Monday, December 23, 2024
Technology

Google points to privacy changes, choice screens and data API ahead of DMA compliance day

Google has trailed another bundle of product tweaks ahead of Thursday’s deadline for compliance with the European Union’s Digital Markets Act (DMA).

The DMA applies to Alphabet, Google’s parent, which is one of six designated “gatekeepers” under the ex ante competition reform. The pan-EU regulation, which is intended to open up digital markets with measures to promote fairness and contestability, applies a set of up-front operational ‘dos and don’ts’ across in-scope “core platform services”. Penalties for violating the regime can scale up to 10% of global annual turnover (or 20% for repeat offenders).

Incoming changes Google is flagging today ahead of the March 7 DMA compliance day include additional browser and search choice screens that will be shown to users of Android phones when they set up a device; and — “soon” — to users of Chrome for desktop and iOS devices, too. The new choice screens will appear on or before March 6, per Google.

It says the design of the choice screens are “built on user research and testing, as well as feedback from the industry”. (Google’s eligibility criteria for browsers can be found here. Eligibility criteria for search engines is here.)

Today, Google is also announcing that it’s stopped the default-linking of personal data across user accounts for certain of its products which it’s previously used to power “personalization” of content and ads. This pro-privacy change is happening because the DMA bans the use of people’s data for advertising without their consent. But Google isn’t going gentle into this data goodnight.

“We currently share data across some Google products and services for certain purposes, including to help personalize your content and ads, depending on your settings. Today, users in the EEA [European Economic Area] can visit settings in their Google Account and choose if they want to continue to share data across Google services by linking them,” it writes, giving a backwards take on the change that does its best to obfuscate the fact it’s being forced to stop this consentless tracking and profiling of its own users.

Google’s blog post further notes that users “may” see “new consent banners asking them whether they would like to link their Google services“. So the company appears to be intending to try to nudge users to re-enable its tracking — despite the DMA prohibiting the use of dark pattern designs that are intended to manipulate users into giving their consent. 

The adtech giant is the DMA gatekeeper with by far the largest number of regulated platforms — eight in total; namely: Google Maps, Google Play, Google Shopping, Google Ads, Chrome, Android, Google Search and YouTube. Which is why it’s setting out such a smorgasbord of changes across multiple products.

Elsewhere on data for ads, Google appear to be relying on its advertisers to keep a pipeline of targetable user data flowing through its ad engines. Its blog post highlights that it’s making “multiple upgrades to our advertising products and tools to help advertisers communicate consent for data they collect” in accordance with what it describes as its “long standing EU end user consent policy“.

Google offers no explainer of the nature of the changes here. And it will be for regulators to scrutinze its outsourcing of consent for tracking to third parties. (NB: Compliance with the EU’s data protection framework, the GDPR, is also required of DMA gatekeepers — and on that front it’s worth noting there’s a long standing GDPR complaint against Google’s adtech sitting with the Irish Data Protection Commission.)

The DMA also requires Google to provide advertiser customers with more information about their ads. On this, Google notes advertisers and publishers in the EEA will “be able to receive some additional data” — without its blog post specifying exactly what they’ll get. It just stipulates the data will be “shared in a way that protects user privacy and customers’ commercially-sensitive information”. 

In another DMA-driven change that’s slated to start on March 6, Google says it will launch a program allowing Android developers of Play-distributed apps to “directly lead users in the EEA outside the app, including to promote offers”. This suggests Google will let these developers include links in their software to direct users to cheaper deals elsewhere — something it has previously not allowed them to do under anti-steering restrictions, unless they eschewed distribution in its popular app store.

The change should make it easier for Android developers to direct users to their own websites to take payments for subscriptions etc to avoid the commission fee Google charges through its app store — potentially boosting their profitability.

Google has also announced the impending launch (“this week”) of a Data Portability API for developers in the EEA — to meet “new requirements” in the DMA.

Yesterday TikTok, which is also in scope of the DMA, announced its own API for data portability. All the gatekeepers will have to do this.

EU lawmakers hope the regulation’s data portability requirements will fire up competition against gatekeepers by facilitating service switching and/or multi-homing — making it easier for users to port their data to a third-party app or service and for businesses to get access to data so they can cater to users.

Despite a high level of DMA risk for Google, on account of how many of its services are in-scope of the regulation, at times its blog post spins the idea it’s already well on the way to being compliant with the regulation as it suggests it already fulfils some of the requirements — such as the ability for users of its mobile platform Android to install alternative app stores and sideload apps.

Some of what Google is trailing in today’s blog post also appears to be re-announcing changes previously announced and/or launched in recent weeks. Such as tweaks to regional search results which removed its flight aggregator unit but added some new box-outs and buttons. Those tweaks quickly garnered a furious reaction from comparison sites — which accuse Google of devising and launching a new service (in the form of rich content features) that breaches the regulation’s ban on self preferencing.

On March 7, the enforcement era of the DMA will kick off — with gatekeepers’ compliance reports being made public and the European Commission inviting stakeholders to a series of workshops to give detailed initial feedback.

The Commission is the sole enforcer of the DMA. The bloc can instigate investigations where it suspects non-compliance by gatekeepers. It also has powers to deploy interim measures — so has the tools to move quickly on pressing issues. It’s also fair to say the EU is under considerable pressure — including from a reputational perspective — to deliver strong enforcement of this flagship digital reform so the Commission will need to hit the ground running.

source

Leave a Reply

Your email address will not be published. Required fields are marked *