Google just changed the rules on consent, and you’re probably no longer compliant with Australia’s Privacy Act. If you use Google Analytics and Google Ads, there’s an important change that comes into effect on 15 June 2026.
What’s changing?
Today, there are two separate controls that decide whether advertising data flows from your site into Google Ads:
- Google Signals (in GA4)
- Consent Mode (via your cookie banner, specifically ad_storage)
Until now, either one being turned off would block ad data collection.
Now, that changes. From 15 June 2026:
- Google Signals will no longer control advertising data
- Only Consent Mode (ad_storage) will control what gets collected
In other words: If your consent banner is wrong, nothing else will save you. This makes your cookie consent banner the single most important control in your entire marketing stack.
Why does it matter?
Google’s positioning the change as “simplification”, okay sure, two overlapping controls was confusing. However:
- Many consent banners are misconfigured
- Some default to “granted” before user interaction
- Others don’t correctly pass Consent Mode signals at all
So why should you care? With the update, those issues don’t just affect measurement. They directly impact:
- How much user data is collected
- Whether that data is legally compliant
- Your exposure under privacy law
And no, this is not just an EU/GDPR problem. This affects everyone, including Marketers in Australia and APAC. So if you’re a marketer anywhere in the world and you’re running paid media, using Google Ads, and/or Google Analytics, this directly affects you, your measurement, tracking, performance, and compliance.
What happens depending on your consent setup
With your cookie consent banner now being your most important factor in your data governance, it all comes down to your ad_storage setting.
If ad_storage = granted
- Google Ads collects full user activity
- Data can be linked to signed-in Google accounts
- You may be collecting more data than before (depending on your current setup)
If ad_storage = denied
- Tracking falls back to limited signals (e.g. click IDs)
- You retain basic conversion tracking
- But you lose:
- Audience building
- Remarketing effectiveness
- Measurement accuracy
Compliance Risk (the part most marketers miss)
This is not just a tracking issue, it’s a legal one. If you plan on doing nothing, then you probably plan on being non-compliant.
Default “granted” consent banners are a problem
If your cookie consent banner:
- Fires tracking before consent, or
- Uses pre-ticked / default-on settings
… it does not meet Australian privacy standards.
Under the Australian Privacy Act, consent must be:
- Current
- Specific
- Informed
- Voluntary
Default “yes” simply doesn’t cut it.
You’re liable, not Google
The Office of the Australian Information Commissioner (OAIC) has already made this clear. If your tracking setup is flawed, your business is responsible, not Google.
Tracking pixel liability sits with the business, not with Google. The OAIC made this explicit in its November 2024 tracking pixel guidance. If the consent mechanism is flawed or the privacy policy doesn’t properly disclose what’s happening, the liability lands on the advertiser as the data controller, not on Google.
And they’re able to enforce it with up to $330,000 per breach under the 2024 amendments.
Stricter consent rules are coming
Beyond the above, Tranche 2 of Australia’s Privacy Act reforms will drop in 2026 (expected May/June), and are likely to:
- Expand “personal information” to include online identifiers
- Introduce a “fair and reasonable” test
- Tighten consent requirements
Translation: Fixing this later will be more expensive than fixing it now.
Looming Deadline
The deadline is approaching fast.
- Hard change date: 15 June 2026
- Recommended fix window: Before 1 June 2026
This will give you just enough time to test, time to catch breakages, and time to avoid scrambling post-change.
What to do NOW
This is not a “nice to have”; this is a must-do audit to remain compliant under the law.
Audit your Consent Mode setup
Audit your Consent Mode setup by checking these parameters:
- ad_storage
- ad_user_data
- ad_personalization
- analytics_storage
Ensure they fire correctly AND match what your banner actually shows users.
Fix your default state
Ensure your banner defaults to “denied”, only switching to “granted” after user action. This is your first priority if your default state is currently “granted”. Fix immediately.
Update your privacy disclosures
Your policy must reflect:
- What data is collected
- How it’s used (especially post- 15 June)
Capture a 30-day baseline now
Pull performance data from both Google Analytics and Google Ads now, over the past 30 days, so that any post-cutover changes can be isolated cleanly.
Loop in legal
Don’t leave compliance as an afterthought. Legal needs to be in the loop early.
- Brief legal/compliance teams before mid-May
- Align on consent language + disclosures
Schedule your post-change checkup
After the 15th June deadline, in mid-to-late June:
- Validate tracking
- Check campaign performance
- Confirm nothing silently broke
Our take
This is one of those rare changes that hits performance, measurement, and compliance all at once.
Sure, Google has simplified the system, but in doing so, they’ve:
- Removed a big safety net (Signals)
- Shifted responsibility to your consent setup
- Increased the risk of silent misconfiguration
If your consent banner isn’t airtight, you’re exposed.
The good news?
The fix is straightforward.
The bad?
Most teams haven’t even realised this is happening yet.
Need help?
If you’re not absolutely 100% confident in your Consent Mode setup, now’s the time to check.
We’re already auditing this across client accounts and finding issues more often than not.
Better to catch it in May than explain it in July. Get a free consultation.
