Privacy & Regulation

Google Privacy Sandbox: Topics API & Attribution Guide

Google's Privacy Sandbox replaces third-party cookie capabilities with browser-based APIs. Here is how Topics, Attribution Reporting, and Protected Audience work.

AdTech Beat 6 min read
Google Privacy Sandbox Explained: Topics API, Attribution Reporting, and More

Key Takeaways

  • Processing moves to the browser — Privacy Sandbox APIs move data processing from ad tech servers to the user's browser, preventing cross-site tracking while maintaining advertising functionality.
  • Three APIs cover core ad use cases — Topics API handles interest-based targeting, Protected Audience enables remarketing, and Attribution Reporting provides conversion measurement, each with privacy-preserving constraints.
  • Adoption requires engineering investment — The APIs introduce fundamentally new concepts with different data structures and reporting models, requiring significant integration work from advertisers and ad tech platforms.

Google's Privacy Sandbox is a collection of technologies designed to support core advertising use cases, including interest-based targeting, remarketing, and conversion measurement, without relying on third-party cookies or cross-site tracking. As the Chrome browser implements restrictions on third-party cookies, these APIs represent Google's proposed alternative for maintaining a functional advertising ecosystem while improving user privacy.

What Is the Privacy Sandbox?

The Privacy Sandbox is an umbrella initiative launched by Google in 2019 with the goal of developing web standards that enable advertising functionality while protecting user privacy. Rather than allowing third-party companies to track individuals across the web, the Privacy Sandbox moves data processing to the user's browser. The browser itself becomes the platform that enables advertising, replacing the server-side tracking infrastructure that third-party cookies supported.

The initiative encompasses multiple APIs, each addressing a specific advertising use case. These APIs have gone through extensive public development, with input from the W3C (World Wide Web Consortium), advertisers, publishers, ad tech companies, and privacy advocates. While originally tied to a specific timeline for cookie deprecation, the APIs are now available in Chrome for adoption alongside existing cookie-based approaches.

Topics API: Interest-Based Targeting

The Topics API replaces the interest-based targeting that third-party cookies enabled. Instead of ad tech companies building interest profiles by tracking users across websites, the browser itself determines the user's interests based on their browsing activity.

How Topics Works

The browser observes the websites a user visits and maps them to a taxonomy of approximately 470 interest topics, such as "Fitness," "Travel," and "Cooking." Each week, the browser selects the user's top five topics based on their browsing. When a user visits a website that calls the Topics API, the API returns up to three topics: one from each of the three most recent weeks. One of the returned topics is randomly selected and replaced with a random topic from the taxonomy to add noise and protect privacy.

Crucially, topics are calculated entirely on the user's device. No browsing history is sent to Google or any other external server. Users can view and delete their topics and disable the feature entirely through Chrome settings.

Implications for Advertisers

Topics provides a much coarser signal than cookie-based interest targeting. With only 470 categories and weekly granularity, advertisers cannot achieve the precise behavioral segments that cookies enabled. However, Topics offers a privacy-preserving alternative that covers a significant portion of Chrome users, including those who previously had no targeting signal because they cleared cookies or used browser extensions to block tracking.

Protected Audience API: Remarketing and Custom Audiences

The Protected Audience API (formerly known as FLEDGE) enables remarketing and custom audience targeting without cross-site tracking. It allows advertisers to show ads to users who have previously visited their website or taken specific actions, a capability that was entirely dependent on third-party cookies.

How Protected Audience Works

When a user visits an advertiser's website, the advertiser can ask the browser to add the user to an interest group, essentially a remarketing list that lives in the browser rather than on an ad tech server. Each interest group has associated bidding logic and ad creatives.

Later, when the user visits a publisher's website and an ad auction occurs, the browser runs an on-device auction that includes bids from the user's interest groups alongside bids from contextual advertisers. The auction happens within a sandboxed environment in the browser, preventing the interest group data from being exposed to the publisher, the ad exchange, or other third parties.

