I track the Privacy Sandbox migration process since it's day 1 announcement. Having written some notes about architectural aspects, initial assessments, including identification of data leaks,

When analysing the proposals and imagining the future system, I realised that there's a need to somehow guide the future maintanance or development. So I am the first person who identified the clear need for a governance structure of Privacy Sandbox, and put forward the scheme for consideration.

Now I present the latest document with feedback issued to UK Competition and Markets Authority.This submission complements my research paper “On the governance of privacy-preserving systems" (Handbook on the Politics and Governance of Big Data and Artificial Intelligence, Edward Elgar Publishing., 2023).

Additional context for these works may be found in my LL.M. thesis Reconciling Privacy Sandbox initiatives with EU data protection laws (or blog summaries concerning data protection, and competition). The public version of the document has amended questions, as the original ones issued by the CMA were very precise. The question format in this document is made more general (with consultation with CMA), which has significantly fewer (~80%) details of the precise aspects covered, but on the other hand — is simpler to grasp for the reader.

My submission reinforces a need for a coherent and clear governance structure, both due to considerations of privacy and competition. I don't think that the governance structure be handed over to W3C. However, I also argue that handing it over to the established ad industry board/groups would be risky.

The submission is here.