Interactive Advertising Bureau

About Privacy Sandbox

Jun 05,2024
Helen Mussard

Privacy Sandbox is a Chrome and Android initiative for developing new technologies for modern, privacy focused web and Android ecosystems. The Privacy Sandbox reduces cross-site and cross-app tracking, while helping to keep online content and services accessible for all. The  Web and Android efforts share a common vision, and several of the web proposals will be developed for Android as well.  However, the web and mobile apps rely on fundamentally different technologies which puts them on separate timelines - even though some phases may line up. This section focuses on Privacy Sandbox for the Web.

Privacy Sandbox for the Web will phase out third party cookies, and take action to limit other types of cross site tracking.  However, there are important use cases that rely on third party cookies and Privacy Sandbox has a number of new technologies available to support relevant use cases developed using the latest privacy enhancing technologies like differential privacy, k-anon etc.  In addition by limiting other forms of cross site tracking and by reducing the amount of information sites can access, Privacy Sandbox will also reduce covert tracking techniques such as fingerprinting.

The proposals are being developed in public forums, in collaboration with members of the industry. Chrome also continues to work with the UK's Competition and Markets Authority (CMA) in line with the commitments they offered for Privacy Sandbox for the web. We encourage participation through the many public feedback channels that inform the development of the proposals. Stakeholders can also use this form to share feedback directly with Chrome if they are unable to share publicly.

Timeline

The Privacy Sandbox proposals are in various stages of the development process. You can find the latest timeline on the privacysandbox.com website which will be updated once per month. Please note that the final deprecation of third-party cookies in Chrome is subject to approval from the UK's Competition and Markets Authority (CMA).

API Proposals

Chrome and other ecosystem stakeholders have offered more than 20 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.

Topics API

Topics is a proposal in the Privacy Sandbox designed to preserve privacy while showing relevant content and ads. The browser will infer a handful of recognizable, interest-based categories based on recent browsing history to help sites serve relevant ads. With Topics, the specific sites you’ve visited are no longer shared across the web, like they might have been with third-party cookies. 

How it works: There are two main parts to Topics. First, the API labels each website from a set of recognizable, high-level topics. For example, the browser would match a sports website with the topic "Sports". Then, the browser collects a few of the most frequent topics associated with the websites you’ve visited. These topics are then shared (one topic per week and maximum of 3 weeks) with the sites a user visits to help advertisers show more relevant ads, without needing to know the specific sites a user visited.

The browser will use a limited set of topics selected from a human-curated, publicly visible list. The updated list contains around 469 topics - the taxonomy size is limited to reduce the risk of fingerprinting. 

Users will be able to see the topics and remove any a user doesn't like, or disable them completely in Chrome  under their respective ads privacy settings

Learn more

Demo: https://topics-demo.glitch.me/

Tester list: Topics 

Office hours: https://github.com/patcg-individual-drafts/topics/issues/115

Protected Audiences API

Protected Audience API (fka FLEDGE) is a new way to address remarketing, ie. reminding you of sites and products you’ve been interested in, without relying on third-party cookies. As a user moves across the web,  advertiser sites can inform the browser that they would like a chance to show  a known interest group a specific ad . They can also directly share information with a user’s browser including the specific ads they'd like to show and how much they'd be willing to pay to show this user an ad. Then, when a user visits a website with ad space, an algorithm in the browser helps inform what ad might appear.

Learn more

Office hours: https://github.com/WICG/turtledove/issues/88

Tester list: Protected Audience

Attribution Reporting API

Today, ad conversion measurement often relies on third-party cookies. Browsers are restricting access to third-party cookies because these can be used to track users across sites and hinder user privacy.

The Attribution Reporting API enables those measurements in a privacy-preserving way, without third-party cookies. Imagine you’re browsing the morning news and you see an ad for a pair of headphones that are on sale. You click on the ad to take a closer look. An adtech company can use Attribution Reporting to let an advertiser know that a purchase occurred, but keeps your individual browsing or app activity private – using methods like encryption, time delays, secure servers, and data aggregation and randomization.

This API enables advertisers and ad tech providers to measure conversions in the following cases:

  • Ad clicks and views.
  • Ads in a third-party iframe, such as ads on a publisher site that uses a third-party ad tech provider.
  • Ads in a first-party context, such as ads on a social network or a search engine results page, or a publisher serving their own ads.

Learn more

Public Handbook: [public] Handbook (Experiment with Attribution Reporting)

Demo: https://arapi-home.web.app/

Tester list: Attribution Reporting

Office hours: https://github.com/WICG/attribution-reporting-api/issues/80

How to get started with testing

If you are interested in testing the Privacy Sandbox APIs, the “Get started” section on https://developer.chrome.com/docs/privacy-sandbox/ is a good place to start. For the Topics API (Interest Based Ads) and Protected Audience API (Remarketing and Custom Audiences) you can also check out the integration guides below:

You can also get in touch with Chrome directly by joining the publicly available office hours:

Topics Office Hours

Protected Audience Office Hours

Attribution Reporting Office Hours

You can also share your feedback directly via the Privacy Sandbox feedback form.

How to prepare your website for 3PCD

The Privacy Sandbox team has published guidance to help websites and services prepare for third-party cookie deprecation (3PCD) and minimise disruption to user-facing features. Here are specific actions you can take as we continue to approach full deprecation: 

  • Test your service with third-party cookies turned off to find breakage on your website. 
  • Report breakage as a result of 3PCD as soon as possible.
  • If you provide an embedded content/service that is experiencing breakage: request temporary access to third party cookies through a third-party deprecation trial. This article explains the deprecation trial and qualifications; if you qualify and need additional time to prepare for 3PCD, please register as soon as possible.  Please note the grace period that is available immediately to address web compatibility issues.
  • If your website is experiencing breakage: Report breakage as soon as possible, to be considered for the grace period that is available immediately to address web compatibility issues. Apply for the first-party deprecation trial to extend access to third-party cookies past the end of the grace period.
    • If you find that an issue is due to a third-party service, we recommend that you share information about the breakage with your provider to confirm they are preparing for 3PCD.
  • Provide feedback on the Privacy Sandbox program.

Privacy Sandbox guides designed for marketers, publishers, and ad tech providers

The guides and checklists below provide actionable information on how to get started with Privacy Sandbox APIs or how to prepare for third-party cookie deprecation.

JOIN IAB EUROPE

Shape the future of digital marketing & advertising

Join today
GET IN TOUCH

IAB Europe is the European-level association for the digital marketing and advertising ecosystem

IAB Europe
Rond-Point Robert
Schuman 11
1040 Brussels
Belgium
Sign up for our newsletter
chevron-leftchevron-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram