Practical Tools & Insights for Data-Driven Marketers

Practical Tools & Insights for Data-Driven Marketers

Digital security and privacy concept representing browser cookie policies
Privacy

Google Abandons Privacy Sandbox: Third-Party Cookies Survive in Chrome as Six-Year Initiative Ends

Elena Rodriguez

Google officially retired its Privacy Sandbox initiative in October 2025, ending a six-year effort to replace third-party cookies with privacy-preserving alternatives. Third-party cookies remain active in Chrome with no deprecation timeline, leaving marketers in a fragmented browser landscape where Safari and Firefox block cookies by default while Chrome does not.

The Privacy Sandbox Timeline: Promise to Abandonment

Google first announced the Privacy Sandbox concept in August 2019, framing it as a way to build a more private web while preserving ad-funded content. By January 2020, the company committed to eliminating third-party cookies in Chrome within two years. That two-year window stretched into six, punctuated by repeated delays and shifting goalposts.

The full timeline reveals a pattern of diminishing ambition:

  • August 2019: Google publishes initial Privacy Sandbox vision, inviting ad tech companies to join the W3C Improving Web Advertising Business Group
  • January 2020: Official commitment to phase out third-party cookies by 2022
  • 2020-2022: Google publishes multiple API proposals, including Topics, Protected Audience (formerly FLEDGE), and Attribution Reporting. Industry testing begins
  • 2021: Timeline pushed to late 2023, then 2024, citing insufficient industry readiness
  • September 2023: Google announces general availability of the majority of Privacy Sandbox APIs
  • January 2024: Chrome restricts third-party cookies for 1% of users (roughly 30 million people) as a controlled test
  • July 2024: Google abandons full cookie deprecation, pivots to a user-choice model with an in-browser consent prompt
  • April 2025: Google drops the user-choice prompt entirely, reverting to existing cookie controls. The announcement came five days after a federal judge ruled Google an illegal monopoly in its ad tech antitrust case
  • October 2025: Google formally retires 10 Privacy Sandbox APIs, ending the initiative

“We have made the decision to maintain our current approach to offering users third-party cookie choice in Chrome and will not be rolling out a new standalone prompt for third-party cookies.”

— Anthony Chavez, VP of Privacy Sandbox, Google

Why Privacy Sandbox Failed

Google cited “low levels of adoption” for retiring the remaining Sandbox APIs, but the reasons behind that low adoption tell a more complex story. The initiative faced resistance from regulators, advertisers, publishers, and privacy advocates—sometimes for contradictory reasons.

Challenge Impact
Regulatory scrutiny UK CMA and ICO raised antitrust concerns, arguing Privacy Sandbox gave Google a competitive advantage by restricting third-party tracking while retaining its own data capabilities
Industry resistance 66% of marketers cited tracking difficulties in testing; 57% reported decreased ad effectiveness compared to cookie-based targeting
DOJ antitrust case The April 2025 reversal came five days after Google was judged a monopoly in its ad tech case, raising questions about whether continued cookie changes would worsen antitrust exposure
Technical limitations Topics API covered only 470 interest categories—far fewer than the thousands of segments available through cookie-based targeting. Protected Audience added latency and complexity to real-time bidding
Publisher revenue fears Early testing indicated potential revenue drops of 20-60% for publishers reliant on programmatic advertising without cookie-based audience data

James Rosewell, co-founder of Movement for an Open Web, summarized the industry sentiment: “This is an admission by Google that the Privacy Sandbox project is all but over.”

The UK CMA, which had overseen Google’s Privacy Sandbox commitments since 2022, launched a consultation in June 2025 to release Google from those commitments. Despite all 15 respondents opposing the release, the CMA concluded the commitments were no longer necessary given Google’s decision to retain third-party cookies.

See also  OpenAI Deploys Age Prediction Model: ChatGPT Now Identifies Minors Through Behavioral Analysis

Which APIs Survived and Which Were Retired

Not every Privacy Sandbox technology met the same fate. Google drew a clear line between APIs that gained cross-browser adoption and those that did not.

Retired APIs (10 total):

  • Topics API (Chrome and Android) — interest-based advertising replacement
  • Protected Audience (Chrome and Android, formerly FLEDGE) — on-device ad auctions
  • Attribution Reporting API (Chrome and Android) — conversion measurement
  • Private Aggregation (including Shared Storage) — aggregate data reporting
  • IP Protection — IP address masking
  • Protected App Signals — Android app-level targeting
  • Related Website Sets (including requestStorageAccessFor) — cross-site cookie access
  • SelectURL — URL selection without cross-site tracking
  • SDK Runtime — Android SDK isolation
  • On-Device Personalization — local ad personalization

Surviving APIs:

  • CHIPS (Cookies Having Independent Partitioned State) — partitioned cookies that limit cross-site tracking while enabling essential functionality like embedded widgets. Adopted by Safari, Firefox, and Edge
  • FedCM (Federated Credential Management) — streamlines federated identity flows without relying on third-party cookies. Supported across multiple browsers
  • Private State Tokens — anti-fraud mechanism replacing CAPTCHAs with cryptographic tokens

Google also indicated it would continue working on an interoperable attribution standard through the W3C’s Private Advertising Technology Working Group, though no timeline or specification has been published.

How Other Browsers Handle Third-Party Cookies

Chrome’s decision to keep third-party cookies puts it increasingly out of step with the broader browser ecosystem. Every major competitor has already implemented some form of third-party cookie restriction.

