Google’s IP Targeting Refresh

After years of telling advertisers that the use of IP addresses for targeting were off limits, Google had a change of heart. In late December, Google announced it was “refreshing” its platform policies in light of two major shifts in the digital advertising ecosystem.

The first is the advances in privacy-enhancing technologies (PETs), including on-device processing, trusted execution environments (TEEs) and secure multi-party computation (SMPC). Let’s take a minute to look at why these PETs are considered privacy compliant.

• On-Device Processing. Instead of sending user data to a company’s servers, the data is processed directly on the user’s device, whether that’s a computer, mobile device or CTV. Because the data never leaves the device, it meets Google’s requirements for privacy.
• Trusted execution environments. Think of these as mini-clean rooms that happen to be on the consumer’s device. Data is processed in these environments without exposing it to the rest of the system. TEEs tend to have strict controls over what data can enter and exit the environment. While clean rooms are physical environments managed by a third party, TEEs are virtual environments on a consumer device.
• Secure Multi-Party Computation. This is a cryptographic protocol that lets multiple parties work together to calculate an answer using their confidential information. Neither party sees the private data to the other participants in the process.

The second shift is the growing popularity of Connected TV (CTV). As Google notes in its announcement, targeting by IP address is already “commonly used in the broader ads ecosystem to help marketers reach people across their customer journey and measure how their ads are working, especially on CTV.”

For advertisers, this shift is crucial as third-party cookies are deprecated. With IP address targeting, Google will no longer prohibit fingerprinting techniques for advertisers using its products. Instead, it requires brands to disclose when these practices are used.

Fingerprinting & Privacy: A Controversial Trade-Off

Fingerprinting is the process of combining multiple data points — such as IP addresses, browser settings, and device information — to create a unique user profile. This method lets brands track consumers across platforms, even without cookies. This explains why you might see ads on Facebook for brands whose website you visited, even after blocking third-party cookie tracking in Chrome.

But fingerprinting, even when paired with PETs, raises privacy concerns. IP addresses are a critical component of fingerprinting, and their use in this way has drawn regulatory scrutiny, particularly in the EU.

Already, the UK’s Information Commissioner’s Office (ICO) has expressed concerns. In a December blog post, Stephen Almond, the ICO’s executive director of regulatory risk, called Google’s policy shift “irresponsible,” arguing that fingerprinting could reduce consumer choice and control over how their data is collected. Almond noted that fingerprinting effectively replaces the functions of third-party cookies.

Moreover, the EU considers IP addresses data to be protected. For instance, GDPR explicitly lists IP addresses as personal data if it enables you to identify the user behind the IP address.

For this reason, we believe that more EU regulators will object to fingerprinting. This raises the question: How can Google enable effective targeting while remaining in compliance with privacy regulations and consumer expectations?

A Happy Medium: Synthetic IP Address

Since our founding, Digiseg has used IP address targeting — but with a  twist. Digiseg produces synthetic IP addresses that are not linked to a specific household or individual. These IP addresses pack a lot of insights. Is this user accessing the web from home or from work? What type of neighborhood characteristics are associated with this IP address?

Here’s how it works:

This approach alleviates the need for all other privacy-enhancing technologies (PETs) described above because it never touches any personal data/PII, nor does it employ tracking of any kind.

Why Google Should Embrace Synthetic IPs

If Google were to integrate synthetic IP address targeting into its platform, it would achieve three key objectives:

1. Regulatory Compliance. Synthetic IPs align with GDPR and similar privacy laws, reducing regulatory risk while enabling effective targeting.
2. Strengthened Privacy Credentials. Google’s adoption of synthetic IPs would reinforce its commitment to privacy-first advertising, enhancing trust among consumers, advertisers, and regulators.
3. A Competitive Edge in CTV: CTV relies on IP-based targeting, and synthetic IPs provide a scalable, privacy-compliant way to deliver precise audience segments without invasive tracking.

Great Media Outcomes for Advertisers and Consumers

For advertisers, Digiseg audience segments built on synthetic IP addresses have consistently delivered strong campaign performance, typically higher than the industry average. By integrating this methodology, Google can offer advertisers the ability to execute high-performing campaigns while staying true to their privacy commitments.

For consumers, synthetic IPs offer better privacy protection by eliminating the collection of deterministic data. This means no behavioral tracking, no personal data storage, and no invasive personalization—just relevant aligned ads.
Google’s shift on IP targeting presents an opportunity to lead the industry with privacy-first solutions. By incorporating synthetic IP address targeting, Google can balance advertiser needs with consumer expectations, paving the way for a more ethical and effective advertising ecosystem.