Ex-Google analyst says Signals change benefits Google, not advertisers

When Google despatched electronic mail notifications this month to clients with linked Google Analytics and Google Adverts accounts, saying that Google Alerts would lose its authority over promoting information assortment from June 15, 2026, the corporate described the transfer as “simplifying controls and streamlining the consent course of.” Krista Seiden learn it in another way.

“Google simply quietly eliminated one of the essential privateness controls advertisers had in Google Analytics,” Seiden wrote on LinkedIn, in a submit that drew greater than 650 reactions and 69 feedback inside days. “And so they framed it as ‘simplifying.'”

Seiden is just not an outdoor observer. She spent over six years at Google, serving as each an Analytics Evangelist and Product Supervisor for Google Analytics between 2014 and 2019, the place she labored throughout product and engineering on Google Analytics 4. She now runs KS Digital, an impartial consultancy, and has remained one of many extra distinguished public voices on GA4 implementation and measurement technique. Her submit minimize by means of the technical framing of the announcement to make a pointed argument: the change strikes a lever that many organisations used intentionally, into a spot the place it could actually not do what it as soon as did – and the place the default place advantages Google’s promoting enterprise.

The lever that disappears

The particular mechanism at situation is one which privacy-conscious organisations had been utilizing as a deliberate configuration alternative. Turning off the Google Alerts setting in Google Analytics was, till now, a technique to stop the Google Analytics tag from sharing promoting cookies and signed-in person information with the Google Adverts platform. A single swap, with a transparent impact. Based on Seiden, “turning off Alerts was a deliberate alternative many corporations made to stop GA from sharing advert cookies and signed-in person information with the Adverts platform. A single, clear lever: off means off.”

After June 15, that lever not governs promoting information. The Alerts setting will solely management behavioural reporting inside GA4 itself – whether or not Google Analytics-sourced information is related to signed-in person data for inside reporting functions. Authority over promoting information assortment transfers fully to the ad_storage parameter in Consent Mode, managed by means of Google Adverts.

The hole is restricted. If a person has given consent to ad_storage by means of a consent banner – and lots of banners default to “granted,” or hearth earlier than the person has made any alternative – Google Adverts will accumulate and affiliate that person’s exercise with their signed-in Google account, no matter how the Alerts setting is configured. Seiden recognized who’s most uncovered: “For those who had Alerts turned off as a privateness measure, that safety not extends to promoting information after June 15.”

PPC Land’s earlier technical coverage of the Google announcement paperwork the complete structural particulars, together with the parallel change to advertisements personalisation controls and the dealing with of IP addresses below the brand new association.

The consent mode entice

The one technical path to replicating the previous Alerts-off behaviour is to set ad_storage to “denied” by default. However Google’s personal in-product notification consists of an express warning about doing precisely that: setting ad_storage to denied “will considerably impression promoting measurement and conversion monitoring” and can “hinder the efficiency of your campaigns.”

That warning is what makes Seiden’s critique pointed moderately than merely procedural. “So your choices are: let Google accumulate extra information for its advert enterprise, or settle for degraded marketing campaign efficiency. Choose one.”

The binary is actual. There isn’t any configuration that stops the promoting information move however preserves full marketing campaign measurement. Seiden framed the structural implication instantly: “From the place I sit, this appears to be like much less like simplification and extra like Google shifting the levers to the place they profit Google essentially the most, which is their Adverts enterprise.”

She additionally pointed to a element within the announcement that she discovered telling: the 90-day grace interval provided to advertisers to replace their privateness disclosures. “If nothing significant have been altering about how person information is dealt with, why would disclosures want updating?” The grace interval implies that present privateness insurance policies, for organisations that described Alerts as controlling advert information flows, will probably be inaccurate after June 15 and require revision.

The Consent Mode implementation downside

Seiden’s submit raised a second, sensible concern: the system that now carries the complete weight of privateness governance is one which many organisations haven’t carried out appropriately.

Consent Mode, significantly in its v2 type, depends on consent administration platforms passing 4 sign parameters – ad_storage, ad_user_data, ad_personalization, and analytics_storage – precisely to Google’s tags, within the appropriate sequence, after and never earlier than person interplay. The hole between a banner that seems to work and one that truly passes appropriate indicators is extensive. PPC Land documented this gap in detail, together with a case the place a shopper’s Google Adverts conversions collapsed 90% in a single day after Google’s July 2025 EU enforcement as a result of the consent banner was amassing person selections however not transmitting them to Google’s tags. Restoration was partial – roughly 40% of attribution information was recoverable; the remaining 60% was gone completely.

Seiden recognized this as essentially the most instant threat for organisations now inspecting their setups: “Your Consent Mode implementation simply turned the one most essential configuration in your stack.” She was direct concerning the authorized publicity: “In case your CMP is misconfigured or defaulting to ‘granted’ with out correct person interplay, chances are you’ll be amassing information you are not legally entitled to.”

For regulated industries particularly, she flagged the urgency: “For those who’re in a regulated business, your authorized and compliance groups must see this discover at this time, not subsequent month.”