Key Design Principles

  • On-device processing: Interest group membership, bidding, and auction logic all execute within the browser, preventing data leakage
  • Limited reporting: To prevent micro-targeting, reporting is aggregated and noised rather than provided at the individual impression level
  • User control: Users can view and leave interest groups through browser settings
  • Time limits: Interest group membership expires after 30 days unless renewed, preventing indefinite tracking

Attribution Reporting API: Conversion Measurement

The Attribution Reporting API provides privacy-preserving conversion measurement, allowing advertisers to understand which ads drive conversions without tracking individual users across sites.

Event-Level Reports

Event-level reports connect individual ad interactions (clicks or views) to conversions but with limited conversion-side data. For click-through attribution, advertisers receive a conversion signal with up to three bits of conversion data (eight possible values) after a randomized delay. For view-through attribution, even less data is available. The limited data and delayed reporting prevent advertisers from identifying individual users based on conversion patterns.

Summary Reports

Summary reports provide aggregate data about campaign performance. Advertisers define the dimensions and metrics they want to measure, such as conversions by campaign, geography, and product category. The browser collects encrypted reports from individual users and sends them to an aggregation service that combines the data and adds calibrated noise before returning results. This approach provides useful aggregate insights while mathematically guaranteeing that individual user contributions cannot be extracted.

Practical Considerations

The Attribution Reporting API supports multi-touch attribution through a priority system that allows advertisers to control which conversion sources receive credit. However, the privacy constraints, including limited conversion data, randomized delays, and aggregated noisy reporting, mean that the granularity available is significantly less than what cookie-based pixels currently provide.

Private Aggregation API

The Private Aggregation API enables ad tech providers to create aggregate reports from cross-site data without exposing individual-level information. This API works in conjunction with other Privacy Sandbox APIs to provide aggregated measurement capabilities such as reach counting, frequency distribution analysis, and campaign-level performance reporting.

Fenced Frames

Fenced Frames are a new HTML element designed to embed content on a page without allowing the embedding page to access the embedded content's data, and vice versa. In the context of advertising, fenced frames render ads selected by the Protected Audience API while preventing the publisher's page from learning which interest group the user belongs to. This architectural boundary is essential for maintaining the privacy guarantees of the on-device auction system.

Industry Adoption and Challenges

Privacy Sandbox adoption has been gradual. Several factors contribute to the measured pace:

  • Complexity: The APIs introduce fundamentally new concepts and require significant engineering investment to integrate
  • Performance uncertainty: Early testing has shown mixed results, with some advertisers reporting comparable performance to cookie-based approaches and others seeing significant drops in targeting precision and measurement accuracy
  • Cross-browser support: Privacy Sandbox APIs are Chrome-specific. Safari and Firefox have implemented their own privacy measures but have not adopted Google's APIs, creating fragmentation
  • Competitive concerns: Some industry participants worry that Privacy Sandbox strengthens Google's position as an intermediary by making the browser the gatekeeper of advertising functionality

What Advertisers Should Do Now

Regardless of the timeline for full cookie deprecation, advertisers should begin testing Privacy Sandbox APIs alongside their existing approaches. Running parallel measurement using both cookie-based and Privacy Sandbox attribution helps calibrate expectations and identify gaps. Working with DSP and ad tech partners to ensure their platforms support the new APIs is essential. And building first-party data strategies that complement Privacy Sandbox capabilities will position advertisers for a future where browser-based privacy controls are the norm rather than the exception.

Written by
AdTech Beat Editorial Team

Curated insights, explainers, and analysis from the editorial team.

#google-chrome #privacy-sandbox #topics-api #attribution-reporting #cookieless
More in Privacy & Regulation →

Worth sharing?

Get the best AdTech stories of the week in your inbox — no noise, no spam.

Related Stories

📬

Stay in the loop

The week's most important stories from AdTech Beat, delivered once a week.

No spam. Unsubscribe any time.