What Google actually retired
On October 17, 2025, Google announced it would retire most Privacy Sandbox technologies, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, and Shared Storage, citing low adoption and regulatory pressure. A smaller set of features survives: CHIPS (partitioned cookies), FedCM (federated sign-in), and Private State Tokens for fraud reduction. The six-year effort to build a single, Chrome-led replacement for third-party cookies is over. Google has moved away from the Privacy Sandbox branding while saying it will keep working on web privacy through other means.
Third-party cookies stay, for now
Earlier, on April 22, 2025, Google confirmed it would not deprecate third-party cookies in Chrome and would not add a standalone consent prompt for them. Users continue to manage cookies through Chrome's existing privacy settings, so there is no forced cutoff date. The deprecation timeline had slipped repeatedly since 2022 before being cancelled outright. In practice this means cookies remain available, but they are not a stable foundation given user opt-outs, Safari and Firefox restrictions, and ad blockers.
The June 15, 2026 Consent Mode change
As of June 15, 2026, Google Ads no longer reads Google Analytics or Google Signals settings to decide how data is used; it relies only on the consent signals your CMP sends through Consent Mode. The Google Signals control in GA4 now governs only the association of Analytics data with signed-in users for behavioral reporting, removing what previously acted as a secondary backstop. If ad_storage is granted, Google Ads can use cookies and identifiers; if denied, it cannot, with no middle layer. Businesses should treat this as a reason to audit how their consent banner maps to the ad_storage and analytics_storage signals.
Why measurement stays fragmented
With no single replacement standard, performance data now comes from several partial sources stitched together. When consent is denied, Consent Mode sends cookieless pings and GA4 uses behavioral modeling to estimate conversions that cannot be observed directly. Server-side tagging moves collection to a first-party server, which extends first-party cookie lifespans on Safari and reduces loss from browser limits and blockers. The result is a blend of observed events, modeled signals, and server-side data rather than one clean, deterministic view.
What to do about it
Audit your Consent Mode setup before assuming Google Ads still inherits Analytics behavior, because that link is now severed. Build first-party data collection and consider server-side tagging to recover signal that browser-side tracking loses. Treat modeled conversions as estimates and document where numbers are observed versus modeled so stakeholders read reports correctly. For EU and California audiences, review consent and disclosure language, since the data-flow change can carry GDPR and CCPA implications.
Key takeaways
- Google retired most Privacy Sandbox APIs on October 17, 2025, keeping only CHIPS, FedCM, and Private State Tokens, and abandoned a Chrome-led cookie replacement.
- Third-party cookies remain in Chrome with no removal date after the April 22, 2025 reversal, but they are an unstable base given opt-outs and other browsers' restrictions.
- Since June 15, 2026, Google Ads relies solely on Consent Mode signals and no longer reads Google Analytics or Google Signals settings, so consent setups need an audit.
- Measurement is now a blend of observed events, modeled conversions, and server-side data, so first-party data and clear observed-versus-modeled reporting matter more than chasing one standard.