The EU dimension and regulatory legal responsibility

Seiden’s concern turns into sharper when considered in opposition to the European regulatory context. She cited six information safety authority enforcement actions in opposition to Google Analytics already on file. The Dutch DPA’s reprimand of Takeaway.com for transmitting user data to Google Analytics with out legitimate authorized foundation throughout a three-year interval is one instance of that enforcement sample. Beneath GDPR, the information controller – the corporate utilizing Google Analytics, not Google – carries obligation for information flows.

That asymmetry sits on the centre of Seiden’s problem to the announcement. “GDPR legal responsibility sits with the information controller, not with Google,” she wrote. “And now advertisers have much less granular management over what information flows the place, whereas nonetheless bearing the complete obligation.”

The EDPB’s 2025 annual report recorded over 1.14 billion euros in GDPR fines issued by nationwide information safety authorities throughout Europe throughout 2025. That enforcement surroundings is the backdrop in opposition to which Seiden requested a pointed query: “Does shifting the management from an express analytics setting to a consent mode parameter that many orgs wrestle to implement appropriately truly make issues easier for anybody aside from Google?”

The LinkedIn thread: practitioners reply

The remark part on Seiden’s submit drew a variety of responses from analytics professionals, privateness engineers, and company practitioners. A senior product supervisor at Google, Stefan F. Schnabl, commented on the thread – however his remark was not one in every of disagreement with the substance.

Simo Ahava, co-founder at Simmer and a broadly cited voice on Google Tag Supervisor and consent mode implementation, responded with 59 reactions on his remark. He has individually described the shift as a transfer towards a single supply of fact for promoting consent, whereas acknowledging within the LinkedIn thread that the change does place extra stress on Consent Mode implementations.

Rick Dronkers, who works on advertising and marketing information technique, framed the context bluntly: “Perhaps that is extra trustworthy. Google Analytics is principally an promoting evaluation device, funded by the most important promoting platform.” He added in a reply: “And at all times has been, since they received acquired, possibly? Pure hypothesis.”

Aurélie P., described in her profile as a privateness engineer and information governance skilled, drew on French regulatory historical past. She famous that France’s CNIL had as soon as maintained an inventory of consent-derogated viewers measurement instruments – instruments that certified for analytics use with out requiring consent, on the situation that they served analytics solely and didn’t be part of to user-identified information elsewhere. Adobe Analytics made that record. Google Analytics by no means did. “Folding Alerts into ad_storage strikes GA farther from any route again to that normal, whereas the controller nonetheless carries the legal responsibility,” she wrote.

The commentary issues as a result of it frames the Google Alerts change not as a standalone occasion however as a continuation of a trajectory: Google Analytics changing into progressively more durable to characterise as an impartial analytics product distinct from the promoting infrastructure it sits inside.

“A shift from product-level privateness management”

A number of practitioners within the thread tried to reframe the change in additional beneficial phrases. One commenter argued that anchoring privateness governance in consent – moderately than in a back-end Analytics toggle – is extra aligned with how GDPR conceptualises lawful processing. Consent, that argument runs, ought to govern monitoring, not a platform-level setting the person by no means sees or controls. On a doctrinal degree, the argument has some power. GDPR Article 25 on privateness by design and default does count on that information processing displays person selections, not administrative configurations.

However the identical commenter acknowledged what Seiden had recognized as the true downside: “Many CMPs are nonetheless misconfigured or default to ‘granted,’ which might not meet GDPR requirements for legitimate consent. Organisations usually deal with Consent Mode as a technical add-on moderately than a authorized management floor. Duty nonetheless sits squarely with the controller, even when the implementation complexity has elevated.”

Seiden had anticipated that framing in her authentic submit. “I would love to listen to from individuals deep in GDPR and privateness compliance on this,” she wrote. “Whereas this can be authorized (is it?), it looks like they’re going across the authentic intent of many of those rules.”

That query – whether or not the change is authorized, and whether or not it honours the spirit of the rules it nominally aligns with – remained open within the thread, with no decision. Dott. Chiara Rustici, listed as a chief privateness officer and AI governance skilled, commented with out elaboration. A number of others referred to as for deeper regulatory scrutiny.

Caleb Whitmore famous the path of journey is just not new, simply extra express: “This can be a key step within the evolution of GA from an internet analytics device to an advert analytics device that’s hardly distinguishable from what’s built-in inside Google Adverts.” Seiden replied: “Simply an increasing number of of claiming the quiet elements out loud in my view.”

What practitioners flagged technically

Past the regulatory debate, the thread surfaced particular technical questions that wouldn’t have clear solutions in Google’s announcement.

One commenter raised the allow_google_signals parameter – a gtag setting described in restricted documentation as a technique to disable promoting options primarily based on third-party identifiers when set to false. Whether or not this parameter retains any useful relevance after the June 15 change is just not addressed within the announcement. One other commenter famous the problem of consent banners that default ad_storage to “granted” as a result of the organisation by no means invested in a correct consent administration evaluate: the change strikes threat from a configuration most privacy-aware groups had already locked down, to at least one that many haven’t correctly audited.

