Content
Stay up to date on the latest happenings in digital marketing
Shall we raise a glass in memory of the privacy-focused attribution solution that never really launched? RIP Privacy Sandbox: we never really got the chance to know you.
And RIP Privacy Sandbox: you were a solution that the adtech ecosystem has just moved past.
But you were a lot of work:
- We were getting teased for initial launch dates back in November 2022
- We ramped up testing in August 2023
- We had a live integration in early 2024
- We launched a simulator so you’d see what kind of data you’d get from Privacy Sandbox in July of that year
- We started doing beta tests with customers in August.
Now, that’s all gone.
In an announcement on the Privacy Sandbox website, Google VP Anthony Chavez posted this today:
“We’ve decided to retire the following Privacy Sandbox technologies: Attribution Reporting API (Chrome and Android), IP Protection, On-Device Personalization, Private Aggregation (including Shared Storage), Protected Audience (Chrome and Android), Protected App Signals, Related Website Sets (including requestStorageAccessFor and Related Website Partition), SelectURL, SDK Runtime and Topics (Chrome and Android).”
In slightly fewer words, RIP Privacy Sandbox.
What Privacy Sandbox wanted to be
In 2018, Apple launched SKAdNetwork, and no-one really noticed.
Until WWDC 2020, of course, when Apple announced App Tracking Transparency and elevated SKAdNetwork as the new standard for privacy-centric attribution on iOS.
But there had been some noise in the ecosystem about it, and it was on point with the privacy-sensitive, GDPR-aware, tracking-is-bad ethos. So in 2019, Google leaned into a framing of marketing measurement it hoped would satisfy everyone: kill the dangerous parts of tracking while building privacy‑preserving alternatives so that publishers, advertisers, and platforms can still thrive.
The idea: avoid a world where privacy kills the business model of free content on the internet. And the business model of advertising-led app growth.
On the web that meant replacing third‑party cookies with APIs like Topics, FLEDGE, and Attribution Reporting. On Android that meant eliminating device IDs … the GAID (Google Advertising ID), enabling on‑device interest signals and audience building, and re-inventing attribution via privacy-safe APIs.
It was ambitious. It was messy.
It was a larger revolution from a marketing measurement perspective than SKAdNetwork, it broke more, and it required even more technological change.
RIP Privacy Sandbox: doomed from the start?
But from the start, Privacy Sandbox also had massive internal tensions between utility and privacy, between Google’s interests and ecosystem fairness, between timelines and engineering complexity, and between advertisers, ad networks, and privacy advocates.
For some, it didn’t go far enough.
For others, it degraded measurement too much.
But ultimately, the world just kinda moved on from the perceived need for Privacy Sandbox. Somehow, we’ve sort of evolved beyond the assumptions that made it seem urgent in the first place.
In 2020, privacy felt existential. SKAdNetwork dropped hard, and GDPR/CCPA heat was rising. Now, privacy still matters, and transparency is key, along with consumer choice, but the heat has been dialed back just a few notches.
Regulators haven’t dropped a bomb, consumers haven’t revolted en masse, and marketers have mostly adapted using the tools they already had: probabilistic models, first-party data strategies, data clean rooms, and MMPs.
It might sound a bit self-serving, but MMPs are a big part of the story here. As a trusted and audited third party, major platforms give MMPs like Singular deeper access to their marketing data, which we can then share with advertisers at an aggregated level under specific privacy-related conditions.
Also, it’s just hard to change the world.
Apple owns iOS, owns the iPhone and iPad platforms, owns the App Store, and makes all the ecosystem software. And yet SKAN/AAK is not the default and only measurement methodology on iOS. Google doesn’t own Android in the same way — much of it is open source — and most Android devices are made by third parties who may or may not follow Google’s software and advertising lead. How then can Google enforce a massive conversion to Privacy Sandbox on mobile, never mind the open web?
The result: RIP Privacy Sandbox.
Why Privacy Sandbox is being retired, in the Blade Runner sense of the word
As always, there’s a bunch of reasons:
- Too big a leap, too fast
Replacing fundamental pieces of ad infrastructure (cookies, identifiers, retargeting, measurement) at scale is brutal. Noise (data uncertainty) and limited granularity made ROI, attribution, and optimization harder. - Ecosystem drag and cost
Small to medium ad tech players struggled under the burden of re‑engineering their tech stacks. Some simply lacked the resources. Meanwhile, bigger players didn’t necessarily see a win for them in re-architecting everything. - Regulatory and antitrust pressure
Privacy Sandbox always carried a whiff of conflict: Google replacing a somewhat neutral pipe with one where it created and to some extent controls the APIs. Regulators like the CMA in the UK kept a wary eye. - Demand side pushback
Advertisers and marketers were burned by past “cookie apocalypse” deadlines. Many were slow to adopt sandbox APIs or test aggressively, waiting for more clarity or stability.
All in, it was a massive change. And it just ended up being too much.
Unified measurement from multiple signals is still the way forward
We’ve said it many times: you need multiple data sources to triangulate truth in our complex and messy era of marketing measurement.
Arguably, the result is better than relying on a single identifier, even 1 as good as the GAID, and last-click measurement.
Because ultimately, you want to know what’s incremental, not what got the credit, and a richer, deeper, more nuanced understanding of marketing measurement from multiple angles and sources delivers exactly that.
And thankfully, the big platforms have stepped up and are delivering more data — via trusted MMPs like Singular — to ensure we have more touchpoints to build reliable attribution.
RIP Privacy Sandbox
RIP Privacy Sandbox: you never really made it out of the cradle.
You were conceived with fanfare, delayed repeatedly, reshaped under pressure, and ultimately unceremoniously retired.
Maybe your ideas will live on … mutated, rebranded, resurfaced under new acronyms and frameworks. The tension between privacy and performance isn’t going anywhere, after all.
But in the end, complexity alone doesn’t win. Utility does.
And for now, the industry has spoken.
RIP Privacy Sandbox!
