Google is releasing its Consent Mode v2 as part of its efforts to better align with European privacy laws and consumer protection regulations.
If you use Google services to track the online behavior of users in the EU or European Economic Area (EEA) or Switzerland, you must implement Google Consent Mode v2 by March of 2024. Otherwise, you will lose access to useful Google features of ad remarketing, ad personalization, and important measurements.
Let's take a deeper look at what Google Consent Mode is and how to utilize it to the benefit of your business.
- 1. How Does Google Consent Mode Work?
- 1.1. What are the Differences Between Consent Mode V1 and Consent Mode V2?
- 1.2. What are the Differences Between Basic Consent Mode and Advanced Consent Mode?
- 2. Using Google Consent Mode with Google Ads
- 3. Using Consent Mode with Google Analytics
- 4. Google Consent Mode Supports These Services
- 5. Why is Consent Necessary to Process Personal Data?
- 6. Is Google Consent Mode Compliant With Privacy Laws?
- 7. How Can You Obtain Explicit Consent?
- 8. How Can You Get Started With Google Consent Mode?
- 9. How to Check If Google Consent Mode Works
- 9.1. Through Browser's Developer Tools
- 9.1.1. gsc: G100
- 9.1.2. gsc: G111
- 9.2. Through Google's Tag Assistant
- 10. Summary
How Does Google Consent Mode Work?
There are 4 tags which Google Consent Mode uses to control the behavior of cookies and Google tags:
- ad_storage: This tag will enable advertising-related storage, such as cookies
- ad_user_data: This tag will set consent to allow for sending user data that's related to advertising to Google
- ad_personalization: This tag will set consent to allow for personalized advertising
- analytics_storage: This tag will enable analytics-related storage, such as cookies
Here's what happens:
When your user gives consent, you can use Google Analytics and Google Ads cookies to measure and retarget ads as you usually would because the associate tags will function normally. On the other hand, if a user declines to give consent, then Google's Consent Mode will use pings to convey the message that events have occurred.
Pings are used for events, such as:
- Conversions (Pings are used as a notification that a conversion has taken place. For instance, on pages where Google Analytics has been applied, visits and events are logged and pings are then sent.)
- Consent status (When a user visits a site, a ping is sent from each page visited for each category of cookie.)
When consent is not given, Google Consent Mode allows you to gain conversion measurements from website traffic and Ad campaigns, although you will not get detailed information about your visitors. In other words, you'll still get valuable information even though you won't be able to conduct personalized advertising or retargeting campaigns.
In November 2023, Google released Consent Mode V2, a new way for businesses to communicate EEA and UK users' consent choices regarding the use of their personal data for advertising purposes to Google.
To comply with the new requirement, you'll need to implement Consent Mode V2 by March 2024. We've updated our Free Cookie Consent to work with Google Consent Mode V2.
Here's how you can integrate our Free Cookie Consent with the new Consent Mode V2:
-
Create the gtag function with the default consent states as denied:
-
Load the Google Analytics/Tag Manager script:
-
Communicate user consent status using Cookie Consent callbacks:
These instructions can be found on our Cookie Consent & Google Consent Mode V2 page. We also have a video walkthrough on how to integrate a cookie notice banner with Consent Mode V2.
What are the Differences Between Consent Mode V1 and Consent Mode V2?
The main difference between Google Consent Mode V1 and Google Consent Mode V2 that V2 has added two new and additional tags to Consent Mode: ad_user_data and ad_personalization.
These new tags allow websites to obtain opt-in consent from website users for the use of their data for ads, including personalized ads. This helps the website comply with laws like the GDPR that regulate how personal data is collected and used.
Google Consent Mode V2 has also introduced Basic Consent Mode and Advanced Consent Mode.
What are the Differences Between Basic Consent Mode and Advanced Consent Mode?
In Basic Consent Mode, Google tags are blocked until consent is granted. In other words, no data is collected until consent is granted. Only signals that have been given consent are sent to Google.
In Advanced Consent Mode, data is collected both when users give consent or deny it. When consent is given, data is collected as normally. When consent is denied, a ping is sent to Google without cookie data.
There are the following options for Consent Mode:
- Consent Mode V1 + V2
- Consent Mode V1/V2 in a Basic vs Advanced Mode
- Additional Consent, which is a different technical implementation
Google Additional Consent will only be relevant to you if your site implements IAB Europe’s TCF v2.2. This is a voluntary framework. It will impact Google AdSense, AdManager and AdMob by communicating a consent signal to vendors that are not yet part of the TCF Global Vendor list, but that are part of Google's Ad Tech Provider list.
Google Additional Consent does have some similarities to Google Consent Mode such as they both use Google Tags for communicating consent preferences given by users, and they both help with legal compliance.
Using Google Consent Mode with Google Ads
Consent Mode helps advertisers to gain valuable insights into conversion data when users declined the use of cookies by using the "ad_storage" tag to control cookie behavior and measure conversions. The tag is dependent on the user's consent choice and determines whether Consent Mode uses regular marketing cookies or switches to the use of pings to measure conversions.
