Google has begun notifying advertisers that it’s going to begin utilizing IP addresses for advert measurement and personalization throughout the European Financial Space (EEA), the UK and Switzerland on or shortly after August 3, 2026.
IP addresses are acquired by on-line providers on practically each request, and the observe is routine throughout a lot of the world. However doing it within the UK and EU, the place an IP handle is regulated private knowledge, is new.
What’s altering
Google already receives these IP addresses to route visitors and ship advertisements, via buyer tags, SDKs, HTTP calls and uploads.
What adjustments on August 3 is the aim: the identical addresses will probably be used to establish units for measurement and advert personalization, which is the use that triggers consent necessities below UK and EU legislation.
Google will even register below the IAB Europe Transparency and Consent Framework (TCF) for Function 3, “Determine units primarily based on data transmitted robotically.”
Underneath the framework, Function 3 is the strategy for distinguishing a tool from the information it sends robotically, together with the IP handle.
It’s not a consent step in itself: it attaches to the personalization functions, which require person consent slightly than official curiosity.
The corporate frames the change round privacy-enhancing applied sciences, or PETs, itemizing on-device processing, trusted execution environments and safe multi-party computation.
Some personalization options won’t arrive till later this 12 months or early subsequent, at which level Google says it’ll let customers by itself properties make a alternative about IP-based personalization.
Why it issues
Google has used IP indicators in promoting elsewhere on the planet for some time to battle spam and fraud, and maintained that IP is already widespread throughout the advertisements ecosystem.
The EEA, the UK and Switzerland are completely different, nevertheless, as a result of an IP handle is private knowledge below GDPR, and utilizing one to establish a tool is a constructing block of fingerprinting, the observe of monitoring a tool when cookies are blocked or cleared.
Google itself as soon as took that view.
In 2019, its then Chrome engineering director Justin Schuh wrote that fingerprinting subverts person alternative and is incorrect, as a result of customers can’t clear it the way in which they’ll clear cookies.
Google reversed that stance in December 2024, dropping its prohibition on fingerprinting for advertisers.
The UK’s Data Commissioner’s Workplace (ICO) known as the reversal “irresponsible” inside a day.
The timing now’s the awkward half. On Might 18, 2026, the ICO revealed recommendation to the UK authorities on altering the consent guidelines for internet marketing.
Its most well-liked method would enable some promoting with out consent solely the place it’s primarily based on the context being considered, not an individual’s exercise over time, and would hold consent necessary for monitoring that profiles individuals throughout providers.
IP-based personalization throughout surfaces sits on the consent-required facet of that line.
The ICO has burdened that nothing has modified but and present guidelines nonetheless apply.
Google’s buyer e-mail pushes the compliance burden onto advertisers, reminding them they continue to be certain by its EU Person Consent Coverage and should get hold of legitimate consent from customers within the affected areas.
What customers can do
The user-facing alternative over IP-based personalization won’t arrive till later in Google’s rollout.
Till then, the obtainable controls are the acquainted ones: declining non-essential cookies and consent prompts, and reviewing the advert personalization settings below your Google account at myadcenter.google.com.
Whether or not that squares with the ICO’s Might recommendation, which might hold consent necessary for cross-service profiling, is the query Google’s rollout now raises.
Safety groups log 54% of profitable assaults and alert on simply 14%. The remaining transfer via your setting unseen.
The Picus whitepaper reveals how breach and assault simulation assessments your SIEM and EDR guidelines so threats cease slipping by detection.
