Google’s advertiser notification, sent June 17, 2026, targets on or shortly after August 3 as the date when IP address use shifts from traffic routing to device identification for ad measurement and personalization across the EEA, UK, and Switzerland. That shift triggers consent requirements under GDPR and PECR.
Google already receives those IP addresses on nearly every ad request through customer tags, SDKs, and HTTP calls. August 3 changes the declared purpose. The same addresses will identify devices for measurement and personalization, the use that requires user consent rather than legitimate interest under UK and EU law. Google will also register under the IAB Europe Transparency and Consent Framework for Feature 3: “Identify devices based on information transmitted automatically.”
The timing sits awkwardly against Google’s own record. In 2019, Chrome’s then-engineering director Justin Schuh wrote that fingerprinting “subverts user choice and is wrong” because users can’t clear it the way they clear cookies. Google reversed that prohibition in December 2024; the ICO called it “irresponsible” within a day.
This rollout directly tests the ICO’s position. On May 18, 2026, the ICO advised the UK government on consent rules: consent should stay mandatory for cross-service profiling; contextual advertising could eventually operate without it, but IP-based personalization across surfaces doesn’t get that exemption. Existing rules still apply. Google launching before any rule change means advertisers absorb the regulatory exposure.
Google’s email makes that burden explicit: you’re still bound by its EU User Consent Policy and must obtain valid consent from users in the affected regions before Google’s IP-based solutions go live. If you’re running Google campaigns in the EEA or UK, your consent mechanism needs to cover IP-based personalization before August 3.
Rebecca Lauren