Ronni Okay. Gothard Christiansen, technical privateness engineer and CEO at AesirX.io, famous that Google Tag Supervisor managed Consent Mode loaded from Google is already thought of non-compliant within the EU, UK, Norway, and Vietnam. His remark pointed to the Hannover courtroom ruling requiring GTM to acquire consent earlier than loading – a ruling that impacts the sequence through which consent indicators attain Google’s tags. If the tag itself can not load with out prior consent, the structure on which most European Consent Mode implementations rely is already below authorized problem.

The implication, as a number of commenters framed it, is that the June 15 change doesn’t merely scale back granularity – it concentrates threat in an implementation layer that was already contested.

The session attribution context

Seiden’s critique of the Alerts change is a part of an extended sample of her public engagement with how Google Analytics 4 communicates its personal behaviour to practitioners. Earlier protection on Google Analytics session attribution confusion among professionals documented a December 2024 LinkedIn ballot through which 59% of almost 625 analytics professionals answered a basic attribution query incorrectly – and through which Seiden commented that the outcomes have been “unbelievable how skewed (within the fallacious path)” they have been, expressing shock on the job titles of those that answered incorrectly. The episode illustrated how usually even skilled practitioners function with incomplete or inaccurate fashions of what GA4 truly does with their information.

That context provides weight to her concern concerning the June 15 change. If practitioners routinely misunderstand how attribution works contained in the platform, the danger that they may also misunderstand what the Alerts setting was defending – and what they now must configure in another way in Consent Mode – is just not hypothetical.

Timeline

• August 2014 – February 2019 – Krista Seiden works at Google, first as Analytics Evangelist then as Product Supervisor for Google Analytics, engaged on GA4 throughout product and engineering groups
• December 2023 – Google introduces Consent Mode v2, including ad_user_data and ad_personalization parameters to the prevailing ad_storage and analytics_storage indicators
• March 2024 – Google strengthens EU Consumer Consent Coverage enforcement; every advertiser in the EEA required to use a certified Consent Management Platform
• December 2024 – LinkedIn poll reveals 59% of analytics professionals misunderstand GA4 session attribution; Seiden feedback on the outcomes
• June 2025 – Google adds Tag Diagnostics to the Analytics consent settings hub, with 48-72 hour detection latency for consent sign updates
• July 2025 – Google disables conversion tracking for non-compliant EU and UK advertisers, making Consent Mode v2 functionally obligatory for EEA accounts
• September 3, 2025 – Federal jury awards $425.7 million against Google for Firebase SDK information assortment that continued regardless of customers disabling privateness settings
• December 2025 – Dutch DPA reprimands Takeaway.com for transmitting private information by way of Google Analytics to the US throughout a three-year interval with out legitimate authorized foundation
• April 9, 2026 – EDPB publishes its 2025 Annual Report documenting over 1.14 billion euros in GDPR fines from nationwide authorities throughout Europe throughout 2025
• April 15, 2026 – Google sends electronic mail notifications to linked Google Analytics and Google Adverts clients saying the June 15 change; PPC Land covers the full technical details of the restructuring
• April 21, 2026 – Krista Seiden publishes LinkedIn evaluation, drawing greater than 650 reactions; privateness engineers, company practitioners, and GDPR compliance professionals reply in a thread of 69 feedback
• June 15, 2026 – Google Alerts ceases to manipulate promoting information assortment; ad_storage in Consent Mode turns into the only authority for all linked Google Analytics and Google Adverts accounts

Abstract

Who: Krista Seiden, founding father of KS Digital and former Google Analytics product supervisor from 2016 to 2019, whose public critique of the announcement turned the first business flashpoint. Her LinkedIn submit drew responses from privateness engineers, consent mode specialists, GDPR compliance officers, and company practitioners throughout Europe and past.

What: Seiden argued that Google’s June 15, 2026 elimination of Google Alerts’ authority over promoting information assortment is just not a simplification however a shift that removes a deliberate privateness management and consolidates authority in a consent layer – Consent Mode ad_storage – that many organisations haven’t carried out appropriately. She questioned whether or not the change is authorized below GDPR, flagged that the 90-day disclosure grace interval indicators significant adjustments to information dealing with, and warned that EU-based organisations now carry extra authorized publicity with much less technical granularity.

When: The Google announcement was distributed at this time, April 21, 2026. The first change takes impact June 15, 2026. The 90-day window for updating privateness disclosures begins from the date of the announcement.

The place: The controversy unfolded totally on LinkedIn, with Seiden’s submit because the anchor. The underlying change impacts any Google Analytics property linked to a Google Adverts account, with essentially the most acute regulatory publicity within the EU and EEA, the place GDPR legal responsibility sits with the information controller.

Why: Seiden’s concern centres on three intersecting points: the lack of a granular, product-level privateness management that organisations had used intentionally; the migration of that management to a consent layer many organisations haven’t carried out appropriately; and the asymmetry between advertisers’ diminished technical management and their unchanged obligation for the way information flows between Google Analytics and Google Adverts.