Google’s Privacy Sandbox – What Should You Expect?

What’s Going On?

If you haven’t already read our previous article outlining Apple’s latest iOS 14 announcement and the subsequent impact Facebook advertisers are bracing for, we recommend you check it out here.

In terms of impact, Google – for the time being – won’t be placed in as fragile of a position as social media apps, such as Facebook and LinkedIn. They’ve noted that when Apple’s ATT (App Tracking Transparency) policy rolls out, any information forbidden by the policy will be excluded from the small portion of their apps that are currently using it. Because of this, there will be no reason to show the ATT opt-in prompt that other apps will need to show. Or at least, that’s Google’s logic (Facebook made the same attempt and was forced to renounce the claim).

With this said, Google isn’t exempt from web data-loss, and has been vocal about their expectation that the small glimpse of push for data privacy is actually a foreshadowing of a new advertiser/consumer ecosystem we’ll see in the future. Because of this, Google has taken a somewhat more proactive approach to iOS 14’s murky tidal wave – and has been working to position itself as a primary leader in supporting consumers’ momentum towards a more secure and transparent internet experience.

Google: The Digital Mediator?

Earlier last year, Google introduced plans for their new Privacy Sandbox – the first step in Google’s journey to replacing third-party cookies with other machine-learned identifiers, such as common interest groups, by 2022. 

Google refers to these common groups efforts as the Federated Learning of Cohorts, or FLoC, whereby users are grouped together by ‘online behavior’, and the behaviors of groups – not of individuals – are studied and targeted. If you’re curious about the meaning of the phrase ‘online behavior’, you may read more here, but in short, the thinking is that the cohort – or group – is dynamically assigned to the user by the browser, and is formed from machine learning of that user’s behavior. A Javascript API allows only this value to be passed back to websites (see example below), without revealing other personal information belonging to the user.

In recent tests of the new product, Google has determined that – on average – advertisers would be seeing “at least 95% of the conversions per dollar spent when compared to cookie-based advertising” (Ads and Commerce Blog). And, FLoC isn’t the only technology being developed in Google’s Privacy Sandbox; the proposed plan consists of other middle-of-the-road solutions designed to retain advertisers’ capabilities while appeasing internet users’ increasing demand for online privacy. Other aspects of Privacy Sandbox consist of technologies like FLEDGE – or First ‘Locally-Executed Decision over Groups’ Experiment – a developing attempt at a “Bring your own Server” model, new conversion event tracking that isn’t reliant on cookies, but on machine-learned patterns and cumulative group data, an improved method of testing for fraudulent traffic without invasive tracking, and more.

But despite their attempt to strike a fair middle ground between consumers and advertiser, neither side is completely sold on Google’s integrity with the move. Already, a handful of antitrust lawsuits and investigations have been waged against the platform, with the overwhelming concern being that the notion of  “privacy” could be a red-herring, and Google’s primary motive could be to manipulate advertisers into shifting more ad dollars into the channel.

What’s Next?

Many of the above Privacy Sandbox technologies are still being developed, tested, and/or awaiting community feedback. However, if you’re interested in testing these developments yourself, instructions for application can be found here.


Aside from that, we can confidently say we don’t know what’s next. Privacy Sandbox is still in development and awaiting feedback from critics, supporters, and legal alike. If you’d like to stay on top of the latest, it’s probably best to follow us for weekly updates (wink wink!)

The Bottom Line

Google’s decision to pursue and invest in privacy-first technologies should be a flag to all of us – advertisers, developers, brands and consumers alike – that the web ecosystem as we knew it is changing, and rapidly. But, the question is: can we make the outcome of this conflict non-zero-sum?

The Prisoner’s Dilemma is a popular game theory in which two prisoners are given the option to betray the other in exchange for their own freedom and a long sentence for the betrayed, or to stay silent where – if collectively neither betray the other – the sum of prison time is less than the longer sentence in the above scenario. 

