What Google actually retired
On October 17, 2025, Google announced it would retire most Privacy Sandbox technologies, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, and Shared Storage, citing low adoption and regulatory pressure. A smaller set of features survives: CHIPS (partitioned cookies), FedCM (federated sign-in), and Private State Tokens for fraud reduction. The six-year effort to build a single, Chrome-led replacement for third-party cookies is over. Google has moved away from the Privacy Sandbox branding while saying it will keep working on web privacy through other means.
Third-party cookies stay, for now
Earlier, on July 22, 2024, Google confirmed it would not deprecate third-party cookies in Chrome, and on April 22, 2025 it added that it would not introduce a standalone consent prompt for them. Users continue to manage cookies through Chrome's existing privacy settings, so there is no forced cutoff date. The deprecation timeline had slipped repeatedly since 2022 before being cancelled outright. In practice this means cookies remain available, but they are not a stable foundation given user opt-outs, Safari and Firefox restrictions, and ad blockers.
The six-year effort to build a single, Chrome-led replacement for third-party cookies is over, and measurement now runs on modeled signals and server-side data rather than one tidy standard.
The June 15, 2026 Consent Mode change
As of June 15, 2026, Google Ads no longer reads Google Analytics or Google Signals settings to decide how data is used; it relies only on the consent signals your CMP sends through Consent Mode. The Google Signals control in GA4 now governs only the association of Analytics data with signed-in users for behavioral reporting, removing what previously acted as a secondary backstop. If ad_storage is granted, Google Ads can use cookies and identifiers; if denied, it cannot, with no middle layer. Businesses should treat this as a reason to audit how their consent banner maps to all four Consent Mode v2 signals: ad_storage and analytics_storage, which govern cookie and identifier storage, plus ad_user_data and ad_personalization, which govern whether data may be sent to Google for ads and used for personalization.
Why measurement stays fragmented
With no single replacement standard, performance data now comes from several partial sources stitched together. When consent is denied, advanced Consent Mode sends cookieless pings and GA4 uses behavioral modeling to estimate conversions that cannot be observed directly; in basic Consent Mode the tags are blocked entirely until consent is granted, so no pings are sent. Server-side tagging moves collection to a first-party server, which can help extend first-party cookie lifespans and reduce loss from browser limits and blockers when implemented as a true first-party endpoint, though Safari ITP, CNAME classification, and consent requirements still apply. The result is a blend of observed events, modeled signals, and server-side data rather than one clean, deterministic view.
What to do about it
Audit your Consent Mode setup before assuming Google Ads still inherits Analytics behavior, because that link is now severed. Build first-party data collection and consider server-side tagging to recover signal that browser-side tracking loses. Treat modeled conversions as estimates and document where numbers are observed versus modeled so stakeholders read reports correctly. For EU and California audiences, review consent and disclosure language, since the data-flow change can carry GDPR and CCPA implications.
Key takeaways
- Google retired most Privacy Sandbox APIs on October 17, 2025, keeping only CHIPS, FedCM, and Private State Tokens, and abandoned a Chrome-led cookie replacement.
- Third-party cookies remain in Chrome with no removal date after Google's July 22, 2024 reversal, but they are an unstable base given opt-outs and other browsers' restrictions.
- Since June 15, 2026, Google Ads relies solely on Consent Mode signals and no longer reads Google Analytics or Google Signals settings, so consent setups need an audit.
- Measurement is now a blend of observed events, modeled conversions, and server-side data, so first-party data and clear observed-versus-modeled reporting matter more than chasing one standard.