Phasing out third-party cookies, user privacy and regulatory games - enough with the theatre

The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating system.

How come that be?

Until recently, the only web browser on iOS was Safari. Even those with different names like "Chrome" or "Brave" used Safari’s web browser engine (WebKit) under the hood. For competition reasons, this is changing (and will continue to change). In a new working paper, the CMA notes  that Apple may request some specific design and configuration for third-party web browsers (i.e., those other than Apple Safari).

”In ‘WP2 - The requirement for browsers operating on iOS devices to use Apple’s WebKit browser engine’, we set out evidence that the WebKit restriction has resulted in browser vendors being less able to add features and improvements on key parameters of competition, including privacy.
5.49 There may be a case for permitting Apple to set out an expected privacy baseline, to preserve any privacy benefits offered to iOS users currently either through expected privacy outcomes or privacy requirements, and to help to ensure that the quality of users’ browser experience is not degraded.”

In other words, the UK Competition and Markets Authority accepts that web browsers on iOS will have third-party cookies phased out, including Google Chrome.

How is that possible?

Apple requires that all web browsers in its ecosystem (i.e., iOS) block cross-site tracking (i.e., third-party cookies) by default :

“Your Alternative Web Browser Engine App (EU) must do the following:
- Block cross-site cookies (i.e., third-party cookies) by default unless the user expressly opts to allow such cookies with informed consent, or as required for compatibility in the case of popup windows that interact with frames in their opening window;”

Logically reasoning:

- Apple requires third-party cookies to be blocked or unsupported on iOS.

- The CMA accepts this.

- At the same time, the CMA more or less currently halts Google from phasing out third-party cookies in Chrome on other (non-Apple) platforms. The announced transition is under strict scrutiny and the migration planned since 2018 is taking longer than is necessary.


The end result is that Google Chrome can phase out third-party cookies, but at the same time… it cannot. The CMA is currently considering whether Google Chrome could at least ask consumers if they would prefer more privacy by disabling third-party cookies. However, this is not really necessary since, as explained in this analysis, the CMA has already accepted that third-party cookies may be safely removed.

So why the whole theatre?

In any case, expect that third-party cookies are on the way out.


Comments, queries, or maybe offers? Contact me at me@lukaszolejnik.com, I’m open to engagements.