In other words, there is an incentive for each party to act in self-interest, despite the fact that in helping oneself, the total harm done across parties increases – in the case of the Prisoner’s Dilemma, this is the total prison years sentenced.

A similar approach can be considered in the war on internet privacy – if the outcome completely favors either side, the entire infrastructure crumbles. Without proper targeting, ad dollars dry up, sites become gated and non-free. Without a sense of security, consumers stop using platforms, and audiences diminish leaving granular targeting virtually useless.

An equilibrium is needed to preserve the total interest of all parties. But a true equilibrium; not one that is feigned for self-profit. And what do we do when a majority have mistrust in an involved party?

Want to see more updates from us? Subscribe to our newsletter below. [newsletter_form]

Privacy Policy for UK & EU

Privacy Policy for UK & EU (Website)

Effective Date: 12/05/2023

This Privacy Policy governs the manner in which RTMUK Ltd. collects, uses, maintains, and discloses information collected from users (hereinafter referred to as “User” or “Users”) of the realtimeagency.com website (hereinafter referred to as “Website”). This Privacy Policy applies to the Website and all products and services offered by RTMUK Ltd.

  1. Personal Data Collection

1.1. Data Controller: RTMUK Ltd. is the data controller responsible for the collection, processing, and storage of personal data.

1.2. Types of Personal Data: We may collect personal identification information from Users in various ways, including but not limited to when Users visit our Website, register on the Website, subscribe to our newsletter, fill out a form, or interact with other activities, services, features, or resources we make available on our Website. The personal data we collect may include, but is not limited to, the following:

  • Name
  • Email address
  • Mailing address
  • Phone number
  • IP address
  • Browser information
  • Other information voluntarily provided by the User

1.3. Purpose of Data Collection: We collect and process personal data for the following purposes:

  • To personalize user experience
  • To improve customer service
  • To send periodic emails (e.g., newsletters, updates)
  • To process transactions or respond to inquiries
  • To comply with legal obligations

1.4. Legal Basis for Processing: We rely on the following legal bases for processing personal data:

  • The processing is necessary for the performance of a contract with the User.
  • The processing is necessary for compliance with a legal obligation to which we are subject.
  • The processing is based on the User’s consent.
  • The processing is necessary for the legitimate interests pursued by us or a third party.

    2. Data Retention and Security

2.1. Data Retention: We will retain personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

2.2. Data Security: We implement appropriate data collection, storage, and processing practices, as well as security measures, to protect against unauthorized access, alteration, disclosure, or destruction of personal data and other information stored on our Website.

3. Data Disclosure and Sharing

3.1. Third-Party Service Providers: We may engage trusted third-party service providers to assist us in operating our Website or conducting our business activities. These third parties may have access to personal data solely for performing specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

3.2. Legal Compliance: We may disclose personal data to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4.User Rights

4.1. Right to Access: Users have the right to request access to their personal data processed by us.

4.2. Right to Rectification: Users have the right to request the correction of inaccurate or incomplete personal data.

4.3. Right to Erasure: Users have the right to request the deletion of personal data under certain circumstances.

4.4. Right to Object: Users have the right to object to the processing of personal data in certain situations.

4.5. Right to Restriction of Processing: Users have the right to request the restriction of processing of personal data in certain circumstances.

4.6. Right to Data Portability: Users have the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used, and machine-readable format.

5. Cookies and Tracking Technologies

5.1. Cookies: Our Website may use cookies and similar tracking technologies to enhance User experience and provide personalized services. Cookies are small text files stored on the User’s device that enable us to recognize their browser and capture certain information. Users may choose to set their web browser to refuse cookies or to alert them when cookies are being sent. However, note that some parts of the Website may not function properly if cookies are disabled.

5.2. Tracking Technologies: In addition to cookies, we may use other tracking technologies such as web beacons, tags, and scripts to collect and track information about Users’ interactions with the Website. These technologies may be used for analytics, targeted advertising, and measuring the effectiveness of our marketing campaigns.

