What is Google Consent Mode?
Google Consent Mode is a tool that enables websites to communicate users’ cookie consent choices to various Google tags that help measure website and advertising performance. The tool was initially used primarily for anonymized data tracking. However, its intent and use have evolved, and today it functions more as a signaling tool.
With the November 2023 updates, website operators can continue to meet compliance requirements, integrate systems, and respect users’ consent choices automatically.
Google Consent Mode can be used with a consent management platform (CMP) like Usercentrics CMP, or directly with the global site tag (gtag.js) or Google Tag Manager (GTM).
A user’s consent preferences determine whether Google collects and processes their full data or anonymized data that can’t personally identify the user.
One of the primary reasons to use Google Consent Mode is to achieve or maintain compliance with global data privacy regulations, including the General Data Protection Regulation (GDPR).
What services does Google Consent Mode support?
- Google Consent Mode currently supports the following Google services:
- Google Analytics
- Google Analytics 4
- Google Ads (Google Ads Conversion Tracking and Remarketing)
- Floodlight
- Conversion Linker
It’s a simple, convenient customization and another way to stay one step ahead of evolving legal and technology needs for data privacy compliance.
Why is Google Consent Mode valuable?
Quite simply, using Google Consent Mode gives you a competitive advantage. Achieving and maintaining GDPR compliance is very important, but that’s a requirement, rather than a benefit. The stick, rather than the carrot. To date so much data privacy media coverage still focuses on what companies and advertising are losing, rather than what they’re gaining.
With Google Consent Mode, data- and consent-driven marketing is not only possible, but it also helps you futureproof your operations. It helps you leapfrog ahead of competitors that are still stuck trying to figure out how to continue to do things the old way and change as little as possible.
Companies need to comply with relevant data privacy laws, and they need user data to drive marketing decisions and secure ad revenue. These requirements do work together. Google Consent Mode enables website operators to get a substantial percentage of data back for advertisers. You can optimize consent rates and gain conversion insights for people who do not provide consent.
Building and maintaining user trust is critical to companies’ success, and transparency is a big part of that. Being transparent about privacy law requirements and why you’re asking for your users’ data is a key part of that.
Google Consent Mode helps website operators to move away from mass collection of users’ personal data to a dynamic, consent-based system. The advertising business model remains intact while respecting individuals’ privacy. Marketers still get data they need and clarity on conversions.
How does Google Consent Mode work?
Google tags are loaded onto web pages before the cookie consent banner appears, so Google Consent Mode enables websites to dynamically adjust the behavior of these tags once a user allows or rejects cookies. Measurement tools will only be employed for specifically determined purposes if the user has given consent.
Usercentrics CMP collects user consent preferences, which Google Consent Mode transmits to Google for further processing. Users can accept all cookies, reject all (except strictly necessary cookies), or accept some cookies while rejecting others. Users’ privacy preferences are maintained at every step, and companies maintain the ability to make data-driven decisions.
Google Consent Mode added two new tag settings to manage cookie behavior based on user consent choices:
- “analytics_storage”: determines how analytics services (e.g. Google Analytics) behave
- “ad_storage”: determines how ad services (e.g. Google Ads) behave
Website owners can use conversion modeling to gather insights from anonymized data collected from users who reject cookies.
What changes does Google Consent Mode v2 bring?
With the new version of Google Consent Mode, Google introduces two additional tag settings which are set based on the same trigger as the “ad_storage” key. The two new key tag settings are:
- ad_user_data: controls whether personal data is sent to a Google service
- ad_personalization: controls whether data can be used for ads personalization (e.g. for remarketing)
Google Analytics 4 (GA4) Consent Mode
Google Consent Mode uses the “analytics_storage” tag to manage how GA4 cookies behave based on user consent.
If a user gives consent for analytics cookies, GA4 will collect full data from the user for statistics or analytics purposes. If a user rejects analytics cookies, then GA4 limits the data it collects to information that can’t personally identify the user, such as the browser or operating system of the device from which the user visited the website, and the referrer or how the user came to the website.
