Secondary Privacy Sandbox Proposals: Prepare for a Cookieless World

Estimated Reading Time: 7 minutes

Earlier this month, Google announced that they would be delaying the deprecation of support for third-party cookies in their Chrome browser until the second half of 2023. While marketers and advertisers across the globe breathed a collective sigh of relief, it’s important to remember that this is not a permanent reprieve—cookies are still on death row … their execution date has just been delayed a bit. 

A primary reason for this postponement of the cookiepocolypse is the relative nacency of many proposals to Chrome’s Privacy Sandbox. One of Chrome’s core stances when they announced the third-party cookie deprecation was that they would deprecate support once the industry was able to successfully accomplish core marketing and advertising use cases in privacy-safe ways. Hence the Privacy Sandbox initiative. 

At this stage, you have certainly heard about FLoC, FLEDGE, and the various conversion APIs for measurement in the works. Of those core initiatives, none are fully supported in production at the time of writing. In addition to these core proposals, there are a number of what I like to refer to as “secondary proposals” that are critical to ensuring a privacy-safe environment in a post-cookie world. Here we will explore these secondary proposals, their implications, and status.

Privacy Budget

Chrome has taken the stance from the beginning that they are against “blunt” approaches to the blocking of third-party cookies. Their position is that these cookies are used across the web for a number of use cases to support the free and open ad supported web. By blocking access to third-party cookies without offering any kind of other alternatives or additional protections, vendors will resort to more nefarious means of tracking, specifically browser fingerprinting.

Browser fingerprinting is an approach where a platform will collect a number of disparate, static data points from the user. These data points are things like IP address, device type, operating system, screen resolution, location, etc. While each of these items in isolation is not a unique identifier, by collecting a number of these metrics and layering them on top of one another, a unique anonymous “fingerprint” of the user is able to be created. This fingerprint is then translated into a unique ID which the user’s activity is associated with to create a profile and target the user across the web. 

When compared to the standard use of third-party cookies to accomplish this cross-site tracking, the method of fingerprinting is more difficult to detect, is less transparent, and users lack any kind of control. In many ways it is more problematic than cookies. 

The privacy budget proposal in the Privacy Sandbox is meant to protect against these methods of browser fingerprinting. The budget is a technical method to limit the amount of device and browser data exposed when a user visits a site. By limiting the number of data points available, it can ensure the data that is available is insufficient to identify and track an individual user.

Chrome is taking a multi-stage approach to solving this problem. First, starting by measuring what information is exposed by each fingerprint surface (a fingerprinting surface is an interaction point where a website can learn something that is either stable or semi-stable for a given user or device and varies between users or devices). Once taking this measurement, they will then determine how much and what information is exposed to each site. Finally, they will be defining and enforcing the “privacy budget” for how much information can be accessed. At this stage there are still various approaches for enforcement that are being discussed. 

This proposal is critical to be live for the deprecation of third-party cookies in Chrome to come to fruition. It is also implicated in a number of the core Sandbox proposals. For example, one of the main criticisms from the privacy community for the FLoC proposal was that the cohort made available in the browser represented another fingerprint surface and would make profiling and identification of individual users less difficult. A solution such as the privacy budget would work in tandem with a solution such as FLoC to make it far more privacy-safe and thus more acceptable for adoption.

Trust Token API

Today, many solutions to combat ad fraud use approaches similar to device fingerprinting to identify users in a cross-site context and determine their legitimacy. With other Sandbox proposals such as the privacy budget intended to limit fingerprinting, this traditional approach will not be possible. In response, there is a proposal for a new API and token approach to distinguish between a real user and a fraudulent bot.

To not wade into the technical specifics (which are still very much in the design phase at the time of writing), this proposal puts forth a method for “trust tokens” to be issued and stored in a browser in one context (example: a social media site that has authenticated a user) and be “redeemed” or accessed in another context (say by an ad on a publisher site). The presence of a “trust token” and its redemption would ensure it is a real user and not fraudulent bot traffic accessing the site (which does not have a reason to trust the current browser)—all of this being done without identifying the user or linking the two identities.

