The news: Google, Microsoft, and Meta ad services continued to track users even after they opted out of cookie tracking or enabled Global Privacy Control (GPC), per an independent audit. 

The first-of-its-kind audit in California by privacy firm webXray found that 194 ad services ignored those settings, including Big Tech firms, per PPC Land. 

• Google: Its ad stack still behaved as if users had not opted out in 86% of page loads.
• Microsoft: It ignored opt-outs in 50% of page loads and set a tracking cookie that recognized returning users for one year. 
• Meta: Its ad stack behaved as if users had not opted out in 69% of cases and dropped tracking cookies regardless of GPC or user privacy settings.

In all, webXray found 4,170 non-compliant sites out of the 7,000-plus it audited. Those sites could be violating California’s privacy law, with potential total liability at $5.8 billion.

Implications for brands: Ad targeting is shifting away from relying on third-party cookies to privacy-first models, but legacy tracking still persists. Brands relying on standard compliance infrastructure are likely violating privacy law when even Google-certified consent tools fail to stop tracking. For advertisers, this is both a legal and trust crisis.

• Legal liability is now measurable and individual. Thanks to clear audit methods and past settlements (like Sephora’s and Disney’s) based on California’s privacy laws, regulators and plaintiffs now have a roadmap. Brands—not just ad tech vendors—may be held accountable for their own sites.
• Your consent stack is likely broken. In webXray’s audit, every Google-certified consent management platform failed to block Google’s ad cookie after a GPC opt-out. 

Brands must independently test their sites for GPC signal handling across platforms—instead of relying solely on vendor claims—and make necessary adjustments to avoid privacy backlash and potential fines.

This content is part of EMARKETER’s subscription Briefings, where we pair daily updates with data and analysis from forecasts and research reports. Our Briefings prepare you to start your day informed, to provide critical insights in an important meeting, and to understand the context of what’s happening in your industry. Non-clients can click here to get a demo of our full platform and coverage.