report

Google and the CMA: first report on the Privacy Sandbox proposals

51Degrees

6/7/2022 4:00 PM

Google Industry User Agent Client Hints News Web

Key points from the report include updates on the User Agent reduction and User Agent Client Hints

The UK Competition and Markets Authority (CMA) is overseeing the development of Google’s Privacy Sandbox proposals to ensure they protect privacy in a way that doesn’t distort competition. After a three-month wait, Google has provided the CMA with its first report.

In response, Movement for an Open Web (MOW) recently published an in-depth analysis of Google's first quarterly report, including a summary of key issues and concerns that Google has not acted reasonably regarding their commitment requirements. 51Degrees, a member of MOW, supports this analysis.

As part of the supervision of the Privacy Sandbox proposals, you are encouraged to contact the CMA regarding your experience engaging with Google on testing and trialing specific proposals, but more on that later. First, let's recap the first of Google’s quarterly report and its impact on the web.

report

User Agent reduction: latency issues

As a reminder, the User Agent string is being gradually reduced in Chromium browsers. This will continue until the reduction is completed in Chrome 113 (planned for next year).

If you have not already done so, you should prepare your web offerings now before the UA string is reduced fully – User Agent Client Hints will be the only method to receive information on device hardware and software within Chromium based browsers, like Chrome or Edge.

One of the key pieces of feedback Google details in their report is performance within the User Agent reduction. Google have acknowledged that there are issues surrounding the latency of getting hints via Critical-CH on the first page load, an issue that directly affects advertising and ad bidding.

Due to the impact latency has on competition in digital advertising, we agree with MOW's analysis that until the latency issue has been addressed, the User Agent string should remain unchanged. To continue down this path would harm the advertising industry.

User Agent Client Hints: anti-fraud and anti-abuse

There are also concerns surrounding User Agent Client Hints (UA-CH), Google’s replacement for the UA string.

Both the User Agent reduction and User Agent Client Hints have anti-fraud and anti-abuse concerns raised against them. For UA-CH, information on the device is sent via the second request to the server. This differs to the User Agent string where information is sent on the first request.

Feedback on the UA reduction and UA-CH includes requests to have as much information as possible within the first request, as it’s important when debugging certain types of attacks such as Denial of Service. There are also concerns that User Agent Client Hints do not contain the same level of information when compared to the User Agent string.

Google need to pause the User Agent deprecation while these acknowledged issues are resolved.

What should I do?

As a device detection provider, we have focused specifically on the User Agent reduction and User Agent Client Hints from the Privacy Sandbox proposals. However, there are many other changes that Google are proposing to make to the open web. We encourage our customers to make their concerns known.

Give feedback to the CMA

The CMA, alongside ING Bank (the Monitoring Trustee who is assessing Google’s compliance), welcomes further feedback from industry participants and other affected parties.

If you have any concerns surrounding the Privacy Sandbox proposals, whether that’s regarding your experience engaging with Google on specific proposals or the extent to which Google has taken your feedback into account, the CMA wants to hear from you.

To voice your concerns, you can email the CMA at privacysandbox@cma.gov.uk. Alternatively, you can contact the Monitoring Trustee by emailing trustee.services@ing.com.

Movement for an Open Web

We continue to be the voice of the industry via our involvement in Movement for an Open Web (MOW), an organization who is campaigning for healthy competition that is open to all.

You can join MOW by emailing media@movementforanopenweb.com.

51Degrees

Overall, we're concerned with the quality of Google's report to the CMA and their compliance with the required commitments. We'll be keeping a close eye on the situation to inform our customers on the proposals from Google while updating our services to accommodate the changes. Get started with 51Degrees now to prepare for the future of the web.