Google logo on a wall showing new timeline for privacy sandbox

Google’s “Privacy Sandbox” Timeline Comes Into Clearer Focus: Target for End of Tracking Cookies Is Late 2023

The ultimate goal of Google’s ongoing “Privacy Sandbox” project is to end the use of third-party tracking cookies in its products, to be replaced with an as-yet not fully defined alternative. While the search giant is still experimenting with some of its ideas (such as FLoC), it has made a loose commitment to an overall timeline via a recent blog post.

The company is now calling for Privacy Sandbox technologies to be in place in the Chrome web browser and available to third party developers by the end of 2022, and for tracking cookies to be phased out of the browser beginning in mid-2023 and completed by late 2023.

Google privacy sandbox looks to be accessible to developers in about a year

Google’s grand idea with the Privacy Sandbox is not just to end its own reliance on tracking cookies, but to create an open alternative that will be picked up primarily by publishers of content and the advertising industry. This standard, which the company is still shaping, would be more privacy-minded than the current system of cookies that tracks users across many websites and gathers a vast amount of data about how they interact with them and what demographics they might belong to.

As it sits, Google has developed a number of experimental APIs and has begun conducting trials this year. The most significant of the Privacy Sandbox concepts thus far is the Federated Learning of Cohorts API (FLoC). Essentially, this system would assign end users to demographic “clusters” rather than individually labeling them with the target demographic. That means that the advertiser is accessing and sending ads to one of these clusters rather than directly to the end user, adding a layer of identity obfuscation (Google describes it as “hiding individuals in the crowd”). The system proposes storing user web history locally in the browser, which generates the “interest clusters” the user belongs to on the device and passes only that generalized information onward.

Google’s new blog post stresses that the company wants to take time to “get this right,” allowing space for public comment and back-and-forth with regulators as well as addressing the concerns of the advertising industry and the publishers that rely on them for revenue. The company currently has at least 30 Privacy Sandbox proposals in the works in addition to FloC, with four in origin trials. Google is hoping to move this to a rollout to the developer community sometime in late 2022. If all goes well, this could mean the end of cookies (at least in Chrome) by the end of 2023.

Google is breaking the Chrome transition process into stages that are on a more specific schedule. Stage 1 begins in late 2022, after internal testing is complete and the APIs are rolled out for Chrome. Publishers and advertisers will be given nine months to migrate their services to the new technologies, with Google monitoring the changeover and taking feedback before moving on to Stage 2.

Stage 2 begins sometime in mid-2023, and this is the period in which cookies will be formally phased out from Chrome. Google is anticipating this lasting at least three months with a target of the end of 2023 to complete the process.

The first program slotted to roll out is the “Trust Tokens” API aimed at fighting spam and fraud, a means of differentiating real users from bots without collecting personal information. This is presently in testing through the end of 2021 and is scheduled to be available in early 2022. FLoC and a number of other APIs meant for advertising industry use will begin testing in late 2021 and will be available in Q3 of 2022.

Though the Privacy Sandbox aims for a solution to the problem of viable targeted advertising without privacy invasion, privacy groups have been pushing back against it since it was announced in 2019. The Electronic Frontier Foundation (EFF) has opposed it on the basis of perceived weaknesses in the system allowing advertisers to uniquely identify end users in spite of Google’s intentions, and potential misuse of the FLoC system by both large advertising networks and Google itself. More recently, a collection of United States attorney generals filed a complaint against it on an antitrust basis and over fears that it could lead to a “social credit score.” The UK’s Competition and Markets Authority (CMA) is also examining the Privacy Sandbox for potential anticompetitive issues, saying that it could increase Google’s dominance in the online advertising space. Nevertheless, the system may be embraced by an advertising industry growing desperate for publicly acceptable alternatives after Apple effectively ended the use of device tracking IDs and fingerprints to target consumers.