Privacy Sandbox Overview

What is a Privacy Sandbox? Privacy Sandbox Overview
Estimated Reading Time: 5 minutes

Google’s announcement in January 2020 that they intend to deprecate support for third-party cookies in Google Chrome within the next two years sent a shockwave across the marketing and advertising industries. It’s not hard to see why.

Third-party cookies are involved with almost every aspect of digital marketing—from measuring campaign performance to targeting users with relevant ads. Luckily for marketers and advertisers alike, Google also introduced an initiative to create purpose-built functionalities within the browser to support these use cases in a privacy-safe way for users. With this, the Privacy Sandbox was born.

In the engineering world, a sandbox is a restricted environment for defined activities. You can do certain things and play around with tools and specific information in the sandbox without making a mess elsewhere. In the privacy context, it allows for the personal information of the user to be contained within this browser “safe space” and only used for certain activities without that information being exposed outside of the sandbox, thus protecting the privacy of the user. 

Where traditionally third-party cookies were used to identify users across sites and leveraged for a number of different use cases, the Privacy Sandbox aims to remove the ability for cross-site identification while providing purpose-built tools specific to accomplish the primary advertising use cases of the industry. Think of these purpose-built tools as toys to play within the sandbox— one for measuring conversions, one to measure campaign reach, one for re-marketing to users, etc.  

There are a number of different proposals and solutions being built in the Privacy Sandbox, all in varying stages of development. Below are summary descriptions of some of the primary proposals. Companion overviews which provide further context and impacts relevant for marketing and advertising professionals will be shared in the coming days.

FLoC – Federated Learning of Cohorts

The Privacy Sandbox proposal with the most publicity and commentary to date is no doubt the FLoC. This new method aims to help advertisers personalize their advertising based upon general interests of the user viewing those ads. Encrypted information about web pages that a user browses is collected and saved within the browser. This encrypted browsing information is then used to place the user in a cohort with other users consuming similar content across the web. Once the cohort reaches a size which can effectively protect the anonymity of the user, a cohort ID is made available in the browser which can be leveraged for ad targeting and campaign optimization. 

Read more about the FLoC here.


The TURTLEDOVE proposal is more of a requirements outline, while FLEDGE is the technical, first iteration of a solution to meet the outlined requirements. The proposed browser functionality allows users to be assigned to interest groups based upon their interactions with an advertiser or their ad network. Ads could then be shown to that user based upon an interest group within which they are assigned. The bidding process and selection of ads to display all happens within the browser—a change from the traditional process of this happening in external ad servers. Information is then contained within the browser (and is not externally accessible) to preserve the privacy of the user while still displaying targeted advertising. This information includes data about interest groups the user is a member of plus the contextual information from the page where the ad is displayed.

Read more about TURTLEDOVE and FLEDGE here.

Conversion Measurement APIs

Beyond just ad targeting, third-party cookies are also relied upon to correlate user actions on external websites (i.e. ad clicks and impressions) with conversions on your website. This reporting enables campaign attribution reporting, campaign reach reporting, impression capping, and campaign optimization. To accomplish these use cases in a world without third-party cookies, Chrome will be introducing a series of purpose-built Application Programming Interfaces (APIs) for measurement. The two primary ones are the Event Conversion Measurement API and the Aggregate Measurement API. 

Event Conversion Measurement API

The Event Conversion Measurement API allows for ad impression information, otherwise known as ad clicks with a campaign ID, to be stored in the browser. When that same browser (user) then converts on your website, conversion information is also sent and stored within the browser. The browser then uses stored information to correlate the click with the conversion and sends conversion reports to a designated reporting location, allowing for campaign conversion reporting in a privacy-safe way.

Aggregate Measurement API

The Aggregate Measurement API will allow for information about ad impressions to be stored within the browser. The browser then aggregates encrypted impression information for that user and sends it to a secure location where it is further aggregated with impression information from other users. Once the amount of impression data for a given ad creative reaches a volume which insures the anonymity of users who have viewed each ad, aggregate impression reporting is then made available. This solution protects the privacy of each individual user while still enabling use cases like campaign impression reporting and impression capping.

Read more about Conversion Measurement APIs here.

Contact InfoTrust

Learn more about InfoTrust's analytics and consumer data governance services by reaching out to our partnerships team.
Originally Published: April 12, 2021
April 29, 2021

Other Articles You Will Enjoy

Preparing for a New Privacy-Centric Data Reality in the Travel Industry in 2023 and Beyond

Preparing for a New Privacy-Centric Data Reality in the Travel Industry in 2023 and Beyond

Introduction The travel industry is facing a number of challenges around user privacy as it adapts to the expansion of privacy legislation. At the…

5-minute read
ChatGPT Ban in Italy: Privacy Concerns, AI, and What It Means for the Rest of Us

ChatGPT Ban in Italy: Privacy Concerns, AI, and What It Means for the Rest of Us

According to a UBS study, ChatGPT was estimated to have reached 100 million monthly active users in just two months after launch. This would…

7-minute read
Balancing Business Value and Compliance Risk: Restricted Data Processing

Balancing Business Value and Compliance Risk: Restricted Data Processing

A primary area of compliance risk for most organizations is the data collection architecture on the website, specifically tags and pixels. While most people…

7-minute read

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.