Privacy Sandbox
FormationAugust 2019; 4 years ago (2019-08)
PurposeDevelopment of web standards

The Privacy Sandbox is an initiative led by Google to create web standards for websites to access user information without compromising privacy.[1] Its core purpose is to facilitate online advertising by sharing a subset of user private information without the use of third-party cookies.[2]: 39  The initiative includes a number of proposals, many of these proposals have bird-themed names which are changed once the corresponding feature reaches general availability.[3] The technology include Topics API (formerly Federated Learning of Cohorts or FLoC),[4] Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames as well as other proposed technologies.[5] The project was announced in August 2019.[6][7]

The initiative has been described as anti-competitive and has generated an antitrust response.

Privacy Sandbox will also be available on Android.[8][9]

On September 7, 2023, Google announced general availability of Privacy Sandbox APIs, naming explicitly Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames, meaning these features were enabled for more than half of Google Chrome users.[10][11]


Proposals in the Privacy Sandbox follow the idea of k-anonymity and are based on advertising to groups of people called cohorts instead of tracking individuals. They generally place the web browser in control of the user's privacy, moving some of the data collection and processing that facilitates advertising onto the user's device itself.[2]: 41  There are three focuses within the Privacy Sandbox initiative: replacing the functionality of cross-site tracking, removing third-party cookies, and mitigating the risk of device fingerprinting.[2]: 45 

Delivered technologies

Topics API

Topics API aims to provide the means for advertisers to show relevant content and ads by sharing interest-based categories, or ‘topics’, based on recent browsing history processed on the user device. Google Chrome is the only mainstream browser supporting Topics API. As of December 2023, Google Chrome allows users to disable sharing of the interests via Topics API in browser's Settings.

Fenced Frames API

Fenced frames are an embedded frame type that is not permitted to communicate with a given host page, making it safe to access its unpartitioned storage as joining its identifier with the top site is impossible. FLEDGE-based will only be allowed to be displayed within Fenced Frames, although for the purpose of current testing it is still permissible.

Attribution Reporting API

The Attribution Reporting API facilitates conversion tracking, for example recording whenever an click on an ad or a view results in a purchase, while suppressing the ability to track users across multiple websites.

Protected Audience API

Protected Audience API is designed for targeting of interested audiences, including through retargeting. It allows vendors selected for advertising to take an advertiser’s website data and to place users in interest groups specifically defined for a given advertiser, meaning that users can see tailored ads, with no infringement on their privacy.[12] Prior to reaching global availability on August 17, 2023, the technology was known as "First Locally-Executed Decision over Groups Experiment", (FLEDGE).[13][14]

Shared Storage API

Shared Storage API addresses a need for browsers, for legitimate cases, to store information in different, multiple, unpartitioned forms, rather than separately as the prevention of cross-site tracking generally dictates. Despite being unpartitioned, Shared Storage API ensures data can only be read in a secure environment.

Private Aggregation

Private Aggregation API tracks some aggregated statistics across ad campaigns.


This section needs expansion. You can help by adding to it. (May 2021)

In January 2020, Google invited advertising technology companies to join the Improving Web Advertising Business Group (IWABG) of the World Wide Web Consortium (W3C) as a way to participate in the proposal process for the Privacy Sandbox. The IWABG is chaired by Wendy Seltzer.[15] The W3C is a consensus-building organization and would not prevent Google from deploying technology without consensus.[16]

Each proposal within the Privacy Sandbox initiative would perform one of the functions of targeted advertising that is currently done through cookies.[17]

Federated Learning of Cohorts (FLoC)/Topics API

Main article: Federated Learning of Cohorts

The Federated Learning of Cohorts algorithm analyzes users' online activity within the browser, and generates a "cohort ID" using the SimHash algorithm[18] to group a given user with other users who access similar content.[19]: 9  Unlike other Privacy Sandbox proposals which replace existing functions of cookies, FLoC proposes a new mechanism for targeted advertising.[20] The FLoC proposal has been criticized by privacy advocates, data ethics researchers, and others.[21] All major browsers based on Chromium pledged to remove FLoC. Google ended development of FLoC and proposed Topics API as a replacement.[22] Topics API, which transfers information about user interests from one site to another, has been criticized by web publishers for enabling user tracking often at the detriment to publishers with unique content.[23]

Proposals for serving advertisements


TURTLEDOVE, which stands for "Two Uncorrelated Requests, Then Locally-Executed Decision On Victory",[2]: 45  is a framework proposed by Google to serve ads through the browser.[2]: 49 

Private state tokens

Private state tokens will be able to be issued by websites to verify those browsers whose behavior denotes a real person rather than a bot or malicious attacker. Private state tokens are encrypted, so that an individual's identity is protected.

