Google has told AdSense publishers that it will begin using IP addresses to power ad measurement and personalization across the European Economic Area, the United Kingdom, and Switzerland on or shortly after August 3, 2026 - a move backed by privacy-enhancing technologies and linked to a formal update in the company's IAB Europe registration.

The announcement arrived yesterday, June 17, 2026, via a mandatory service email sent from Google AdSense to publisher accounts. It signals a concrete operational step in a years-long effort to build identification and measurement infrastructure that does not depend on third-party cookies, while remaining within the bounds of European consent law.

What Google is actually launching

The email, sent from adsense-noreply@google.com, frames the August 3 launch as the activation of what Google describes as "IP-based measurement and personalization solutions" in three specific jurisdictions: the EEA, the UK, and Switzerland. Those three territories have consistently formed a single regulatory bloc for Google's ad products, governed by the EU User Consent Policy and the broader GDPR framework.

According to Google, the company will use the IP addresses it receives "via integrations with your sites and apps" to power these capabilities. The phrasing is deliberate: rather than describing a new data collection mechanism, Google is pointing to IP addresses that already arrive as a byproduct of standard publisher integrations. What changes is the processing layer applied to that data.

The technologies cited are three that Google has referenced across multiple product announcements over the past two years. On-device processing keeps computation local rather than sending raw signals to external servers. Trusted Execution Environments (TEEs) create isolated, hardware-level enclaves where data can be processed without being exposed to the operator of the underlying system - or to Google itself. Secure multi-party computation (MPC) allows multiple parties to jointly compute an output from their respective inputs without either party learning the other's raw data. Together, Google refers to these as privacy-enhancing technologies (PETs).

The rationale given is protection of the ads ecosystem from what Google describes as "harmful activities," alongside continued support for customers globally. The framing positions PETs less as a concession to regulators and more as an active infrastructure investment.

The TCF registration update and what Feature 3 means

Embedded in the announcement is a detail that carries significant weight for publishers who manage consent through IAB Europe's Transparency and Consent Framework (TCF). Google states that it will update its registration under the TCF to include Feature 3, described as "Identify devices based on information transmitted automatically."

Features in the TCF framework are distinct from Purposes. Purposes require explicit user consent or legitimate interest before a vendor can process data. Features, by contrast, describe processing activities that can occur across multiple purposes - they must be disclosed to users, but they do not independently require a consent signal of their own. What they do require is that at least one valid legal basis exists for an associated Purpose, and that the Feature itself is surfaced in the consent interface users see.

Feature 3 specifically covers the use of information that a device transmits passively during an internet session - including the IP address - to identify that device. Google's addition of Feature 3 to its TCF registration means that any publisher using a TCF-compliant consent management platform (CMP) that discloses Google as a vendor will now need to ensure that Feature 3 is surfaced in their user-facing consent interface. Existing CMP configurations that do not include Feature 3 in their disclosed vendor entries for Google may need to be updated ahead of August 3.

PPC Land's coverage of the TCF v2.3 mandatory deadline, which passed on March 1, 2026, documented the mechanics of how Google reads and processes TCF strings in ad requests. Non-compliant strings at that stage caused requests to default to limited ads or be dropped entirely. The Feature 3 addition creates a new layer of that same compliance logic: publishers whose TCF strings do not correctly disclose Feature 3 for Google may face processing limitations starting in August.

The email is careful to remind publishers that the new IP-based solutions do not alter the underlying consent requirements they already carry. According to Google, publishers "remain bound by our EU User Consent Policy, which requires that you display accurate disclosures concerning data processing on your properties and obtain legally valid consent where required from end users in the EEA, the UK, and Switzerland."

That policy has been a constant reference point in Google's publisher communications for several years. What has changed around it is the enforcement architecture. In July 2025, Google began disabling personalization, remarketing, and conversion tracking for EU and UK advertisers who had not implemented compliant consent signals - a threshold moment that made clear the EU User Consent Policy had moved from a disclosure obligation to a functional prerequisite for campaign features. The same logic extends to publishers: consent management is not administrative background noise, it is a live dependency for ad revenue.

The email also specifies a disclosure requirement attached to the new IP use. Publishers must display a prominent link in their disclosures to make clear how Google processes end user data, and the company directs them to a dedicated Help Center page on its uses of IP addresses. That requirement for a prominent link has existed in Google's platform program policies for some time - what changes now is that the link must accurately reflect IP-based processing activities in the EEA, not merely general data handling practices.

IP addresses in European advertising: a contested signal

IP addresses occupy an unusual position in European digital advertising. They are functionally unavoidable: every device connecting to the internet transmits one, and ad servers receive them as a routine byproduct of serving any page. But European data protection authorities have consistently classified them as personal data under the GDPR. The Belgian Data Protection Authority's 2022 ruling on IAB Europe's TCF addressed IP data flows in real-time bidding directly, and that ruling formed part of the pressure that drove the TCF's subsequent versions.