Google Ads Consent Mode
Google Consent Mode uses the “ad_storage” tag to manage how Google Ads cookies behave based on user consent.
If a user gives consent for ads cookies, Google Ads will collect full data from the user for marketing or advertising purposes. Suppose a user rejects cookies for advertising purposes. In that case, any Google Ads the user sees will not be targeted or personalized based on their data, as Google tags will not use advertising cookies.
What is conversion modeling?
Data from cookies is useful to help website owners track and identify users, study user behavior on their website and see the effectiveness of their ad campaigns and messaging in converting users to customers, among other things.
When users consent to cookies, gathering comprehensive data becomes straightforward and makes precise ad targeting and data analytics easier. When users reject cookies, these are a little harder to do so since the data collected is restricted and anonymized, causing gaps in the analytics.
Google uses Machine Learning to fill in the gaps with conversion modeling. It studies data and trends from users who consented to cookies and estimates the behavior of users who reject cookies with the help of this data.
How does Google Consent Mode work with Google Tag Manager?
Google Consent Mode can be integrated with Google Tag Manager in two ways, depending on whether the website owner uses a consent management platform (CMP).
With a CMP: By using the CMP’s Tag Manager template, which is integrated with the Consent API. This can be done from within Google Tag Manager itself, requires minimal coding and saves website owners’ time and effort.
Without a CMP: By creating a custom Tag Manager template, which requires coding knowledge and the help of a developer to build, implement and update.
Once Google Consent Mode and Google Tag Manager are integrated, user consent choices are passed on to Google Tag Manager, which then manages how cookies behave for a user’s visit.
How to implement Google Consent Mode with the Usercentrics CMP
Implementing Google Consent Mode with the Usercentrics CMP solution as an alternative to prior blocking can be done in a single step, though existing customers and those with custom data processing services should note the additional information below.
✔ Adjust the existing Google Tag Manager code by adding a few lines of code above your Google Tag Manager tag.
✔ If you are an existing customer, ensure the Google Consent Mode option is toggled ON in the Usercentrics Admin Interface.
✔ For new customers, Google Consent Mode is ON by default.
✔ If you have customer data processing services, use the Usercentrics CMP events to signal the consent status via the Consent Mode API.
We also have a convenient feature that automates the process of enabling Google Consent Mode in Usercentrics CMP. Get it up and running in two easy steps.
Why you need a Consent Management Platform to be GDPR-compliant
Google Consent Mode does not replace a CMP; it serves as a link between the CMP and Google. This becomes increasingly important with the enforcement of the Digital Markets Act (DMA) in the European Union as of March 2024. With Google designated one of the “gatekeeper” companies, third-party companies using its services will need to be able to achieve valid privacy compliance and signal consent to Google, e.g. for advertising.
Google Consent Mode is an interface that enables Google services to run on websites based on the types of consent collected from website users, without requiring Google to have direct access to personal data or denying companies access to information they need to drive conversions.
Obtaining user consent remains the website operator’s responsibility, and with the help of a consent management solution, you can collect granular user consent for all cookies and tracking technologies in use on the site in accordance with the GDPR and other data privacy laws.
By pairing the Consent Mode API with the Usercentrics Consent Management Platform (CMP), websites can indicate if the user has given consent for cookie usage related to analytics and/or advertising. The supported Google tags will respect this signal and adjust their behavior accordingly, only utilizing cookies if consent was granted for the specific purposes.
Website operators can use Google Consent Mode instead of prior blocking of the Google tags. This is beneficial because the tags are not blocked outright when consent has not been given. Instead, Google will use the signal to adjust tag behavior based on the user’s consent preferences in the Usercentrics CMP. The technologies mutually benefit each other, streamlining both the user experience and data management.
For example, if the website user decides to reject the use of cookies or trackers for certain marketing technologies, Google Consent Mode will react based on this consent status and will only display purely context-based advertising on the website, without using any personal data.
Google Consent Mode and the TCF 2.2
Google Consent Mode has been created especially for website operators who do not obtain user consent within the scope of the IAB Transparency and Consent Framework (TCF) with their Consent Management Platforms (CMP).
