Privacy Sandbox: How it works & What will it bring in 2024?

Privacy Sandbox Timeline


  • Leverage markdown formatting for headings, lists, links, images, etc.

The internet has brought immense value to our lives by connecting us and providing access to information. However, this has come at the cost of our privacy. Web browsers collect vast amounts of data about us through techniques like third party cookies which are then used for advertising and other purposes. Lack of transparency and control over how our data is used has led to growing public concern about online privacy.

In response, Google announced the "Privacy Sandbox" initiative in 2019 to address these concerns and build a more private web. Over the next two years, Google plans to phase out third party cookies in its Chrome browser and replace current tracking-based advertising with new, privacy-preserving technologies.

In this post, we‘ll dive into the details of Privacy Sandbox – why Google is making this move, how the new technologies work, what the timeline is, and what it could mean for the future of the open web.

Why is Google launching Privacy Sandbox?

Users, regulators, and the industry have grown increasingly wary of how personal data is collected and leveraged online.

Privacy concerns

Some key factors driving this change:

  • Increasing user awareness: Surveys show 92% of users feel they have lost control over their personal data online.

  • Regulations: Laws like GDPR and CCPA give users more rights over their data and levy fines for violations.

  • Competition: Privacy-focused browsers like Firefox and Brave promise more control over user data collection.

  • Industry pushback: Advertisers and publishers are concerned about the reputational risks of opaque data collection practices.

As the dominant web browser, Google is responding through Privacy Sandbox – an attempt to address privacy concerns while still delivering relevant ads and content.

What are the goals of Privacy Sandbox?

Privacy Sandbox aims to satisfy multiple stakeholders:

  • Users: Provide a safer environment and more control over how their data is used.

  • Brands: Help advertisers reach customers without relying on covert tracking techniques.

  • Publishers: Give websites ways to show relevant ads without third party cookie tracking.

  • Google: Retain leadership in online ads by pioneering privacy-centric alternatives.

Privacy Sandbox Stakeholders

While not stated explicitly, Privacy Sandbox also allows Google to control the future standards for online tracking and targeting. This has raised anti-competition concerns with regulators (more on this later).

How does Privacy Sandbox work?

Privacy Sandbox proposes new technologies and standards to replace third party cookies. While the specifics are still in development, here are some of the key techniques:

Limiting covert tracking

  • Differential privacy: Adds mathematical noise to datasets so they remain useful for analytics but don‘t reveal individual user details.

  • K-anonymity: Ensures user data cannot be traced back to individual users by grouping multiple users together.

  • On-device processing: Stores and processes user data directly on their device rather than sending it to remote servers.

Trusted identity mechanisms

  • Trust Tokens: Allows sites to validate a user‘s authenticity without actually tracking them across sites.

Private ad targeting

  • FLoC – Federated Learning of Cohorts: Groups users based on browsing behavior into "cohorts" that advertisers can target instead of individual profiles.

  • First Locally-Executed Decision: Determines relevant ads to show by processing browsing history locally on the user‘s device.

Anonymized analytics

  • Conversion Measurement API: Reports on advertising performance without sharing user details.

  • Aggregate reporting API: Provides attribution data in an aggregated, anonymized form.

So in summary, Privacy Sandbox aims to deliver the benefits of online ads while minimizing individual tracking and targeting. Data collection happens on-device or in aggregated anonymized forms.

What‘s the timeline for implementing Privacy Sandbox?

Google first announced their intent to phase out third party cookies back in 2019. After extensive testing and industry feedback, they‘ve provided a tentative timeline:

Privacy Sandbox Timeline

Some key milestones:

  • Mid 2023: Third party cookies disabled in Chrome by default. Privacy Sandbox technologies start becoming available.

  • Late 2023: Origin trials for new APIs like FLoC and Trust Tokens. Feedback from developers and publishers.

  • 2024: Gradual rollout of Privacy Sandbox as the default for Chrome. Monitoring for issues and additional changes.

So by 2025, Google expects the bulk of third party cookie tracking to be replaced by these new privacy-preserving mechanisms.

Of course, things don‘t always go as per plan when it comes to large technical changes. Google has already pushed their timeline back before, so delays may happen. But the direction is clear – third party cookies are on their way out.

Diving deeper into Privacy Sandbox offerings

To replace third party cookies, Google is developing a suite of new techniques under Privacy Sandbox:

Preventing covert tracking

  • Differential privacy adds mathematical noise to datasets to conceal individual user details without losing overall accuracy. It ensures that aggregated statistics and machine learning models do not reveal private information.

