In 2020, Google announced it was planning to phase out of third-party cookies from the Chrome browser. The original Plan was to eliminate Third-Party Cookies in Chrome by 2022. However, Google's Cookie Deprecation Plan was postponed several times until Google decided to drop the Plan. Google officially abandoned its cookie deprecation plan in 2024.
Initially, Google Privacy Sandbox was designed to replace Third-Party Cookies while preserving an ad‑supported industry. Google Privacy Sandbox initiative aimed to reduce excessive user tracking while supporting digital advertising.
In 2025, the Google Privacy Sandbox initiative remains one of the privacy-preserving alternatives. Chrome allows users to adjust privacy choices at any time. Privacy Sandbox APIs will remain privacy-preserving alternatives, especially for developers.
Key Takeaways: What Marketers Should Know
- Third‑party cookies in Chrome remain
No cookie deprecation yet. - A cookieless future still remains important
Ignoring cookies isn’t an option, advertisers shouldn’t rely on first‑party data, contextual ads, and server‑side work. - Stay updated on Sandbox APIs
While cookies persist, the development of Google Privacy Sandbox continues. At least some technologies could become an industry standard. Marketers should embrace new data strategies today to get ready for the new emerging possibilities. - Alternatives of the Privacy Sandbox is a shift to on-device processing
- Marketers will also shift to First-party data and contextual advertising, since cross-site behavior data will be harder to access.
- Watch regulation
UK CMA, US DOJ antitrust rulings, and EU regulators are closely monitoring Google and will regulate the Privacy Sandbox alternatives.
What Is Google Privacy Sandbox?
Google launched the Privacy Sandbox in 2019 with the aim to replace third-party cookies with privacy-preserving alternatives and limit the amount of Personal Information shared online.
The Google Privacy Sandbox is an initiative launched by Google and focused on developing privacy-focused technologies for the web and Android platforms. This initiative was intended to offer a more secure and private internet experience with reduced cross-site and cross-app tracking while still enabling a functional online ecosystem and supporting the digital advertising industry.
The initiative includes several technological proposals.
Read the official Privacy Sandbox website.
Current Status of Google Privacy Sandbox in 2025
On July 22, 2024, Google announced that it would keep Third-Party Cookies in its Chrome browser. The decision was made due to widespread industry and regulatory pushback.
The replacement of third-party cookies with the Google Privacy Sandbox faced criticism from multiple related parties:
- Regulatory Concerns
Google Privacy Sandbox has been described as anti-competitive since the introduced proposals limit tracking through traditional methods and force advertisers to use Google‘s services. Regulators, such as the UK's Competition and Markets Authority (CMA), raised concerns about the potential anti-competitive effects of Google's proposed alternatives that could lead to Google’s dominance in digital advertising. - Industry Resistance
Many advertisers and publishers didn‘t trust the Privacy Sandbox technologies and didn‘t believe that they would be as effective for digital advertising as third-party cookies. - Privacy Concerns
Privacy advocates have criticized the new privacy-preserving alternatives, arguing that the Privacy Sandbox technologies still enable user tracking and profiling. Google would offer more complicated technologies, but they would still enable tracking, just in a different form.
In conclusion, instead of phasing out third‑party cookies, Google offers two options: digital advertisers can either use third-party cookies or employ Privacy Sandbox APIs.
Current status (as of mid-2025) of Google Privacy Sandbox:
- Most Privacy Sandbox APIs (like Topics, Fenced Frames, and Attribution Reporting) are available in Chrome via general availability or origin trials.
- Google paused the deprecation of third-party cookies in April 2025, but development of the Privacy Sandbox continues.
- Regulatory bodies (especially the UK CMA) are evaluating if Sandbox tools harm competition or user rights.
Scan your website for free to see all your website cookies, local storage, and session storage in use.
The Goals of Google Privacy Sandbox
Third-party cookies play a major role in online tracking and advertising, allowing advertisers to track users across different sites and collect data about their behavior, interests, and habits. However, this practice raises significant privacy concerns, and users become more interested in the protection of their personal data. By phasing out third-party cookies, Google aims to foster privacy and transparency. Google Privacy Sandbox concentrates on the following goals:
- Building new technologies to protect Personal Information
The Privacy Sandbox technologies aim to make current third-party cookies tracking methods and other tracking techniques obsolete. This ensures that users can browse without concerns about who is collecting their data and for what purposes. - Enabling publishers and developers to keep online content free
Publishers and developers should have privacy-preserving alternatives for their key business needs without relying on intrusive tracking. - Building new internet privacy standards
The Privacy Sandbox initiative is collaborating with publishers, developers, advertisers, and other related parties to develop better privacy standards for the Web and on Android, creating a more secure and trustworthy digital marketing ecosystem.
CookieScript Consent Management Platform (CMP) allows you to continue advertising and comply with the latest privacy regulations without compromising user privacy. CookieScript is a Google-certified CMP.
In 2024, CookieScript CMP was nominated as the best CMP on G2, a peer-reviewed website.
Key Google Privacy Sandbox Technologies
There are over 30 proposals to date initiated by Chrome and other stakeholders to foster web transparency and access user information without compromising privacy. Here are the key Google Privacy Sandbox technologies:
Federated Learning of Cohorts (FLoC)
The Federated Learning of Cohorts algorithm analyzes users' online activity within the browser, and generates a cohort ID using the SimHash algorithm to group a given user with other users who access similar content.
However, companies have disapproved of the FLoC. They argued that the technology did not preserve user privacy. Another downside is that FloC could be used with Chrome and is not compatible with other browsers.
The FloC is now discontinued.
Private state tokens
Private State Tokens enable websites to distinguish real users from bots or malicious attackers without identifying individuals. These tokens are issued based on user behavior and are encrypted to ensure privacy.
Read more about Private State Tokens.
Topics API
The Topics API is designed to preserve user privacy while showing relevant content and ads. It delivers ads related to users’ interests based on recent browsing history and helps sites and apps serve relevant ads.
The Topics API categorizes user browsing behavior into topics. These topics represent recognizable categories inferred by the browser based on the pages a user visits. For example, the browser marks a sports website with the topic "Sports".Then, the browser collects several of the most frequent topics related to the websites a user has visited. These topics are then shared with the sites you visit to help advertisers show you more relevant ads without identifying the specific sites you’ve visited.
Learn more about the Topics API.
Related Website Sets
Related Website Sets (RWS), formerly known as First-party set, is a proposal allowing a group of related domains (such as example.com, example.co.uk, and example.de) to be treated as a single first-party domain.
After blocking third-party cookies, modern browsers treat each domain as a separate origin, so browsers can’t recognize the same user across those sites. RWS allows a company to declare a set of domains it owns and operates under a first-party relationship. Once accepted, the Chrome browser will treat these domains as one for cookies, local storage, and other trackers’ access.
As of 2025, Related Website Sets are still under evaluation and refinement (UK CMA and EU regulators). RWS is implemented optionally in Chrome behind flags and limited rollout. Participation is limited and must follow Google’s RWS policy and approval process.
Learn more about the Related Website Sets.
Protected Audience API
Protected Audience API is used in remarketing without relying on third-party cookies. As users browse the web, advertisers can instruct the browser about future ads and show users ads for products or sites they’ve shown interest in before. The browser then uses these instructions and an algorithm to deliver ads without compromising user privacy.
Read more about Protected Audience API.
TURTLEDOVE
TURTLEDOVE, Two Uncorrelated Requests, Then Locally-Executed Decision On Victory, is a framework proposed by Google to serve ads through the browser. It’s designed to allow retargeting without third-party cookies, moving ad auctions onto the user's browser. The browser chooses and displays the winning ad in a privacy-protected container.
TURTLEDOVE works performing the following steps:
- A user joins an interest group.
- Ad network requests tailored ads.
- Ad network responds with ads and decision rules.
- The browser executes the mini-auction locally.
The advantage of the technology is that data stays local: Ad interest and bidding logic reside in your browser, not on remote servers, limiting cross-site tracking.
However, TURTLEDOVE raised concerns over performance impacts since auction computations run on the client-side.
TURTLEDOVE is currently partially implemented, incorporated into the broader “Protected Audience API” (formerly FLEDGE).
Attribution Reporting API
Attribution Reporting API is used to measure the effectiveness of digital ads without compromising privacy. It allows advertisers to collect data on how users interact with ads and their behavior on the website without identifying users across different sites. The Attribution Reporting API respects user privacy and doesn’t use traditional tracking methods.
Read more about Attribution Reporting API.
CHIPS
CHIPS (Cookies Having Independent Partitioned State) are partitioned cookies that allow partitioning of Third-Party Cookies by the top-level site. A partitioned third-party cookie is double-keyed and is tied to the top-level site where it’s initially set and cannot be accessed from elsewhere. CHIPS takes into account that certain embedded services need to know a given user’s activity on a site to function and will inform browsers that the necessary cookie is allowed to function only between a particular site and another embedded site.
It is the best-developed Google initiative to respect user privacy and comply with privacy laws. While other solutions of Privacy Sandbox are voluntary, this one is already implemented by default on Google’s web browser Chrome.
Read more about CHIPS.
Shared Storage API
The Shared Storage API enables cross-site data usage in a privacy-preserving way without revealing user personal data to websites or scripts. It’s a browser-provided key-value storage mechanism that stores data per site, similar to cookies or local storage. The Shared Storage API allows other origins to read from it indirectly only through secure, browser-controlled workflows. Unlike local storage or cookies, the data in Shared Storage is not directly readable or writable by JavaScript outside the API’s controlled functions.
Shared Storage API has these privacy features:
- It provides privacy-preserving cross-site decision-making.
- No JavaScript has direct access to the stored values outside the worklet.
- It does not allow user identification.
- Enforced same-origin storage, but cross-site read allowed via worklets only.
- It is subject to user agent restrictions and quotas.
Read more about Shared Storage API.
Network State Partitioning
Network State Partitioning partitions a browser’s network resources to prevent these resources from being shared across first-party contexts. It works by isolating network-related states like connections and caches per top-level site, so third parties can’t use shared resources to track users across websites. Each request must have an additional network partition key for resources to be reused and safeguards user privacy by disallowing access to shared resources and metadata learned from loading other sites.
Network state refers to any browser-managed resource related to loading websites, including DNS cache, TCP connections, HTTP cache, TLS session state, Alt-Svc and HTTP/2 connection pools, or resource hints (preconnect, prefetch). Traditionally, these resources were shared across websites to improve speed and efficiency. But that sharing also opened up tracking vectors, especially for fingerprinting.
It is fully implemented since Chrome 96 (2021) and other Chromium-based browsers.
Fenced Frames API
Fenced Frames are HTML elements that embed advertising content into publishers’ digital properties while restricting communication between the embedded content and the embedding environment. It allows websites to embed content—typically ads—in a way that isolates it from the rest of the page, preventing it from accessing or leaking user data across sites.
A Fenced Frame is a special kind of <iframe> designed for privacy:
- It cannot communicate with the embedding page or other frames.
- It has no access to cookies, local Storage, or shared state from other sites.
- It provides no visibility into the URL or user behavior of the top-level page.
Thus, the Fenced Frames API could be used for embedding ads or personalized content without leaking data to third parties.
Read more about Fenced Frames API.
Federated Credential Management
Federated Credential Management (FedCM) is a web API designed to enhance user privacy and security when signing in to websites. It allows websites to authenticate users through trusted third-party services without relying on third-party cookies or redirects, which could be used for tracking.
Read more about FedCM.
Client Hints API
Client Hints API are a set of HTTP Headers and a JavaScript API that allows websites to request required information directly rather than via a User-Agent String, therefore reducing details that can be shared about a user online. Client Hints are used to limit covert tracking.
Read more about Client Hints API.
User Agent Reduction
User Agent reduction minimizes the information in a User-Agent String, thereby reducing its vulnerability to passive fingerprinting. As Client Hints, User Agent reduction is also used to limit covert tracking.
Read more about User-Agenct Reduction.
HTTP Cache Partitioning
HTTP Cache Partitioning assigns cached resources with a new "Network Isolation Key" in addition to the resource URL. The Network Isolation Key is composed of the top-level site and the current-frame site. This prevents other websites from being able to infer details about the status of cached resources on a different website.
Read more about HTTP Cache Partitioning.
