In a quiet Help Center announcement on April 16, Google laid out a change that will reshape how advertising data flows between Google Analytics and Google Ads. Starting June 15, 2026, the Google Signals setting in Google Analytics will lose its role as a co-controller of advertising data collection and only Google Ads’ Consent Mode will determine whether it can collect personal information flowing through Google Analytics properties.

For organizations that link Google Analytics to Google Ads, which is the standard configuration, this means your consent management platform (CMP)—and ensuring it is configured properly—is even more important for privacy compliance and respecting consumer choice.

What is Changing?

Currently, advertising data flowing from a linked Google Analytics property into Google Ads has been controlled by two systems. On the Analytics side, Google Signals settings plus a layer of ad-personalization toggles at the account, property, link, and event levels controlled what Google Ads could do. And on the Google Ads side, Consent Mode settings also impacted this data flow. The two systems work in concert to customize the data collection. Google’s update removes that duplication.

Come June 15, 2026, Google Signals will have no effect on data collection in Google Ads, the ad_storage parameter in Google Ads Consent Mode becomes the single authority. Google Signals and its API in Google Analytics will have one job: to control whether Analytics-sourced data is associated with signed-in user information for behavioral reporting within Google Analytics.

One major impact of this is that consent becomes binary. Right now, different settings each control specific actions Google can take with individuals’ data — one for cookies, one for whether your visits get linked to your Google account, and one for personalization. After June 15, much of that collapses into this single ad_storage setting. When consent is granted, the full set of Google signals become active, including connecting your activity to your Google account. Say no, and data collection shuts off (except for website URLs), remarketing breaks, audience lists shrink, and conversion numbers will rely heavily on Google’s modeled estimates.

This puts a lot of pressure on how your consent management is configured.

Why Google is Making This Change?

In Google’s announcement, the company states that its goal is deduplication. Two systems exercising authority over the same data flow has led to confusion, inconsistent enforcement, and configuration drift. Under the new framework, user preferences are enforced consistently between Google Analytics and Google Ads, with each product responsible for the data used inside it. A single source of truth.

Another reason is regulatory. Since the EU Digital Markets Act took full effect in March 2024, and enforcement around advertising and consent increased, Google has been steadily rebuilding its consent architecture so it can defensibly demonstrate to regulators what data was processed and on what consent basis.

The June 2026 change furthers that work. By consolidating consent for advertising data collection in linked accounts, Google can more easily demonstrate to regulators how consent flows through its systems, reducing its enforcement risk. The change also shifts more of the operational responsibility — and, by extension, legal exposure — onto the companies using and configuring these tools.

Who is Affected?

If your business is using Google Analytics and Google Ads, then it’s likely your business has linked its Analytics properties to its Ads account because this link is what enables conversion tracking, remarketing, audience export, and much of the ROI reporting on which your marketing team relies. If so, this change impacts you. If you operate in a region that requires consent for the online collection of personal information (European Economic Area, the UK, Switzerland and others), the potential repercussions of getting this wrong are even higher.

What Your Team Needs To Do

If you have not yet begun planning for this change, now is the time. Marketing and privacy teams need to work together to make decisions on how to move forward and implement a plan that works for your organization. 

  1. Understand your legal obligations: Because privacy obligations vary on whether opt-in consent or an opt-out regime is the law of the land, organizations need to understand their regulatory obligations.
  2. Inventory your current consent structure: Document the consent state your CMP transmits for each of the four Consent Mode signals (ad_storage, ad_user_data, ad_personalization, analytics_storage) under each scenario you should support: full consent, full denial, region-specific defaults, and partial consent. Pull the corresponding diagnostics from Google Tag Manager and the Analytics consent settings hub so you have a baseline before any changes.
  3. Check your Google Signals state and make a plan: If Google Signals is currently on, the change will not visibly alter your behavior — ad_storage already governed it in practice. If Google Signals is currently off, ask explicitly: do you want Google Ads to start linking user data to Google sign-ins when ad_storage consent is granted? If the answer is yes, no action is needed; that is the new default. If the answer is no, your team must ensure that the ad_storage signal is set to denied wherever that linkage is unwanted, and that the consent banner reflects that choice for the user.
  4. Determine what changes are needed and create a plan: Privacy, marketing, and the web team all have a role to play here. Ensure you create a plan with representatives from all impacted business units. The plan should designate clear responsibilities, and each team needs to understand their part and, importantly, the timeframe.
  5. Implement your new consent plan: As soon as possible implement your plan. You will need time to test the system and ensure it is operating as expected.
  6. Verify your ad_storage signal end-to-end: Use Google’s Tag Assistant, the Consent Mode reports inside Google Ads, and the Tag Diagnostics view inside the Analytics consent settings hub to confirm that the signal you intend is the signal that arrives at Google. The Tag Diagnostics tool runs on a 48 to 72-hour detection latency, so plan tests at least a week before the June 15 deadline.
  7. Document, monitor, and review. Keep written records of the consent flow, the technical and design choices you made (especially the Google Signals state question above), and the test results. Review the Consent Mode diagnostic reports inside Google Ads at least monthly. The change increases the operational weight of these reports because chance of failure is now larger.

Risks of Not Complying

The risk picture has two layers.

The first is operational. If your ad_storage signal does not transmit correctly after June 15, Google Ads simply will not have authority to use the data flowing through your linked Analytics property. Industry reporting has documented previous Consent Mode v2 misconfigurations producing 90 percent collapses in reported Google Ads conversions overnight. The June 15 change concentrates that risk into a single signal: anywhere ad_storage should have been granted but is not, you lose all advertising identifiers except URL-level parameters like gclid. Anywhere ad_storage should have been denied but is granted, you may begin linking user data to Google sign-ins in ways you didn’t intend—and your privacy disclosures and consent language do not communicate.

The second is regulatory. In regions where consent is required for online data collection, configuring the consent signal wrong is a violation of the law. Most notably, the EU’s ePrivacy Directive requires consent for placing non-essential cookies. If the ad_storage signal is incorrectly communicating that a user has provided consent, this processing is a violation of Article 5(3). Additionally, you may be violating the General Data Protection Regulation by processing personal information without a valid legal basis.

Even where opt-in consent isn’t required, there is legal risk to getting this wrong. If your cookie banner tells visitors that turning off advertising cookies prevents personalization but your CMP grants ad_storage by default, you may be violating US state privacy and consumer protection laws.

Recent enforcement actions from California to Italy and beyond have shown that regulators are focusing on online consent mechanisms as an active enforcement priority.

Industry Reaction

Google’s change has been met with both skepticism, questions, and even some approval. Regulators have long advocated for a single-source-of-truth architecture. The European Data Protection Board’s consent guidance favors a system with one obvious consent mechanism over systems that fragment it across products. Simpler controls are easier to audit. Easier audits make consent records more defensible. And CMP vendors are updating their integrations and publishing guidance for users.

Questions have risen around the binary nature of the new framework and how that works with GDPR’s expectation that consent be granular and specific. A user might reasonably want their conversion tracked without their Google account being linked to it, and the new architecture does not give them that middle path. Whether regulators will see this as a problem, or whether Google’s documentation around what each signal covers is sufficient, is anyone’s guess.

Critics are saying the change is an effort to shift regulatory risk away from Google and onto the users of these products. Privacy professionals are concerned that having one point of failure—and one that is commonly configured incorrectly—is making compliance harder for organizations and creating data privacy risk for individuals.  Marketing teams are not happy about the lack of middle ground—especially in regions where ad_storage will need to default to off for compliance. It’s an all or nothing for advertising data collection now, meaning less, and less detailed, data.

And the true cynics are claiming that the increased likelihood of organizations misconfiguring the consent mechanism means Google will have more access to data while shutting off data collection for its users.

Moving Forward

While the structural simplification is welcomed by some, Google’s decision is causing operational hurdles and increasing regulatory risk for organizations that use its Ads and Analytics tools.  

Because Consent Mode becomes the single consent mechanism in Google Ads, organizations should work to make sure that signal is right, that the people who own the cookie banner and the people who own the Google Ads account are talking to each other, and that the documentation tying the two together is up to date.

It’s important to note that Google also announced two other changes without effective dates that organizations should be on the lookout for. First, Ads personalization, currently spread across multiple Analytics-side settings, will be consolidated so that the Consent Mode ad_personalization parameter exclusively controls whether linked Analytics data can be used to personalize ads. Second, IP addresses collected by the Google Tag and SDK will be encrypted and flow to the linked Google Ads account, where they will be governed by Ads settings rather than Analytics ones. Effective dates are expected sometime this year.

Have Questions About What This Change Means for Your Privacy Program?

Red Clover Advisors works with privacy, marketing, and legal teams to evaluate and strengthen the operational side of privacy compliance, including how consent flows are configured, documented, and managed across your tech stack. If Google’s update is surfacing questions about your current setup or exposed gaps your privacy program, we’d love to talk and can help you work through them.

Downloadable Resource

6 Steps to Privacy Compliance for Marketers

 

 

Download the free 6 Steps to Privacy Compliance for Marketers Guide to simplify compliance, build consumer trust, and turn complex privacy requirements into clear, actionable steps.

Learn More