Browser Third-Party Cookies Tracking Prevention Global Market Share
Chrome Enabled by default None by default ~65%
Safari Blocked by default Intelligent Tracking Prevention (ITP), blocks all cross-site tracking cookies since 2020 ~18%
Firefox Blocked by default Enhanced Tracking Protection (ETP), blocks known trackers using Disconnect lists ~3%
Edge Partially blocked Balanced mode blocks trackers from unvisited sites; allows first-party context cookies ~5%
Brave Blocked by default Blocks all trackers and fingerprinting by default; supports Global Privacy Control ~1%

Apple’s Safari was the first major browser to restrict third-party cookies, introducing Intelligent Tracking Prevention (ITP) in 2017 and progressively tightening it. By March 2020, Safari blocked all third-party cookies by default. Firefox followed with Enhanced Tracking Protection, using Disconnect’s tracker lists to block known tracking domains.

Microsoft Edge takes a middle path with its three-tier Tracking Prevention system. The default “Balanced” mode blocks trackers from sites users have not visited, but notably exempts Microsoft’s own tracking services even in “Strict” mode—a detail that has drawn criticism from privacy researchers.

The practical result: approximately 35% of US web traffic already operates in a cookieless environment. For marketers, that percentage is growing as Safari and Firefox users trend toward higher-income demographics in several markets. Building strategies that depend on Chrome’s cookie support means ignoring a substantial and often high-value audience segment.

The Current Browser Landscape for Marketers

The fragmented cookie landscape creates a two-track reality. Campaigns that rely on third-party cookies reach roughly two-thirds of users through Chrome and Edge, while the remaining third—Safari, Firefox, and Brave users—receive degraded targeting or no cookie-based tracking at all.

With 34.9% of US browsers already blocking third-party cookies by default, the “cookieless future” exists for a significant portion of web traffic regardless of Chrome’s policies. Amazon DSP’s Privacy Sandbox integration, launched before Google’s reversal, now operates in a different context than originally intended.

Cookieless Alternatives Gaining Ground

Even with third-party cookies surviving in Chrome, the ad tech industry has not stopped developing alternatives. Several approaches have matured significantly during the Privacy Sandbox era.

See also  Plausible vs Umami vs GoatCounter: Privacy-First Analytics Compared for 2026

Contextual advertising has seen a resurgence. Studies from 2025 show contextual ads match cookie-based behavioral targeting within 5-8% on click-through rates and conversion quality. The global contextual advertising market reached approximately $225 billion in 2025, with projected growth at 11.2% CAGR through 2030.

Server-side tracking has emerged as a practical solution for measurement gaps. Google Tag Manager’s server-side containers send events directly from advertiser servers to ad platforms, bypassing browser-level restrictions and ad blockers. Early adopters report recovering 15-30% of conversion signals that browser-side tracking misses.

Data clean rooms have matured rapidly. In 2025, WPP acquired data collaboration startup InfoSum to strengthen privacy-safe data sharing between advertisers and publishers. Clean rooms allow multiple parties to match and analyze customer data without exchanging raw records—a model that works regardless of cookie availability.

First-party data platforms continue expanding. Customer data platforms (CDPs) from vendors like Segment, mParticle, and Bloomreach normalize data across touchpoints, building unified identity graphs that reduce dependence on third-party cookies entirely.

First-Party Data Remains the Strategic Priority

Google’s decision does not eliminate the need for privacy-forward strategies. Twenty US states now enforce comprehensive privacy laws, and GDPR enforcement has reached €5.88 billion in cumulative fines. Consumer expectations continue shifting toward data protection, as evidenced by the surge in privacy-first analytics adoption.

“First-party and earned data strategies are still critical. Even though third-party cookies persist for now, building your organization’s capabilities around first-party and zero-party data remains the best long-term play.”

— OneTrust Privacy Research

Key statistics support this approach:

  • 62% of brand marketers say first-party data will become more important over the next two years
  • Organizations leveraging first-party data achieve 2.9x better customer retention
  • First-party strategies deliver 1.5x higher marketing ROI compared to third-party cookie-dependent approaches
  • 47% of the open internet is already unreachable via third-party cookies due to browser restrictions

What Marketers Should Do Now

The Privacy Sandbox collapse clarifies one thing: relying on platform-level privacy solutions is risky. Marketers who invested heavily in Sandbox preparation—described by critics as “endless millions of hours and dollars wasted”—learned this lesson expensively.

The pragmatic path forward includes:

  1. Build first-party data infrastructure independent of browser policies. Invest in CDPs, consent management platforms, and progressive profiling through email signups, loyalty programs, and on-site behavior tracking
  2. Implement server-side tracking to reduce reliance on client-side cookies. Server-side Google Tag Manager deployments recover lost conversion data and operate regardless of browser cookie policies
  3. Adopt contextual targeting as a complement to behavioral approaches. Contextual ads now perform within single-digit percentages of cookie-based targeting on key metrics
  4. Explore data clean rooms for privacy-safe audience collaboration with publishers and partners
  5. Diversify measurement approaches using multiple attribution models, including media mix modeling and incrementality testing that do not depend on user-level tracking
  6. Monitor regulatory developments as privacy laws continue expanding globally. The EU, UK, and 20 US states now enforce comprehensive data protection rules that constrain cookie usage independently of browser settings

Chrome’s cookies survive for now, but the broader trajectory toward privacy-centric marketing has not changed. Privacy-first analytics tools like Matomo and Fathom Analytics continue gaining adoption among organizations that want measurement without third-party cookie dependence. The question is whether marketers use this reprieve to prepare—or to delay the inevitable transition.

Elena Rodriguez

Elena Rodriguez

Elena Rodriguez is a privacy and compliance expert with 10 years of experience in data protection law and digital ethics. She has worked as a privacy consultant for government bodies and advised enterprise clients on GDPR implementation. Elena holds a law degree and a certification in Information Privacy (CIPP/E). She covers privacy regulations, cookie consent, and alternative analytics solutions that respect user privacy.

© 2026 Inimino. All rights reserved.