ServicesAboutNotesContact Get in touch →
EN FR
Note

Privacy Sandbox Collapse

How Google's Privacy Sandbox went from the industry's best hope for a cookie replacement to a quiet retirement — the timeline, what survived, and why it sealed the case for server-side infrastructure.

Planted
ga4google adsanalyticsdata quality

Google’s Privacy Sandbox was a suite of browser APIs intended to replace third-party cookies for audience targeting, attribution, and auction use cases. Most of the APIs were retired in October 2025. This note covers the timeline, what survived, and the implications for tracking infrastructure.

The Timeline

Privacy Sandbox was announced in 2019 as Google’s answer to the growing consensus that third-party cookies needed to go. The plan: deprecate third-party cookies in Chrome and replace them with purpose-built APIs that preserved privacy while enabling advertising use cases.

The deprecation date slipped repeatedly. Originally planned for 2022, it was pushed to late 2023, then to the second half of 2024. Each delay came with the same framing: the industry needed more time to test and adopt the replacement APIs.

Then two announcements in 2025 ended the project in practical terms.

April 22, 2025: Google announced it would not introduce a standalone consent prompt for third-party cookies in Chrome. Instead of building a new opt-in flow, Google decided users would continue managing cookie preferences through Chrome’s existing settings menu. This was significant because it meant third-party cookies would remain enabled by default in Chrome — the deprecation that Privacy Sandbox was designed to cushion was no longer happening.

October 17, 2025: Google officially retired most Privacy Sandbox APIs. The four major APIs that were supposed to replace third-party cookie functionality were shut down:

  • Topics API — meant to replace interest-based audience targeting by classifying users into broad interest categories based on browsing history, then sharing those categories with advertisers without revealing specific sites visited
  • Attribution Reporting API — meant to replace conversion measurement by providing privacy-safe aggregate reports on which ads led to conversions, with noise added to prevent identifying individuals
  • Protected Audience API (PAAPI) — previously called FLEDGE, meant to replace remarketing and custom audience targeting by running ad auctions directly in the browser rather than on ad servers
  • Private Aggregation — meant to support privacy-preserving aggregate measurement across sites

Google cited “low levels of adoption” as the reason for retirement. The reality was more nuanced: adoption was low because the APIs imposed significant constraints on what advertisers could do compared to cookies. Topics API’s broad categories were too coarse for the precision targeting advertisers relied on. PAAPI’s in-browser auction model was architecturally complex and slow. Attribution Reporting’s privacy noise meant the signal was too degraded for granular optimization. Advertisers tested the APIs and found them insufficient for their use cases.

What Survived

Three technologies from the Privacy Sandbox umbrella were not retired:

CHIPS (Cookies Having Independent Partitioned State) — a cookie partitioning mechanism similar to Firefox’s Total Cookie Protection. CHIPS allows servers to set cookies that are partitioned per top-level site, preventing cross-site tracking while preserving same-site cookie functionality. This is useful for embedded services (chat widgets, payment forms) that need to maintain state without enabling cross-site tracking.

FedCM (Federated Credential Management) — a browser API for federated sign-in flows (like “Sign in with Google”) that works without third-party cookies. FedCM replaces the previous mechanism where identity providers used third-party cookies to maintain sign-in state across sites. It solves a real problem — federated login — but has nothing to do with advertising measurement.

Private State Tokens — an anti-fraud mechanism that lets a server issue a cryptographic token to a browser, which can later present that token on a different site to prove it was previously verified. The use case is bot detection and fraud prevention, not advertising.

None of these three technologies restore audience-level targeting or full attribution. They solve narrow, specific problems that were collateral damage of cookie deprecation plans. They are not replacements for the advertising capabilities that the retired APIs were supposed to provide.

Implications for Tracking Infrastructure

Third-party cookies remain enabled in Chrome (~67% global market share) but are restricted in Safari and Firefox. The Privacy Sandbox APIs that were intended to replace cookie-based targeting and attribution have been retired. No browser-native replacement is in development. Industry consensus has moved toward server-side infrastructure and first-party data strategies as the viable long-term path.

The Chrome Exception

Chrome’s ~67% global market share still allows traditional cross-site cookie tracking. Third-party cookies remain enabled by default, and Google has no plans to change this. For advertisers who look only at aggregate numbers, Chrome’s permissiveness makes the situation seem manageable.

But the analysis falls apart when you look at specific audience segments. Sites with significant Safari exposure (any site with meaningful mobile traffic or Apple-ecosystem users), Firefox users, and the 31.5% of internet users running ad blockers are all outside Chrome’s protection. And even Chrome users are affected when they clear cookies, use incognito mode, or switch devices.

Chrome’s continued support for third-party cookies is also not guaranteed indefinitely. Google chose not to deprecate them in 2025, but the regulatory environment — particularly in the EU — continues to push toward more restrictive cookie handling. The ePrivacy Regulation (if it ever passes) or future browser regulation could change Chrome’s behavior regardless of Google’s preferences.

The Practical Implication

The technical response to browser restrictions is server-side infrastructure: server-set first-party cookies for cookie lifetime recovery, server-side tag management for data control and ad blocker bypass, and identity resolution approaches for scenarios where cookies cannot operate.

With the Privacy Sandbox APIs retired, no browser-native replacement is available for the tracking capabilities that Safari, Firefox, and Brave have restricted. Server-side infrastructure is the architecture that works across the current browser landscape. Client-side-only tracking stacks have no pending browser update that will resolve their coverage gaps.