only when they are likely to generate outsized returns. Finally, predictive analytics and machine learning help us to understand what will be on the minds of our customers and when, allowing us to create strategies, tactics, and plans of execution that astonish and delight customers.
    [Show full text]