Not long ago touted as the future of targeted advertising and replacement for privacy-invasive cookies, Google’s Privacy Sandbox project is now officially finished according to a company blog post and follow-up reporting by assorted media outlets.
The technology’s aim was to sort end users into anonymized interest groupings, processed at the browser end to preserve individual privacy, and then offer advertisers access to users via these interest cohort combinations rather than placing an individualized tracking cookie on their devices. But the project received consistent pushback from both advertisers and privacy advocates, and appeared to be in serious jeopardy early this year when Google dropped its plans for cookie deprecation entirely.
Last privacy sandbox tools axed as Google announces project retirement
Google’s blog post on the subject simply announced that the 10 remaining available Privacy Sandbox APIs and tools were being deprecated, but follow-up questioning by various tech media sources produced statements confirming that it is all over for the project. The decision to retire it was apparently made after Google evaluated “ecosystem feedback” and noted “low levels” of adoption of the tools.
The writing was on the wall six months ago, however, when Google announced that its long-promised timeline for removing cookies entirely from its online ecosystem was being abandoned and that the Privacy Sandbox project would instead be an “opt-in” alternative for users. That was a major shift, as Google had been promising that the end goal of the project was eventual cookie elimination since it was launched in 2019.
Google now says it will “go back to where it started,” maintaining its current third party cookie controls in Chrome. The browser’s Privacy and Security settings presently allow users to block all third-party cookies, block only when “Incognito” mode is enabled, or block all by default while manually enabling for particular sites. Enterprise users have additional controls at the administrator level to block cookies by default while “whitelisting” those essential to make services work.
Some privacy sandbox tools will get new life, but overall future direction is hazy
While Privacy Sandbox was demonstrably unpopular with a number of groups, another significant wall for Google appears to have been failure to figure out how to implement it in Android. The project timeline called for Chrome to have cookies entirely deprecated first, followed by Android at some point farther in the future. But when the project was expanded to Android in early 2022, Google essentially admitted it did not have a long-term plan in place for making it work as of yet. It doesn’t seem to have ever come up with one, instead calling for collaboration with the advertising industry to “make it work.” The advertising industry seems to have entirely rejected the idea instead.
Another key factor simply seems to be that any perceived privacy deficiencies do not seem to be slowing Chrome adoption. The browser remains the world’s most-used with about 70% of both desktop and mobile market share and some three billion users worldwide. This seems to be an entrenched state of affairs, with the only threat to its browser dominance being the possibility of AI browsers capturing consumer preference in the near future.
So what comes next for Google’s personalized advertising systems? While Privacy Sandbox is dead, some of its individual components will live on. The company noted positive responses to and increased adoption of certain tools such as “Cookies Having Independent Partitioned State (CHIPS),” a system for storing user cookies individually for each particular site a user visits (eliminating the possibility of cross-site tracking by a single third-party service). Also apparently somewhat popular is the Federated Credential Management API (FedCM), which ties into Google’s existing third-party authentication system. This allows advertising to be centered on the accounts used for logins without personal data being shared with third parties and creating the option of preventing them from tracking across multiple sites. The Private State Tokens tool, similarly intended for tracking-free authentication as well as fraud prevention, will also continue development.
The company also said that it is continuing to develop new privacy elements for the Google Attribution ad monitoring program first launched in 2017, and indicated that it is continuing to engage other browser developers about implementing new privacy controls that protect first party data while building user trust. It has also indicated it will continue to “utilize learnings” from the now-shuttered Privacy Sandbox elements, such as applying feedback from adopters of the Attribution Reporting API to development of new Attribution system elements.
The development is the second “cookie reform” defeat for Google, though its initial attempt (Federated Learning of Cohorts or FLoC), was revamped into “Topics API” (after criticism of its expected ability to protect privacy) and included as a core element of the Privacy Sandbox project.
