Late last week, it became clear that Google intended to ignore calls from the World Wide Web Consortium (W3C), the international body that guides the development of web standards, to rethink the Topics API. A “privacy sandbox” proposal that evolves the ad tech stack Chrome supports for targeted advertising.
Topics refers to the ad targeting component of sandbox suggestions based on tracking web user interests through their browsers.
The W3C Technical Architecture Group (TAG) raised a series of concerns after Google’s request for an “initial design review” of the Topics API last March.from “Unnecessary tracking and profiling” Maintaining the status quo for “inappropriate monitoring on the web”.
Commenting on behalf of TAG, Amy Guy added, “I don’t want to see it go any further.”
TAG’s take is not the first negative assessment of the topic. His WebKit and Mozilla browser engine developers also recently dismissed Google’s approach. In the past, warnings about existing privacy flaws on the web have been used as “an excuse for privacy flaws in new specifications and proposals.” The latter sees the topic as “more likely to reduce the usefulness of the information to advertisers than meaningful information that protects privacy.”
Also, limited support for a topic across browsers risks fragmenting the web user experience (which could lead to site implementations trying to block visitors using browsers other than Chromium). ) is another concern flagged by TAG.
Despite growing opposition to Google’s approach from the world of web infrastructure, the UK’s Privacy Watchdog — as the Information Commission’s Office (ICO) is a key oversight body in this context and a major antitrust intervention Following , we are actively working to assess the compliance of our sandboxes with data protection laws. Participating UK Competition and Markets Authority (CMA) – Proposal to Google to stand by and W3C technical experts warn of risks perpetuating a kind of privacy violation (and failure of user agency and transparency) They seem happy to let it continue. For years, the ad tech industry has been caught in a regulatory (and reputational) vortex.
Asked if it had any concerns about the privacy implications of the topic, including in light of TAG’s assessment, the ICO took several days to consider the question before declining to comment.
The regulator said it continues to engage with Google and the CMA. This is part of a role under the commitment Google made to competition watchdogs last year. The ICO spokesperson also pointed to his 2021 opinion issued by the UK’s former Information Commissioner on the topic of evolving online advertising (ha!). that users will be offered the option to receive advertisements without tracking, profiling, or processing of their personal data, and that our spokesperson does not currently set out a “general expectation” in relation to such proposals; It says there is
However, there has not been a more robust response from the ICO to the W3C TAG’s detailed review of the topic.
A Google spokesperson, meanwhile, confirmed that it had briefed regulators on the topic. Also, in response to a question about TAG’s concerns, the company said:
While we appreciate TAG’s input, we disagree with TAG’s characterization of topics as status quo. Google is working on the topic and moving forward, as the topic is significantly more privacy-improving than his 3rd party cookies.
Topic supports interest-based advertising that keeps the web free and open, and significantly improves privacy compared to third-party cookies. Deleting third-party cookies without a viable alternative can harm publishers and lead to worse approaches such as secret tracking. Many companies are actively testing our topic and sandbox APIs, and we are committed to improving privacy and providing tools to support the web.
Additionally, Victor Wong, Google’s Senior Director of Product Management, said on Twitter on Friday following reports of the impact of the TAG concerns. Tweet A threaded version of the sentiment statement (Wong also claims that users can “easily control or turn off the topics they share”) — the ad tech giant has “configured these APIs It concludes with the stipulation that “we are 100% committed to the elements.” A more private internet.”
So tl;dr, Google is not meant to enable topics.
The company announced this component of Sandbox a year ago. This was a much-criticized previous interest-based ad targeting proposal called FLoC (aka Federated Learning of Cohorts), which proposed grouping users with similar interests into targetable buckets. is an alternative to
FLoCs were immediately attacked as a terrible idea. Critics argued that it could amplify existing ad tech problems such as discrimination and predatory targeting. So while Google may not have had much of an option to get rid of FLoC, doing so would give Google the appearance of being responsive, which could lead to PR headaches for the company’s alleged privacy-preserving advertising evolution project. I was able to find a way to turn the seeds of the .
The problem is that the rapidly accumulating criticism of the topic doesn’t fit Google’s claims of “sophisticated” ad tech offering a “more private internet.”
For topic suggestions, Chrome (or a chrome-based browser) tracks a user’s web activity, assigns interests based on what the user sees online, and shares it with entities that call the topic API to target users. can. advertisement.
