Stape

Google Consent Mode V2

Edited
Feb 8, 2024
Published
Dec 13, 2023

Google Consent Mode V2, introduced in late November 2023, is an updated version of the original Consent Mode developed by Google. As we have already described in our previous article about consent mode, this tool allows websites to communicate users' cookie consent choices to Google tags more effectively. But now implementing Google Consent Mode V2 is mandatory by March 2024 for all websites using Google services.

Here we will discuss what’s new in Google Consent Mode V2, how it differs from the last version and if there’s an impact on server-side tracking. 

New parametersCopy link to this section

Google added two parameters to the existing ones (analytics_storage and ad_storage) in Consent Mode V2:

  • ad_user_data: controls whether user data can be sent to Google for advertising purposes.
  • ad_personalization: controls whether personalized advertising (remarketing) can be enabled.

These new parameters are specifically designed to enhance user privacy. The settings determine if personal data is sent to Google based on user consent, which is applicable to services like Google Ads, Google Shopping, and Google Play, etc. 

Two implementation optionsCopy link to this section

Google Consent Mode offers two levels of implementation - Basic and Advanced.

Basic Consent Mode V2 implementation

If a user consents to cookies, the website behaves normally, firing all tags and collecting full data. However, if a user does not consent, no data is collected, and cookieless pings are not sent. It’s a little bit straightforward but limits data collection significantly when users do not consent.

To implement Basic Consent Mode, website owners need to:

  1. Set up a Consent Management Platform (CMP) to manage user consents.
  2. Configure their website so that, when a user rejects cookies, Google Analytics 4 (GA4) tags or similar tags are not fired.
  3. Integrate a consent flag to communicate the user's consent decision to Google.

Advanced Consent Mode V2 implementation

It offers a more nuanced approach. Even when users do not consent to cookies, it allows the sending of anonymous, cookieless pings to Google for modeling purposes. This enables websites to recover some level of data for Google Ads and GA4, even without user consent.

In Advanced Consent Mode, implementation involves:

  1. Using a CMP for user consent management.
  2. Configuring the website so that GA4 cookies are not set when consent is denied, but a consent flag is passed to Google.
  3. Sending cookieless pings to Google for data modeling.

More a requirement than an optionCopy link to this section

The Digital Markets Act (DMA) and Google Consent Mode V2 are closely interconnected, especially in the context of digital advertising and data privacy regulations. This legislation requires "gatekeepers" like Google to obtain explicit consent for the collection and use of European citizens' personal data. In response to this and other privacy regulations, Google has updated its Consent Mode to version 2, making it compulsory for advertisers who wish to use Google Ads for remarketing and auto-bidding.

It's essential for advertisers and publishers, especially in the European Economic Area (EEA), to ensure compliance and maintain the quality of their audience and measurement data in Google Ads. Without implementing Consent Mode V2, no data about new EEA users will be captured by advertising platforms like Google Ads and GA4 after March 2024, significantly impacting advertising strategies and effectiveness. 

To use Google Consent Mode V2, it is necessary to have a cookie banner in place. This means you need to have, or get, a consent management platform (CMP) running that aligns with Google’s standards as well as GDPR and the e-privacy directive. The Consent Mode V2 functionality is contingent on the language of the banner being in line with Google’s standards for compliance.

How it works: when a user consents, the cookie banner communicates this to Google via the Google Consent Mode, allowing normal data collection. And vice-versa: if consent is rejected, Google reduces data collection of those users. In this scenario, Google employs conversion modeling, which uses machine learning to infer connections between user interactions and conversions. 

Google Consent Mode is required regardless of whether you use browser or server-side tracking. It's a widespread misconception that server-side tracking exempts the need for user consent before tracking, but this is incorrect. User consent is still necessary even when tracking occurs on the server side.

This is particularly relevant under the General Data Protection Regulation and the EU User Consent Directive, which require explicit, informed consent for data processing and handling. 

When integrating Consent Mode with server-side tracking, you need to ensure that user consent is respected both on the client-side (browser) and server-side. This includes:

  1. Configure consent mode in web Google Tag Manager.
  2. Passing user consent from the web GTM to the server-side GTM. 
  3. Set up server-side tags to respect users consent state, for example, ensuring that data sent to platforms like Google Ads respects the user's consent decision.

"Advanced Consent Mode" involves transmitting signals to Google services from users who have not given consent. This practice can enhance the quality of data modeling for GA4 and conversion tracking in Google Ads. However, it's crucial to consult with your legal team about the implications of collecting data from users without their consent.

Even if this approach is deemed an acceptable risk, be aware of potential brand image consequences. More technologically savvy visitors might take issue with detecting Google signals when they haven't consented to tracking. It's important to remember that the average visitor may not fully grasp the differences between personal data as defined by GDPR, consent requirements under the ePrivacy Directive, and the broader concept of "tracking".

Google has not released any official documentation on consent mode v2 yet, but according to our recent test, they integrated a new parameter which is responsible for handling the status of the consent. This is a new parameter named gcd. GCD is present in every interaction with Google services, regardless of whether Consent Mode is enabled or not. It also has information on how the consent signal was generated.

Here’s how the string looks like:

string 
  • String starts with 11. 
  • The letters are the values of each of those consents. And they make up a matrix of two coordinates: one that determines whether consent is given or not and another that determines whether the consent is by default (almost never) or because it is updated (that the user has accepted or rejected it).
  • ad_storage and analytics_storage already existed before (it is the same information of the GSC parameter).
  • ad_user_data and ad_personalization is the new and important thing. The first is advertising consent and the second is remarketing. 
  • Different consent signals are separated with 1.
  • String ends with 5.

Below you can find a table with the values for the signals:

ValuesMeaning
lSignal has not been set with Consent Mode.
pdenied by default (with no update).
qdenied both by default and after update.
tgranted by default (no update).
rdenied by default and granted after update.
mdenied after update (no default).
ngranted after update (no default).
ugranted by default and denied after update.
vgranted both by default and after update.

Examples of how gcd parameter may look:

gcd=11p1p1p1p5

  • ad_storage=denied
  • analytics_storage=denied
  • ad_user_data=denied
  • ad_personalisation=denied

gcd=11t1t1t1p5

  • ad_storage=granted
  • analytics_storage=granted
  • ad_user_data=granted
  • ad_personalisation=denied

There are two ways to debug consent mode v2:

1. Using Google Tag Manager preview mode. And open a Consent tab to see consent state for the event.

Google Tag Manager preview mode

2. Open the website console and filter for example GA4 requests and you should see the old parameter gcs and a new one gcd.

filter for example GA4 requests

ConclusionCopy link to this section

Consent Mode V2 provides advertisers and website owners the flexibility to tailor their data collection strategies based on user consent, thereby balancing the dual needs of privacy compliance and data-driven insights. 

Server-side tracking, when combined with Consent Mode V2, offers more control over data flow and reduces reliance on client-side mechanisms. This integration ensures that data collection is not only compliant with user consents but also more resilient and accurate.

We can highly recommend to:

  1. Check whether you have EEA traffic.
  2. Collect user consent for EEA users (via any Consent Management Platform).
  3. Share collected CMP consent signals with Google tools. In other words, make the correct setup of Consent Mode v2.
  4. If you are sending offline data to Google via API, add consent signals as well.

And if you have other questions about server-side tracking and Stape, don’t hesitate to leave a ticket

Need help setting up server-side tracking?

Don't worry, we've got you covered! Click on Get assistance and we will send you a free quote.

Get assistance
Tagged with:gtm server

Host your GTM server at Stape