Google Analytics Changed Mid-June. Your Business Data Has Been Wrong Since.

Here is a pattern that has repeated across several sites we monitor since mid-June.

A business owner logs into their analytics dashboard, the same one they have checked every Monday morning for two years. Sessions are down. Not dramatically down. Fifteen to thirty percent. No change to the site. No error alerts in the monitoring stack. Traffic from the usual sources looks normal. But the visitor count is quieter than it should be.

The scenario that keeps coming up in operational monitoring goes like this. Picture a café owner on the Galway Quays with three years of solid analytics data: Monday spikes after local coverage, the summer surge from June onwards, which pages drove phone enquiries. Solid, operational intelligence. Then in the third week of June, the numbers go wrong. Not obviously wrong. Just quieter. About a third quieter.

The site is fine. The analytics are not.

In mid-June 2026, Google updated how Google Analytics 4 handles consent mode for European Economic Area users. Analytics professionals tracking the change report it unified consent mode into a single control, removing a previous dual-signal setup that had let some data pass through even when consent was declined. ^[1] The practical effect: when a visitor declines your cookie banner, GA4 now strips more data than it did before. Device identifier gone, advertising cookie gone, the session count unchanged at zero. As far as your dashboard is concerned, that visitor was never there.

For Irish businesses in a market where consent rejection runs higher than the global average, the data gap that was already present has widened.

What Actually Changed

The consent mode update is not a bug. It is enforcement.

Google's consent mode framework was already designed to reduce data collection from non-consenting visitors. The mid-June update tightened the implementation. Under the previous setup, some signals persisted even after a visitor declined. Under the current setup, denial means near-total data absence for that visitor.

This is Google's architecture catching up with what Irish and EU law has required for years: if a visitor tells you they do not consent to analytics tracking, you should not be tracking them. GA4 is now doing that more precisely. The visible effect in your dashboard is fewer reported sessions.

The problem is not the enforcement. The problem is that most Irish business websites were not built with this data gap in mind. They were configured with GA4, a cookie banner of varying design quality, and an assumption that the numbers they saw represented their actual visitors. That assumption was always optimistic. From mid-June, it is more obviously wrong.

The Compliance Obligation Behind It

Before looking at what to do, it is worth understanding the underlying legal obligation clearly.

Irish law, specifically SI 336/2011 (the ePrivacy Regulations) combined with GDPR, requires prior consent before analytics cookies can fire. Prior means before the cookie loads, not after the visitor has been browsing for a few seconds. The consent must be affirmative and specific: a pre-ticked box does not count, and a close button that implies acceptance does not count. Critically, the reject option must be as prominent as the accept option. ^[2]

The Data Protection Commission publishes clear guidance on this and does conduct compliance sweeps. The DPC's enforcement powers for ePrivacy breaches are currently procedural rather than financial, meaning enforcement notices rather than direct fines for cookie banner violations specifically. GDPR applies to the wider data processing picture, however, and fines under GDPR are real. The compliance obligation sits with the website owner regardless.

The GA4 change did not create this legal requirement. It made the analytics platform reflect the legal reality more faithfully. Visitors who declined consent were always supposed to be invisible to your tracking. Now they more reliably are.

For an overview of the broader security and compliance obligations that apply to Irish business websites, Web60's complete WordPress security and compliance guide is a useful reference point.

How Big Is the Gap

Consent rejection rates in European markets vary considerably. Industry estimates, mostly from analytics vendors who benefit from the number being high, suggest somewhere between 30% and 70% of visitors on European business sites decline analytics consent. Those figures carry obvious commercial motivation, and the true figure for any given site depends heavily on banner design, sector, and visitor demographics. Treat them as directional rather than precise.

What is more reliable is the underlying logic. If a meaningful portion of your visitors are declining consent, your analytics data reflects a biased sample. The visitors who accepted cookies and the visitors who declined may behave differently — different purchase intent, different referral sources, different stages of a buying decision. You cannot know, because one group is invisible to your current tool.

The mid-June update means that group is now more reliably invisible. If your session count dropped in the third week of June and you cannot attribute it to seasonality or a traffic source change, consent mode tightening is the most likely operational cause.

The Architecture That Removes the Problem

There is a different approach to website analytics that removes the consent dependency from the equation entirely.

Privacy-first analytics tools do not use cookies or persistent identifiers. They measure traffic using aggregated, anonymised signals at the server or network level. No cookie means no consent requirement under SI 336/2011. Every visitor shows up in the dashboard, regardless of their cookie preferences, because there is nothing to consent to.

This is not a compliance workaround. It is a different data model, and for most local businesses, it produces more complete and more honest data than a consent-dependent tool filtered through a cookie banner.

Web60 includes privacy-first analytics as standard across all plans. The visitor tracking built into the Web60 platform covers the business intelligence most local firms actually need: traffic volumes, referral sources, popular pages, session patterns. No banner. No consent architecture. No data gap from rejection rates. Web60's earlier article on cookie-free analytics for Irish businesses covers the technical comparison between approaches in more detail.

One thing to be clear about on the privacy side: removing the cookie consent banner does not eliminate all disclosure obligations. Cookie-free analytics tools should still be mentioned in your site's privacy policy for full transparency, even when no consent is required under ePrivacy Regulations. The compliance burden drops significantly; it does not disappear entirely. If you are uncertain about remaining disclosure requirements, check with your solicitor.

What This Does Not Replace

Being direct about the limitation here.

GA4 with properly implemented Consent Mode Advanced provides conversion attribution, audience segmentation for paid campaigns, and integration with Google Ads bidding. If a significant portion of your marketing budget runs through Google Ads and an agency manages conversion tracking for you, cookieless analytics does not replace GA4's function in that workflow. For that setup, professional Consent Mode Advanced implementation is the right operational answer.

For businesses without active paid search campaigns, the case for GA4 is substantially weaker after this update. The consent compliance overhead, the data gaps introduced by rejection rates, and the mid-June tightening all add operational friction to a tool whose core value is now less complete than it was twelve months ago.

If you are running paid ads: keep GA4 and get professional consent mode implementation. If you are not running paid ads: the simpler tool gives you more complete data with less overhead.

Three Things Worth Checking This Week

Verify your consent banner fires before GA4 tags load. Open your site in an incognito window and watch whether analytics tracking requests appear in the browser's network tab before you interact with the cookie banner. If they fire before consent interaction, you are collecting data outside valid consent. That is the core compliance issue, separate from what the June update changed.

Review your session count around 15-20 June. If you saw a drop you cannot explain through seasonality or known traffic changes, consent mode tightening is the most probable cause. Knowing what happened is operationally useful even if you do not change your setup immediately.

Assess whether GA4 is earning its compliance complexity. If you are not running paid campaigns that depend on GA4 conversion data, the cost-benefit calculation for maintaining a compliant GA4 implementation has shifted. That is worth revisiting.

The Direction of Travel

The mid-June change is one update in a longer trend. Browsers have been restricting third-party cookies for years. Privacy regulations across the EEA have pushed platforms to enforce consent more strictly. GA4's consent architecture has been tightening incrementally. This is not the last update in that direction.

The data collection model that most business websites were set up on, before privacy-conscious users started declining cookies at scale, was always going to face this pressure. The question for any Irish business owner is not whether this trend continues, but how to handle it operationally now rather than after the next update widens the gap further.

For most local businesses, the answer that holds up over time is the architecture that never required consent in the first place. Every visitor counted. No banner negotiation. No compliance audit on cookie firing order. The data is not more sophisticated than GA4. It is more complete, and more honest about what it is measuring.

Sources