Skip to content

Update May – a new Google cookie policy change is coming that will affect your Google Ads account and other ad accounts’ abilities to remarket, retarget and report. Please watch the video below to know exactly what changes are coming, how this will impact your digital marketing and, more importantly, how to overcome them.

In this video, Hend explains what this change means for your business, what you can do to rectify these changes, and what we’re doing for our clients.


If you don’t have time to watch the video above, read here for the main takeaways and action points:

What’s changing?

  • As of May 2018, GDPR came into effect to protect user data. This changed how we store and use data, and the laws mean you can get fined. This has been updated several times, most notably in July 2019, to make cookie consent more explicit.
  • This year more changes are coming to cookie policies, creating more limitations.
  • There’s a lot of information out there, essentially businesses and marketers need to be transparent about personal data they are collecting on users.
  • Now what is data? Personal data is any information that you could use to identify a person. So that includes their name, phone number, photos, IP address.
  • These identifiers are heavily used in digital marketing by both analytics and the ad platforms, such as Google & Facebook.
    IP addresses and cookie identifiers can be considered as personal data – which are heavily used in digital marketing by both analytics and ads platforms alike.

What does it mean for you and your business?

In order to be GDPR compliant, you need to make some changes, current guidance says you need to:

  • Clearly indicate your site uses cookies.
  • Only start tracking user activity and assigning cookies once the user has opted in to be tracked.
  • Make sure that data is safely secured, by putting measures in place so no one can access or hack your data. That would include things like antivirus software, etc. It’s vital that no one can access that information.
  • Have a record of user consents and be able to remove data at a user’s request.
  • You’ll likely need to update your privacy policy, this is important. Explain what safety measures you’ve put in place, regarding how user data is handled/used, and update your cookie policy to describe which cookies are being used on your site and why. This should clearly explain what data you’re going to be taking from people and how you’ll be using it.
  • It helps to implement a GDPR compliant cookie management system, like Cookiebot or Civic, which categorise cookies and give users opt-in control.

What effects will it have?

  • Trends of up to 10-50% drop in audience visibility.
  • Impact on remarketing display audiences.
  • Decreased visibility on marketing channels and spend attribution.
  • A change in the reported cost per acquisition data on ad platforms, such as Google Ads. New cookie policy will mean that advertisers will still be charged for clicks where cookies are declined, so costs and clicks will still be visible, but conversions will no longer be visible. With this in mind, it may appear that less conversions are taking place, when they actually are, but are no longer visibly reported on in these platforms, to protect user privacy further.

What can we do to fix or at least close the expected gap this change will have on tracking?

  • Allow people to positively opt-in to you having their data and using it for marketing purposes, that means UX (user experience) creating your cookie consent dialog whilst staying GDPR sensitive.
  • A good example of that would be having a tick box next to a contact form, saying “yes you can use my data”.
  • Monitor the drop in traffic (eg. use the cookie management system, like Cookiebot, to compare opt-in vs opt-out).
  • Adjust target cost per leads or ROAS.
  • Manage expectations (If 30% opt out then you should expect to lose sight of 30% of conversions. Those conversions are still happening, but they are invisible to conversion tracking).

What has Fountain done so far?

  • Worked with clients to categorise cookies from services we utilise and implement GDPR compliant cookie management systems.
  • Invested in alternative tracking solutions, like GA4 (Google Analytics 4), which give data control back to organisations or bypass cookies altogether.
  • Experimented with Google Consent Mode but this implementation is not yet commercially ready for businesses as we found that traffic visibility dropped dramatically with no way to recover data.
  • Finally, we’re working towards transparent experiments in collaboration with some of our clients.

Useful resources: