A draft report from the UK Information Commissioner’s Office (ICO) raises concerns about Google’s Privacy Sandbox, which is aimed at preserving privacy in online ad targeting and analytics. The report highlights gaps that could be exploited to compromise privacy and track individuals online. This technology seeks to replace current tracking methods with more privacy-conscious alternatives, but its credibility hinges on its ability to deliver privacy assurances.
If Google’s Privacy Sandbox fails to address regulatory, community, and competitive challenges, it could collapse, leaving adtech rivals to continue tracking users through existing or alternative methods. The ICO report represents another setback for Google’s attempts to reconcile ad targeting with privacy laws like GDPR. Google’s strategy involves moving ad auction mechanics to users’ local devices through web APIs, such as the Topics API in Chrome, which aims to convey user interests to advertisers without identifying individuals.
Critics, including the Electronic Frontier Foundation and rival browser maker Vivaldi, have raised concerns about the Privacy Sandbox’s support for behavioural advertising and its reliance on advertisers’ good behaviour rather than technical guarantees for privacy. Given Google’s market dominance and significant revenue tied to online advertising, scepticism persists about rebuilding ad architecture on its platforms. Both regulators and industry groups like the IAB have expressed concerns about the Privacy Sandbox’s potential competitive disadvantages and limitations, suggesting that Google may need to address these issues before proceeding.
Despite challenges and criticism, Google remains committed to Privacy Sandbox technologies, emphasising their aim to enhance privacy while maintaining targeted advertising. The company continues to engage with regulators and stakeholders to address concerns and ensure a solution that benefits users and the entire advertising ecosystem.
Google has settled a lawsuit accusing the tech giant of clandestinely tracking the internet activity of users who believed they were browsing privately. Filed in Oakland, California, federal court, the settlement terms await approval from US District Judge Yvonne Gonzalez Rogers. Though Google is not facing any damages, individual users retain the right to sue the company. According to lawyers representing the plaintiffs, the settlement is estimated to be valued between $5 billion and $7.8 billion.
The class action, initiated in 2020, represents millions of Google users who utilised private browsing settings from 1 June 2016. Allegations against Google include claims that its analytics, cookies, and apps allowed unauthorised tracking, turning the company into a repository of sensitive user information. Under the settlement, Google will update its disclosures regarding data collection during private browsing sessions and enable users to block third-party cookies for five years.
Google has responded by emphasising its commitment to user privacy, asserting that data collected during ‘Incognito’ mode browsing is not associated with individual users. According to Google spokesperson Jose Castaneda, the company is pleased to settle the lawsuit, which it has consistently deemed meritless. Plaintiffs’ lawyer David Boies views the settlement as a significant step towards holding dominant technology companies accountable for their practices, describing it as a ‘historic step requiring honesty and accountability’.
The agreement, which follows a preliminary settlement in December, prevents a scheduled trial in February 2024. Although specific terms of the settlement were not disclosed initially, plaintiffs’ lawyers intend to pursue unspecified legal fees from Google in the future. The lawsuit highlights ongoing debates surrounding online privacy and the responsibilities of tech giants like Google in safeguarding user data.
Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America have issued a statement on establishment of the Global Cross-Border Privacy Rules (CBPR) Forum that is aimed at multilateral cooperation in promoting trusted global data flows. The Global CBPR Forum intends to establish the Global Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems, based on APEC CBPR and PRP systems – data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards.
