The Privacy Sandbox News
Working Together to Build a More Private Internet
Apr 06, 2023
I've spent the last several months leading product management
for the Privacy Sandbox — a set of technologies designed
to both enhance user privacy and ensure a free and vibrant
The opportunity to connect with people from across the industry on how we navigate the transition to a more private internet has been inspiring. The energy and innovation from organizations who are leaning into this challenge has been impressive, and I encourage more to join them as the deadline approaches for phasing out third-party cookies in Chrome next year.
Hearing different perspectives on the best path forward has been invaluable. An open and healthy dialogue is essential to advancing progress, and I want to thank everyone who has shared feedback — including criticisms —about Privacy Sandbox. We may not agree on all points, but having a collective discussion and debate is important.
To that end, I wanted to share four core tenets that I believe we must strive for as an industry, and share how these guide our Privacy Sandbox efforts. Consider this an open letter to everyone who wants to help build a more private internet.
1) Privacy and access to information should be universal
People are increasingly concerned about their privacy online,
especially how their activities are tracked across sites and
apps for digital advertising. Some major platforms have
attempted to address these privacy concerns with changes that
disrupt how the internet works today, and which make it harder
for publishers to support their businesses through digital
advertising. Such changes risk turning broad access to quality
online content from “free” to “fee.”
Without effective ads, content will migrate behind paywalls or
disappear altogether, disenfranchising billions of people who
rely on this information in their daily lives.
We believe that free content – whether it’s news, a how-to-guide, or a fun video – should be available for everyone, regardless of their income, location, or any other factor. At the same time, people should have the assurance that information about their online activities is protected.
As an industry, we must transition to new, more private solutions that don’t rely on cross-site tracking and provide publishers and marketers with the capabilities they need to succeed online. We believe that consumer platforms – browsers and mobile operating systems – have a responsibility to support this transition by building new tools for the ecosystem. That’s why we’re developing the Privacy Sandbox and launching these technologies in Chrome and Android.
The stakes are high. If we fail to take decisive action, we risk reducing access to information for all users of the Internet. I’m gratified that many companies are rallying to tackle this challenge. By continuing to work together across industry, I’m confident we will create an internet that is more private for everyone, without compromising their access to information.
2) Viable alternatives are a prerequisite for real and durable privacy
Improving user privacy requires building privacy-preserving
alternatives that support the critical needs of the digital
ecosystem. Some browsers and operating systems have attempted to
improve privacy by restricting existing user identifiers, like
third-party cookies, without having such alternatives in place.
This approach not only hurts content creators and marketers
– it also backfires on protecting people’s
When platforms have attempted these blunt approaches to improve privacy, researchers have noted that more covert forms of cross-site tracking have proliferated. Tracking and profiling users with techniques like browser fingerprinting or identifiers based on user PII (such as email addresses) means less privacy, control, and transparency. This is a bad outcome for users and the internet as a whole.
Advancing privacy while continuing to support an open internet is a difficult task. It requires technology innovation to build new, privacy-preserving solutions that support the needs of marketers and publishers. It’s a mistake to think that simply restricting one form of tracking won’t lead to others that are even worse for user privacy.
3) Solutions need to provide technical protections for privacy
Providing information about how data is being used, and controls
to manage that usage, are important steps in addressing people's
concerns about online privacy. However, this isn’t
sufficient on its own to address the challenge of limiting
cross-site user tracking. We believe that users shouldn’t
have to understand complicated data usage policies across
different sites and apps to keep their activities private.
Instead we need to provide users with online experiences that
are “private-by-default,” based on solutions that
provide technical privacy guarantees.
Unlike many existing solutions, the Privacy Sandbox APIs don’t rely on user-level tracking identifiers. These APIs protect privacy using technical privacy-preserving approaches, like data aggregation, data noising, and processing sensitive data on-device or in trusted cloud execution environments. Because of this, the Privacy Sandbox APIs improve privacy significantly over third-party cookies and other cross-site tracking techniques, like fingerprinting and PII-based identifiers. And they provide a durable foundation that the ecosystem can build on, further strengthening data protections and industry capabilities over time.
We have heard criticisms of the Privacy Sandbox designs coming from two opposing points of view. Some suggest that the Privacy Sandbox APIs are insufficiently private and should restrict data usage further than they already do. Others push back on the Privacy Sandbox for not replicating the tracking capabilities of cross-party identifiers. We respectfully disagree with both of these viewpoints, because they don’t recognize the need for balanced solutions that both advance user privacy and support a healthy ecosystem. We’ll continue to remain open to concrete, practical proposals that address both of these requirements, because they’re essential to make real progress on privacy and maintain open access to information for everyone.
4) Solutions must be built in the open, in partnership with the industry
Transitioning the internet to more private solutions is a big,
collective undertaking – one that requires participation
from organizations across the ecosystem. Changes should be
discussed and debated openly – whether those are
introducing new technologies or phasing out existing ones
– so that everyone is aware and can provide feedback.
For Privacy Sandbox, we’ve made it a priority to provide clear visibility into our proposals and plans, with multiple channels for ecosystem feedback. This process includes active participation in industry forums like the W3C, which includes platform and browser companies who’ve chosen to take a different approach to privacy and supporting the open internet. It's worth noting that in several cases, those companies have made disruptive changes without following a comparable process for public consultation and feedback.
Further to work carried out by the UK’s Competition and Markets Authority, we have entered into a set of Commitments also involving the Information Commissioner's Office, to ensure that our platform changes take into account privacy outcomes and potential impacts on competition, publishers, advertisers and user choice. We maintain an open communication channel with governments in many countries around the world to inform our approach.
I want to thank everyone who has shared feedback on Privacy Sandbox. Your input has played a key role in making the Privacy Sandbox APIs better for users and businesses. For example, last year we introduced Topics, based on feedback we received about our earlier FLoC proposal. We did the same when we expanded on TURTLEDOVE to create FLEDGE, based on productive conversations with the ecosystem.
As we’ve developed Privacy Sandbox, we’ve heard from many organizations who support our approach and agree that the industry needs new technologies that both advance privacy and support the open internet.
"Delivering greater privacy for consumers online is a fundamental priority for the digital ad industry and, by extension, the long-term sustainability of the open web. This is no simple task. Questions such as how advertisers ensure relevant targeting, avoid bombardment, and measure effectiveness are all prevalent. Solving them is reliant on our ability to collaborate and - by engaging with cross-industry efforts to test, interrogate and feedback on proposed solutions - all IAB members have a hugely important role to play in establishing what’s working and where more work is needed. We value how Google is working with the wider ecosystem on this via Privacy Sandbox.”
I am optimistic about that future that we’re building
together. Yes, change is hard – especially when
transitioning from technologies that we’ve relied on for
decades. And yes, not everyone will agree on such a contentious,
complex, and important subject. And while we strive to build
alignment, we’ll continue to move forward – because
the history of technology has shown that progress can’t
always wait on consensus.
In 2023, we’ll make Privacy Sandbox available to more users and work with the industry to test and adopt these new technologies at a greater scale than ever. And in 2024, we’ll be ready to phase out third-party cookies in Chrome. Along the way we’ll continue to welcome collaboration, dialogue, and debate as we work together to build a more private internet.