Starting August 4, Google will begin using IP addresses to track and personalize ads in the UK, EEA, and Switzerland, a move that challenges GDPR compliance and heightens user privacy risks while emphasizing the growing role of VPNs for protection.

  • Google shifts IP tracking for ads to third-party advertisers in UK/EEA
  • Tracking IPs classified as invasive profiling under GDPR regulations
  • VPNs remain essential to protect user privacy amid rising tracking

What happened

Google announced that from August 4 it will start using IP addresses for advertising measurement in the UK, European Economic Area, and Switzerland. Until now, IP addresses were primarily used for routing traffic and displaying ads. The update means that third parties can build more personalized advertising profiles based on IP-derived tracking.

This change represents a significant shift as IP addresses are considered personal data under GDPR rules in these regions. Google will place the responsibility for obtaining valid user consent on the advertisers themselves, requiring compliance with its User Consent Policy. Users will have limited direct control over this new form of tracking.

Why it matters

Tracking IP addresses for ad targeting amounts to fingerprinting, a practice deemed invasive under EU and UK privacy laws. It enables advertisers to create persistent profiles linking users’ digital activity across websites, raising serious risks of privacy erosion and potential data exposure. This move reverses Google’s earlier stance against fingerprinting, which it previously labeled as damaging to user choice.

The UK’s Information Commissioner's Office has already criticized Google’s reversal as irresponsible, especially since recent guidance reaffirms that behavioural profiling requires explicit user consent. By shifting consent burdens to advertisers, Google increases the chances of unclear consent interactions, potentially pressuring users into agreeing without understanding the implications.

What to watch next

Regulatory bodies in the UK and EU are likely to scrutinize how advertisers implement consent mechanisms and whether Google’s new policy respects data protection laws. The effectiveness of user controls when it comes to IP-based ad personalization will be a key area of focus, considering limited current opt-out options beyond cookie and ad settings.

Consumers concerned about privacy should consider using VPNs, which mask their IP addresses and reduce tracking risks by routing internet traffic through external servers. Leading VPN services offer powerful security features that can help users reclaim control over their digital footprint as policymakers and tech giants continue to navigate the complex balance between targeted advertising and privacy.

Source assisted: This briefing began from a discovered source item from TechRadar. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings