[Redacted]

Archives
Subscribe
May 26, 2026

You're about to discover if your CMP actually works

Are you ready for the Google changes on June 15th?

I have now spent more hours than I’d like to admit looking at CMP configurations this month.

Everyone thinks theirs is fine.

Most are not.

And Google just made that a bigger problem.

From 15 June (2026), Google is changing how Google Analytics and Google Ads work together.

Not in a dramatic headline-grabbing way.

In a deeply operational “your consent setup suddenly matters far more than you realized” kind of way.

So what is actually changing?

Up until now, Google Signals acted as a kind of control layer between GA4 and Google Ads.

That meant some organizations relied on Google Signals settings to limit how advertising data was shared and used, even when GA4 and Google Ads were connected.

In practice, it acted like a safety net.

Not a perfect one.

But an additional layer sitting between your Analytics setup and Google Ads data use.

That is going away.

From June, Google Ads will stop using Google Signals settings as the control point for advertising cookies and identifiers.

Instead, Consent Mode becomes the source of truth.

Specifically ad_storage.

So now the question becomes:

What is your CMP actually telling Google?

Because after June, there is no secondary control layer sitting behind the scenes.

No fallback.

No “Google Signals will handle it”.

If ad_storage is granted, Google Ads can use advertising cookies and identifiers.

If it is denied, it cannot.

Simple in theory.

Potentially a clusterfuck in practice.

Why this matters more than people think

A lot of teams still treat consent banners like infrastructure.

Necessary.
Annoying.
Something the CMP vendor handles.

But this change pushes the consent banner much closer to core marketing operations.

Because now your banner is not just collecting preferences.

It is directly controlling how advertising data can be used across Google’s ecosystem.

And I do not think most organizations fully understand how their current setup behaves.

Especially once you start looking at:

  • default consent states

  • timing issues

  • tag firing before consent updates

  • vague button wording

  • misconfigured Consent Mode

  • CMPs that technically work while still confusing users completely

That last one is my personal favorite.

“We’re compliant” and “our users understood what they agreed to” are very different things.

The uncomfortable question

Does your banner actually explain what happens when someone clicks “accept”?

Or are we still pretending vague wording counts as informed consent?

Because this is where the conversations get interesting.

Not in legal theory.

In customer expectation.

Would your customer reasonably expect their consent choice to affect how Google Ads uses their data?

Would they understand that advertising identifiers may be used once consent is granted?

Would they be surprised?

And more importantly:

Would you be surprised if you audited your current setup properly?

Because I suspect quite a few organizations are about to discover their implementation behaves differently than they assumed.

What I would check before June

Honestly?

I would not leave this until the week before rollout.

Because if your Consent Mode setup is wrong, Google Signals is no longer there acting as an additional control layer behind the scenes.

I would be looking at:

  • whether GA4 and Google Ads are linked

  • whether Google Signals is currently being relied on operationally

  • how your CMP sends Consent Mode signals

  • whether ad_storage (and other consent settings) is configured properly

  • whether your broader Consent Mode setup reflects the choices users actually made

  • whether tags are firing before consent updates happen

  • whether your privacy notice still describes reality rather than the version written two redesigns ago

The bigger issue underneath all this

This is another example of something DP teams have been saying for years.

Data Protection is not sitting separately from marketing anymore.

The consent experience is part of marketing.

The tracking setup is part of customer experience.

And if your implementation does something users would never expect?

That is not just a compliance problem.

That is a trust problem.

And trust problems are usually much more expensive.

Honestly, I think a lot of organizations should review their setup properly before June.

Because I suspect many teams think they have more control in place than they actually do.

If you want help checking how these changes affect your setup, feel free to reach out.

Don't miss what's next. Subscribe to [Redacted]:
Older → Unlock Growth: Why ROPAs Are Your Secret Weapon

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Share this email:
Share on LinkedIn Share on Hacker News Share on Reddit Share via email Share on Mastodon Share on Bluesky
Bluesky
LinkedIn