Google to publishers: Sandbox alternatives aim for user privacy, advertising relevance

By Shelley Seale


Austin, Texas, USA


Google updated INMA members Thursday on the emerging alternatives to third-party cookies in the advertising ecosystem, sharing the balancing act between user privacy and delivering relevant advertising.

Chetna Bindra, group product manager of user trust and privacy at Google, discussed with 363 INMA members from 46 countries relevance and privacy, how global Web standards might impact remarketing, and a preliminary timeline for implementing Privacy Sandbox recommendations that feature interest-based targeting to user cohorts. 

363 INMA members from 46 countries joined Thursday's Webinar.
363 INMA members from 46 countries joined Thursday's Webinar.

During the presentation followed by questions, Bindra provided an overview of the Privacy Sandbox and updates on the development of this initiative which will have a profound impact on the digital advertising ecosystem:

  • Relevance and privacy:Citing privacy concerns of users, Google is proposing new technologies that aim at delivering relevant ads and allowing publishers to monetise content, while preserving users’ privacy.

  • Global standards: Google hopes its ideas will be accepted as global Web standards by industry bodies, such as the World Wide Web Consortium, and its proposals evolve following the feedback, for example, regarding how remarketing might work.

  • Timeline: The development is in the early testing stage, with five technologies available for developer testing as of March, including interest-based targeting to cohorts of users (FLoCs). Google expects technologies will be ready for experimentation and testing in Chrome browsers in 2021.

In the Smart Data Initiative Meet-Up for INMA members, 52% of the attendees said they were very reliant on third-party data. Around one-third reported being moderately reliant on it, with only 3% saying they were not at all reliant on third-party cookies.

Some 24% of publishers surveyed Thursday feel well-prepared for the demise of third-party cookies, while others feel moderately (55%) or not prepared (13%).

INMA Researcher-in-Residence Greg Piechota asked INMA attendees how far along they are in their planning for working without third-party cookies. Here are their responses.
INMA Researcher-in-Residence Greg Piechota asked INMA attendees how far along they are in their planning for working without third-party cookies. Here are their responses.

Google’s announcement that it plans to stop using technologies that identify individual Web users and track them as they browse across multiple Web sites due to privacy concerns signals a profound change in the digital advertising ecosystem.

As an alternative, Google has promised to develop a new set of technologies called the Privacy Sandbox initiative. In a nutshell, they cluster users based on interests and target ads in a browser on the user’s device, keeping individuals anonymous to advertisers. 

“I think the reliance on third-party cookies is well-established,” Bindra said. “I do hope, however, as an ecosystem one does get to the point of being more and more prepared for this change.”

Building a more private Web

In helping INMA members to better understand these privacy changes and the impact to their businesses, Bindra began by going over the current state of privacy and advertising.

“User’s expectations have evolved, and as the Web is constructed today does not feel like it is meeting the changing expectations from a user perspective, as well as from a regulatory perspective,” she said. For example:

  • 43% of Web users do not believe they can effectively protect their personal data.

  • 59% are not confident their privacy is protected by companies online.

“This is really the motivation for the work here: how does the Web continue to evolve to begin to meet users’ expectations, and really ensure that we are protecting their personal data?” Bindra asked. 

One of the challenges has been the way in which data has been collected and users have been tracked across the Web. Users are tracked as they move from site to site, and profiles are built up about them.

Chetna Bindra, group product manager of user trust and privacy at Google, shared details of the company's Privacy Sandbox with INMA members.
Chetna Bindra, group product manager of user trust and privacy at Google, shared details of the company's Privacy Sandbox with INMA members.

“That really is the focus of this primary initiative,” Bindra explained. “Is there a way to move away from this level of widespread tracking of users across the Web?”

Today’s Web relies on technologies not built for privacy

Several technologies that today’s Internet relies on have inherent privacy concerns:

  • Third-party cookies: Files stored in the user’s browser that can be used to recognise them as they visit sites across the Web.

  • Covert tracking: Combining pieces of data (including fingerprinting) about the user’s browser and device to uniquely identify and profile them.

“There are certainly a number of other tracking mechanisms as well,” Bindra said. “As one looks towards evolving the Web towards a privacy-first state, the key question has been, how does one do that while ensuring that the Web does not lose the critical capabilities?”

Specifically, publishers must be able to monetise their content, she said. Critical capabilities that need to be retained include:

  • Ability to deliver relevant advertising and content to users.

  • Ability to measure and attribute engagement to sites and campaigns.

  • Ability to differentiate real users from bots and fraudsters.

  • Ability to provide the best experience for a user’s device, location, etc.

“The goal here has been, how does one ensure that one is protecting users’ data — but also ensuring that there is access to the free and open Web that, as of today, is supported through advertising on publishers’ sites,” Bindra said.

The Privacy Sandbox initiative

“The vision of the Privacy Sandbox, and our path forward for a healthy Web is really anchored on ensuring that there are technology innovations that we are investing in across the ecosystem, to ensure user privacy by default,” Bindra explained. It also needs to support a sustainable Web ecosystem.

Google believes it is possible to have both at the same time, but that requires a large amount of technical innovation as well as collaboration.

The Privacy Sandbox initiative was announced in 2019 with goals to:

  • Develop new privacy-preserving technologies.

  • Phase out third-party cookies.

  • Continue to combat covert tracking.

This requires a collaborative and responsible approach to provide:

  • Advance notice with regular updates to the community.

  • A public process for incubating and testing new solutions.

  • Continuous engagement with industry and regulators.

