Google is changing how it governs advertising data collection. Here’s what your team needs to know.

Are your GA4 and Consent Mode configurations set up for what’s coming?

Today, Google Signals controls whether Google Ads cookies and signed-in user identifiers are collected and shared with Google Ads. Many accounts have this deliberately turned off as a privacy measure. 

After June 15, that will no longer be the case. The protection many teams have relied on is removed. If Consent Mode v2 implementation hasn’t been reviewed recently, now is the time. This is a shift in how Google governs advertising data collection, and the implications run from your remarketing audiences all the way to your legal disclosures.

Here’s exactly what’s changing, what it means in practice, and what you need to do about it.

What is actually changing?

15 June 2026 – Google Signals loses control of advertising data

Today, the Google Signals setting in GA4 controls two things simultaneously:

• Whether behavioural data is used in reporting features like cross-device reporting and demographic insights inside GA4
• Whether Google Ads cookies and signed-in user identifiers are collected and shared with Google Ads

Many accounts have this deliberately turned off as a privacy measure.

From 15 June, those two functions will be separate. Google Signals will only govern behavioural reporting inside GA4. Control over advertising data collection moves entirely to the ad_storage signal in Consent Mode (Google Ads).

If a user’s consent state has ad_storage set to granted – which is the default in many Consent Management Platforms – their activity will flow to Google Ads regardless of your Google Signals configuration.

Later in 2026 – Ads Personalisation migrates into Consent Mode

Control over Ads Personalisation – which directly governs your remarketing audiences synced from GA4 to Google Ads – will also migrate out of GA4 and into Consent Mode, specifically the ad_personalization signal.

This directly affects:

• Remarketing lists built from GA4 audience data
• Lookalike audiences derived from those lists
• Any personalised ad serving tied to GA4-synced segments

What does this mean in practice?

1. Consent Mode v2 is now your primary privacy control

If your CMP is misconfigured – defaulting consent signals to granted without genuine user interaction, or firing your GA4 tag before consent is collected – you may already be collecting advertising data without a proper legal basis.

Once Signals no longer covers advertising data, any gap in your Consent Mode configuration becomes a direct compliance exposure. This needs to be audited immediately.

2. Your GA4 Audiences in Google Ads carry a legacy risk

Audience lists built from GA4 data inherit the consent state of the hits that built them. If ad_personalization was ever incorrectly set to granted – even for a brief period in the past – the users captured during that window may be sitting in your remarketing lists without valid consent.

When the Ads Personalisation migration rolls out later this year, ad_personalization becomes the governing signal for all of this. A CMP audit should explicitly include a review of your audience data quality and the consent history behind it.

3. If you turned off Google Signals as a privacy measure, that protection ends on 15 June

This is the scenario affecting the most teams. A deliberate, documented decision – to keep advertising data out of Google Ads by disabling Signals – will no longer achieve that outcome. You will need to ensure your Consent Mode configuration correctly reflects your privacy stance going forward.

The protection you had is being removed. The configuration that replaces it needs to be put in place before the deadline.

4. GDPR liability stays with you

Google shifting which setting governs data flow does not shift legal responsibility. For companies operating in the EU or EEA, you remain the data controller. Your privacy disclosures may also need updating to reflect the new governing mechanism – Google itself is providing a 90-day grace period for exactly this reason.

What do you need to do now?

Each of the following should be treated as urgent before 15 June 2026.

Audit your Consent Mode v2 implementation

• Confirm that ad_storage and ad_personalization default states are correctly configured
• Verify that default states match what your privacy policy says they should be
• Check that consent signals are not being set to granted before a user has made any active choice

Check your CMP configuration end-to-end

• Consent signals should not fire as granted prior to user interaction
• Review the order of operations: your GA4 tag should not fire before consent is collected
• If you’re unsure how your CMP handles default states, check with your provider directly

Review GA4 Audience lists linked to Google Ads

• Audience lists inherit the consent state of the hits that built them
• A historical misconfiguration – even a brief one – can affect the consent hygiene of your entire list
• This review should happen before the Ads Personalisation migration lands later in 2026

Update your privacy disclosures

• If Consent Mode v2 is now the governing mechanism for advertising data, your privacy disclosures need to reflect that
• The 90-day grace period Google is offering is there for a reason – use it

Loop in legal or compliance

• Particularly if you operate in regulated industries or serve EU/EEA users
• This is not a purely technical change. It has direct implications for your data controller obligations and the accuracy of what you’ve told users in your privacy policy

Final thoughts

This is part of a broader shift we’re seeing across the ecosystem – from Safari’s Click ID restrictions to the EU’s Digital Omnibus. 

Platform-level toggles are being replaced by Consent Mode as the single governing framework for data flow. That’s a sensible direction. But it only works if your configuration is actually correct.

Connect with us if you’re unsure where your Consent Mode configuration stands ahead of the 15 June deadline.