There are some limitations, such as how many topics are assigned, how many topics are shared, how long topics are stored, etc., but basically the proposal is that the user’s web activity is monitored by the browser and the taxonomy snippet is must be shared. It is inferred by the site requesting the data.
As the TAG rating claims, this is not 100% clear (and controllable) to web users.
The proposed topic API puts the browser in a position to share information about the user from the user’s browsing history with any site that can call the API. This is done so that the user does not have fine control over what is published, in what context, or to whom. Also, users may have a hard time understanding what’s going on. Data is collected and transmitted very opaquely behind the scenes. We believe this is against the principle of giving the user more control and is not appropriate behavior for software purporting to be an agent for web users.
…
Giving web users access to their browser settings to configure which topics they can monitor and send, and which parties they can interact with, is a necessary addition to such APIs, allowing users to It would be some way to restore the agency of People can become vulnerable in unexpected ways and without notice. People cannot be expected to fully understand all possible topics in taxonomies that relate to personal situations. Nor can we expect to continue to understand the immediate or cascading effects of sharing this data with sites and advertisers. Change your browser settings as personal or global circumstances change.
Also, the site calling the API “enriches” per-user interest data collected by the topic with other forms of tracking (such as device fingerprinting), thereby stripping the same web user of privacy. There are also risks. The corrosive anti-web user method that tracking and profiling always does.
Google also said that “sensitive” categories such as race and gender would allow advertisers to identify proxy categories that could be used to target protected traits, as was done using existing tracking. It states that it cannot be turned into a targetable interest through topical treatment that never ceases to be. -based ad targeting tools (see, for example, Facebook’s “ethnic affinity” ad targeting, which was introduced in 2016 as a discriminatory approach to excluding people with protected characteristics from job ads and housing ads). leading to warnings about possible ads).
(Again TAG takes up that risk — further points out: “[T]There is no binary assessment here that can be made as to whether a topic is “confidential”. This can change over time, depending on the context, the circumstances of the people involved, and even the same person. ”)
A cynic might say that the controversy surrounding FLoC and Google’s fairly quick abandonment of FLoC provided the company with useful cover for pushing Topics as a more favorable alternative. seeks to continue tracking web users — given all the attention already spent on FLoC (and the antitrust privacy regulatory powder spent on his sandbox considerations too) I have).
As with negotiations, the initial demands can be outrageous. This isn’t because you’re expected to get everything on the list, but as a way to skew expectations and get as much as you can later.
Google’s highly technical plan to build a new (and what it claims to be) “privacy-friendly” ad tech stack was officially announced in 2020. Action with much faster anti-tracking movement by rival browsers. However, the proposal has faced considerable criticism from publishers and marketers over concerns that it would further cement Google’s dominance in online advertising. This has resulted in scrutiny by many regulators and friction from antitrust watchdogs, causing some delays in the original transition timeline.
The UK is leading the way, with the CMA drawing a series of commitments from the tech giants less than a year ago. It’s about how alternative adtech stacks can be developed and when the switch can be applied.
Primarily, these commitments are intended to enable Google to receive industry feedback and address competitive concerns. However, the CMA and ICO have also announced that they will be working together on this oversight. This is in view of the fact that changing the way advertising is targeted clearly affects the privacy of his web users. In short, competition and privacy regulators need to work together to keep web users from getting stuck in the guise of “relevant advertising.”
However, the adtech issue of ICOs is tricky.
This is because, historically, no enforcement action has been taken against the current generation of ad tech’s systematic violations of privacy laws. So, the ICO concept has been branded from the beginning as a privacy-preserving advance by Google against the filthy status quo, even as regulators allow privacy-invading adtech to continue its illegal processing of web users. It’s attacking Google hard over . ‘ Data — It might look a bit ‘ass over tit’, so to speak.
In short, ICOs face the question of how aggressively they can regulate the details of Google’s sandbox proposals. And, of course, it’s in Google’s hands — because the only privacy regulator actively looking at this stuff is being forced to let it go (or at best, give it a thumbs-up. ), forcing Google to shape topical narratives and ignore well-informed criticism — so you could say that Google is rubbing the face of regulators with its own inaction. So there’s a solid story of ‘moving forward’ on ‘substantial privacy improvements to third-party her cookies’.
Of course, “improvement” is relative. So for users, the reality is that Google still has the upper hand when it comes to deciding how much privacy benefits they get in the business of tracking people as usual. is pointless to complain about the ICO.