  • K-anonymity groups users into larger sets before data is shared. This ensures an individual can‘t be identified within the larger group.

  • On-device processing keeps user data on their device rather than uploading it to remote servers. APIs allow limited access for features like ad targeting without sharing raw data.

New user identity mechanisms

  • Trust Tokens are encrypted tokens that confirm a user‘s authenticity without cross-site tracking. Currently testing in Chrome.

  • Privacy Budget gives users visibility into what data is collected by sites and control over how much is shared.

Private ad targeting

  • FLoC clustering keeps user interests private by grouping similar audiences for ad targeting instead of building individual profiles.

  • First Locally-Executed Decision determines relevant ads on the user‘s device using local browsing history rather than external tracking.

Analytics and attribution

  • Conversion Measurement API provides aggregated conversion data to calculate ROI without sharing user details.

  • Attribution Reporting API shares attribution data at the cohort level rather than individual users.

So in summary, Privacy Sandbox seeks to deliver relevant experiences while restricting individual profiling and cross-site tracking.

What‘s the timeline for implementing Privacy Sandbox?

Google first announced their intent to phase out third party cookies back in 2019. After extensive testing and industry feedback, they‘ve provided a tentative timeline:

August 2021

  • Privacy Sandbox trial results published after testing FLoC and other proposals.

Mid 2022

  • Stable version of Privacy Sandbox origin trials commence, allowing integration testing.

Mid 2023

  • Third party cookies disabled in Chrome by default.

  • Privacy Sandbox APIs gradually roll out, available for wider use.

Late 2023

  • Origin trials for Trust Tokens, Attribution Reporting, and other new APIs.

  • Feedback from developers and publishers to refine APIs.


  • Privacy Sandbox rolls out as the default for Chrome.

  • Monitoring for issues and changes based on learnings.

So by 2025, Google expects the bulk of third party cookie tracking to be replaced by these new privacy-focused technologies.

The timeline has already been pushed back multiple times, so further delays are likely. But the direction is clear – third party cookies are on their way out.

Potential downsides and concerns

A seismic shift like Privacy Sandbox is bound to generate debate and criticism. Some key concerns that have emerged:

Competition issues

  • Handing over control of tracking technology to Chrome strengthens Google‘s position in online ads.

  • This prompted antitrust investigations in the UK and Europe.

Walled gardens

  • While limiting third party access, Privacy Sandbox strengthens walled gardens like Google and Facebook who retain user data access.

Reduced transparency

  • Outside parties may struggle to analyze activity on websites if third party cookies are restricted.

Technical challenges

  • New proposals like FLoC are unproven and may introduce unanticipated problems.

Ad relevance and revenues

  • Advertisers worry limited data access may reduce ad targeting capabilities and publisher revenues.

Compliance uncertainties

  • Unclear if Privacy Sandbox meets all privacy regulations globally, especially GDPR.

Only time will tell how these play out. Google is seeking feedback from the industry to avoid pitfalls.

What does this mean for the future of privacy?

Despite potential issues, Privacy Sandbox represents a major shift in how privacy works online:

More user control and transparency

  • Users get visibility into data collection and ability to turn off tracking. No more hidden third party cookies.

Restricted data access

  • Advertisers and tech companies have limited access to raw user data. Targeting relies more on contextual signals than invasive tracking.

But large platforms retain an edge

  • With direct user relationships, Google, Facebook, and others maintain data access advantages.

Emergence of new standards

  • Privacy Sandbox aims to pioneer open, interoperable standards for privacy-preserving tech. But competitors may introduce their own alternatives.

Continued regulatory scrutiny

  • As gatekeepers of user data, regulators will watch how big tech exercises control amidst these changes.

As users, we must pay attention to how our data is handled online and make informed choices about services we use. While a step forward, Privacy Sandbox does not solve online privacy – it is an ongoing journey requiring vigilance.

Key Takeaways

  • Privacy Sandbox aims to address privacy concerns by replacing third party cookies with new privacy-focused technologies.

  • Proposals include differential privacy, on-device processing, FLoC, Trust Tokens, and more.

  • Third party cookies will be phased out starting mid 2023, with Privacy Sandbox fully rolling out through 2025.

  • Potential downsides include anti-competition effects, walled gardens, reduced transparency, and technical challenges.

  • Users will get more control over data sharing, while advertisers have restricted access to raw user data.

  • It represents a major shift in how privacy works online, but continued progress requires regulatory and consumer oversight.

The future shape of the open web hangs in the balance as we navigate changes like Privacy Sandbox. While a milestone, online privacy remains an ongoing journey that requires collaboration between regulators, technology companies and most importantly, users.