For companies actively using the IAB TCF 2.2, Google Tools will continue to read out and respect the IAB TC String.
Why is consent needed for the processing of personal data?
Website operators wanting to use cookies or other tracking technologies on their websites—either for marketing purposes or for processing users’ personal data within the EU—require consent from the users as stipulated in the GDPR.
Learn more: 7 Criteria for GDPR-compliant consent
More importantly, consumers are increasingly aware of the collection and use of their data online, and companies need to provide user-friendly transparency about their privacy compliance and data collection, as well as providing choice, to build and retain user trust.
Proactively embracing consent-based marketing helps protect companies’ revenue and brand reputation, and helps them get ahead competitively. The future includes a focus on driving revenue by optimally leveraging technologies that address companies’ responsibilities and serve users’ needs. Companies can evolve their marketing efforts with smart, data-driven decisions. Privacy compliance simply can no longer be ignored.
Is anonymous tracking via Google Analytics 4 actually GDPR-compliant, even without consent?
According to Google, if the user does not provide consent to tracking via Google Analytics 4 (“analytics_storage: denied”), all data will be anonymized. This means that it will be captured without a client ID and recorded in aggregated form. Google will not collect any personally identifiable information when a user has denied consent.
Additionally, if the placement or reading out of advertising cookies is prevented (“ad_storage: denied”), the main processing purposes for which user consent is usually obtained will no longer react.
Can these technologies be used without user consent?
Opinions differ. According to the Orientation Help for Providers of Telemedia (DE) from the Datenschutzkonferenz (DSK), reach measurement can indeed represent legitimate interest for the website operator. But it is always necessary to first weigh website operator vs. user interests. If no personal data is forwarded to third parties (e.g. Google), and the data is not to be used for the third parties’ own purposes, legitimate interest might be claimed.
However, since IP address is transmitted during most interactions with website visitors, and according to the German Federal Court of Justice IP address is considered personal data, a fully anonymous interaction is not possible in most cases.
If a website operator does not think that collecting consent is necessary, from a technology perspective they must ensure that an anonymous interaction is possible in 100% of users’ website interactions. Website operators must also ensure that the forwarding of users’ personal data to servers in the USA is prevented. “Third country” is the key term here, otherwise consent will always need to be collected. Plus, beyond just legal compliance, being consent-focused is important for building user trust with the brand.
The point of “do I need consent?” is becoming irrelevant, however, as data privacy compliance obligations from regulatory authorities and dominant platform and service providers evolve. Many third-party companies that rely on those platforms need to achieve data privacy compliance and be able to signal it to maintain access to the audiences and data (and thus revenue) these platforms enable. This is in addition to avoiding penalties from government regulators.
How explicit consent strengthens the data privacy and marketing relationship
With valid consent collection from website users, advertisers can continue to optimize opt-ins, measure conversions and retrieve analytics insights with Google Consent Mode while achieving and maintaining GDPR compliance. With Consent Mode, Google combines protection of users’ data with companies’ and the advertising industry’s interests, seamlessly combining marketing and privacy.
Data-driven business models will remain strong, using explicit consent and not at the expense of anyone’s privacy.
The simplest way to obtain granular, GDPR-compliant user consent for the use of cookies and other tracking technologies is via a consent management platform (CMP). With this tool, users can determine their data privacy preferences in detail with the help of a consent banner. They have the ability to agree to the use of certain technologies via opting in as well as opting out.
Even better, the full customizability of the Usercentrics CMP means you maintain your branding, can comply with multiple privacy regulations, and can continually optimize for higher opt-in rates. You’re also building trust by providing transparency to your users. Sounds easy? It is!
Keep in mind: the higher your consent rates are, the more data that will be available for marketing purposes, which boosts advertising revenues.
DISCLAIMER
Usercentrics does not provide legal advice, and information is provided for educational purposes only. We always recommend engaging qualified legal counsel or privacy specialists regarding data privacy and protection issues and operations.
