Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users.
"While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done within the browser by Google itself," noyb said.
"To do this, the company theoretically needs the same informed consent from users. Instead, Google is tricking people by pretending to 'Turn on an ad privacy feature.'"
In other words, by making users agree to enable a privacy feature, they are still being tracked by consenting to Google's first-party ad tracking, the Vienna-based non-profit founded by activist Max Schrems alleged in a complaint filed with the Austrian data protection authority.
Privacy Sandbox is a set of proposals put forth by the internet giant that aims to block covert tracking techniques and limit data sharing with third-parties while allowing website publishers to serve tailored ads.
However, its plans to deprecate third-party cookies in Chrome have been repeatedly delayed as it works towards addressing concerns and feedback raised by regulators and developers. Back in April, the company said it intends to phase out third-party cookies early next year.
In the interim, Google is ramping up testing efforts, with the company already deprecating third-party cookies for 1% of Chrome users globally starting the first quarter of 2024.
While users have the option to agree to disagree to tracking in this manner, noyb has accused the company of using dark patterns to increase consent rates and misleadingly passing it off as a feature that protects users from ad tracking.
Noyb further argued that Privacy Sandbox being less invasive than third-party cookie tracking mechanisms does not give Google the right to violate data protection laws in the region.
"Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite," Schrems said. "If you merely steal less money from people than another thief, you can't call yourself a 'wealth protection agent.' But that is basically what Google is doing here."
Google, in a statement shared with Reuters, said Privacy Sandbox offers "meaningful privacy improvement" over existing technologies, and that it will work towards arriving at a "balanced outcome" that meets the needs of all stakeholders.
This is not the first time Noyb has filed complaints with the European Union watchdogs against big tech companies for alleged privacy infringements.
Earlier this April, it accused ChatGPT maker OpenAI of violating General Data Protection Regulation (GDPR) laws by "hallucinating" false information about individuals.
It has also criticized Meta for relying on "Legitimate Interests" over its plans to utilize publicly shared data of its users -- with the exception of private messages with friends and family or from accounts of Europeans under age 18 -- to train and develop unspecified artificial technologies.
The social media company has since responded stating the AI models it develops "need to be trained on relevant information that reflects the diverse languages, geography, and cultural references of the people in Europe who will use them."
It further said other companies including Google and OpenAI have already used data from European users to train their AI models, noting its approach is "more transparent and offers easier controls than many of our industry counterparts already training their models on similar publicly available information."