Privacy Sandbox Overview

What is a Privacy Sandbox? Privacy Sandbox Overview
Estimated Reading Time: 5 minutes

Google’s announcement in January 2020 that they intend to deprecate support for third-party cookies in Google Chrome within the next two years sent a shockwave across the marketing and advertising industries. It’s not hard to see why.

Third-party cookies are involved with almost every aspect of digital marketing—from measuring campaign performance to targeting users with relevant ads. Luckily for marketers and advertisers alike, Google also introduced an initiative to create purpose-built functionalities within the browser to support these use cases in a privacy-safe way for users. With this, the Privacy Sandbox was born.

In the engineering world, a sandbox is a restricted environment for defined activities. You can do certain things and play around with tools and specific information in the sandbox without making a mess elsewhere. In the privacy context, it allows for the personal information of the user to be contained within this browser “safe space” and only used for certain activities without that information being exposed outside of the sandbox, thus protecting the privacy of the user. 

Where traditionally third-party cookies were used to identify users across sites and leveraged for a number of different use cases, the Privacy Sandbox aims to remove the ability for cross-site identification while providing purpose-built tools specific to accomplish the primary advertising use cases of the industry. Think of these purpose-built tools as toys to play within the sandbox— one for measuring conversions, one to measure campaign reach, one for re-marketing to users, etc.  

There are a number of different proposals and solutions being built in the Privacy Sandbox, all in varying stages of development. Below are summary descriptions of some of the primary proposals. Companion overviews which provide further context and impacts relevant for marketing and advertising professionals will be shared in the coming days.

FLoC – Federated Learning of Cohorts

The Privacy Sandbox proposal with the most publicity and commentary to date is no doubt the FLoC. This new method aims to help advertisers personalize their advertising based upon general interests of the user viewing those ads. Encrypted information about web pages that a user browses is collected and saved within the browser. This encrypted browsing information is then used to place the user in a cohort with other users consuming similar content across the web. Once the cohort reaches a size which can effectively protect the anonymity of the user, a cohort ID is made available in the browser which can be leveraged for ad targeting and campaign optimization. 

Read more about the FLoC here.


The TURTLEDOVE proposal is more of a requirements outline, while FLEDGE is the technical, first iteration of a solution to meet the outlined requirements. The proposed browser functionality allows users to be assigned to interest groups based upon their interactions with an advertiser or their ad network. Ads could then be shown to that user based upon an interest group within which they are assigned. The bidding process and selection of ads to display all happens within the browser—a change from the traditional process of this happening in external ad servers. Information is then contained within the browser (and is not externally accessible) to preserve the privacy of the user while still displaying targeted advertising. This information includes data about interest groups the user is a member of plus the contextual information from the page where the ad is displayed.

Read more about TURTLEDOVE and FLEDGE here.

Conversion Measurement APIs

Beyond just ad targeting, third-party cookies are also relied upon to correlate user actions on external websites (i.e. ad clicks and impressions) with conversions on your website. This reporting enables campaign attribution reporting, campaign reach reporting, impression capping, and campaign optimization. To accomplish these use cases in a world without third-party cookies, Chrome will be introducing a series of purpose-built Application Programming Interfaces (APIs) for measurement. The two primary ones are the Event Conversion Measurement API and the Aggregate Measurement API. 

Event Conversion Measurement API

The Event Conversion Measurement API allows for ad impression information, otherwise known as ad clicks with a campaign ID, to be stored in the browser. When that same browser (user) then converts on your website, conversion information is also sent and stored within the browser. The browser then uses stored information to correlate the click with the conversion and sends conversion reports to a designated reporting location, allowing for campaign conversion reporting in a privacy-safe way.

Aggregate Measurement API

The Aggregate Measurement API will allow for information about ad impressions to be stored within the browser. The browser then aggregates encrypted impression information for that user and sends it to a secure location where it is further aggregated with impression information from other users. Once the amount of impression data for a given ad creative reaches a volume which insures the anonymity of users who have viewed each ad, aggregate impression reporting is then made available. This solution protects the privacy of each individual user while still enabling use cases like campaign impression reporting and impression capping.

Read more about Conversion Measurement APIs here.

Contact InfoTrust

Learn more about InfoTrust's analytics and consumer data governance services by reaching out to our partnerships team.
Originally Published: April 12, 2021
April 29, 2021

Other Articles You Will Enjoy

Cookieless Measurement: An Introduction to Browser Measurement APIs

Cookieless Measurement: An Introduction to Browser Measurement APIs

“How will we measure campaign effectiveness?” “How will we report conversions?” “Will attribution still be possible?” These are common questions from advertisers as they…

5-minute read
AI Governance In The United States: Principles for Responsible Use

AI Governance In The United States: Principles for Responsible Use

Much has been made in the first half of 2023 about the advances in Artificial Intelligence and potential threats to everything from the normal…

8-minute read
Privacy Impacts on Customer Experience: What Leaders Need to Know

Privacy Impacts on Customer Experience: What Leaders Need to Know

TL;DR Increasing privacy regulations will continue to force change on organizations’ customer experience due to third-party cookie deprecation and the impact of technical changes…

5-minute read
Respecting Privacy Rights: How to Handle Health Data Collection in Analytics and Advertising

Respecting Privacy Rights: How to Handle Health Data Collection in Analytics and Advertising

The past year has seen a significant increase in the focus on the privacy of health data. Beginning with the guidance released by the…

9-minute read
7 Things To Consider When Choosing A Consent Management Platform (CMP)

7 Things To Consider When Choosing A Consent Management Platform (CMP)

As the online privacy landscape is advancing, the number of consent management platforms available is increasing and the regulatory requirements for organizations to comply…

6-minute read
AI and GDPR: Establishing a Lawful Basis to Process Personal Data with Artificial Intelligence

AI and GDPR: Establishing a Lawful Basis to Process Personal Data with Artificial Intelligence

Thus far in 2023, Artificial Intelligence has been the talk of the town. With a proliferation of new platforms touting to revolutionize various industries…

6-minute read

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.