Why Consent Mode V2 Matters

Since March 2024, Google requires Consent Mode V2 for all advertisers targeting users in the European Economic Area (EEA) and UK. Without it:

This isn't a theoretical risk. If you're running Google Ads campaigns targeting Europe and haven't implemented Consent Mode V2, your campaigns are already underperforming.


What Changed in V2

Consent Mode V1 had two main parameters:

V2 adds two new parameters:

The key difference: V1 only controlled cookie placement. V2 separates consent for data collection from consent for how that data is used.

Why This Matters

A user might accept analytics cookies but reject personalized advertising. V2 enables this granular choice:

User Choice analytics_storage ad_storage ad_user_data ad_personalization
Accept all granted granted granted granted
Analytics only granted denied denied denied
No personalized ads granted granted granted denied
Reject all denied denied denied denied

Basic vs Advanced Consent Mode

Before implementation, decide which mode fits your needs.

Basic Consent Mode

Tags only fire when consent is granted. If users deny consent, no data is sent to Google.

Pros:

Cons:

Advanced Consent Mode

Tags fire regardless of consent, but behavior changes based on consent state:

These cookieless pings enable Google's conversion modeling, which uses machine learning to estimate conversions from users who denied consent.

Pros:

Cons:

Recommendation: For most businesses, Advanced Consent Mode provides significantly better data quality while remaining compliant. The cookieless pings contain no user identifiers and cannot be used for remarketing.


Implementation Overview

Consent Mode requires two components:

  1. Default consent state: Set before any Google tags fire
  2. Consent update: Trigger when user makes a choice in your consent banner

The critical requirement: defaults must load before any tracking code executes.


Method 1: Using a CMP with Native Integration

If you use a Consent Management Platform like Cookiebot, OneTrust, or Usercentrics, they likely have built-in Consent Mode V2 support.

Cookiebot

  1. In Cookiebot dashboard, enable Google Consent Mode
  2. Select Advanced or Basic mode
  3. The Cookiebot script automatically sends gtag('consent', 'default') and gtag('consent', 'update') calls

OneTrust / CookiePro

  1. Go to Preference Center Settings > Google Consent Mode
  2. Enable Consent Mode and map your cookie categories
  3. OneTrust handles the consent signals automatically

Verification

After setup, use Chrome DevTools to verify:

  1. Open Network tab, filter for google-analytics or googleads
  2. Check request URLs for the gcd parameter (consent data)
  3. The gcd value encodes all four consent states

Method 2: GTM Implementation (Manual)

For custom consent solutions or CMPs without native integration, implement consent mode manually in GTM.

Step 1: Enable Consent Overview

  1. Go to Admin > Container Settings
  2. Under Additional Settings, check Enable consent overview

This lets you see which tags require consent and their current configuration.

Step 2: Create Default Consent Tag

Use a tag template from the Community Template Gallery or create a custom HTML tag.

Option A: Simo Ahava's Consent Mode Template

  1. Go to Templates > Search Gallery
  2. Search for "Consent Mode" by Simo Ahava
  3. Add to workspace

Create a new tag using this template with defaults set to denied for EEA users.

Option B: Custom HTML Tag

Create a Custom HTML tag with this code:

<script>
  window.dataLayer = window.dataLayer || [];
  function gtag() {
    dataLayer.push(arguments);
  }

  gtag('consent', 'default', {
    ad_storage: 'denied',
    ad_user_data: 'denied',
    ad_personalization: 'denied',
    analytics_storage: 'denied',
    wait_for_update: 500,
  });
</script>

Trigger: Consent Initialization - All Pages

Critical: The Consent Initialization trigger fires before all other triggers, including Initialization triggers. This ensures defaults are set before any Google tags load.

Step 3: Create Consent Update Tag

When users interact with your consent banner, fire a tag that updates consent state.

Custom HTML Tag:

<script>
  gtag('consent', 'update', {
    ad_storage: '{{Consent - Ad Storage}}',
    ad_user_data: '{{Consent - Ad User Data}}',
    ad_personalization: '{{Consent - Ad Personalization}}',
    analytics_storage: '{{Consent - Analytics Storage}}',
  });
</script>

Trigger: Custom Event matching your CMP's consent-granted event (varies by CMP).