First-party sets

First-party sets will allow domains that belong to the same entity, that have related sites with different domain names, to declare themselves, and be recognized, as a "first-party set". The exchange of information outside of a first-party set, is restricted to safeguard the privacy of users.


CHIPS (Cookies Having Independent Partitioned State) take into account that certain embedded services need to know a given user’s activity on a site to function. CHIPS are partitioned cookies that will inform browsers that the necessary cookie is allowed to function only between a particular site and an embedded widget.

Storage Partitioning

Storage Partitioning will isolate certain web platform APIs that are used for storage or communication when used by an embedded service on a given site.This will enhance web privacy while still allowing web compatibility with existing sites.

Network State Partitioning

Network State Partitioning will partition a browser’s network resources to prevent these resources from being shared across first-party contexts. It requires each request to have an additional "network partition key" for resources to be reused and safeguards user privacy by disallowing access to shared resources and metadata learned from loading other sites.

Federated Credential Management

Federated Credential Management is an API that will provide the primitives needed to support federated identity designs that previously depended on third-party cookies.

Same-site cookie label

Same-site cookie labels are required by Chrome and other browsers to define if a cookie is used in first- or third-party context. This protects cookies from cross-site injection and data disclosure attacks.

Client Hints API

Client Hints API allows sites to request required information directly rather than via a User-Agent String, a significant surface vulnerable to passive fingerprinting, therefore reducing details that can be shared about a user online.

User-Agent Reduction

See also: User-Agent header § Deprecation of User-Agent header

User Agent reduction minimizes the information in a User-Agent String thereby reducing its vulnerability to passive fingerprinting.

HTTP Cache Partitioning

HTTP Cache Partitioning, to add additional security, assigns cached resources with a ‘Network Isolation Key’ along with the resource URL, composed of the top-level site and current-frame site.


The DNS-over-HTTPS protocol prevents attackers from observing the sites a user visits by encrypting Domain Name System (DNS) queries.

IP Protection

IP Protection is a proposal that will hide a user’s IP address from third parties using double-hop anonymous proxy.[24]

Privacy Budget

Privacy Budget aims to limit fingerprinting by restricting the identifying information that a site is allowed to access.

Privacy Sandbox for Android

For Android, Privacy Sandbox will use technology that operates without cross-app identifiers, such as Android/Google Advertising ID. SDK (Software Development Kit) Runtime will limit covert tracking and the collection of user data by way of a process for third-party code, e.g. used for advertising, that runs separately from a given app’s code.

For the measurement of digital ads, the Attribution Reporting API is intended to supersede current measurement methods with solutions not reliant on user-level tracking mechanisms.

In order to continue to show relevant ads and content on Android, Topics will present categories that are based on the use of apps on a user’s device and are selected only through a given device’s settings. To further supplement privacy on Android, FLEDGE will use “custom audiences” that are built by app developers based on interactions with their app, information that will be stored locally so that no individual identifiers are shared with external parties.


On March 31, 2022, Google announced the start of a single origin trial, for the Topics, FLEDGE and Attribution Reporting APIs. It allows sites to run unified experiments across the APIs.

