GuidesGoogle Privacy Sandboxthird-party cookies deprecation

The Evolution of Google's Privacy Sandbox

Topics APIFLoCProtected Audience APITURTLEDOVEFLEDGEAttribution Reporting APIPrivate Aggregation APIDSPDMPad exchangefirst-party datacontextual advertisingCMAUK Competition ActChromefingerprintingcookieless web

Google Chrome's Privacy Sandbox has been one of the most consequential — and contested — initiatives in the history of digital advertising. Launched with the stated goal of creating a cookieless, user-friendly web environment, the project has gone through repeated overhauls, regulatory scrutiny, and dramatic timeline reversals. This article traces how the initiative evolved from its 2019 announcement through its 2024 pivot, covering the APIs at its core and the implications for the broader AdTech ecosystem.

How the Privacy Sandbox Began

In August 2019, Alphabet Inc.'s Google Chrome announced the Privacy Sandbox initiative: a set of open standards designed to enhance privacy on the web. The company invited the AdTech industry to provide feedback on the direction.

Initial reactions were mixed. Some stakeholders welcomed the initiative as a necessary step toward protecting user privacy. Others expressed concerns about its potential impact on the advertising ecosystem. Industry groups such as the Interactive Advertising Bureau (IAB) and various digital marketing firms worried that the Privacy Sandbox could limit their ability to track users effectively, reducing the precision and profitability of targeted advertising.

On January 7, 2021, the UK's Competition and Markets Authority (CMA) launched a formal investigation into the project, citing concerns that it could entrench Google's dominant position in the AdTech market. The investigation was backed by the Competition Act 1998.

Alphabet's companies committed to cooperating with the CMA in reviewing the Privacy Sandbox proposals. Over the following three years, the CMA published quarterly update reports on Google's implementation of its formal commitments, and the British regulator opened the process to industry consultation.

Together, these pressures drove continuous evolution in the Privacy Sandbox's technical approach.

The Core APIs and How They Evolved

Google's Privacy Sandbox centres on four key APIs, each designed to preserve advertising functionality while eliminating cross-site tracking via third-party cookies:

  • Topics API: Enables interest-based advertising.
  • Protected Audience API: Supports remarketing and custom audience use cases without third-party cross-site tracking.
  • Attribution Reporting API: Allows measurement of ad campaign effectiveness without cross-site tracking.
  • Private Aggregation API: Aggregates and reports cross-site data in a privacy-preserving manner.

The Topics API and Protected Audience API saw the most significant iteration over time, each going through predecessor versions that generated substantial criticism before reaching their current forms.

From FLoC to Topics API

On January 14, 2020, Chrome published an intention to implement a Federated Learning of Cohorts (FLoC) API — the original ad-targeting solution for the Privacy Sandbox. The concept was to group users into cohorts based on similar browsing behaviour, enabling interest-based advertising without individual user tracking.

In January 2021, Google claimed FLoC was at least 95% as effective as third-party cookies for tracking purposes. The AdTech industry was not convinced. AdExchanger reported widespread skepticism about both the claim and the methodology behind it.

The Electronic Frontier Foundation (EFF) criticized FLoC as a breach of user trust, noting that while removing third-party cookies was a step in the right direction, FLoC risked positioning Google as a gatekeeper of user privacy across the web.

In April 2021, DuckDuckGo advised against using Chrome over FLoC's lack of user consent mechanisms and updated its Chrome extension to block FLoC interactions entirely, arguing that any behavioural tracking mechanism should be opt-in and free of dark patterns.

The pushback extended to browsers. Brave announced it would disable FLoC, criticizing Google's approach as inadequate for genuine privacy protection. Microsoft Edge, Vivaldi, and Opera also declined to implement FLoC. On the web-platform side, GitHub, Drupal, and Amazon opted to disable FLoC via specific HTTP headers. The Economist also reported concerns that FLoC cohorts could inadvertently group users by sensitive characteristics like race or sexuality.

The initial FLoC trial ran from Chrome 89 to Chrome 91 and ended on July 14, 2021. On January 25, 2022, Google replaced it with the Topics API.

FLoC vs. Topics API

FLoC grouped users into cohorts based on similar browsing behaviour — each cohort representing a cluster of users with overlapping interests and browsing patterns. This meant that detailed cohort data was shared with every website a user visited.

The Topics API takes a different approach: it assigns users to general-interest categories (e.g., sports, travel, technology) based on their browsing history over a short recent window. Only a limited number of topics are shared with websites at any given time, and those topics rotate periodically to limit re-identification risk.

The Topics API directly addresses the main criticisms levelled at FLoC — fingerprinting potential and lack of transparency — and has received a more favourable response from both privacy advocates and AdTech industry stakeholders.

From TURTLEDOVE to Protected Audience API

The evolution of the remarketing and custom-audience framework followed a similarly winding path, starting with TURTLEDOVE — Two Uncorrelated Requests, Then Locally-Executed Decision On Victory.