“This does require a fairly large evolution of the infrastructure that exists today,” Bindra said.

The term “sandbox” was coined as the engineering term for a protected environment. The core principle is that users’ information should be protected from opaque collection and cross-site tracking on the Web. 

A recording of the Webinar is available on for INMA members.
A recording of the Webinar is available on for INMA members.

Bindra shared that so far, more than 30 privacy-preserving proposals have been offered by Chrome and others, and more than 400 participants have been involved in the World Wide Web Consortium’s (W3C) business and community groups. 

“There are a large number of use cases that are being discussed very actively through a variety of different proposals outside Chrome,” she said. 

As of March 2021, five solutions were available to test, from interest-based targeting to cohorts (FLoCs)  to trust tokens.

She shared the process of how these Privacy Sandbox proposals evolve, from idea incubation, through prototype and experiment, to launch, and finally adopting and scaling the solution.

“It’s important to see this evolution and to communicate that there is a lot of engagement possible and encouraged very much in the early stages, within the incubation phase,” Bindra said. “That can really help drive a lot of the dialogue as well as the comfort, where companies can begin to engage in and evaluate how these APIs might work and how they might be able to support them.”

Key Google’s proposals for the Privacy Sandbox

Bindra shared the key proposals and where they currently are in the process. INMA members can refer to the public resources of W3C groups for more ecosystem proposal

In 2021, she said Google is expecting a fairly large amount of experimentation and feedback on the proposed solutions. 

“Different companies might engage differently, but it really is encouraged to lean in where possible,” Bindra said.

She added that many companies have reached out to ask what the best ways to participate and prepare are, and she shared some ideas for that:

  • Identify your use cases that are (or might be) impacted.

  • For each, understand your role as implementer or a customer.

    • Implementer: evaluate solution, provide input, and decide when to test.

    • Customer: ask your vendors about their plans and advocate for your needs.

  • Regardless of your role, join the public dialogue.

  • Monitor Chrome communication channels for progress updates.

The changing digital ads ecosystem

Next, Bindra moved to discussing how digital advertising is transforming and how the Privacy Sandbox impacts this.

“I think the critical aspect here is that there is a state of transition,” Bindra said. “From an ads perspective, this really does require a fairly significant investment if one is to move towards a Web that is going to stand the test of time, and move towards a new set of technologies that can support a wide variety of use cases.”

The Privacy Sandbox aims to improve user privacy and support the ad-funded Web by developing alternative, purpose-built APIs designed to protect user privacy by default. Examples of new APIs currently in development include FLoC, FLEDGE, trust tokens, event-level reporting, and aggregate reporting.

Bindra went into more detail on one of these APIs, FLoC.

FLoC enables a privacy-preserving way to support interest-based advertising targeting. The browser generates cohorts of users with similar browsing histories, and advertisers can select ads for this group without recognising individuals within it. Privacy is attained by only revealing the cohort ID, and not individual IDs.

There is going to be a lot more testing of FLoC, but Bindra said the early results are encouraging. Testing found that FLoC achieves at least 95% of the conversions-per-dollar when compared to cookie-based advertising for specific use cases of interest based advertising.

“Google ad products are also leaning in to understand these proposals, to begin to test and figure out what might be the way to integrate with these APIs,” Bindra said. “We really are all-in believing that these privacy-preserving APIs are something that can work as we look forward to something that can sustain over the next decade or so.”

APIs will be used to power infrastructure and support many existing features, and this may not look like the typical beta process for Google Ads customers. There may be cases where dedicated beta testing is specific to API-based features, and in other cases Google will transition from using cookies to APIs to support use cases such as fraud prevention.

Bindra shared a few details on other APIs in the works.

Pressing issues

During the question and answer period at the end of the meet-up, Bindra clarified some issues for INMA members, including:

  1. The Privacy Sandbox technologies are currently being tested with ad tech developers in the United States and a few other countries. Asked about the delays in testing in Europe, Bindra said Google was committed to make the new technologies work globally.

  1. Once third-party cookies are disabled, Google ad buying products will be offering advertising to cohorts based on the Privacy Sandbox APIs or publishers’ audiences built on their first-party data. In these products, Google won’t support any replacement for third-party cookies, such as Unified ID or other identifiers promoted by Google’s competitors in ad tech.

  1. On the other hand, Google’s products for publishers, such as Ad Manager, will support other monetisation methods including, for example, publishers passing encrypted identities to buyers. This means that publishers could use Google’s tech stack to target ads using the third-party cookies alternatives, but only for the part of the programmatic demand offered outside Google ad buying products.

  1. Having said that, when asked about an opinion about third-party cookies’ alternatives that try to preserve user tracking across the Web, Bindra reiterated that Google believed these solutions were not going to meet the rising user privacy expectations, and they wouldn’t stand up to “rapidly evolving regulatory restrictions.” 

Charting a course towards a more privacy-first Web

There is no change or immediate impact to any existing product today. After third-party cookies, these privacy-preserving APIs will be the primary means to deliver and measure ads across the Web in Google Ads products.

“We are going to be focused on testing and launching these APIs within our products, as well as supporting both publishers and advertisers in leveraging their own first-party data — both within these APIs and outside these APIs, and within Google Ads products as well,” Bindra said.

If you’d like to subscribe to my bi-weekly newsletter, INMA members can do so here.

About Shelley Seale

By continuing to browse or by clicking “ACCEPT,” you agree to the storing of cookies on your device to enhance your site experience. To learn more about how we use cookies, please see our privacy policy.