What is the Privacy Sandbox?

What is the Privacy Sandbox?

5min • Mar 22, 2024

Google had announced the end of third-party cookies as early as 2020, yet it has only postponed this deadline. 2024 is expected to mark the end of this saga. However, many of advertisers are still wondering about the future of marketing in a world devoid of third-party cookies.

How to implement effective retargeting? How to offer relevant personalized recommendations? How can we use the lookalike algorithms of advertising platforms if they can no longer efficiently identify "digital twins"? Despite the four years that have passed since Google's initial announcement, the end of third-party cookies continues to raise numerous questions.

By August 2022, Google Chrome introduced its Privacy Sandbox in beta, an initiative focused on protecting online data privacy. Its aim is to gradually phase out third-party cookies while guiding marketers towards new practices to maintain their performance.

👉🏼 In this article, we'll give an overview of what Google's Privacy Sandbox is, how it works, and what should be expected in the future.

What is the Google Privacy Sandbox?

Cookies are small text data stored in the browser containing information about a visit. Most have no impact on privacy, as they serve to remember a user's preferences (dark mode, navigation language, etc.).

However, third-party cookies are javascript codes placed by domains different from the main site's domain. In short, major advertising networks (Meta, Google Ads, etc.) can track your journey across almost the entire internet, raising privacy concerns today.

How third-party cookies work: Third-party cookies are used to track online behavior and retarget customers. If someone sees an article on a site A, leave that website and surf the web, it's very likely that he sees an ads for this specific article on a site B.

Third-party cookies are used to track online behavior and retarget customers

The Google Privacy Sandbox is a project aimed at ensuring continuity of marketing activities while ending third-party cookies. It seeks to create technologies that protect user privacy and confidentiality (on web browsing and Android), while still allowing businesses to succeed digitally.

👉🏼 Other solutions can be implemented to face the end of third-party cookies, including the implementation of APIs and first-party data collection and centralisation.

💡 The initiatives and technologies of the Google Privacy Sandbox are still in development and under discussion within the web community. Google tests and iterates these proposals with the industry, standard-setting organizations, and privacy advocacy groups to find a balance between user privacy and the needs of advertisers and publishers.

More specifically, with its Privacy Sandbox, Google's major goals include:

  • Eliminating user concerns about their personal data by ending cross-site, cross-app tracking, and covert tracking techniques (such as fingerprinting)

  • Ensuring online advertising remains viable (notably to guarantee access to free content), without compromising privacy

  • Collaborating with companies for the development of these new technologies

💡 In computing, a "Sandbox" is a controlled and restricted environment, where data can be isolated to minimize the risk of misuse. For example, it's possible to run a program in a sandbox to conduct tests and verify its integrity before launching it elsewhere. This is why Google uses this term for its solution!

How Does the Privacy Sandbox Work?

The Privacy Sandbox technologies are still under development. To learn about the progress (and proposed features), directly consult Google's resources for developers on Chrome and Android.

The development of these technologies follows fundamental principles like differential privacy, k-anonymity, and on-device processing to ensure that personal data not only remains anonymous but is also protected.

  • Differential Privacy: This is a system developed by Google to identify behavioral trends without disclosing confidential data about individuals or their affiliation to the underlying data set.

  • k-anonymity: This is a system for assessing the level of anonymity within a data set. With an anonymity level of k=1000, it becomes impossible to distinguish one person from the 999 others in the set to which they belong.

  • On-device Processing: Computing operations are carried out locally on a device without communicating with external servers. The idea is simple: third-party cookies will now remain in users' browsers and can thus evolve locally.

Google then proposes new interfaces (APIs) to advertisers for controlled information retrieval. For example, Google may prevent advertisers from retrieving too much data too quickly. The goal is to enable targeting of a group with shared characteristics, without making individual targeting possible (due to a lack of precision in the collected data).

Simultaneously, the Privacy Sandbox integrates artificial intelligence mechanisms operating locally to analyze interactions with advertisements and products, thereby identifying general trends without ever linking this information to specific individuals. These features are designed to strictly respect individual privacy while providing advertisers and publishers with useful and relevant insights.

Use Cases for the Privacy Sandbox

Measuring Conversions

The Attribution Reporting API aims to measure the effectiveness of advertising campaigns without revealing user identity. It allows advertisers to know if an ad led to a conversion (e.g., a purchase) without knowing the specifics of who performed the action. Specifically, it measures clicks and conversions after display.

This API features functionalities including multi-device and App/Web attribution reports, with two types of attribution reports:

  • Events reports linking an ad to conversion data (with limited data to ensure privacy)

  • Aggregate reports providing more detailed conversion data without being linked to a specific ad.

Selecting Ads

A major goal for an advertiser is to display the right ad to the right audience. Today, making an ad relevant to a user often relies on the person's interests. Ads are then selected based on browsing history. This is especially true for someone who has visited your website, for whom retargeting campaigns are highly relevant.

However, these techniques use third-party cookies to track an individual's web behavior and will not be usable as such in the future.

The Privacy Sandbox therefore proposes alternatives to traditional retargeting and interest-based selection to tailor ads:

  • FLEDGE API (First Locally-Executed Decision over Groups Experiment)

This API offers a method for executing ad biddings and targeting directly in the user's browser, instead of on remote servers. The user's browser itself stores interests, making this API functional. FLEDGE includes mechanisms to limit the amount of information that can be inferred from a user's browsing history.

  • Topics API

The Topics API relies on Machine Learning to infer a person's interests from the names of recently visited sites. It thus enables targeting the right audience for a specific topic, without compromising privacy. Topics are stored for a short period, to limit the risks of creating a detailed and persistent user profile.

Preventing Fingerprinting

Fingerprinting is a technique for identifying and tracking a user's behavior based on device information: user agent, screen size, time zone, language, operating system, etc. This technique is increasingly criticized because it is not transparent and cannot be controlled by users.

The Privacy Budget proposal limits the number of identifiers available (notably in JavaScript APIs and HTTP requests), reducing information collection about a user's device.

Fighting against fingerprinting also involves securing IP addresses. This proposal consists of two parts:

  • Voluntary blinding of IP addresses chosen by a website (making it impossible to connect a user to an IP address)

  • Routing traffic through a common private server for user groups (based on proximity)

Preventing Fraud

To combat online fraud, Google plans to introduce what it calls "trust tokens" through the Trust Token API. A trust token can be placed on a user's browser based on their online behavior. As the user navigates, various sites can verify this trust, confirming that the user is indeed human.


With growing concerns about privacy issues, third-party cookies will gradually disappear by the end of 2024. Yet, many use cases still rely on these cookies for reliable tracking of an internet journey: measuring conversions, understanding interests, retargeting, etc.

The Privacy Sandbox initiative aims to enable effective online advertising while protecting privacy. This initiative is still in the testing phase, and Google encourages advertisers and developers to comment and enrich its proposals. (👉🏼 Directly here)

No need to panic, the final transition will be gradual, and the tools will be directly added to the Google Chrome browser.

However, it's important to prepare today for the world of tomorrow. Using first-party data, appropriate tagging infrastructure (including server-side solutions), and marketing automation and machine learning solutions will be mandatory tomorrow to enhance your customer knowledge.

It's clear that transitioning to a cookie-less world won't be easy. Yet, this change is essential to ensure user respect. To prepare for it, feel free to contact us.

Table of content

  • What is the Google Privacy Sandbox?
  • How Does the Privacy Sandbox Work?
  • Use Cases for the Privacy Sandbox
  • Conclusion

Share this article

Put your data in motion and get value everywhere

You may also like

Put your data in motion and get value everywhere