Eight months prior to Google’s announcement of killing the third party cookie they quietly released the Privacy Sandbox. One might imagine a sandbox as a playpen to explore and build solutions to privacy on the web. Like a sandbox there might different tools to test and, like a sand castle, anything you build can be changed and rebuilt.
The reality is that the Privacy Sandbox is just the project name for a bunch of (admittedly very interesting) blog posts, nothing more. There are no tools, no test data, nothing to build with. It is merely a bad name for an exciting project to rebuild adtech without cookies. Each link below will lead you to my analysis of a project, or the actual project if I haven’t done an analysis yet.
Misnomer or not, the sandbox project states three goals:
- Replacing functionality lost by removing the third party cookie
- Deciding how to responsibly remove the cookies
- Mitigating workarounds like fingerprinting
Replacing functionality lost by removing the third party cookie
The primary goal of the sandbox is effectively rebuilding the majority of the adtech ecosystem. Within this goal Google has proposed (and opened for discussion) the following ideas.
- Ad Targeting
- Combating Spam and Fraud: Trust Tokens API
- Conversion Tracking and Measurement:
- Federated Login:
Deciding how to responsibly remove the cookies
Google initially set the goal of deprecating the cookie before 2022. They’ve wavered on whether that date will hold though and likely it will depend on whether solutions are created and actually adopted by stakeholders by that date.
- Separating First and Third Party Cookies: Requirement to label third party cookies
- Creating First-Party Sets
- Removing third party cookies
Google doesn’t want to make this significant change only for adtech vendors to build workarounds. This goal seems relatively innocuous but raises very serious questions about Google’s potential to use Chrome to completely kill competitors like Liveramp. Liveramp built a universal identifier by having users sign up with their email address, and then joining that email with existing cookie and offline data. By definition this directly conflicts with Google’s goals: “we will aggressively combat the current techniques for non-cookie based cross-site tracking such as fingerprinting, cache inspection, link decoration, network tracking and Personally Identifying Information (PII) joins”
- Cache inspection
- Navigation tracking
- Network Level tracking
Given the name sandbox, most adtech companies hoped Google had built a playground to test and explore cookie replacements. We have something entirely different, but equally as interesting.