When Google sent email notifications this month to customers with linked Google Analytics and Google Ads accounts, announcing that Google Signals would lose its authority over advertising data collection from June 15, 2026, the company described the move as "simplifying controls and streamlining the consent process." Krista Seiden read it differently.

"Google just quietly removed one of the most important privacy controls advertisers had in Google Analytics," Seiden wrote on LinkedIn, in a post that drew more than 650 reactions and 69 comments within days. "And they framed it as 'simplifying.'"

Seiden is not an outside observer. She spent over six years at Google, serving as both an Analytics Evangelist and Product Manager for Google Analytics between 2014 and 2019, where she worked across product and engineering on Google Analytics 4. She now runs KS Digital, an independent consultancy, and has remained one of the more prominent public voices on GA4 implementation and measurement strategy. Her post cut through the technical framing of the announcement to make a pointed argument: the change moves a lever that many organisations used deliberately, into a place where it can no longer do what it once did - and where the default position benefits Google's advertising business.

The lever that disappears

The specific mechanism at issue is one that privacy-conscious organisations had been using as a deliberate configuration choice. Turning off the Google Signals setting in Google Analytics was, until now, a way to prevent the Google Analytics tag from sharing advertising cookies and signed-in user data with the Google Ads platform. A single switch, with a clear effect. According to Seiden, "turning off Signals was a deliberate choice many companies made to prevent GA from sharing ad cookies and signed-in user data with the Ads platform. A single, clear lever: off means off."

After June 15, that lever no longer governs advertising data. The Signals setting will only control behavioural reporting within GA4 itself - whether Google Analytics-sourced data is associated with signed-in user information for internal reporting purposes. Authority over advertising data collection transfers entirely to the ad_storage parameter in Consent Mode, managed through Google Ads.

The gap is specific. If a user has given consent to ad_storage through a consent banner - and many banners default to "granted," or fire before the user has made any choice - Google Ads will collect and associate that user's activity with their signed-in Google account, regardless of how the Signals setting is configured. Seiden identified who is most exposed: "If you had Signals turned off as a privacy measure, that protection no longer extends to advertising data after June 15."

PPC Land's earlier technical coverage of the Google announcement documents the full structural details, including the parallel change to ads personalisation controls and the handling of IP addresses under the new arrangement.

The only technical path to replicating the old Signals-off behaviour is to set ad_storage to "denied" by default. But Google's own in-product notification includes an explicit warning about doing exactly that: setting ad_storage to denied "will significantly impact advertising measurement and conversion tracking" and will "hinder the performance of your campaigns."

That warning is what makes Seiden's critique pointed rather than merely procedural. "So your options are: let Google collect more data for its ad business, or accept degraded campaign performance. Pick one."

The binary is real. There is no configuration that prevents the advertising data flow but preserves full campaign measurement. Seiden framed the structural implication directly: "From where I sit, this looks less like simplification and more like Google moving the levers to where they benefit Google the most, which is their Ads business."

She also pointed to a detail in the announcement that she found telling: the 90-day grace period offered to advertisers to update their privacy disclosures. "If nothing meaningful were changing about how user data is handled, why would disclosures need updating?" The grace period implies that current privacy policies, for organisations that described Signals as controlling ad data flows, will be inaccurate after June 15 and require revision.

Seiden's post raised a second, practical concern: the system that now carries the full weight of privacy governance is one that many organisations have not implemented correctly.

Consent Mode, particularly in its v2 form, relies on consent management platforms passing four signal parameters - ad_storage, ad_user_data, ad_personalization, and analytics_storage - accurately to Google's tags, in the correct sequence, after and not before user interaction. The gap between a banner that appears to work and one that actually passes correct signals is wide. PPC Land documented this gap in detail, including a case where a client's Google Ads conversions collapsed 90% overnight after Google's July 2025 EU enforcement because the consent banner was collecting user choices but not transmitting them to Google's tags. Recovery was partial - roughly 40% of attribution data was recoverable; the remaining 60% was gone permanently.

