All Blog Posts

Google Signals Changed: What It Means for Your Consent Setup

Close
Read time
4 mins
Published
Jun 23, 2026
Share

  • Google's June 2026 update means ad_storage alone now determines whether advertising data from your GA4 tag reaches Google Ads if the account is linked
  • If your website has no Consent Mode, or uses incorrect default states, advertising data may be processed without valid visitor consent
  • Google Signals still controls enriched reporting within Google Analytics, which has not changed.
  • Three configuration scenarios carry different risk profiles; knowing which applies to you is the starting point.
  • Website owners may need to update privacy disclosures as well as tag configuration.

On June 15, 2026, Google decoupled Google Signals from the advertising data flow into Google Ads, making Consent Mode ad_storage the only signal that matters for ad-related data. For website owners and DPOs in EMEA, the change raises immediate questions about GDPR exposure. This article explains the three risk scenarios and the configuration steps to address them.

If that signal is not correctly configured on your website, your visitors' data may be reaching Google Ads without their consent. That is a compliance problem, not a configuration nuisance.

What Google Changed and Why It Matters

The June 2026 update changes which settings control where your advertising data goes, and removes the ambiguity that existed when two controls shared that responsibility. Understanding the old and new architecture is the starting point for assessing what, if anything, you need to change.

Before June 15, 2026

Previously, two settings jointly governed whether Google Ads cookies and IDs from your Google Analytics tag and Firebase SDK were used in Google Ads: the Google Signals toggle in GA4, and your Consent Mode ad_storage signal. Both had to be considered.

After June 15, 2026

The two have been separated. Each destination now has its own exclusive control:

  • Google Analytics is now governed solely by the Google Signals setting
  • Google Ads is now governed solely by Consent Mode ad_storage

For website owners, the practical takeaway is this: ad_storage is now the only thing standing between your visitors' data and Google Ads. If it is not configured correctly, no other setting will compensate.

What Has Not Changed

Standard analytics collection continues to be governed by analytics_storage. Other Consent Mode signals — ad_user_data and ad_personalization — are unaffected. 

Google Signals continues to provide richer reporting (demographics and interests) within Google Analytics, for users signed into Google who have Ads Personalization enabled.

Under the GDPR, the processing of personal data for advertising purposes requires a valid legal basis. In most cases, this is informed, freely given consent from the visitor before data collection begins. 

Consent Mode is the technical mechanism through which your website communicates visitor consent choices to Google's tags. But it only fulfils its purpose if it is correctly implemented.

The question for any website owner subject to GDPR is not "which Google settings do I have switched on?" It is "have my visitors given valid consent before their data is used for advertising, and does my configuration reflect that accurately?"

Three Scenarios: Which One Applies to You?

The practical impact of the June 2026 change depends almost entirely on how your website is currently configured. The three scenarios below cover the most common situations. Identify which applies to you before deciding what action to take.

If your website does not have Consent Mode implemented, Google tags run in their default active state. ad_storage is treated as granted, and advertising data is processed regardless of what your visitors have or have not agreed to.

For any website with EEA or UK visitors, this is the highest-risk position.

If you have Consent Mode but ad_storage is not set to denied by default before a visitor interacts with your consent banner, then advertising data may be flowing to Google Ads before consent is collected. Following the June 2026 change, this is the critical setting, and also the one most frequently misconfigured.

If you implemented Consent Mode some time ago and have not reviewed it since, this scenario is worth checking carefully.

Scenario 3: Correctly Configured, but Google Signals Not Reviewed

If your Consent Mode setup is sound — defaults denied, correct signals sent upon consent — but you have not reviewed your Google Signals setting in light of the change, your campaigns may not be receiving enriched audiences and bidding signals that would legitimately be available. There is no compliance risk here, but there may be unnecessary performance loss.

Steps to Take Now

These checks apply to most websites using GA4 and Google Ads in EMEA. Your specific setup and regional obligations will determine the details.

If not, implementing it is the first priority. Without it, consent choices made on your consent banner have no effect on Google's data collection.

Before any visitor interacts with your consent banner, ad_storage and analytics_storage should both default to denied for EEA visitors. Granted states should only be communicated after a visitor has made an active choice.

Your consent management platform must be connected to your Consent Mode configuration so that visitor choices are communicated to Google's tags in real time.

Have Your Privacy Disclosures Been Updated? 

The change to how advertising data flows may require updates to how you describe data collection and use to your visitors. Your legal team should advise on the appropriate language for your jurisdiction.

This article is for informational purposes only and does not constitute legal advice. For guidance on your specific compliance obligations, consult a qualified legal professional and/or your compliance team.

Start free trial

If you run a website with Google Analytics and Google Ads, and you operate in the European Economic Area or the UK, something changed on June 15, 2026 that you need to understand.

Google has updated how it controls the flow of advertising data from your Google Analytics tag into Google Ads. The change sounds technical. The implications are not.

Under the GDPR, collecting and processing personal data for advertising without valid consent is unlawful. Google's update shifts full control of that data flow to the single ad_storage Consent Mode signal.

Frequently asked questions

Two things, primarily. First, confirm that Consent Mode is implemented on your website. Second, confirm that ad_storage defaults to denied for EEA visitors before they interact with your consent banner. 

If either of those is not in place, advertising data may be reaching Google Ads without valid consent from your visitors.

According to Google, no change to data behavior is expected for advertisers who currently have Google Signals on. That said, it is still worth confirming that your Consent Mode default states are correctly configured, since ad_storage now exclusively governs advertising data in Google Ads. Google Signals continues to control enriched reporting within Google Analytics.

It can affect certain campaign features. Remarketing list sizes, Smart Bidding, and frequency capping may all be impacted when ad_storage is denied. The answer is not to set it to granted by default, but to collect valid consent from visitors and configure Consent Mode to reflect their choices accurately. Consented data continues to support campaign performance; the goal is to make sure your setup captures it correctly.

Possibly. If the way advertising data flows between your Google Analytics tag and Google Ads has changed, your privacy notice may need to reflect that. Google recommends working with legal counsel to determine what disclosure language is appropriate for your jurisdiction and audience. 

A Google-certified CMP can support the technical configuration, but the privacy policy language is a question for your legal team.