What’s happening with Google’s long-heralded migration to an alternate ad tech stack (i.e. its Privacy Sandbox proposal)? What, indeed. The entire multi-year endeavor to remodel the industrial web looks perilously near death after the most recent intervention by the UK’s antitrust regulator, the Competition and Markets Authority (CMA).

This is in addition to the U-turn Google has made around third-party tracking cookies. Initially, they were speculated to be phased out; as of July, it looks just like the cookies are here to remain.

The CMA has been investigating Google’s Privacy Sandbox plan since January 2021, following a grievance filed in November 2020 by a coalition of digital marketing firms — which is one reason the project has been so painfully slow. But the slowness is beginning to seem like a firm “no” from the UK regulator.

IN case update The CMA threw Google one other wrench in the works on Tuesday, writing that it had “competition concerns” in regards to the latest versions. The tech giant’s previous commitments, which might also have to be updated to reflect “the evolution of Google’s planned Privacy Sandbox browser changes,” it said.

This means — at best — further delays in a project that has already exceeded its original schedule by several years.

The CMA said it was discussing the changes with Google, and that Google would want to handle its competition concerns — but it surely has not yet specified exactly which parts of the revised proposal still fall short. One thing is obvious, nevertheless: Google’s proposed move to a user selection architecture is on hold while the regulator considers the implications.

“If the CMA is unable to agree changes to the commitments with Google that address the competition concerns, then the CMA will consider what further action may be necessary,” the regulator also wrote, again without specifying what options might then be considered (note: Google has already agreed not to finish its tracking cookies without the CMA’s consent), adding that it “will conduct a public consultation before making any decision to accept changes to the commitments and intends to do so in the fourth quarter of 2024.”

The regulator plans to supply an update on what it calls its “views on Privacy Sandbox tools and an assessment of the results of testing and trials” in the ultimate quarter of the yr. So that clanking sound you may hear is the sound of a badly damaged can being kicked down the road again.

Ad Targeting: Who Has a Choice?

The CMA’s latest intervention follows a revised approach announced by Google this summer, when the tech giant suggested it would eliminate third-party tracking cookies altogether.

The implication of Google’s offer was also that its proposed selection architecture for Chrome could allow users to opt out of tracking-based personalized ads entirely — i.e., by offering a free selection to say “no” to such tracking (and, presumably, receive contextual ads as an alternative). Which could be great news for people’s privacy.

However, digital marketing corporations which have decided to dam opt-out of tracking cookies in Chrome are likely not in favor of giving web users such a big influence over internet advertising.

The CMA’s assessment of Privacy Sandbox is clearly conducted from a pure competition perspective – so its role is to pay particular attention to such complaints.

The competition watchdog declined to reply questions on its approach. However, we understand the CMA is anxious that Google’s revised plan to present users with selection could significantly reduce the provision of third-party cookies for ad targeting – resulting in increased reliance on alternatives equivalent to Google’s Privacy Sandbox tools.

If there’s a priority that Google could use the Privacy Sandbox project to further cement its dominant position in the ad tech industry — including by giving web users more freedom to guard their privacy from advertisers — that’s a competitive concern.

On privacy, the CMA has previously said it’s working with the UK’s Information Commissioner’s Office (ICO), the regulator answerable for enforcing domestic data protection laws, to think about the relevant issues around privacy and user selection design. However, as now we have outlined previously, the ICO has a history of under-enforcing adtech regulations – despite recognising compliance issues.

The ICO’s recent actions in this area—pursuing certain kinds of non-compliant cookie consent pop-ups—have fueled the expansion of one other problematic type of evasion in the promoting industry: opt-in or pay mechanisms. This controversial approach, which is being challenged legally in the European Union, sees web users presented with a consent pop-up that blocks access to content until they accept tracking or pay a subscription fee to access the content. It is, in fact, the literal opposite of free selection.

And what has the ICO been doing about consent or payment? It consulted earlier this yr but has yet to take a public position on the legality of the controversial business model – allowing the privacy-hating mechanism to grow unchecked in the meantime.

All of which is to say that if the UK regulator is the very best hope for web users to fight for his or her privacy rights in the high-stakes battle for the long run of the industrial web – pitting Google against digital marketers and the CMA in their corner – then this doesn’t seem to be a good fight. It’s more like allowing competitors to dominate the hierarchy of interests.

Asked to answer the CMA’s latest intervention, Google spokeswoman Jo Ogunleye said the corporate was cooperating with regulators and believed its revised proposal was pro-competitive.

A press release from the corporate was also sent, saying: “We are working with the CMA on the Privacy Sandbox in line with the updated approach now we have recommend, which enables people to make informed decisions about how they browse the online. As we finalise this approach, we are going to proceed to seek the advice of with the CMA, the ICO and other regulators all over the world and stay up for continuing to work with the ecosystem to construct a personal, ad-supported web.”

We also asked for a response Lukasz Olejnikindependent consultant who has followed the Privacy Sandbox proposal from the outset. “Storing third-party cookies is detrimental to user well-being,” he warned, underlining a transparent change of direction by the CMA.

“I was extremely pleased with how professionally the CMA approached the migration to privacy-enhanced networks in a way that respected competition,” he also told TechCrunch. “However, over the past few months, I have seen a significant shift in enforcement priorities.”

Speculating on what may be driving the change, Olejnik noted that there had been a change of presidency in the UK – but said it was difficult to clarify why the regulator may need modified its priorities in this area.

“To date, the CMA has fully understood that third-party cookies are problematic for privacy, data protection and trust in the digital advertising sector,” he said, adding: “While I believe there would still be a business case for Privacy Sandbox, such a position could undermine the quality of privacy and trust in businesses for UK users.”