[By Satyam Mehta]
The author is a student of National Law University, Jodhpur.
Introduction
Google has effectively blocked third-party cookies for 1% of Chrome users beginning this year, a move that has been delayed multiple times and was announced a couple of years back. However, despite this, the move has met with criticism from different stakeholders alleging that it strengthens Google’s already well-established monopoly. Consequently, Google has come under scrutiny from the UK watchdog Competition and Markets Authority (CMA). This article is an attempt at carefully analysing the paradigm Google is invariably trying to push, its ramifications and if there is a need for further scrutiny from different watchdogs around the world, especially in India.
Ramifications of the move
Firstly, it is imperative to understand what third-party cookies are and what is the difference between third-party and first-party cookies. First-party cookies are what are treated as essential cookies by the Data Protection laws and they are vital to the functioning of the site. They are installed by the website you visit to store some important information, for example your language preference or your login information. Therefore, they are significant because they ease user experience. On the other hand, third-party cookies can be installed by anyone, for example the ad tech companies, for the purpose of tracking the users across websites and profiling them to sell ads. The data can be accessed by anyone by logging into the third-party server code. Thus, third-party cookies are primarily used for tracking the users across websites and profiling them to display relevant advertisements. It is a no-brainer that these are not exactly privacy-centric and leak the users’ data to the ad tech companies that allow them to sell ads as a result of which the ad tech industry has burgeoned into a 600Bn $ a year behemoth. A 2019 GDPR ruling therefore made these cookies optional and mandated explicit consent to be required failing which a fine will be imposed.
Google aims to effectively phase out these cookies by the end of 2024 and follow in the footsteps of its competitors Firefox and Apple’s Safari that blocked these cookies way back in 2019 and 2017 respectively. Google claims that this is a privacy-centric move that will allow users’ data to be safeguarded from multiple stakeholders especially now that the privacy laws landscape is evolving. An obvious question springs then, why is there such rampant criticism of the move and why is Google being investigated for the same when it is just following the footsteps and the mandates of its competitors and watchdogs respectively. For starters, Chrome has 66% market share and while Apple has historically had a closed ecosystem, chunk of Google’s revenue comes from the advertising business. Google has had a monopoly in the ad tech business so much so that it has been sued by the Justice Department with Attorney Generals of various States coming on board. Thus, the paradigm that Google is pushing for has to be seen with a cautious approach from the side of both the users as well as the advertisers. While the majority of users either don’t really understand cookies or do not care whether their ads are relevant or not as long as the tech companies are not intrusive, this is a concern for the ad tech companies as this would change ad targeting dynamics, probably, in Google’s favour.
With the removal of the third-party cookies, the advertisers have to rely on first-party cookies and while Google has this data in abundance, thanks to its various owned and controlled entities such as YouTube, Maps, etc. the small ad tech companies don’t have such enormous amounts of data as they have traditionally relied on third-party cookies for the same. Thus, it will give Google a chance to strengthen its already strong position in the ad tech industry as the websites are not allowed to track users while the browser still logs their information. This doesn’t exactly promote a level-playing field and instead of promoting user privacy, it just makes Google the sole owner of the user data and to do with it as they please. Subsequently, Google promoted their privacy sandbox initiative that it claims will balance the privacy of the users and the needs of the ad tech companies. It is a no-brainer that there needs to be antitrust scrutiny into Google’s actions as what it is effectively doing is stopping the ad tech companies from collecting their own data while making them reliant on the Privacy Sandbox initiative and small ad tech firms will have to enrol to stay relevant because they do not have the enormous amounts of data that Google has as already discussed. There has been an investigation by the UK watchdog CMA that is ongoing and it has gotten Google to make some commitments but no other regulator has batted an eye as they think that the Britts have got it.
Analysis
In the opinion of the author there has to be further scrutiny of Google’s actions and motives, especially in the Indian context as its Privacy Sandbox initiative has also been criticised at length but first, it becomes vital to understand the functioning of the Privacy Sandbox initiative. The browser will group people into different sets using different Application Programming Interfaces on the basis of their interests based on their browsing history. The data will never leave the browser and individual user targeting will be minimised as they will be targeted in sets while sharing generic information with the advertisers. However, upon examining this, it becomes apparent that it is disruptive of the level playing field as Chrome has access to user data at the granular level while the advertisers don’t which might allow it to give preferential treatment to its products. Therefore, Google committed to the CMA that it will not use personal user data in its ad system or discriminate in favour of its own products. However, there hasn’t been the same scrutiny by any other regulator or watchdog across the world, surprisingly not even the EU. There is a need for scrutiny by the CCI to check if this move is even legal and if it is, at least get the same commitments from Google as these commitments give the CMA power to get a Court order if they are violated.
In the Indian context even, Google’s track record has not been clean, it has been sued for its monopolizing practices in the advertising industry and is currently under investigation. Furthermore, Google’s actions are subject to scrutiny under Section 4 of the Competition Act, 2002, especially under (4)(2)(c) as the words “in any manner” are of wide import by virtue of the Hon’ble Supreme Court’s decision in Competition Commission of India v. M/s Fast Way Transmission Pvt. Ltd. and Ors. Therefore, as has been stated above, the CCI could take suo moto cognizance of the matter and initiate an enquiry into Google’s actions, given their wide ramifications, which could ultimately culminate into Google giving commitments, of the same calibre that it has given to the CMA, under Section 48B of the Competition Act, 2002. There is no ex-ante obligation on Google as the law stands right now because the Digital Competition bill has not become law and this could potentially be cited as an example of its efficacy by its proponents but the author feels that that’s a debate for another day and the interests of the consumers and the sanctity of the market has to be tended to at the moment.
Conclusion
Thus, Google, a giant that has built its entire business by monetising user data, will have sole ownership of the user data beginning Q4, pending CMA approval, and the regulators, barring CMA, have not batted an eye. This promotes innovation in the ad tech industry and promotes privacy to a degree but at the same time, it is imperative to examine it under the lens of antitrust laws. This reiterates the need to have a separate framework for the digital market that can effectively regulate the fast-paced industry.