TURTLEDOVE's defining feature was that all auction decisions would take place in the browser, not on ad servers. Keeping logic on-device would, in theory, prevent malicious actors from harvesting bidstream data to build user profiles. However, industry criticism identified several problems:

  • It created bandwidth constraints in the browser.
  • Processes for A/B testing, frequency capping, and brand safety were poorly defined.
  • Given that Google owns Chrome, the ethics of Google controlling the TURTLEDOVE auction engine raised conflict-of-interest concerns.

TURTLEDOVE's successor was FLEDGE — First Locally-Executed Decision over Groups Experiment. FLEDGE retained the on-device auction model but expanded the framework significantly: it introduced custom audiences, more sophisticated auction logic, and the use of a trusted server for specific functions.

In April 2023, FLEDGE was rebranded as the Protected Audience API. Development has continued since then — a January 10, 2024 update noted the eventual transition away from event-level reporting and a requirement to use Fenced Frames, planned for no earlier than 2026.

Timeline of Key Privacy Sandbox Milestones

The road to a live Privacy Sandbox deployment has been marked by repeated delays and course corrections. The key announcements illustrate how complex the project has proven to be in practice:

  • August 22, 2019: Google announced the Privacy Sandbox initiative.
  • January 14, 2020: Google announced plans to phase out third-party cookies by 2022.
  • June 11, 2021: Google committed to collaborate with the UK's CMA. The regulator had filed against the Privacy Sandbox. Google updated its commitments on November 26, 2021.
  • June 24, 2021: Google extended its third-party cookie deprecation plan by two years, now targeting 2024.
  • July 14, 2021: Development of FLoC ended.
  • January 25, 2022: Google introduced the Topics API as FLoC's replacement.
  • February 16, 2022: Google announced a Privacy Sandbox for Android.
  • July 27, 2022: Google postponed third-party cookie phase-out to the second half of 2024 and expanded testing windows for Privacy Sandbox APIs.
  • February 14, 2023: Google rolled out the first Beta for the Privacy Sandbox on Android.
  • June 15, 2023: Google communicated Topics API enhancements, with a follow-up update on November 8, 2023.
  • August 3, 2023: Google published plans to ship the Privacy Sandbox relevance and measurement APIs.
  • September 7, 2023: Google stated that the Privacy Sandbox measurement and relevance APIs had reached "general availability" on Chrome.
  • December 14, 2023: Google announced it would block third-party cookies by default for 1% of Chrome users as an initial test.
  • January 4, 2024: Google rolled out Tracking Protection — a feature limiting cross-site tracking — alongside the cookieless Chrome test.
  • February 15, 2024: Google responded to IAB Tech Lab's Fit Gap Analysis for Digital Advertising.
  • April 23, 2024: Google postponed third-party cookie deprecation again, now targeting early 2025.
  • July 16, 2024: Google published industry feedback on the Privacy Sandbox, identifying four key areas needing improvement for publishers, advertisers, and AdTech companies.
  • July 22, 2024: Google reversed course entirely, announcing it would no longer deprecate third-party cookies and would instead give users the option to disable them. The company also introduced IP Protection into Chrome's Incognito mode.

The CMA's ongoing oversight, Criteo's 2024 tests on Privacy Sandbox performance, and IAB Tech Lab's critical report — which concluded the industry "isn't ready" for the shift away from third-party cookies — all contributed to Google's eventual decision to redesign its approach to web-level privacy enforcement.

Impact on the AdTech Ecosystem

The original plan to simultaneously roll out the Privacy Sandbox and deprecate third-party cookies was expected to fundamentally reshape how data collection and usage operates within digital advertising. Google's July 2024 announcement that it would no longer deprecate cookies changed that calculus significantly — but the underlying pressure on the ecosystem remains.

The advertising technologies at the centre of the Sandbox — Topics, Protected Audience, Attribution Reporting, and Private Aggregation — were designed to replace the third-party cookie's role across targeting, measurement, and audience management. Had Google followed through on full deprecation, the impact on several categories of business would have been significant:

  • Demand-side platforms (DSPs), ad exchanges, and data management platforms (DMPs) rely on third-party cookies for targeting and audience segmentation. A fully cookieless environment would have forced these platforms to pivot toward alternative tracking technologies or data sources.
  • Data brokers aggregate and sell user data often collected via third-party cookies. With limited access to third-party data, their business models would need to shift substantially.
  • Publishers who depend on third-party cookies for ad revenue would have experienced decreased ad effectiveness and lower CPMs.

Even with cookies off the deprecation table, Google is encouraging publishers to prepare their websites for cookieless browsing, and the broader industry trend toward privacy enhancement continues. The expectation among industry observers is that the ecosystem will increasingly move toward first-party data strategies, contextual advertising, and alternative monetization approaches such as subscription models.

The Privacy Sandbox initiative continues to develop, and whether it ultimately reshapes the web's advertising infrastructure or settles into a supporting role alongside persistent third-party cookies remains an open question. What is clear is that it has already driven significant technical and strategic adaptation across the AdTech industry — and will continue to do so as regulators, browsers, and market participants negotiate the balance between effective advertising and genuine user privacy.

<Related />