Seiden identified this as the most immediate risk for organisations now examining their setups: "Your Consent Mode implementation just became the single most important configuration in your stack." She was direct about the legal exposure: "If your CMP is misconfigured or defaulting to 'granted' without proper user interaction, you may be collecting data you're not legally entitled to."

For regulated industries specifically, she flagged the urgency: "If you're in a regulated industry, your legal and compliance teams need to see this notice today, not next month."

The EU dimension and regulatory liability

Seiden's concern becomes sharper when viewed against the European regulatory context. She cited six data protection authority enforcement actions against Google Analytics already on record. The Dutch DPA's reprimand of Takeaway.com for transmitting user data to Google Analytics without valid legal basis across a three-year period is one example of that enforcement pattern. Under GDPR, the data controller - the company using Google Analytics, not Google - carries legal responsibility for data flows.

That asymmetry sits at the centre of Seiden's challenge to the announcement. "GDPR liability sits with the data controller, not with Google," she wrote. "And now advertisers have less granular control over what data flows where, while still bearing the full legal responsibility."

The EDPB's 2025 annual report recorded over 1.14 billion euros in GDPR fines issued by national data protection authorities across Europe during 2025. That enforcement environment is the backdrop against which Seiden asked a pointed question: "Does shifting the control from an explicit analytics setting to a consent mode parameter that many orgs struggle to implement correctly actually make things simpler for anyone other than Google?"

The LinkedIn thread: practitioners respond

The comment section on Seiden's post drew a wide range of responses from analytics professionals, privacy engineers, and agency practitioners. A senior product manager at Google, Stefan F. Schnabl, commented on the thread - but his comment was not one of disagreement with the substance.

Simo Ahava, co-founder at Simmer and a widely cited voice on Google Tag Manager and consent mode implementation, responded with 59 reactions on his comment. He has separately described the shift as a move toward a single source of truth for advertising consent, while acknowledging in the LinkedIn thread that the change does place more stress on Consent Mode implementations.

Rick Dronkers, who works on marketing data strategy, framed the context bluntly: "Maybe this is more honest. Google Analytics is mainly an advertising analysis tool, funded by the largest advertising platform." He added in a reply: "And always has been, since they got acquired, maybe? Pure speculation."

Aurélie P., described in her profile as a privacy engineer and data governance professional, drew on French regulatory history. She noted that France's CNIL had once maintained a list of consent-derogated audience measurement tools - tools that qualified for analytics use without requiring consent, on the condition that they served analytics only and did not join to user-identified data elsewhere. Adobe Analytics made that list. Google Analytics never did. "Folding Signals into ad_storage moves GA further from any route back to that standard, while the controller still carries the liability," she wrote.

The observation matters because it frames the Google Signals change not as a standalone event but as a continuation of a trajectory: Google Analytics becoming progressively harder to characterise as an independent analytics product distinct from the advertising infrastructure it sits inside.

"A shift from product-level privacy control"

Several practitioners in the thread attempted to reframe the change in more favourable terms. One commenter argued that anchoring privacy governance in consent - rather than in a back-end Analytics toggle - is more aligned with how GDPR conceptualises lawful processing. Consent, that argument runs, should govern tracking, not a platform-level setting the user never sees or controls. On a doctrinal level, the argument has some force. GDPR Article 25 on privacy by design and default does expect that data processing reflects user choices, not administrative configurations.

But the same commenter acknowledged what Seiden had identified as the real problem: "Many CMPs are still misconfigured or default to 'granted,' which would not meet GDPR standards for valid consent. Organisations often treat Consent Mode as a technical add-on rather than a legal control surface. Responsibility still sits squarely with the controller, even if the implementation complexity has increased."

Seiden had anticipated that framing in her original post. "I'd love to hear from people deep in GDPR and privacy compliance on this," she wrote. "While this may be legal (is it?), it feels like they are going around the original intent of many of these regulations."