In October 2022 RTB House published its findings of actively testing FLEDGE by adding users to interest groups. Google and Criteo, also ran tests. The report highlighted that, while positive, the FLEDGE origin trials were limited in scope. It noted that a number of essential features of FLEDGE, specifically k-anonymity requirements, were not available for testing, and will require adjustments after industry feedback.[25]

The scale of tests is increasing. Google Chrome aims to dedicate H1 of 2023 to developer testing, and make FLEDGE available for the entirety of Chrome users in H2 of 2023.[26]

In November 2022 the Competition and Markets Authority released a report on Google’s quantitative testing of its Sandbox technologies that highlighted the importance of the industry adopting a common testing framework so that performance tests can be conducted more widely across multiple testing entities. Google is developing such a framework in cooperation with the CMA and is seeking to drive engagement with market participants on the design of testing between now and at least the beginning of General Availability in Q3 2023.[27]

Antitrust concerns

In January 2021, the Competition and Markets Authority (CMA) in the United Kingdom announced plans to investigate the Privacy Sandbox initiative, with a focus on its potential impacts on both publishers and users.[28] In a statement, CMA chief executive Andrea Coscelli said that "Google’s Privacy Sandbox proposals will potentially have a very significant impact on publishers like newspapers and the digital advertising market," and that there were also "privacy concerns to consider."[29]

CMA accepted legally binding commitments offered by Google concerning its proposals to remove third party cookies (TPCs) on Chrome and develop the Privacy Sandbox. The formal acceptance of these commitments by the CMA resulted in the closure of the investigation, with no decision on whether the Competition Act 1998 was infringed.[30] CMA reported that Google was complying with its legally-binding commitments between July 2022 and September 2022.[31]

In March 2021, 15 attorneys general of U.S. states and Puerto Rico amended an antitrust complaint filed the previous December; the updated complaint says that Google Chrome's phase-out of third-party cookies in 2022[32] will "disable the primary cookie-tracking technology almost all non-Google publishers currently use to track users and target ads. Then [...] Chrome, will offer [...] new and alternative tracking mechanisms [...] dubbed Privacy Sandbox. Overall, the changes are anticompetitive".[33][34] The lawsuit suggests that the proposed changes in the Privacy Sandbox would effectively require advertisers to use Google as a middleman in order to advertise.[32]

See also


  1. ^ Lardinois, Frederic (August 22, 2019). "Google proposes new privacy and anti-fingerprinting controls for the web". TechCrunch. Retrieved 2021-05-19.
  2. ^ a b c d e Geradin, Damien; Katsifis, Dimitrios; Karanikioti, Theano (2020-11-25). "Google as a de facto Privacy Regulator: Analyzing Chrome's Removal of Third-party Cookies from an Antitrust Perspective". Tilburg Law and Economics Center. Rochester, NY (DP2020-038). doi:10.2139/ssrn.3738107. ISSN 1572-4042. S2CID 234583355. SSRN 3738107.
  3. ^ Bohn, Dieter (2021-03-30). "Privacy and ads in Chrome are about to become FLoCing complicated". The Verge. Retrieved 2021-05-19.
  4. ^ Nield, David (2021-05-09). "What's Google FLoC? And How Does It Affect Your Privacy?". Wired. ISSN 1059-1028. Retrieved 2023-09-30.
  5. ^ Lardinois, Frederic (2023-07-20). "Google starts the GA rollout of its Privacy Sandbox APIs to all Chrome users". TechCrunch. Retrieved 2023-09-30.
  6. ^ Goodin, Dan (2020-01-15). "Google plans to drop Chrome support for tracking cookies by 2022". Ars Technica. Retrieved 2021-05-19.
  7. ^ Cyphers, Bennett (2019-08-30). "Don't Play in Google's Privacy Sandbox". Electronic Frontier Foundation. Retrieved 2021-05-21.
  8. ^ "Introducing the Privacy Sandbox on Android". Google. 2022-02-16. Retrieved 2022-11-15.
  9. ^ Vonau, Manuel (2022-11-15). "Google's third-party cookie killer is almost ready for beta testing on Android". Android Police. Retrieved 2022-11-15.
  10. ^ "Privacy Sandbox for the Web reaches general availability - The Privacy Sandbox". Retrieved 2023-09-08.
  11. ^ Amadeo, Ron (2023-09-07). "Google gets its way, bakes a user-tracking ad platform directly into Chrome". Ars Technica. Retrieved 2023-09-08.
  12. ^ Shields, Ronan (April 14, 2021). "Google Shelves Fledge Trials Until Late 2021". Adweek. Retrieved 2021-05-21.
  13. ^ "Protected Audience API: Our New Name for FLEDGE". Retrieved 2023-09-11.
  14. ^ Weatherbed, Jess (2023-07-20). "Google starts the next phase of its plan to kill third-party cookies". The Verge. Retrieved 2023-09-11.
  15. ^ Schiff, Allison (2021-04-26). "An Inside Look At The W3C With Strategy Lead Wendy Seltzer, As Debate Swirls Around The Privacy Sandbox". AdExchanger. Retrieved 2021-05-21.
  16. ^ Schiff, Allison (2021-04-14). "Influential W3C Working Group Calls Privacy Sandbox Proposal 'Harmful'". AdExchanger. Retrieved 2021-05-21.
  17. ^ Cyphers, Bennett (2021-03-03). "Google's FLoC Is a Terrible Idea". Electronic Frontier Foundation. Retrieved 2021-05-21.
  18. ^ Cyphers, Bennett (2021-03-03). "Google's FLoC Is a Terrible Idea". Electronic Frontier Foundation. Retrieved 2021-04-13.
  19. ^ Geradin, Damien; Katsifis, Dimitrios (2020-02-19). "Taking a Dive Into Google's Chrome Cookie Ban". Tilburg Law and Economics Center. Rochester, NY (DP2020-042). doi:10.2139/ssrn.3541170. ISSN 1572-4042. S2CID 216269022. SSRN 3541170.
  20. ^ O'Reilly, Lara (2020-10-22). "'Very pleasantly surprised' Google shares results of Privacy Sandbox experiments". Digiday. Retrieved 2021-05-21.
  21. ^ Kaye, Kate (2021-04-05). "Google's cookieless ad targeting proposal under fire for discriminatory potential". Digiday. Retrieved 2021-05-21.
  22. ^ Roth, Emma (2022-01-25). "Google abandons FLoC, introduces Topics API to replace tracking cookies". The Verge. Retrieved 2022-02-10.
  23. ^ Layser, Stephanie (2022-03-30). "'Seller-Defined Audience Is Better Than Google Topics. Here's Why'". AdExchanger. Retrieved 2022-10-19.
  24. ^ "IP Protection | Privacy Sandbox". Google for Developers. Retrieved 17 January 2024.
  25. ^ Rumiński, Mateusz (October 5, 2022). "[Whitepaper] Deep Insights From Early Fledge Experiments". RTB House. Retrieved 2023-01-18.
  26. ^ Trotz, Joey (November 10, 2022). "Privacy Sandbox for the web: Expanding testing into 2023". Retrieved 2023-01-18.
  27. ^ "Quantitative testing of Google's Privacy Sandbox technologies – seeking input from affected firms and others on the CMA's proposals" (PDF). Competition and Markets Authority. November 2022. Retrieved 2023-01-18.
  28. ^ Ikeda, Scott (2021-01-20). "UK CMA Plans to Investigate Google Chrome's 'Privacy Sandbox' for Potential Anticompetitive Behavior". CPO Magazine. Retrieved 2021-05-19.
  29. ^ Shields, Ronan (January 13, 2021). "Google's Dilemma: Tension Between Privacy and Competition". Adweek. Retrieved 2021-05-21.
  30. ^ "Investigation into Google's 'Privacy Sandbox' browser changes". Competition and Markets Authority. January 8, 2021. Retrieved 2023-01-18.
  31. ^ "CMA second update report on implementation of the Privacy Sandbox commitments" (PDF). Competition and Markets Authority. October 2022. Retrieved 2023-01-18.
  32. ^ a b Robertson, Adi (2021-03-16). "Google antitrust suit takes aim at Chrome's Privacy Sandbox". The Verge. Retrieved 2021-04-13.
  33. ^ Holt, K (December 16, 2020). "Texas announces a multi-state antitrust suit against Google". Engadget. Retrieved 2021-04-13.
  34. ^ Masnick, Mike (16 March 2021). "Google's Efforts To Be Better About Your Privacy, Now Attacked As An Antitrust Violation". Techdirt. Retrieved 2021-04-13.