Don't Miss Garden Party - Media & Advertising's Summer Celebration, July 12th: Buy Tickets

Chrome’s Privacy Sandbox Timeline Highlights the 13 Proposals Google Thinks Will Replace Cookies

26 July, 2021 

Over the weekend, Google quietly released a new timeline for releases from Privacy Sandbox, its open-source effort to design privacy conscious replacements for third-party cookies.

And while the timeline’s release has been somewhat unheralded, it’s certainly significant. The timetable not only gives a clearer picture of when Google hopes each piece of the sandbox will be released, but also highlights which proposals Google currently expects will make it through to full release. The thirteen APIs showcased might well represent the future of digital advertising.

Google breaks the APIs down into four categories, based on what they’ll be used for:

  • Fight spam and fraud on the web
    – Trust Tokens API
  • Show relevant content and ads
    – FLoC
    – FLEDGE
  • Measure digital ads
    – Core Attribution API
    – Attribution Reporting API with aggregate reports
    – Cross-Environment Attribution API
    – Aggregation Service Reference
  • Strengthen cross-site boundaries
    – First-Party Sets API
    – Shared Storage API
    – Storage Partition
    – Fenced Frames API
    – Network State Partitioning

A clearer timeline

Last month, when Google announced it was pushing back its ultimate deadline for killing off third-party cookies in Chrome, the exact timeline was quite vague. Google said that it would start encouraging publishers and the advertising industry to migrate to Privacy Sandbox API in “late 2022”, and that it would begin phasing out third-party cookies in “mid 2023”.

The new timeline gives much more clarity. Each of Google’s four categories has been given its own set of deadlines for different stages of development.

One thing these timelines make clear is that although the ultimate deadline for removing third-party cookies is some way off, the discussion period for proposed APIs to be debated on GitHub and in W3C forums is nearly over. For the ‘fighting spam and fraud on the web’ category, the discussion period has already finished. For the other three categories, it will finish at the end of Q3 this year – in just over two months.

Once the discussion period is over, APIs enter a full testing phase. APIs may undergo experimental ‘origin trials’ before they’re fully fleshed out, to help guide their development. But during the testing phase, the expectation is that all of an API’s features and use cases are available for developers to test. APIs might still be tweaked during this testing period. But the expectation is that these tweaks will refine tools, rather than fundamentally re-write them.

For most proposals, this testing period will stretch from Q4 this year through to the end of Q2 next year. After this, Google expects that APIs will be ready for adoption, and will be fully launched in Chrome.

The chosen ones

What’s perhaps even more significant than the timetables themselves is the APIs which are featured.

Google says that this isn’t necessarily a definitive list of all the Privacy Sandbox tools which will eventually come to fruition. But they are the ones which Google is placing most faith in right now. And while Google hasn’t ruled out making new additions, it seems unlikely we’ll see any major changes given the tight timelines. Most of the proposed tools are expected to be fully fleshed out and ready for comprehensive testing by the start of October. The likelihood of a new API being proposed, discussed, and ready for testing in that time frame is very low.

The thirteen APIs listed, therefore, are the leading contenders for fully replacing third-party cookies in Chrome in 2023.

In the ‘showing relevant content and ads’ category, only two are listed: FLoC and FLEDGE.

The FLoC API, which handles ad personalisation based on users’ browsing habits, was released for trials earlier this year. Feedback has been decidedly mixed. Some in the industry have complained that the proposal doesn’t really protect user privacy, or even claimed that it violates existing privacy laws like Europe’s General Data Protection Regulation (GDPR).

When Google announced the delay last month, some took this as a sign that Google would scrap FLoC and use the extra time to deliver an alternative. But in Google’s current timeline, it’s only one of two APIs which manage ad targeting. The other, FLEDGE, specifically handles retargeting, and isn’t an alternative to FLoC. Despite the concerns, it seems Google is moving full steam ahead with FLoC.

Lukasz Wlodarczyk, director of inventory at ad tech company RTB House, expects that Google will release a reworked version of FLoC in the near future. “This new version is expected to address both private and public feedback that Google received from multiple sources, such as an extensive privacy analysis of FLoC from Mozilla,” he said.

The other major category of note for the advertising industry is ‘measuring digital ads’, where four APIs are listed: Core Attribution API, Attribution Reporting API with aggregate reports, Cross-Environment Attribution API, and Aggregation Service Reference.

As VideoWeek has previously reported, some in the industry have expressed concerns that there’s still a lot of work to do on post-cookie measurement. And measurement proposals have generally received a lot less coverage than their targeting counterparts.

This timeline gives the clearest indication yet of which measurement APIs Google expects will be used in the future. And as stated above, the discussion period for these proposals ends in just over two months. For anyone confused or concerned about how measurement will work in the post-cookie world, now is the time to read up on these proposals and get involved in the ongoing discussions.


About the Author:

Tim Cross is Assistant Editor at VideoWeek.
Go to Top