Privacy Sandbox
The Privacy Sandbox was an initiative led by Google which aimed to create web standards for websites to access user information without compromising privacy. Announced in 2019, the core purpose of the project was to facilitate online advertising by sharing a subset of user private information without the use of third-party cookies. The technology included Topics API, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage, and Fenced Frames as well as other proposed technologies like IP Protection, Related Website Sets, CHIPS, and Bounce Tracking Mitigation. On September 7, 2023, Google announced general availability of majority of proposed APIs. In April 2025, Google officially discontinued the Privacy Sandbox initiative, citing lack of interest from websites, low and dropping adoption and regulatory pressure.
The initiative has been described as anti-competitive and generated an antitrust response due to concerns that the introduced proposals limited tracking through traditional methods and pushed advertisers to use Google as a middleman in order to show advertisements.
Model
Proposals in the Privacy Sandbox follow the idea of k-anonymity and are based on advertising to groups of people called cohorts instead of tracking individuals. They generally place the web browser in control of the user's privacy, moving some of the data collection and processing that facilitates advertising onto the user's device itself. There are three focuses within the Privacy Sandbox initiative: replacing the functionality of cross-site tracking, removing third-party cookies, and mitigating the risk of device fingerprinting.History
The first announcement of the Privacy Sandbox initiative took place in August 2019. The initiative included a number of proposals, many of which had bird-themed names which were changed once the corresponding feature reached general availability. The initial plan was for Privacy Sandbox to be long-term plan to deploy a set of standards that would help advertisers to perform targeted advertising without exposing the user to privacy-invasive technologies like third-party cookies. Over the next two years, Google worked with the World Wide Web Consortium to experiment and propose standards for the web. Work on the Privacy Sandbox initiative during these two years included the development of the TURTLEDOVE and the subsequent FLEDGE proposals, both which centered around providing APIs to enable privacy preserving advertising, the tightening of the SameSite cookie policy, the introduction of private state tokens and the development of the Client Hints proposal.In 2021, Google committed to a timeline to implement and deploy the technologies to its Chrome browser by the end of 2022 with an expected third-party cookie deprecation date of 2023. Following the 2021 announcement, Google's Privacy Sandbox proposals came under scrutiny from privacy-advocacy groups like the Electronic Frontier Foundation and Brave and competition regulatory bodies like the United Kingdom's Competition and Markets Authority. In response to the privacy concerns, Google discontinued proposals like Federated Learning of Cohorts and replaced it with the Topics API.
In February 2022, the CMA secured commitments from Google to commit to performing quantitative testing on the performance of Privacy Sandbox APIs and the effects of the third-party cookie deprecation on advertisers. The CMA would also stipulate that Google write quarterly reports of it's progress on Privacy Sandbox with the CMA acting as a oversight body helping shape the Privacy Sandbox proposals. In November 2022 CMA released a report on Google's quantitative testing of its Privacy Sandbox technologies that called for the advertising industry to adopt a common testing framework so that performance tests could be conducted more widely across multiple testing entities. Google committed to developing such a testing framework in cooperation with the CMA before it's technologies became generally available in 2023.
On March 31, 2022, Google announced the start of a single origin trial, for the Topic, FLEDGE and Attribution Reporting APIs. This was done to allow sites to run unified experiments across the APIs. In October 2022 RTB House published its findings of actively testing FLEDGE by adding users to interest groups. Google and Criteo, also ran tests. The report highlighted that, while positive, the FLEDGE origin trials were limited in scope. It noted that a number of essential features of FLEDGE, specifically k-anonymity requirements, were not available for testing, and would require adjustments after industry feedback.
On September 7, 2023, Google announced general availability of Privacy Sandbox APIs, naming explicitly Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames, meaning these features were enabled for more than half of Google Chrome users. Privacy Sandbox features were also made available on Android around the same time.
In April 2025, Google officially discontinued the Privacy Sandbox initiative. The company confirmed it would no longer proceed with plans to remove third-party cookies from Chrome, opting to maintain existing cookie controls without introducing a new standalone consent prompt. In 2025, following Google discontinuing the Privacy Sandbox proposal, CMA decided to release Google from their legally binding commitments related to third-party cookie deprecation. The Privacy Sandbox APIs are being retired due to limited adoption and continued regulatory pressure. Google's official Privacy Sandbox status page lists several technologies as "scheduled for phase-out".