6. Third-Party Websites

6.1. External Links: The Website may contain links to external websites that are not operated by us. We have no control over the content and practices of these websites and are not responsible for their privacy policies or practices. Users should exercise caution and review the privacy policies applicable to those external websites.

7. Children’s Privacy

7.1. Age Limitations: The Website is not intended for use by children under the age of 16. We do not knowingly collect personal data from children without obtaining parental consent. If you believe that we may have collected personal data from a child without parental consent, please contact us, and we will promptly take steps to remove such information from our records.

8. Changes to this Privacy Policy

8.1. Policy Updates: We reserve the right to update or modify this Privacy Policy at any time without prior notice. Users are encouraged to check this page periodically for any changes. The revised policy will be effective immediately upon posting on this page.

9. Contact Us

9.1. If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at [email protected]

Privacy Policy For US

Privacy Policy for the United States (Website)

Effective Date: 12/05/2023

This Privacy Policy governs the manner in which RTMUK Ltd. collects, uses, maintains, and discloses information collected from users (hereinafter referred to as “User” or “Users”) of the realtimeagency.com website (hereinafter referred to as “Website”). This Privacy Policy applies to the Website and all products and services offered by RTMUK Ltd..

  1. Personal Information Collection

1.1. Types of Personal Information: We may collect personal identification information from Users in various ways, including but not limited to when Users visit our Website, register on the Website, subscribe to our newsletter, fill out a form, or interact with other activities, services, features, or resources we make available on our Website. The personal information we collect may include, but is not limited to, the following:

  • Name

  • Email address

  • Mailing address

  • Phone number

  • IP address

  • Browser information

  • Other information voluntarily provided by the User

1.2. Purpose of Personal Information Collection: We collect and process personal information for the following purposes:

  • To personalize user experience

  • To improve customer service

  • To send periodic emails (e.g., newsletters, updates)

  • To process transactions or respond to inquiries

  • To comply with legal obligations

1.3. Collection of Non-Personal Information: We may also collect non-personal information about Users when they interact with our Website. This information is not personally identifiable and may include technical information about the User’s device, such as the type of browser used, operating system, and the referring website.

  1. Information Sharing and Disclosure

2.1. Third-Party Service Providers: We may engage trusted third-party service providers to assist us in operating our Website or conducting our business activities. These third parties may have access to personal information solely for performing specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

2.2. Legal Compliance: We may disclose personal information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

  1. California Consumer Privacy Act (CCPA)

3.1. Rights of California Residents: If you are a California resident, you have specific rights regarding your personal information under the CCPA. These rights include:

  • The right to know what personal information is collected, used, disclosed, or sold

  • The right to request deletion of personal information

  • The right to opt-out of the sale of personal information

  • The right to non-discrimination for exercising CCPA rights

3.2. Exercising Your CCPA Rights: To exercise your CCPA rights or obtain more information about our data practices, please contact us using the information provided in the “Contact Us” section below.

  1. Children’s Online Privacy Protection Act (COPPA)

4.1. Children’s Personal Information: We do not knowingly collect personal information from children under the age of 13 without obtaining verifiable parental consent. If you believe that we may have collected personal information from a child under 13 without parental consent, please contact us, and we will promptly take steps to remove such information from our records.

  1. Data Security

5.1. Data Security Measures: We implement appropriate data collection, storage, and processing practices, as well as security measures, to protect against unauthorized access, alteration, disclosure, or destruction of personal information and other data stored on our Website.

  1. Changes to this Privacy Policy

6.1. Policy Updates: We reserve the right to update or modify this Privacy Policy at any time without prior notice. Users are encouraged to check this page periodically for any changes. The revised policy will be effective immediately upon
posting on this page.

  1. Contact Us

7.1. If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at [email protected].

Please note that the provided Privacy Policy templates serve as a starting point and should be reviewed and customized to accurately reflect your business practices, applicable laws, and any specific requirements. It is crucial to consult legal professionals to ensure compliance with US privacy laws, including the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA).