After six years of work, Google’s Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.
The Chocolate Factory on Tuesday raised the white flag and surrendered to pressure from watchdogs and rivals who preferred the status quo – third-party cookies and all the privacy problems that come with them. While a loss for user privacy, the move could lower the temperature on Google’s troubles, as regulators feared the online ads giant would use the tool to boost its own already dominant advertising services.
Google at one point aimed to get rid of third-party cookies in Chrome – which by virtue of its dominance would break cookies for the ad industry. Now that’s no longer the plan. Online advertising will remain the same as it ever was.
Websites rely on cookies for various legitimate and necessary functions, such as authenticating users and storing preferences. But they also allow third-party firms to place cookies for user tracking, analytics, ad attribution, and other functions. This has been shown repeatedly to be terrible for privacy. Third-party cookies allow people’s online activities to be tracked across websites, often in ways that let them be personally identified.
Google began building its Privacy Sandbox in 2019 in an effort to get ahead of the rising tide of privacy regulation, as technical defenses began appearing in rival browsers that blocked third-party cookies by default. The project consisted of a set of APIs – initially for the web but later expanded to Android – pitched to advertisers and publishers as a way to meet privacy regulations without depriving advertisers of targeting and analytics tools.
The ad rethink ran into opposition from ad tech rivals, who argued the technology gave Google an edge in the buying and selling of ads. The Competition and Markets Authority and the Information Commissioner’s Office in the UK held Google’s feet to the fire and the US giant began making concessions. Meanwhile, Google’s privacy claims kept falling short as technologists poked holes in the proposed systems.
In July 2024, Anthony Chavez, VP of Privacy Sandbox, conceded partial defeat by promising to let Chrome users choose whether to play in the Privacy Sandbox or to accept third-party cookies. Google planned to offer an opt-in screen through which Chrome users could choose to allow third-party cookies if they wished.
Now, it won’t even be that – perhaps in an effort to get out ahead of an anticipated adverse regulatory decision from some government anti-trust-buster.
Citing the adoption of unspecified privacy-enhancing technologies, supposed opportunities to improve privacy with AI, and a shifting regulatory landscape, Chavez walked back last year’s compromise.
“Taking all of these factors into consideration, we’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies,” said Chavez in a blog post. “Users can continue to choose the best option for themselves in Chrome’s Privacy and Security Settings.”
Some Privacy Sandbox technology will continue to be developed and deployed. Specifically, Chavez said IP Protection, a proxy-based scheme for keeping users’ IP addresses away from third parties while in Incognito mode, is still scheduled for Q3 2025 deployment.
The future of the Privacy Sandbox APIs is uncertain. Chavez said Google intends to “engage with the industry to gather feedback and share an updated roadmap for these technologies.”
James Rosewell, co-founder of Movement for an Open Web, one of Google’s principal antagonists as it sought to unilaterally rewrite the rules of online advertising, celebrated the Privacy Sandbox denouement.
“This is an admission by Google that the Privacy Sandbox project is all but over,” said Rosewell in a statement. “Google’s intention was to remove open and interoperable communications standards to bring digital advertising traffic under their sole control and, with this announcement, that aim is now over. They’ve recognized that the regulatory obstacles to their monopolistic project are insurmountable and have given up.”
The Electronic Frontier Foundation, which not long ago pilloried the Privacy Sandbox for its lack of privacy, scolded the ad giant for repudiating its breakup with third-party cookies.
“Google continues to backtrack on its privacy promises, leaving billions of Chrome users vulnerable to online surveillance,” said foundation staff technologist Lena Cohen in a statement.
“Last July, Google abandoned its long-delayed plan to deprecate third-party cookies in Chrome, opting instead to prompt users to choose whether or not to be tracked by third-party cookies. Today, Google backtracked even further on its privacy promises by scrapping the rollout of this plan to help users ‘make an informed choice.’
“Even if implemented, a user-choice prompt would’ve fallen short of the default privacy protections offered by other leading browsers. Safari and Firefox have blocked third-party cookies by default since 2020, recognizing the widespread and well-documented privacy harms they cause.
“By refusing to implement even the bare minimum protections they once promised, Google is making clear that user privacy comes second to their surveillance-based business model. To protect themselves from third-party cookies, users should consider switching to browsers like Firefox and installing a tracker-blocking extension like Privacy Badger.” ®