Step 4: Create Consent State Variables

Create Data Layer or Custom JavaScript variables that return 'granted' or 'denied' based on your CMP's consent data.

Example for cookie-based CMP:

// Custom JavaScript Variable: Consent - Analytics Storage
function() {
  var consent = {{Cookie - Consent Preferences}};
  // Adjust logic based on your CMP's cookie structure
  if (consent && consent.analytics === true) {
    return 'granted';
  }
  return 'denied';
}

Step 5: Configure Tag Consent Settings

For tags without built-in consent checks, configure consent requirements:

  1. Open the tag
  2. Go to Advanced Settings > Consent Settings
  3. Set Require additional consent for tag to fire
  4. Add the relevant consent types (e.g., analytics_storage for GA4)

Note: Google tags (GA4, Google Ads, Floodlight) have built-in consent checks and automatically adjust behavior. Third-party tags (Meta Pixel, TikTok) need manual consent configuration.


Regional Consent Defaults

You may want different defaults for EEA vs rest of world:

// Strict defaults for EEA
gtag('consent', 'default', {
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  analytics_storage: 'denied',
  region: [
    'AT',
    'BE',
    'BG',
    'HR',
    'CY',
    'CZ',
    'DK',
    'EE',
    'FI',
    'FR',
    'DE',
    'GR',
    'HU',
    'IE',
    'IT',
    'LV',
    'LT',
    'LU',
    'MT',
    'NL',
    'PL',
    'PT',
    'RO',
    'SK',
    'SI',
    'ES',
    'SE',
    'GB',
    'IS',
    'LI',
    'NO',
  ],
  wait_for_update: 500,
});

// Permissive defaults for rest of world
gtag('consent', 'default', {
  ad_storage: 'granted',
  ad_user_data: 'granted',
  ad_personalization: 'granted',
  analytics_storage: 'granted',
});

The more specific regional command takes precedence for users in those regions.


Verification and Debugging

1. Tag Assistant

  1. Go to tagassistant.google.com
  2. Connect to your site
  3. Look for the Consent tab showing consent states
  4. Verify states change when interacting with your consent banner

2. Network Request Analysis

  1. Open Chrome DevTools > Network
  2. Filter for collect (GA4) or googleads
  3. Look for the gcd parameter in request URLs

The gcd parameter encodes consent state. Example: gcd=13l3l3l3l5

Each character represents a consent type's state:

3. GA4 DebugView

With debug mode enabled, check DebugView for consent-related parameters in your events.

4. Google Ads Diagnostics

In Google Ads:

  1. Go to Tools > Data Manager
  2. Check Consent Mode diagnostics
  3. Verify signals are being received from your site

Common Implementation Mistakes

1. Consent Default Fires Too Late

Problem: Google tags fire before consent defaults are set.

Symptom: Consent states show as "not set" in Tag Assistant.

Fix: Ensure your consent default tag uses the Consent Initialization - All Pages trigger, not regular Page View or Initialization triggers.

2. Missing V2 Parameters

Problem: Only ad_storage and analytics_storage are set, missing ad_user_data and ad_personalization.

Symptom: Google Ads shows "Consent Mode not properly configured" warnings.

Fix: Add all four parameters to both default and update commands.

3. Consent Update Never Fires

Problem: Default consent is set but never updated when users accept.

Symptom: All users show as denied in reports, even those who accepted.

Fix: Verify your CMP fires a dataLayer event on consent, and your update tag triggers on that event.

4. Setting Values to false Instead of 'denied'

Problem: Using boolean false instead of string 'denied'.

Symptom: Unexpected behavior, consent states not recognized.

Fix: Always use string values: 'granted' or 'denied'.

5. Not Testing Consent Persistence

Problem: Consent resets on page navigation.

Symptom: Users see consent banner on every page, tracking inconsistent.

Fix: Verify your CMP stores consent in a persistent cookie and the consent update fires on subsequent page loads if consent was previously granted.


US Considerations

While Consent Mode V2 isn't legally required for US-only operations, implementing it now is strategic:

The implementation effort is the same regardless of geography. Building it now means you're ready when requirements expand.


Checklist

Before going live, verify:


Related Resources


Sources

#Consent Mode #GDPR #Google Tag Manager #GTM #Privacy #GA4