Willful IP Blindness

Another approach proposed to limit the ability for technologies to conduct browser fingerprinting is the concept of willful IP blindness. This would allow a resource loading on a site to be blinded to the user’s IP address. The proposal is meant to 1) provide one less fingerprinting surface and 2) allow for something that is typically always passively exposed (IP address) to be voluntarily blinded thus not eating into the privacy budget consumed by the site in question. 

First Party Sets

In today’s web, third-party cookies are the mechanism used to pass information (such as a user’s ID) across domains. In some cases, a single entity will be the owner of multiple domains. (Think a multi-brand organization with multiple brand sites, or a single brand with a global presence and sites with a .com and and .de indicator.) These sites would be considered “first party” in the real-world context but are not in the digital internet context. In order to better align the web’s definition of first and third party with the definition in the real world, the solution of First Party Sets (FPS) is introduced.

Specifically, FPS would allow for multiple domains that belong to the same first-party entity to be classified as belonging to the same first party for purposes of cookie and data access from a user’s browser. In the proposal, sites are declared as being owned by the same entity and verified as such by a verification mechanism. Once the sites are verified being owned by the same first-party entity, cookies could be accessed across each of the stated owned domains. 

An initial origin trial for this proposal has been completed but it is still in development. Once live, this will help many organizations as it relates to first-party data collection in this new cookieless environment.

It’s important to remember that the Privacy Sandbox is not just about providing new methods for targeting users and measuring campaign performance; there are a number of additional proposals meant to better protect user privacy in the new privacy-focused environment. These proposals are critical not just to the success of the new targeting methods, but also to the success of a free and open web. 

Preparing Your Organization for the Cookieless World?

We’d love to have a chat about Sandbox proposals to help you create and execute a privacy-safe data strategy.


  • Lucas Long

    Lucas Long is co-author of the Amazon best-selling book, Crawl, Walk, Run: Becoming a Privacy-Centric Marketing Organization. He is also the Director of Privacy Strategy at InfoTrust, working with global organizations at the intersection of digital strategy, privacy regulations, and technical data collection architecture. Through these efforts, Lucas helps companies understand their limitations for data enablement due to privacy challenges and design optimal ways to accomplish core use cases in a compliant manner.

    When not discussing the intricacies of GDPR and cookie laws with clients, Lucas enjoys traveling and exploring new cultures, one bite at a time. Based in Barcelona, he is also a presenter, featured at industry events organized by Google, the Digital Analytics Association, the American Marketing Association, and the Journal of Applied Marketing Analytics.

Originally Published: July 23, 2021

Subscribe To Our Newsletter

July 23, 2021

Other Articles You Will Enjoy

HIPAA Legislation: What Impact Does This Have on Your Analytics Platforms?

HIPAA Legislation: What Impact Does This Have on Your Analytics Platforms?

If you are a healthcare organization operating in the United States, you are likely aware of the significant increase in the focus on the…

9-minute read
Shaping Tomorrow: Emerging Data Privacy Trends for 2024

Shaping Tomorrow: Emerging Data Privacy Trends for 2024

Each year Data Privacy Day provides a necessary reminder of the importance of embedding privacy into all business‌ activities. The fact that it is…

11-minute read
Safeguarding Privacy: South Africa’s Protection of Personal Information Act (PoPIA)

Safeguarding Privacy: South Africa’s Protection of Personal Information Act (PoPIA)

South Africa’s Protection of Personal Information Act (PoPIA) empowers its citizens with enforceable rights over their personal information. The law establishes eight minimum requirements…

9-minute read
Changing Privacy Regulations and What to Do with Google Tags – Consent Mode

Changing Privacy Regulations and What to Do with Google Tags – Consent Mode

**Important – The information covered in this article is not intended to be legal advice or counsel. You should not act or refrain from…

7-minute read
Meta, GDPR, and Consent: The Future of Targeting on Facebook and Instagram

Meta, GDPR, and Consent: The Future of Targeting on Facebook and Instagram

For much of 2023, marketers and advertisers have been wrestling with the question of Meta’s GDPR compliance. The ongoing saga has left everyone in…

9-minute read

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.