Google's decision in December 2024 to modify its platform program policies to permit IP address use for Connected TV advertising was the first formal signal that the company intended to activate this data type in a meaningful way. At the time, the UK's Information Commissioner's Office described the approach as "irresponsible." Google cited the same PETs - on-device processing, TEEs, and secure multi-party computation - as the mitigating infrastructure. The August 2026 launch in the EEA, UK, and Switzerland is a direct continuation of that trajectory.

PPC Land has tracked a parallel development in AdSense itself. On June 1, 2026, Google launched a control in AdSense that lets publishers include the full IP address in programmatic bid requests sent to demand partners. That feature, which is off by default, restores the fourth octet of an IPv4 address that Google had been truncating - a precision level meaningful for business-to-business targeting and fraud detection. The two moves are architecturally distinct: the June 1 publisher control concerns outbound IP data in bid requests, while the August 3 announcement concerns Google's own inbound use of IP data for measurement and personalization on the demand and measurement side. They are, however, expressions of the same directional shift: after years of restricting IP signal access, Google is selectively widening it.

The Customer Match update from May 28, 2026 similarly reflects this pattern. Google added IP address ingestion to Customer Match through the Data Manager API, bundled via a new CompositeData field combining UserData and IpData with optional timestamp parameters. The carve-out for the EEA, UK, and Switzerland in that announcement aligned exactly with the geographic scope of the August 3 launch.

What the platform program policies say

The platform program policies document, last updated August 5, 2025, governs use of products including Authorized Buyers, Campaign Manager 360, Google Ad Manager 360, Google Ad Manager, Search Ads 360, and Display & Video 360. It covers "any platform, surface, or property used in connection with Google's platform products," explicitly listing Connected TVs, gaming consoles, and email publications alongside web and app environments.

According to the policies, publishers must disclose "any data collection, sharing and usage that takes place in connection with your use of Google products, including information about the technologies used, such as your use of cookies, web beacons, IP addresses, or other identifiers." IP addresses are specifically named in the disclosure requirement. The document also notes that Google "will not personalize ads to users if the user is signed-in to their Google account and the ad personalization setting for partner ads in their Google account is turned off, or if the account is ineligible for personalized ads."

On the personalized advertising side, the policies prohibit using Google products to target personalized ads based on a range of sensitive attributes. These include health or medical history, negative financial status, racial or ethnic origins, religious beliefs, criminal history, political affiliation, trade union membership, and sexual behavior or orientation. These exclusions apply regardless of which signal - including IP addresses - is used to build or target audiences.

For the US and Canada, the policies also maintain restrictions on demographic targeting in housing, employment, and financial services. Those restrictions bar targeting based on gender, age, parental status, marital status, or ZIP code in those verticals. The geographic scope does not overlap with the August 3 EEA launch, but the restrictions illustrate that IP-based personalization at the network level does not override product-level targeting rules.

Publishers operating through a TCF-registered CMP will need to verify two things before August 3. First, that their CMP surfaces Feature 3 in the consent UI for Google (vendor ID 755). Second, that the TC string their CMP generates includes Feature 3 in Google's entry. CMPs that are not updated to reflect the new registration may generate strings that understate Google's processing activities, which could expose publishers to challenges under GDPR's transparency obligations even if the underlying consent for data use is technically present.

Google's consent optimization auto-enrollment, which became active for many publishers in May 2026, does not automatically handle TCF registration changes. The optimization feature selects message formats to maximize consent rates from existing configurations. It does not update the underlying vendor list or Feature declarations. Publishers who have delegated consent management to Google's native CMP may be better protected, as Google committed to updating its own CMP configurations when its TCF registration changes. Publishers using third-party CMPs should treat the August 3 date as a hard deadline for CMP review.

The EU User Consent Policy FAQ, referenced in the email, provides additional detail on how Google expects publishers to handle IP address disclosures. The policy requires consent where it is "legally valid" - a phrase that carries specific meaning under GDPR Article 6, pointing to freely given, specific, informed, and unambiguous indications of agreement. For IP-based device identification, which falls under Feature 3, the consent touchpoint in most CMP implementations is the initial consent dialog and any subsequent preference management layer.

The broader architecture behind the announcement

The August 3 launch does not arrive in isolation. It follows a sequence of Google infrastructure changes that have progressively repositioned IP addresses from a signal that was minimized or truncated to one that is actively integrated into the measurement and personalization stack.

Google's Analytics consent overhaul, effective June 15, 2026, consolidated IP handling under Consent Mode within Google Ads. According to that announcement, IP addresses collected by the Google Tag and SDK are encrypted and flow to linked Google Ads accounts, where they are "controlled by Google Ads" and used in accordance with Google Ads settings and terms. The June 15 change removed Google Analytics settings as an independent control layer for advertising data, making Consent Mode the authoritative mechanism. The August 3 announcement extends that architecture into the EEA specifically: IP data that was previously not used for personalization in that jurisdiction will now be processed under PET-based methods when valid consent exists.

PPC Land's coverage of Google's fingerprinting policy shift in December 2024 noted that the company cited two drivers: advances in PETs, and the broader range of surfaces on which ads are now served. The email sent to publishers on June 17 uses almost identical language, referring to "advances in privacy-enhancing technologies" and the "broader range of surfaces on which ads can be served (such as Connected TVs and gaming consoles)." The 2025 platform policy update was a policy-level statement. August 3, 2026 is when that statement becomes an operational reality in European markets.

Whether the PET infrastructure actually delivers on its privacy commitments is a question that regulators in multiple jurisdictions are likely to examine. The ICO's characterization of IP-based targeting as "irresponsible" in late 2024 has not been withdrawn. The Belgian DPA's attention to IP flows in RTB contexts predates the current launch by years. And the practical question of whether on-device processing and TEEs prevent re-identification in the kinds of cross-site, cross-session measurement scenarios that programmatic advertising requires remains technically open. What August 3 will create is a live implementation against which those questions can be tested.

Timeline

  • December 2024 - Google modifies its platform program policies to permit IP address use for Connected TV advertising, citing PETs and expanding ad surfaces; UK's ICO calls the approach "irresponsible"
  • December 18, 2024 - PPC Land reports on the platform policy update covering privacy and emerging ad surfaces
  • February 16, 2025 - Platform program policy changes take effect, enabling IP-based targeting for CTV with PET protections
  • May 16, 2025 - Google removes account-level non-personalized ads control from AdSense European settings, directing publishers to TCF
  • August 5, 2025 - Google updates its platform program policies (last updated date on the published document)
  • November 3, 2025 - Google mandates TCF v2.3 migration for all publishers and CMPs by February 28, 2026
  • March 1, 2026 - TCF v2.3 mandatory deadline passes; enforcement begins with non-compliant requests defaulting to limited ads
  • March 26, 2026 - Federal judge approves Google RTB consumer privacy settlement, requiring implementation of RTB Control stripping IP addresses from bid requests for users who opt out
  • April 7, 2026 - Google auto-enrolls AdSense publishers in consent optimization with a May 7, 2026 activation date
  • April 16, 2026 - Google announces Analytics consent overhaul with key IP and consent changes effective June 15, 2026
  • May 28, 2026 - Google adds IP address ingestion to Customer Match via Data Manager API through new CompositeData field
  • June 1, 2026 - Google launches full IP address sharing control in AdSense; feature is off by default; restores the fourth octet of IPv4 addresses in bid requests
  • June 15, 2026 - Google Analytics transitions to Consent Mode as the single control layer for ad data; Analytics settings no longer independently govern advertising data collection
  • June 17, 2026 - Google sends mandatory service email to AdSense publishers announcing IP-based measurement and personalization solutions for the EEA, UK, and Switzerland
  • August 3, 2026 (on or shortly after) - Google begins launching IP-based measurement and personalization in the EEA, UK, and Switzerland; TCF registration updated to include Feature 3

Summary

Who: Google AdSense, via the Google AdSense Team operating from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The announcement affects all AdSense publishers whose integrations serve users in the European Economic Area, the United Kingdom, and Switzerland.

What: Google is launching IP-based measurement and personalization solutions in the EEA, UK, and Switzerland, using IP addresses received via publisher integrations and processing them through privacy-enhancing technologies - on-device processing, Trusted Execution Environments, and secure multi-party computation. Simultaneously, Google is updating its IAB Europe TCF registration to include Feature 3, "Identify devices based on information transmitted automatically," which requires publishers to update their consent disclosures accordingly.

When: The announcement was sent to publishers on June 17, 2026. The launch is scheduled to begin on or shortly after August 3, 2026.

Where: The scope covers three jurisdictions: the European Economic Area (27 EU member states), the United Kingdom, and Switzerland - the same three-territory bloc that Google applies its EU User Consent Policy to. Google Ireland Ltd, based in Dublin, is the legal entity behind the publisher communication.

Why: Google frames the launch as the practical activation of investments in privacy-enhancing technology infrastructure, applied to a jurisdiction where IP-based ad identification had not previously been used. The broader context is a multi-year shift in how Google handles IP signals across its ad products - a shift driven partly by the loss of third-party cookies as a reliable identifier, partly by competitive pressure from platforms already using IP targeting for Connected TV, and partly by legal and technical pressure from European data protection authorities who have simultaneously insisted that IP data be treated as personal data under GDPR.