What is actually changing?
Until now, advertisers and marketers had two independent controls determining whether Google Ads cookies and user IDs were collected via the GA4 tag:
- 1.
Google Signals — a setting inside Google Analytics itself
- 2.
Consent Mode (specifically ad_storage) — part of the cookie banner implementation
Many organisations, particularly in Europe, had deliberately switched off Google Signals. Not by accident, but as a conscious privacy measure: an explicit choice to prevent Analytics from passing signed-in user data to the Google Ads platform.
From 15 June 2026, that role of Google Signals for advertising purposes disappears entirely. Google Signals will only govern how signed-in user data is used for behavioural reporting inside GA4 itself. Control over what flows to Google Ads moves exclusively to the ad_storage parameter in Consent Mode.
What does this mean in practice?
The situation has become binary. There is no middle ground:
ad_storage = granted → Google Ads may use all available advertising signals, including linking activity to a user’s signed-in Google account — regardless of whether Google Signals is on or off.
ad_storage = denied → Google Ads only has access to what is available via URL parameters, such as the gclid. No cookies, no user IDs.
Organisations that had switched off Google Signals as a privacy measure but had not correctly configured Consent Mode could find themselves sharing more advertising-related data after 15 June — specifically when users grant ad_storage consent via the cookie banner.
“Simplification” — or moving the levers?
Krista Seiden, founder of KS Digital and former Google Analytics Product Manager, put it plainly on LinkedIn: Google quietly removed one of the most important privacy controls advertisers had, and framed it as simplification.
Her analysis stands up to scrutiny. The critique is not that Consent Mode is a flawed mechanism — it is, after all, the European-recognised standard. The concern lies in the combination of three factors:
A deliberate control is gone. Google Signals off = advertising data not shared. That was clear, direct, and reliable. That simplicity has been removed.
- 1.
The replacement mechanism is error-prone. Consent Mode is technically complex. Many cookie banners default to ‘granted’ for ad_storage, or fire consent signals at the wrong moment. Organisations that believed their setup was compliant may discover after 15 June that they are sharing more data than intended.
- 2.
Legal responsibility remains entirely with the advertiser. Google is moving the control mechanisms to a layer that is harder to manage, while the regulatory liability — if something goes wrong — falls on the data controller. Not on Google.
Google’s own email acknowledges this indirectly: organisations are given 90 days to update their privacy disclosures. But if nothing meaningful were changing about how user data is handled, why would disclosures need updating?
The GDPR dimension: additional concern for EU organisations
For Dutch and other European organisations, additional layers of complexity apply. National data protection authorities have already taken multiple enforcement actions related to Google Analytics. The GDPR places full liability with the data controller — the organisation running the website — not with Google as a processor.
Concretely: if your Consent Mode implementation sets ad_storage to ‘granted’ by default, without explicit user interaction, you may be collecting data you are not legally entitled to. And the accountability is yours.
At the same time, Google’s own documentation warns that setting ad_storage to ‘denied’ will significantly impact advertising measurement and conversion tracking, and will hinder campaign performance. The choice is framed as: share more data with Google, or accept degraded campaign results. There is little room for a nuanced middle path.
What should digital marketers do now?
This is not a theoretical discussion. 15 June 2026 is approaching quickly. Concrete steps to take:
Audit your Consent Mode implementation. Verify that all four parameters are correctly configured: ad_storage, ad_user_data, ad_personalization, and analytics_storage. Test whether your cookie banner fires the correct gtag('consent', 'default', {...}) and gtag('consent', 'update', {...}) signals at the right moments.
Check your CMP’s default settings. Many Consent Management Platforms default to ‘granted’ for advertising parameters. Verify this reflects what users actually choose and what your privacy statement communicates.
Brief your legal and compliance teams. If your organisation operates in a regulated sector — healthcare, finance, public sector, education — they need to know about this. Not next month. Now.
Establish a baseline. Document how your reports and conversion data look before 15 June, so you can interpret any changes after the transition.
Consider the broader strategic question. This is another moment to evaluate whether dependency on Google’s ecosystem for both analytics and advertising aligns with your organisation’s privacy ambitions. European alternatives such as Piwik PRO offer more direct control — not as a political statement, but as a practical risk management measure under GDPR.
Conclusion: technical simplification, strategic complexity
Google’s change is, technically speaking, a simplification of overlapping settings. That part is accurate. But the effect — less direct control for advertisers, greater dependence on a correctly configured consent layer that many organisations have not implemented properly — is not simpler. It is riskier.
Seiden’s question is the right one to ask: who actually benefits from this simplification? For Google, whose advertising business depends on maximising data flows, Consent Mode as the sole control layer is preferable to an explicit ‘Signals off’ switch that cuts everything. For advertisers — and especially for European organisations carrying GDPR liability — the situation has not become simpler. It has become more consequential.
Interested in privacy-first analytics and the transition to European tools? Get in touch.