Google's August 2026 IP Address Change: What It Means for Advertisers in Europe

Why this shift triggers GDPR consent requirements

IP addresses are personal data under GDPR . Because Google is changing the processing purpose from technical delivery to advertising measurement and personalization, the use now requires affirmative user consent in the affected regions . Advertisers must ensure compliance with Google's EU User Consent Policy (EU UCP) . If a user does not consent, Google cannot use their IP address for these advertising purposes.

Framework registrations and publisher disclosure updates

Publishers and advertisers need to update their consent flows and disclosures where necessary to explain that IP addresses may be used for ad measurement and personalization . Key compliance requirements include:

• Google EU UCP enforcement: Google has notified advertisers that compliance with the EU User Consent Policy is required where consent is needed .
• Consent Mode v2: A separate June 2026 Google privacy update makes ad_storage the sole authority over advertising data collection for Google Ads accounts linked to a site . This is relevant to consent-signal design, though the supplied sources do not establish it as the only mechanism for handling the August 2026 IP-address change .
• CMP / TCF implementation: The supplied sources do not provide enough detail to verify the precise IAB TCF or Google-certified CMP registration requirements for this specific IP-address change. Publishers and advertisers should treat CMP/TCF implementation as a compliance-design issue that must be checked against Google's current product documentation and their own legal obligations.

Privacy-enhancing technologies cited by Google

The available sources do not provide detailed specifics on the exact privacy-enhancing technologies (PETs) Google cites as safeguards for this change. What is documented is the role of consent-driven controls and the June 2026 change making ad_storage the key control for advertising data collection in linked Google Ads accounts . However, the supplied reporting on this specific IP-address announcement does not detail a named set of PETs, such as differential privacy, k-anonymity, or on-device processing.

Regulatory tensions framing this announcement

Google's IP address repurposing arrives in a landscape of regulatory friction.

Google's fingerprinting reversal — In December 2024, Google changed its advertising rules to allow fingerprinting, a technique that lets advertisers gather extensive data about users, including IP addresses and device-specific information . Privacy advocates criticized the move as a disregard for user privacy .

ICO criticism — The UK Information Commissioner's Office (ICO) criticized Google's fingerprinting policy direction, calling it irresponsible and noting that fingerprinting can undermine user control and transparency .

ICO's May 2026 advice on consent rules — On May 18, 2026, the ICO published advice to the UK government on potential amendments to PECR's storage-and-access-technology consent requirements . The ICO recommended a risk-based framework under which certain low-risk online advertising activities could operate without user consent, while higher-risk tracking would be treated differently . The ICO also emphasized that nothing has changed legally for now—existing consent rules remain in effect unless and until the law is amended .

Tension — Google is moving ahead with IP-address-based ad measurement and personalization while the ICO has suggested that some lower-risk advertising activities might not require consent in the future, but current rules have not changed .

Compliance burden: advertisers on the hook until Google deploys its own choice mechanism

Advertisers bear the immediate compliance burden because Google has notified advertisers that it will begin using IP addresses for ad measurement and personalization in the EEA, UK, and Switzerland, and reporting says consent is required for this use . That means:

• Advertisers must obtain and pass appropriate consent signals for the collection and use of IP addresses for ad measurement and personalization where required .
• Google's own user-facing choice mechanism is not documented as already deployed in the supplied sources. Until a Google-controlled choice flow is available and clearly applicable, the practical burden remains on advertisers and publishers to manage consent through their own consent flows .
• No specific deployment date for such a Google choice UI is established in the supplied sources, so the interim period beginning on or shortly after August 3, 2026 places the operational compliance burden on the advertiser/publisher side .

Quick reference: Key details of the change

The core takeaway: Google is changing the purpose for which it uses IP addresses in the EU, UK, and Switzerland from technical ad delivery toward advertising measurement and personalization, and reporting says that this requires affirmative user consent in the affected regions . Until a Google-controlled choice mechanism is clearly deployed and applicable, the practical compliance obligation sits with advertisers and publishers managing their own consent flows .