Google’s promised third-party cookies switch-off is taking longer than the company hoped – thanks to competition investigations, technical barriers, and industry concerns.

But when the switch occurs, it could transform online advertising as we know it. Here’s a look at how Google’s Privacy Sandbox project could bring about a more privacy-focused web.

What is Privacy Sandbox?

Google’s Privacy Sandbox is a set of initiatives designed to reshape digital advertising.

Privacy advocates are deeply critical of current online advertising methods, such as third-party cookies and other tracking technologies, which can collect and share personal data.

Regulatory pressures and consumer demands mean advertisers, ad publishers, and AdTech vendors are seeking new, less intrusive advertising methods.

Some web browsers, such as Apple’s Safari and Mozilla’s Firefox, have already switched off third-party cookies by default. Google Chrome, used by around two-thirds of internet users, hasn’t done so – possibly because of the potential impact on Google’s revenues.

Through the Privacy Sandbox, Google is developing a new set of digital advertising techniques that should ensure ads get seen by the right people while reducing the privacy risks associated with third-party cookies.

Key Privacy Sandbox initiatives

Topics API

Google’s Topics replaces third-party cookies with a system that categorizes user interests based on their recent browsing history. The API will enable advertisers to show relevant ads based on general interest topics rather than detailed user profiles.

The project is designed to enhance user privacy by providing advertisers with less granular data. Processing is performed on-device, which should improve data security.

Topics is a new iteration of Federated Learning of Cohorts (FLoCS), which was discontinued after Google received negative feedback on its privacy implications.

Attribution Reporting API

Formerly known as the Conversion Measurement API, Google’s Attribution Reporting API is a more privacy-focused approach to ad conversion measurement.

The Attribution Reporting API will tell publishers about how their ads are performing with less detail about individual users, adding “noise” to the data to protect privacy. Conversion data will be aggregated to help avoid individual identification of users.

Private State Tokens

Previously called Trust Tokens, Private State Tokens are designed to authenticate users without exposing personal data.

Some measures to identify fraud or bots can use quite intrusive methods, such as reading a user’s browsing activity. By generating unique, cryptographically secure Private State Tokens and presenting them to a website owner, Chrome can demonstrate a user’s authenticity in a more private way.

User-Agent reduction

User-Agent reduction minimizes the information shared via a browser’s User-Agent string, which enables a user to interact with web content via their browser.

Because the User-Agent string can include granular information about the user’s device, browser, and platform, advertisers can use it to “fingerprint” users – single them out as unique and track them on other sites.

Google’s User-Agent Client Hints project will only allow a website to access such information on a declared, need-to-know basis, reducing fingerprinting opportunities.

Potential Privacy Sandbox challenges

In many ways, Privacy Sandbox is a “win” for individual privacy – at least compared to the status quo. If Google’s initiative works as intended, it will be harder to identify individual users from the data collected by advertisers and other actors in the digital marketing ecosystem.

But the project has its critics. Ben Wolford, writing for the private email provider Proton, describes the project as “privacy washing” and suggests that Google should have simply turned off third-party cookies.

The UK’s Competition and Markets Authority (CMA) is investigating Privacy Sandbox on competition grounds out of concern that Google could entrench its market position by closing off advertising data to competitors.

Privacy should improve if less granular information about individual users is exchanged online. However, there could be consequences for advertisers if Google’s privacy-focused targeting and attribution methods don’t work as well as hoped.

Businesses whose ad campaigns depend on large quantities of third-party data – particularly if it’s collected without consent – might suffer badly once Google flips the Privacy Sandbox switch. If this sounds alarming, perhaps it’s time to reassess your ad strategy and adopt a more privacy-centric approach.