Google Consent Mode V2, introduced in late November 2023, is an updated version of the original Consent Mode developed by Google. As we have already described in our previous article about consent mode, this tool allows websites to communicate users' cookie consent choices to Google tags more effectively. But now implementing Google Consent Mode V2 is mandatory by March 2024 for all websites using Google services.
Here we will discuss what’s new in Google Consent Mode V2, how it differs from the last version and if there’s an impact on server-side tracking.
Google added two parameters to the existing ones (analytics_storage and ad_storage) in Consent Mode V2:
These new parameters are specifically designed to enhance user privacy. The settings determine if personal data is sent to Google based on user consent, which is applicable to services like Google Ads, Google Shopping, and Google Play, etc.
Google Consent Mode offers two levels of implementation - Basic and Advanced.
Basic Consent Mode V2 implementation
If a user consents to cookies, the website behaves normally, firing all tags and collecting full data. However, if a user does not consent, no data is collected, and cookieless pings are not sent. It’s a little bit straightforward but limits data collection significantly when users do not consent.
To implement Basic Consent Mode, website owners need to:
Advanced Consent Mode V2 implementation
It offers a more nuanced approach. Even when users do not consent to cookies, it allows the sending of anonymous, cookieless pings to Google for modeling purposes. This enables websites to recover some level of data for Google Ads and GA4, even without user consent.
In Advanced Consent Mode, implementation involves:
The Digital Markets Act (DMA) and Google Consent Mode V2 are closely interconnected, especially in the context of digital advertising and data privacy regulations. This legislation requires "gatekeepers" like Google to obtain explicit consent for the collection and use of European citizens' personal data. In response to this and other privacy regulations, Google has updated its Consent Mode to version 2, making it compulsory for advertisers who wish to use Google Ads for remarketing and auto-bidding.
It's essential for advertisers and publishers, especially in the European Economic Area (EEA), to ensure compliance and maintain the quality of their audience and measurement data in Google Ads. Without implementing Consent Mode V2, no data about new EEA users will be captured by advertising platforms like Google Ads and GA4 after March 2024, significantly impacting advertising strategies and effectiveness.
To use Google Consent Mode V2, it is necessary to have a cookie banner in place. This means you need to have, or get, a consent management platform (CMP) running that aligns with Google’s standards as well as GDPR and the e-privacy directive. The Consent Mode V2 functionality is contingent on the language of the banner being in line with Google’s standards for compliance.
How it works: when a user consents, the cookie banner communicates this to Google via the Google Consent Mode, allowing normal data collection. And vice-versa: if consent is rejected, Google reduces data collection of those users. In this scenario, Google employs conversion modeling, which uses machine learning to infer connections between user interactions and conversions.
Google Consent Mode is required regardless of whether you use browser or server-side tracking. It's a widespread misconception that server-side tracking exempts the need for user consent before tracking, but this is incorrect. User consent is still necessary even when tracking occurs on the server side.
When integrating Consent Mode with server-side tracking, you need to ensure that user consent is respected both on the client-side (browser) and server-side. This includes:
"Advanced Consent Mode" involves transmitting signals to Google services from users who have not given consent. This practice can enhance the quality of data modeling for GA4 and conversion tracking in Google Ads. However, it's crucial to consult with your legal team about the implications of collecting data from users without their consent.
Even if this approach is deemed an acceptable risk, be aware of potential brand image consequences. More technologically savvy visitors might take issue with detecting Google signals when they haven't consented to tracking. It's important to remember that the average visitor may not fully grasp the differences between personal data as defined by GDPR, consent requirements under the ePrivacy Directive, and the broader concept of "tracking".
Google has not released any official documentation on consent mode v2 yet, but according to our recent test, they integrated a new parameter which is responsible for handling the status of the consent. This is a new parameter named gcd. GCD is present in every interaction with Google services, regardless of whether Consent Mode is enabled or not. It also has information on how the consent signal was generated.
Here’s how the string looks like:
Below you can find a table with the values for the signals:
|Signal has not been set with Consent Mode.
|denied by default (with no update).
|denied both by default and after update.
|granted by default (no update).
|denied by default and granted after update.
|denied after update (no default).
|granted after update (no default).
|granted by default and denied after update.
|granted both by default and after update.
Examples of how gcd parameter may look:
There are two ways to debug consent mode v2:
1. Using Google Tag Manager preview mode. And open a Consent tab to see consent state for the event.
2. Open the website console and filter for example GA4 requests and you should see the old parameter gcs and a new one gcd.
Consent Mode V2 provides advertisers and website owners the flexibility to tailor their data collection strategies based on user consent, thereby balancing the dual needs of privacy compliance and data-driven insights.
Server-side tracking, when combined with Consent Mode V2, offers more control over data flow and reduces reliance on client-side mechanisms. This integration ensures that data collection is not only compliant with user consents but also more resilient and accurate.
We can highly recommend to:
And if you have other questions about server-side tracking and Stape, don’t hesitate to leave a ticket.
In this guide, we want to talk about consent mode, why it’s crucial to implement it, and how to use consent mode in the server Google Tag Manager container.Jul 11, 2023
Learn how to improve data quality after implementing consent mode and anonymization using Stape’s GEO headers power-up.