Frequently Asked Questions (FAQ)
Google Consent Mode is a tool that communicates users’ cookie consent choices to key Google tags for services like Google Analytics 4 and Google Ads. It can be set up through a consent management platform or directly via Google Global Tag or Google Tag Manager. Based on user consent, Google either collects full data for website and advertising performance or limits it to non-identifiable, restricted data. Using Google Consent Mode helps websites stay compliant with global data privacy laws such as the GDPR.
Google Consent Mode enables websites to adjust the behavior of Google tags and scripts based on user consent preferences. Google Consent Mode receives a user’s consent choice and transmits it to Google, which collects full or restricted/anonymized user data based on whether the user allowed or rejected cookies. It can be used with Google Tag Manager either through a CMP or directly using code, or with the global tag.
You can implement Google Consent Mode using a consent management solution like Usercentrics CMP. All it takes is adding a few lines of code above the Google Tag Manager tag and ensuring the Google Consent Mode option is toggled ON in the Usercentrics Admin Interface.
Your CMP’s cookie consent banner can capture consent for analytics cookies and communicate this to Google Tag Manager using Google Consent Mode. The “analytics_storage” tag will manage whether Google Analytics 4 should capture full user data or restricted/anonymized data. Be transparent and use simple language in your cookie text to explain how you use user data for analytics purposes. This will help build user trust and encourage users to consent to analytics cookies.
Using Google Consent Mode is a step towards being GDPR-compliant, which is crucial, especially in light of several GDPR rulings in the European Union regarding Google Analytics. But it’s not enough on its own. Google Consent Mode handles cookie consent for Google products, such as Google Analytics 4 and Google Ads. Website owners are still responsible for complying with other provisions of the GDPR and other data privacy regulations, including the right to access and the right to be forgotten, maintaining a detailed cookies policy and keeping GDPR-compliant consent records.
Most web teams likely know if Google Consent Mode has been implemented. However, if perhaps inheriting an existing web setup, you can use Google Tag Assistant to check the status of Google Consent Mode on your website.
Open a page on your website in Tag Assistant and browse as a website visitor. Navigate to the Tag Assistant window, click on a page or message, and select the ‘Consent’ tab. If Google Consent Mode is implemented, you will see consent status for the “ad_storage” and “analytics_storage” tags. If it isn’t implemented, you will see a message that says “Consent not configured.”
The DMA applies directly to the six companies that the European Commission has designated as gatekeepers: Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft.
However, because data is processed throughout the digital ecosystem, many companies that rely on the gatekeepers’ platforms and services, for advertising, analytics, and more, will need to meet compliance requirements as well. The biggest part of this is obtaining and signaling compliant consent from users for the use of their personal data, like with Google Consent Mode and a CMP for Google’s services.
DMA compliance will enable more customized product promotion by third parties on gatekeepers’ platforms in the European Union (EU) and European Economic Area markets, though it will also enforce more strict rules for personal data use in advertising. This will potentially impact marketing strategies and small business revenue. The DMA prohibits the retargeting of minors, making consent management more complex.
Gatekeepers will establish rules for use of their platforms in order to achieve and maintain Digital Markets Act compliance. Third-party companies using their services will need to follow these rules and align operations with the gatekeepers’ and regulatory requirements to maintain access. Losing access to Google for advertising purposes, for example, could be a huge blow to a smaller company’s revenue.
The DMA will also impact apps. The new law will make it possible for EU and users to send and receive messages across different messaging apps. For example, from Messenger to Signal or WhatsApp. Users will also be able to uninstall preloaded applications from their devices and won’t be prompted to use various services from a single tech giant’s ecosystem.
Because the DMA requires prior consent (opt in) from consumers for access to their personal data, gatekeepers and the third parties that use their platforms and services will need to ensure that they collect, manage and signal valid consent from European users. For Google’s platforms and services, third parties can use Google Consent Mode for that signaling.
Companies that implement a consent management platform like Usercentrics CMP have Google Consent Mode built in and available by default, which makes collecting and managing consent in a way that’s compliant with regulations easy. Signaling valid user consent to Google and ensuring continued access to their services (and the revenue they generate) is also streamlined.