In 2019, Google announced it would phase out third-party cookies from Chrome within two years. The rationale was framed in the language of user rights: tracking cookies are invasive, opaque, and overdue for retirement. The replacement would be the Privacy Sandbox — a suite of browser-based APIs that Google said would enable interest-based advertising without exposing individuals to cross-site surveillance.
The flagship was the Topics API. Instead of third-party scripts following you across dozens of sites, Chrome itself would classify your browsing into broad interest buckets — "sports," "travel," "finance" — and share those labels with advertisers on request. The taxonomy contained only 470 categories, deliberately blunt by design. Google positioned this as privacy by architecture: advertisers get signal, users get anonymity, and the tracking-industrial complex gets reformed from within.
The timeline slipped — 2021 became 2022, then 2023, then 2024, then 2025. Each delay was attributed to "ecosystem feedback" and "regulatory review." The delays were, in hindsight, a signal about whether the whole endeavor was ever intended to land.
The technical and civil-liberties critique of Topics was sharp and consistent. The W3C Technical Architecture Group concluded that the proposed API "fails to protect users from unwanted tracking and profiling" and "maintains the status quo of inappropriate surveillance on the web." That wasn't a fringe take — it came from the standards body that governs web platform development.
Apple warned that Topics could compound the fingerprinting problem by introducing new, fingerprintable APIs — meaning that even if Topics didn't track you directly, it could make it easier for other trackers to build a unique identifier from the combination of signals it exposed.
The EFF went further. The foundation had long warned about the dangers of the real-time bidding (RTB) system powering nearly every ad served online, and saw Topics not as a cure but as a repackaging — moving the surveillance function from third-party cookies into the browser engine itself, which Google also controls. Replacing cookies you can block with a browser-native API you can't is not obviously a privacy upgrade.
Topics wasn't even Google's first attempt. The initiative's predecessor, Federated Learning of Cohorts (FLoC), was revamped into Topics after criticism about its ability to protect privacy — making Topics API the second iteration of an idea that had already been publicly rejected once. Same goal, new name.
On October 17, 2025, Google officially announced the end of the Privacy Sandbox. The company retired 10 APIs in one stroke: Topics, Protected Audience (formerly FLEDGE), Attribution Reporting, IP Protection, and six others — across both Chrome and Android. Six years of development. Industry-wide investment in adapting to the new stack. Gone.
The stated reason was low adoption. In early 2025, only around 32% of programmatic buyers reported actually using Sandbox APIs in campaigns. The ad tech industry, despite years of preparation, had collectively shrugged. Ad industry leaders had long been wary of letting Google control even more of the data infrastructure — adopting Topics would have meant trusting Google's browser to mediate the entire interest-classification layer of digital advertising, on top of everything else Google already mediates.
The practical outcome: on April 22, 2025, Google announced it would not introduce a separate consent prompt for third-party cookies in Chrome, and that users would continue managing their preferences through existing Chrome settings. The cookies that were supposedly being replaced were never actually deprecated. The "reform" ended with the status quo intact.
The Chrome/cookie debate drew most of the attention, but Android's data collection deserves equal scrutiny. When enabled, Android devices contribute to Google Location History, which logs places visited over time — including everyday stops such as shops, workplaces, and parks — creating a timeline of movements inside apps like Google Maps. Search history, app usage, YouTube activity, and location data all feed into an advertising profile.
The stakes of that location data go well beyond targeted ads. Location data can reveal whether someone visited an abortion clinic, how long they stayed, and where they obtained follow-up care — or whether someone drove another person across state lines to receive abortion care. EPIC has argued in federal court that Google has failed to adequately limit collection of this category of data.
Across its full surface area — Analytics, Search, YouTube, Chrome, Android, Maps, and advertising networks — Google collects behavioral data from approximately 92% of internet users. The Privacy Sandbox was never going to touch most of that. It addressed one narrow vector (third-party cookies in Chrome) while leaving the rest of the data collection infrastructure completely undisturbed.
The Privacy Sandbox didn't exist in a regulatory vacuum. A central tension throughout its development was the UK Competition and Markets Authority's concern that retiring third-party cookies while promoting Google's own replacement APIs would entrench Google's advertising dominance further — handing Google control over both the demand side (ads) and the infrastructure side (the API layer).
Several respondents to the CMA's review expressed concern that ongoing Privacy Sandbox development could still lead to anti-competitive behavior if Google reversed course. The CMA ultimately assessed that Google's decision not to deprecate third-party cookies or introduce user prompts significantly mitigated the original concerns.
Meanwhile, the DOJ's parallel antitrust action concluded in September 2025. Judge Mehta ruled that Google would not be required to divest Chrome or Android, but could no longer include Search in exclusive distribution contracts, and would be required to share certain search index data. Google's core data infrastructure — the browser, the mobile OS, the ad auction engine — remained intact and under unified control.
The Privacy Sandbox story is a clean case study in what researchers call privacy theater: visible, branded action on a narrow surface that produces the impression of reform without restructuring the underlying business. Google's advertising revenue depends on knowing what people are interested in, where they go, what they buy, and what they're likely to do next. No product decision that threatened the accuracy of that signal at scale was ever going to ship.
The tells were there throughout:
As Proton's post-mortem put it: "Google makes far too much money from the status quo to ever do anything meaningful to protect people." That's blunt, but the timeline bears it out.
Given that third-party cookies persist in Chrome and the Privacy Sandbox is gone, the practical options haven't changed — but they're worth stating clearly: