To start, Google is looking at techniques that would only show that you're a member of a group with specific ad tastes (say, laptops and polka) until it's clear "thousands" of others are in that mix. It also wants to implement a "privacy budget" that only allows sites to make data requests only so long as a user belongs to a sufficiently large group -- after that, they're blocked. Google and Apple are also exploring how to track ad conversions (that is, clicks that lead to sales) without allowing cross-site tracking. Google also hopes that methods for preventing ad fraud can also benefit from privacy-oriented systems like CloudFlare's potential PrivacyPass standard.
As with other open standards, Privacy Sandbox will only be effective if there's reasonable uptake. Just ask Google how challenging it is to play VP9 video on some devices. However, Google reckons there's good reasons to embrace its approach. Privacy is a mounting concern for many companies, but blocking cookies isn't really a fix -- it limits the ability to deliver relevant ads, and tempts sites to profile people through more invasive means (such as fingerprinting). In theory, a balance like this could keep the ad-supported web thriving without leading users or regulators to take drastic measures.