DNS-over-HTTPS
DNS-over-HTTPS (DoH) is a protocol that encrypts DNS queries, preventing attackers from observing which sites users visit or redirecting them to malicious sites.
Read more about DNS-over-HTTPS.
IP Protection
IP Protection is a proposal to avoid sharing a user's real IP address with third parties. This proposal uses a privacy proxy for a connection. Hiding users’ IP addresses from third parties helps to prevent tracking across different sites.
Read more about IP Protection.
How to Enable Google Privacy Sandbox in Chrome?
To enable Privacy Sandbox in Chrome, perform the following steps:
- On your computer, open Chrome
- Click More (three dots at the top-right corner) > Settings
- Click Privacy and security > Ad privacy
Here you will find three fields for selection: Ad topics, Site-suggested ads, and Ads measurement:
- Enable or disable any of these options.
Challenges in Privacy Sandbox API Integrations
Integrating Privacy Sandbox APIs raises several challenges, including:
- Technical implementation
Adapting existing systems to new APIs requires significant technical changes and development resources. - Data accuracy and measurement
The new privacy-preserving technologies must still proof that they provide accurate and reliable ad targeting and measurement data. - Industry adoption
The digital advertising ecosystem should be willing to implement the Privacy Sandbox alternatives and ensure interoperability with various platforms and services. - Regulatory compliance
Regulatory bodies (especially the UK CMA) are evaluating if Sandbox tools harm competition or user rights. The new technologies should ensure compliance with privacy laws and regulations.
How Will Privacy Sandbox Affect Advertising?
The Privacy Sandbox will fundamentally change how online advertising works by eliminating third-party cookies and replacing them with privacy-preserving APIs. These alternatives aim to balance user privacy and Ad business needs.
Today’s digital advertising relies on third-party cookies for:
- Cross-site behavioral targeting
- Ad frequency capping
- Attribution and conversion tracking
- User profiling and audience retargeting.
With cookies being phased out, many of these capabilities will disappear. Google proposes replacing key ad functions with the new Privacy Sandbox alternatives.
There are new trends that are coming with Privacy Sandbox:
- Shift to on-device processing
Much of what was done on servers using identifiers will now happen in the browser. This includes audience segmentation, ad auctioning, and creative selection. - Less Granular Targeting
APIs like Topics API only provide a few broad interest categories per user, updated weekly. That means less precise targeting than cookie-based methods. - New measurement tools
The Attribution Reporting API utilizes aggregated and delayed reporting to safeguard user identity while still enabling advertisers to view which ads are converting. - Reliance on first-party data
Marketers will lean more on first-party data (emails, CRM, logins) and contextual advertising since cross-site behavior data will be harder to access.
Frequently Asked Questions
What Is Google Privacy Sandbox?
The Google Privacy Sandbox is an initiative launched by Google and focused on developing privacy-focused technologies for the web and Android platforms. It aims to replace third-party cookies with privacy-preserving alternatives and limit the amount of personal information shared online. Use CookieScript CMP to respect user privacy and comply with privacy laws.
What is the current status of Google Privacy Sandbox?
As of mid-2025, Google paused third-party cookie deprecation in April 2025, but Privacy Sandbox development continues. Most Privacy Sandbox APIs are available in Chrome via general availability or origin trials. Regulatory bodies are evaluating if Sandbox tools harm competition or user rights. Scan your website for free to see all your website cookies in use.
How does the Privacy Sandbox enhance user privacy?
The Privacy Sandbox enhances user privacy by reducing cross-site tracking and introducing privacy-preserving APIs that limit the amount of personal information shared online. Use CookieScript CMP to respect user privacy and comply with privacy laws.
How to turn the Privacy Sandbox on in Chrome?
To enable Privacy Sandbox in Chrome, open Chrome and click More (three dots) > Settings > Privacy and security > Ad privacy. Here you will find three fields for selection: Ad topics, Site-suggested ads, and Ads measurement. Enable or disable any of these options.
Should I enable the Privacy Sandbox in Chrome?
Privacy Sandbox is an initiative to provide an alternative to third-party cookies and user tracking that still allows digital advertising. Even if it introduces privacy-preserving technologies, it could still track users. Depending on your needs, you may turn on or off this Chrome feature.