What is Google’s Privacy Sandbox? The Ultimate Guide

It might have been delayed, but the end of third-party tracking cookies is coming at the beginning of 2025, and businesses can’t afford to keep pretending otherwise. The good news is that thanks to this delay, there is still a small window of opportunity for companies to prepare for the cookieless future by engaging with the Google Chrome Privacy Sandbox.

This guide will give you everything you need to know to use the Chrome Privacy Sandbox, including:
  • What the Privacy Sandbox is
  • Why third-party tracking cookies need to be retired
  • How the Privacy Sandbox works
  • How you can implement the Privacy Sandbox today
Last Updated:
Published:

What is the Privacy Sandbox? 

The Privacy Sandbox is an initiative spearheaded by Google designed to build a series of tools and standards for websites and advertisers to access user information while respecting user privacy. It is not just a Google project, it is being developed publicly with the World Wide Web Consortium (W3C) in order to implement feedback from market participants. 

The project started in August 2019 and was primarily designed to build alternative ways for advertisers to connect with users without using third-party tracking cookies. Tracking cookies were the foundation of modern targeting advertising but had become a source of mounting privacy concerns for users. 

For a long time, these concerns were overlooked by the advertising industry, but the relationship between customers and advertisers began to sour, with 74% of users worried about how they were tracked online. Third-party cookies were a particular concern, as they enable companies to identify and track one user across multiple sites, building a scarily accurate picture of an individual person. 

It should be noted that there is a bit of cognitive dissonance here. Users are worried about tracking, but 91% are still more likely to purchase a product if they encounter an ad with some level of personalization. 

The Google Chrome Privacy Sandbox is an attempt to solve this challenge. 

How does the Privacy Sandbox work? 

The Privacy Sandbox is being developed for both the Web and Android. The initiative brings together a number of companies and contributors, including us here at RTB House, in order to solve three key challenges: 

  • Finding a replacement for cross-site tracking with new, privacy-preserving technologies

  • Enabling publishers and developers to produce freely available ad-supported content

  • Working with the advertising industry to create new internet privacy standards

It achieves these aims via a number of proposals. While each proposal differs in its approach, they all operate on the principle that personalized advertising should be conducted through groups of anonymized users, called cohorts, rather than directly to individuals. 

There are currently four main proposals:

Privacy Sandbox Attribution Reporting API

Traditionally, the best way to measure conversions, and attribute those conversions to a specific advertiser, was to use third-party cookies to determine who is responsible for a user. The retirement of third-party cookies risks removing the ability of advertisers to measure their campaigns, rendering it difficult for them to refine their methods, or demonstrate their impact on a client’s bottom line. 

The Attribution Reporting API is the Privacy Sandbox solution to this challenge. Instead of using third-party tracking cookies to identify users, it relies on the measurement of two events that are linked together by the API in a privacy-preserving way:

  1. An event on a publisher’s website, such as a user viewing or clicking an ad.

  2. The subsequent conversion on an advertiser’s website

This enables the API to create two levels of reports which may be used simultaneously:

  • Event-level reports – connect a particular ad click or view on the ad side with data on the conversion side. Data transfer is delayed in order to protect user privacy, and the conversion side equation of this data is limited. Additionally, a small amount of reports will include random data, in order to create additional noise and limit the risk of user identification. These reports are useful for things like optimization, fraud detection, and coarse reporting.

  • Summary Reports – are not tied to specific event data on the ad side. Instead, they use richer, high-fidelity conversion data that is protected with a combination of privacy techniques to reduce the risk of identifying a user. These reports are best used to answer complicated questions, such as “what is my return on investment?”

This proposal will provide advertisers with the tools they need to conduct the same rich level of reporting they do today, and to continue to optimize their campaigns. 

Protected Audience API

Protected Audience API is a proposal aimed at improving online privacy while still providing advertisers with the tools they need to reach users with tailored advertising. It has been developed and fine-tuned by Google over the course of the last years, changing its name three times—starting with TURTLEDOVE, then FLEDGE, before finally landing on the Protected Audience API.

The Protected Audience API ensures that a user’s personal data stays on their device, never leaving the browser. All the processes which use these pieces of data also happen on that same device. When a user visits a website, based on their behavior there, they can be assigned to an interest group that was pre-defined by the advertiser (or its technological partner). What’s important is that outside of the browser (on external servers), the user is only visible as somebody from that interest group. This is achieved through a k-anonymity mechanism, which prevents forming a group unless it includes a sufficient number of people (currently, the threshold is 50, but this may change based on feedback).

This approach allows for personalized advertising without cookies, maintaining much of the third-party cookies’ functionality, but with enhanced privacy.

Topics API

Google’s Topics API is the second iteration of the FloC (Federated learning of Cohorts) proposal. Topics API is designed to allow privacy-friendly behavioral advertising, based on user browsing habits.

To achieve this, the Chrome browser would be able to determine a number of topics based on the websites you have visited, such as music, TV, sports, tech, or travel, and store them in your browser as a top interest for that week. It will define the top topics per week and keep them stored for three weeks, before deleting old topics and defining new ones. 

This information is stored exclusively on a user’s device, and users will be able to control these topics in Chrome, and delete any that they don’t want or like. Topics API is a significant improvement over the FloC proposal, as it reduces the risk of fingerprinting by eliminating the need for a user ID, and provides a significant amount of agency to users.

CHIPS

CHIPS stands for Cookies Having Independent Partitioned State. Certain applications, for example maps or shopping baskets, need to have some knowledge of a user’s activities on a site in order to function. This knowledge is usually stored in cookies, which can track users across sites. This doesn’t have a direct impact on advertisers. This is a useful way to showcase how the Chrome Privacy Sandbox is not only providing advertising features but preventing tracking more generally.

CHIPS is designed to prevent this by allowing widgets to identify a user’s activity on a single site in order to store information related to that specific use-case. It does this by creating a cookie for each site, rather than one cookie for each user.

This means that websites will be able to continue using widgets to provide better functionality, while eliminating the risk of data leakage for users. All-in-all, an elegant solution.

These proposals are just the beginning

These proposals are simply the most current step in the Privacy Sandbox journey. If the tests show that they are valuable, they will all form part of the final product in one way or another. This process has already begun, as FLEDGE was the result of a number of enhancements to the TURTLEDOVE proposal that preceded it. 

If you want to keep an eye on the Privacy Sandbox roadmap, you can find more information here for the Web, and here for Android. 

Can I already implement the Privacy Sandbox?

While development is still ongoing, the Privacy Sandbox is very much ready for advertisers and brands alike. It is a big, ambitious, project, so there will undoubtedly be incremental improvements, but our tests have shown its potential to deliver great value for both supply- and demand-sides of the advertising industry.

Early adopters will have two big advantages over latecomers. The first is the ability to have a say in how the project develops. For example, RTB House was able to design proposals that we knew would benefit the advertising ecosystem because we have been working with Google from Day One, helping to shape the future of the Privacy Sandbox

Secondly, businesses who start early will gain invaluable experience with the tools necessary to thrive in the cookieless future. Many companies, out of fear or complacency, will stick their head in the sands and will quickly find themselves outcompeted by their more forward-thinking competitors. 

To help you get started, we’ve created a checklist:

If you want to learn more about the Privacy Sandbox, or about how your organization can prepare for the cookieless future, contact us today.