That question - whether the change is legal, and whether it honours the spirit of the regulations it nominally aligns with - remained open in the thread, with no resolution. Dott. Chiara Rustici, listed as a chief privacy officer and AI governance professional, commented without elaboration. Several others called for deeper regulatory scrutiny.

Caleb Whitmore noted the direction of travel is not new, just more explicit: "This is a key step in the evolution of GA from a web analytics tool to an ad analytics tool that is hardly distinguishable from what's integrated within Google Ads." Seiden replied: "Just more and more of saying the quiet parts out loud in my opinion."

What practitioners flagged technically

Beyond the regulatory debate, the thread surfaced specific technical questions that do not have clean answers in Google's announcement.

One commenter raised the allow_google_signals parameter - a gtag setting described in limited documentation as a way to disable advertising features based on third-party identifiers when set to false. Whether this parameter retains any functional relevance after the June 15 change is not addressed in the announcement. Another commenter noted the challenge of consent banners that default ad_storage to "granted" because the organisation never invested in a proper consent management review: the change moves risk from a configuration most privacy-aware teams had already locked down, to one that many have not properly audited.

Ronni K. Gothard Christiansen, technical privacy engineer and CEO at AesirX.io, noted that Google Tag Manager controlled Consent Mode loaded from Google is already considered non-compliant in the EU, UK, Norway, and Vietnam. His comment pointed to the Hannover court ruling requiring GTM to obtain consent before loading - a ruling that affects the sequence in which consent signals reach Google's tags. If the tag itself cannot load without prior consent, the architecture on which most European Consent Mode implementations depend is already under legal challenge.

The implication, as several commenters framed it, is that the June 15 change does not merely reduce granularity - it concentrates risk in an implementation layer that was already contested.

The session attribution context

Seiden's critique of the Signals change is part of a longer pattern of her public engagement with how Google Analytics 4 communicates its own behaviour to practitioners. Earlier coverage on Google Analytics session attribution confusion among professionals documented a December 2024 LinkedIn poll in which 59% of nearly 625 analytics professionals answered a fundamental attribution question incorrectly - and in which Seiden commented that the results were "incredible how skewed (in the wrong direction)" they were, expressing surprise at the job titles of those who answered incorrectly. The episode illustrated how often even experienced practitioners operate with incomplete or inaccurate models of what GA4 actually does with their data.

That context adds weight to her concern about the June 15 change. If practitioners routinely misunderstand how attribution works inside the platform, the risk that they will also misunderstand what the Signals setting was protecting - and what they now need to configure differently in Consent Mode - is not hypothetical.

Timeline

Summary

Who: Krista Seiden, founder of KS Digital and former Google Analytics product manager from 2016 to 2019, whose public critique of the announcement became the primary industry flashpoint. Her LinkedIn post drew responses from privacy engineers, consent mode specialists, GDPR compliance officers, and agency practitioners across Europe and beyond.

What: Seiden argued that Google's June 15, 2026 removal of Google Signals' authority over advertising data collection is not a simplification but a shift that removes a deliberate privacy control and consolidates authority in a consent layer - Consent Mode ad_storage - that many organisations have not implemented correctly. She questioned whether the change is legal under GDPR, flagged that the 90-day disclosure grace period signals meaningful changes to data handling, and warned that EU-based organisations now carry more legal exposure with less technical granularity.

When: The Google announcement was distributed today, April 21, 2026. The primary change takes effect June 15, 2026. The 90-day window for updating privacy disclosures begins from the date of the announcement.

Where: The debate unfolded primarily on LinkedIn, with Seiden's post as the anchor. The underlying change affects any Google Analytics property linked to a Google Ads account, with the most acute regulatory exposure in the EU and EEA, where GDPR liability sits with the data controller.

Why: Seiden's concern centres on three intersecting issues: the loss of a granular, product-level privacy control that organisations had used deliberately; the migration of that control to a consent layer many organisations have not implemented correctly; and the asymmetry between advertisers' reduced technical control and their unchanged legal responsibility for how data flows between Google Analytics and Google Ads.

Share this article
The link has been copied!