Proposals
In January 2020, Google invited advertising technology companies to join the Improving Web Advertising Business Group of the World Wide Web Consortium as a way to participate in the proposal process for the Privacy Sandbox. The IWABG group was chaired by Wendy Seltzer and had 258 participants in the group in August 2020, of which 33 were Google employees.| Proposal | Description | Status |
| Federated Learning of Cohorts | The Federated Learning of Cohorts algorithm analyzed users' online activity within the browser, and generates a "cohort ID" using the SimHash algorithm to group a given user with other users who access similar content. | Discontinued |
| TURTLEDOVE | TURTLEDOVE, which stands for "Two Uncorrelated Requests, Then Locally-Executed Decision On Victory", is a framework proposed by Google to serve ads through the browser. | Discontinued |
| Private state tokens | Private state tokens will be able to be issued by websites to verify those browsers whose behavior denotes a real person rather than a bot or malicious attacker. Private state tokens are encrypted, so that an individual's identity is protected. | Implemented |
| Related Website Sets | Related Website Sets will allow domains that belong to the same entity, that have related sites with different domain names, to declare themselves, and be recognized, as a "related set." The exchange of information outside of a related website set is restricted to safeguard the privacy of users. | Discontinued |
| CHIPS | CHIPS takes into account that certain embedded services need to know a given user's activity on a site to function. CHIPS are partitioned cookies that will inform browsers that the necessary cookie is allowed to function only between a particular site and another embedded site. | Implemented |
| Storage Partitioning | Storage Partitioning will isolate certain web platform APIs that are used for storage or communication when used by an embedded service on a given site. This will enhance web privacy while still allowing web compatibility with existing sites. | Implemented |
| Network State Partitioning | Network State Partitioning will partition a browser's network resources to prevent these resources from being shared across first-party contexts. It requires each request to have an additional "network partition key" for resources to be reused and safeguards user privacy by disallowing access to shared resources and metadata learned from loading other sites. | Implemented |
| Federated Credential Management | Federated Credential Management is an API that will provide support for single sign-on designs that previously depended on third-party cookies. | Implemented |
| Client Hints | Client Hints API allows sites to request required information directly rather than via a User-Agent String, a significant surface vulnerable to passive fingerprinting, therefore reducing details that can be shared about a user online. | Implemented |
| User Agent reduction | User Agent reduction minimizes the information in a User-Agent String thereby reducing its vulnerability to passive fingerprinting. | Implemented |
| Privacy Budget | Privacy Budget aimed to limit fingerprinting by restricting the identifying information that a site is allowed to access. | Discontinued |
| HTTP Cache Partitioning | HTTP Cache Partitioning assigns cached resources with a 'network isolation key' along with the resource URL, composed of the top-level site and current-frame site. This prevents other websites from being able to infer details about the status of cached resources on a different website. | Implemented |
| IP Protection | IP Protection is a proposal that will hide a user's IP address from third parties using double-hop anonymous proxy. | Discontinued |
| DNS-over-HTTPS | The DNS-over-HTTPS protocol prevents attackers from observing the sites a user visits by encrypting Domain Name System queries. | Implemented |
| Topics API | Topics API aims to provide the means for advertisers to show relevant content and ads by sharing interest-based categories, or 'topics', based on recent browsing history processed on the user device. | Discontinued |
| Fenced Frames API | Fenced frames are an embedded frame type that is not permitted to communicate with a given host page, making it safe to access its unpartitioned storage as joining its identifier with the top site is impossible. Advertisements using FLEDGE-based APIs will only be allowed to be displayed within Fenced Frames. | Implemented |
| Attribution Reporting API | The Attribution Reporting API facilitates conversion tracking, for example, recording whenever a click on an ad or a view results in a purchase, while suppressing the ability to track users across multiple websites. | Discontinued |
| Protected Audience API | Protected Audience API is designed for targeting of interested audiences, including through retargeting. It allows vendors selected for advertising to take an advertiser's website data and to place users in interest groups specifically defined for a given advertiser, meaning that users can see tailored ads, with no infringement on their privacy. Prior to reaching global availability on August 17, 2023, the technology was known as "First Locally-Executed Decision over Groups Experiment",. | Discontinued |
| Private Aggregation | Private Aggregation API can be used to track aggregated statistics across ad campaigns. | Discontinued |