Helen MussardPrivacy Sandbox is a Chrome and Android initiative for developing new technologies for modern, privacy focused web and Android ecosystems. The Privacy Sandbox reduces cross-site and cross-app tracking, while helping to keep online content and services accessible for all. The Web and Android efforts share a common vision, and several of the web proposals will be developed for Android as well. However, the web and mobile apps rely on fundamentally different technologies which puts them on separate timelines - even though some phases may line up. This section focuses on Privacy Sandbox for the Web.
Privacy Sandbox for the Web will phase out third party cookies, and take action to limit other types of cross site tracking. However, there are important use cases that rely on third party cookies and Privacy Sandbox has a number of new technologies available to support relevant use cases developed using the latest privacy enhancing technologies like differential privacy, k-anon etc. In addition by limiting other forms of cross site tracking and by reducing the amount of information sites can access, Privacy Sandbox will also reduce covert tracking techniques such as fingerprinting.
The proposals are being developed in public forums, in collaboration with members of the industry. Chrome also continues to work with the UK's Competition and Markets Authority (CMA) in line with the commitments they offered for Privacy Sandbox for the web. We encourage participation through the many public feedback channels that inform the development of the proposals. Stakeholders can also use this form to share feedback directly with Chrome if they are unable to share publicly.
The Privacy Sandbox proposals are in various stages of the development process. You can find the latest timeline on the privacysandbox.com website which will be updated once per month. Please note that the final deprecation of third-party cookies in Chrome is subject to approval from the UK's Competition and Markets Authority (CMA).
Chrome and other ecosystem stakeholders have offered more than 20 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.
Topics is a proposal in the Privacy Sandbox designed to preserve privacy while showing relevant content and ads. The browser will infer a handful of recognizable, interest-based categories based on recent browsing history to help sites serve relevant ads. With Topics, the specific sites you’ve visited are no longer shared across the web, like they might have been with third-party cookies.
How it works: There are two main parts to Topics. First, the API labels each website from a set of recognizable, high-level topics. For example, the browser would match a sports website with the topic "Sports". Then, the browser collects a few of the most frequent topics associated with the websites you’ve visited. These topics are then shared (one topic per week and maximum of 3 weeks) with the sites a user visits to help advertisers show more relevant ads, without needing to know the specific sites a user visited.
The browser will use a limited set of topics selected from a human-curated, publicly visible list. The updated list contains around 469 topics - the taxonomy size is limited to reduce the risk of fingerprinting.
Users will be able to see the topics and remove any a user doesn't like, or disable them completely in Chrome under their respective ads privacy settings
Demo: https://topics-demo.glitch.me/
Tester list: Topics
Office hours: https://github.com/patcg-individual-drafts/topics/issues/115
Protected Audience API (fka FLEDGE) is a new way to address remarketing, ie. reminding you of sites and products you’ve been interested in, without relying on third-party cookies. As a user moves across the web, advertiser sites can inform the browser that they would like a chance to show a known interest group a specific ad . They can also directly share information with a user’s browser including the specific ads they'd like to show and how much they'd be willing to pay to show this user an ad. Then, when a user visits a website with ad space, an algorithm in the browser helps inform what ad might appear.
Office hours: https://github.com/WICG/turtledove/issues/88
Tester list: Protected Audience
Today, ad conversion measurement often relies on third-party cookies. Browsers are restricting access to third-party cookies because these can be used to track users across sites and hinder user privacy.
The Attribution Reporting API enables those measurements in a privacy-preserving way, without third-party cookies. Imagine you’re browsing the morning news and you see an ad for a pair of headphones that are on sale. You click on the ad to take a closer look. An adtech company can use Attribution Reporting to let an advertiser know that a purchase occurred, but keeps your individual browsing or app activity private – using methods like encryption, time delays, secure servers, and data aggregation and randomization.
This API enables advertisers and ad tech providers to measure conversions in the following cases:
Public Handbook: [public] Handbook (Experiment with Attribution Reporting)
Demo: https://arapi-home.web.app/
Tester list: Attribution Reporting
Office hours: https://github.com/WICG/attribution-reporting-api/issues/80
If you are interested in testing the Privacy Sandbox APIs, the “Get started” section on https://developer.chrome.com/docs/privacy-sandbox/ is a good place to start. For the Topics API (Interest Based Ads) and Protected Audience API (Remarketing and Custom Audiences) you can also check out the integration guides below:
You can also get in touch with Chrome directly by joining the publicly available office hours:
Protected Audience Office Hours
Attribution Reporting Office Hours
You can also share your feedback directly via the Privacy Sandbox feedback form.
The Privacy Sandbox team has published guidance to help websites and services prepare for third-party cookie deprecation (3PCD) and minimise disruption to user-facing features. Here are specific actions you can take as we continue to approach full deprecation:
The guides and checklists below provide actionable information on how to get started with Privacy Sandbox APIs or how to prepare for third-party cookie deprecation.