Using Consent Mode, you'll be able to respect user privacy while still recording and measuring conversions from the following:
- Google Ads
- Campaign Manager
- Search Ads 360
- Display & Video 360
Think of it like this. Suppose a user visits your website and a conversion takes place. If the user accepts all cookies, reporting will continue as usual in your cookie pop-up. On the flip side, if the user declines to give consent and cookies aren't accepted, the ad_storage tag will ensure that marketing cookies are not read or written. In that case, you'll receive a more aggregated level of conversion data.
Here's an example of a cookie consent notice that includes an option for marketing/advertising cookies:
Selecting that option, or the option to "accept all" would send a signal to Google that advertising consent has been given.
Here's another example where the consent request is even more clear:
Using Consent Mode with Google Analytics
As previously mentioned, Google Consent Mode works with Google Analytics too. Here too, Consent Mode respects a user's choice to give or withhold consent when it comes to marketing cookies. If users don't consent to all cookies, then Google Analytics will disable features that rely on Google signals.
Here, Google Consent Mode uses the analytics_storage tag. In the same way that it uses the ad_storage tag, Consent Mode will use its analytics counterpart to determine whether it uses cookies as usual or whether cookieless pings are used. In that case, you'll still get basic measurements from Google Analytics.
You'll essentially get information on things like page views and the number of visitors. You won't gain enough data for retargeting purposes.
Here's an example of a cookie consent notice that requests specific consent to use analytics cookies. As long as that option isn't turned off to represent an opting out, that signal will be sent to Google:
Google Consent Mode Supports These Services
There are more than a few services, which Consent Mode supports. They include the following:
- Google Ads
- Google Analytics
- Floodlight (the conversion tracking system for the Google Marketing Platform)
You'll still gain the following non-identifying, aggregated information when users decline cookies.
- User Agent (You'll know if users visit your website)
- Timestamp (You'll know when users visit your website)
- Ad-click information in the URL (e.g., GCLID / DCLID)
- Boolean data about the consent state
- Referrer (You'll know how users got to your website)
- Random number generated on each page load
Again, while you won't be able to use any of this kind of data for retargeting, you'll still be able to benefit from it by optimizing ad budgets, ad copy, and landing pages.
Why is Consent Necessary to Process Personal Data?
Today, just about every country has implemented some kind of data privacy law, which regulates how data is collected, the legal basis for that collection, the amount of control users have over their data once it's transferred, and more.
Companies that fail to comply with the relevant legislation face lawsuits, steep fines, and even the banning of the company's website in certain locations.
In order to stay compliant with these laws, companies that want to use tracking technologies that utilize cookies, etc., must gain explicit user consent.
For example, one of the most prominent laws that governs the use of cookies is the GDPR. It mentions cookies in Recital 30, which says the following:
"Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."
Essentially, what this is saying is that because cookies can be used to identify users, they qualify as personal data and therefore fall under the GDPR's privacy requirements. Part of those requirements is obtaining consent before collecting personal data.
The GDPR goes on to clarify what constitutes "consent." According to the law, consent is "the informed, prior, clear and unambiguous indication of a user's wishes." In effect, to be compliant, your users must give explicit consent to your use of their personal information, which according to the GDPR, includes cookies.
Another relevant law is the EU's ePrivacy Directive. Under this directive, companies that use cookies need to:
- Acquire user consent before using any cookies except those that are strictly necessary for the website to function
- Provide specific and accurate information about the information each cookie tracks and its purpose in straightforward, plain language before consent is received
- Document and store all consent received from users
- Permit users to access services even if they decline to give consent for the use of specific cookies
- Make the process of removing consent as easy as giving consent in the first place
Other laws that require consent for the collection and processing of personal information include:
- Brazil's General Personal Data Protection Act (LGPD)
- Children's Online Privacy Protection Rule (COPPA)
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The California Privacy Rights Act (CPRA)
Is Google Consent Mode Compliant With Privacy Laws?
Some may wonder if Google's Consent Mode is actually compliant with data privacy laws since it allows companies to use certain kinds of data via Google Analytics even without consent. According to Google, the answer is yes.
When user consent is declined, all data provided to companies via Google Analytics will be anonymized. The information captured will be delivered in an aggregated form and without a client ID.
However, some German authorities, like the German Federal Court of Justice, disagree with Google's assertions. Their view is that a completely anonymous interaction isn't possible since a website visitor's IP address is transmitted during most interactions.
For instance, the German authorities wrote that:
"If a website operator does not think that collecting consent is necessary, from a technology perspective they must ensure that an anonymous interaction is possible in 100% of users' website interactions ... otherwise consent will always need to be collected."
Despite Google's confidence, and in light of some of the misgivings certain EU authorities may have concerning the use of the tech giant's Consent Mode, it would be prudent to consult with an attorney before adopting its use.
How Can You Obtain Explicit Consent?
You can help ensure that you obtain explicit user consent for GDPR compliance by using a consent management platform on your company's website, such as a cookie banner.
Here's an example of a cookie consent banner in use on a website:
Of course, this can also help remove any potential downsides to using Google's Consent Mode.
Using a cookie consent banner known as a "cookie wall" allows you to block user access to your website until they either explicitly accept all cookies or manage which ones they'll deny or allow. With this model, users have to actively click on a link or a button that says something like "I accept cookies" or "Manage my cookies."
Here's an example of a cookie wall:
With that said, remember that Google Consent Mode isn't a consent management platform. Obtaining explicit consent is your responsibility, not Google's.
How Can You Get Started With Google Consent Mode?
To enable consent mode for your website, you can use Tag Manager and a CMP along with a community template. Follow the instructions provided by the CMP Partner and the provided Tag Manager templates.
To enable consent mode for your app, you can use gtag.js consent commands, or can use a Tag Manager consent mode template to create a tag. App developers can also opt to enable consent mode via the Google Analytics for Firebase SDK.
Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:
- For GDPR, CCPA/CPRA and other privacy laws
- Apply privacy requirements based on user location
- Get consent prior to third-party scripts loading
- Works for desktop, tables and mobile devices
- Customize the appearance to match your brand style
Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:
-
Start the Privacy Consent wizard to create the Cookie Consent code by adding your website information.
-
At Step 2, add in information about your business.
-
At Step 3, select a plan for the Cookie Consent.
-
You're done! Your Cookie Consent Banner is ready. Install the Cookie Consent banner on your website:
Display the Cookie Consent banner on your website by copy-paste the installation code in the
<head>
</head>
section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.
How to Check If Google Consent Mode Works
If you have already implemented Google Consent Mode directly on your website or through a certified consent management platform (like Privacy Consent), you can test if Google Consent Mode works.
Through Browser's Developer Tools
You can use your web browser's Developer Tools (i.e. Chrome, Safari, Firefox) to test if Google Consent Mode V2 works.
- Open Developer Tools on your website
- Go to the Network tab
- Find the
/collect
network requests - Read the values under the Payload section:
gcs
andgcd
values.
The gcs
is only for ad_storage
and analytics_storage
. For the new V2 version, there is an additional parameter gcd
that needs interpretation.
gsc: G100
The gcs: G100 parameter value means "No consent has been granted". This is the default value whenever you load the gtag
function with consent states as denied using the Google Consent Mode V2 (Advanced Mode).
The gcd: 13p3p3p3p5 value means that "all consent states are denied by default": ad_storage, analytics_storage, ad_personalization, and ad_user_data.
gsc: G111
When the website visitor grants consent, and your Google Consent Mode implementation is correct, these gsc and gcd values will change.
The gcs parameter value as G111 and the gcd values from using the p
letters to r
letters means that "the user grants consent to all services after they were first denied by default".
Through Google's Tag Assistant
You can go to https://tagassistant.google.com/ to debug the consent states for any sites that's running Google Tags (i.e. Google Analytics, Google Tag Manager).
- Visit Tag Assistant from https://tagassistant.google.com/
- Add your website URL. Please note that both windows (the Google Tag Assistant window and your website window) must be opened at the same time.
- Choose your Tag ID
- Choose your events from the left navigation
- Select Consent tab(s) to determine the consent states
For example, if Google Consent Mode V2 (Advanced Mode) is integrated correctly, the default state should be denied
:
Whenever the website visitor accepts all categories (or just advertising + analytics), the Consent tab should mark the consent states as granted
:
Summary
Consent Mode is a feature that Google began slowly phasing in during 2020. It's a new pair of website settings, which use Google's analytics and advertising services. How these settings behave is dependent on whether a user gives consent or not to the use of cookies.
When a user gives consent, Google Consent Mode will collect data as it normally would through Google Ads and Google Analytics. When users withhold consent, Google will anonymize and aggregate data, which it obtains through pings instead of cookies.
Google believes that Consent Mode is an effective method of remaining compliant with worldwide privacy laws regarding customer consent while still obtaining useful data. That information can then be used to help optimize things such as landing pages, ad copy, and budgets.
For instance, by using Google Consent Mode you can still receive basic, non-identifying information when a user has declined analytic cookies. While you won't gain any personal information about that user, you'll still get data on how they arrived, where they're located, and how much time they spend on your website.
In the same way, Google will still be able to show ads even when a customer declines to give consent regarding advertising cookies. Those ads won't be customized or personalized based on that customer's activities or profile, but the topics on your website can still provide Google with some context.
In theory, even if the ads aren't hyper-targeted, many users who decline the use of cookies will still click on them, which can allow you to continue earning revenue from them.
Remember that Consent Mode can potentially help you to comply with worldwide data privacy laws, which demand explicit user consent given in advance of data collection and processing.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.