What is Google Consent Mode and why is it a big deal?
Mass collection of users’ personal data from users for targeted advertising online has created a rift. On one side are efforts to protect users from abuse and privacy infringements, and on the other is securing marketing revenue and analytics for websites that rely on this. This data and revenue are needed not only to survive, but also to provide the free content and information that has come to define the Internet as we know it.
Google Consent Mode is a tool that bridges the gap between data privacy and data-driven digital advertising by helping to make sure that your website’s analytics and marketing can run seamlessly based on each specific user’s consent choice.
Consent Mode adjusts how Google services collect users’ data based on their consent preferences. When a visitor opts in or out, Google Consent Mode directs Google Analytics and advertising services to either collect full data (opt in) or only anonymized data (opt out), which doesn’t include personally identifiable information.
Originally designed to communicate users’ consent preferences to Google tags for analytics and advertising cookies, Google Consent Mode has since evolved to function more as a signaling tool. Its latest update in November 2023 enables website owners to comply with global data privacy laws, integrate systems, and respect users’ consent choices automatically.
Consent is becoming a stable requirement of most data privacy laws in the world, including theEU’s General Data Protection Regulation (GDPR), which assigns the responsibility of obtaining end-users’ consent prior to processing personal data to website owners and data controllers.
Google Consent Mode helps build a more sustainable internet economy that brings both elements into greater balance. The tool helps move towards a consent-based dynamic system that respects the privacy and dignity of each individual user without breaking the underlying business model of large parts of the Internet.
What services does Google Consent Mode support?
- Google Analytics
- Google Ads (Google Ads Conversion Tracking and Remarketing)
- Floodlight
- Conversion Linker
Google Consent Mode can also signal consent state for third-party tags using the “additional consent” settings if it is manually configured for this purpose.
How does Google Consent Mode work?
Google Consent Mode is an API that can be used with a consent management platform (CMP) like Cookiebot CMP, with the global site tag (tag.js) or Google Tag Manager (GTM).userce
It enables your users’ consent state to determine how Google’s tags and scripts behave on your website, even though they load before the consent banner appears for users. These tags won’t be able to use browser storage though, and personal data will be redacted.
Once consent has been granted these tags gain their normal capabilities.
Your CMP collects user consent preferences, and Google Consent Mode transmits these to Google for further processing. Tags dynamically adjust their behavior, i.e. whether they collect full or anonymised data, based on whether users accept or reject cookies for a specific purpose.
An additional feature, Consent Initialization, enables tags that require user consent choice to fire before all other tags.
With the Google Consent Mode updates to Google Tag Manager, you can now see and customize each tag’s consent settings, as well as see which types of consent each tag requires in the Consent Overview.
Google Consent Mode introduced two new tag settings that will manage cookies for analytics and advertising purposes on your website:
- analytics_storage
- ad_storage
Google Analytics 4 (GA4) Consent Mode
With the “analytics_storage” tag setting, Google Consent Mode controls the behavior of statistics cookies on your website based on the consent state of your end users, making Google Analytics 4 adjust its data collection based on the granular consent choice of each individual user.
If users don’t give consent to statistics cookies, for example, your website will still receive aggregate and non-identifying basic measurements and modeling data, such as:
- timestamps of visits to your website
- user agent, i.e. whether users landed on your website
- referrer, i.e. how the user landed on your website
- whether the current or prior page in user’s navigation includes ad click information in the URL
- random number per each page load
Google Ads Consent Mode
With the “ad_storage” tag setting, Google Consent Mode controls the behavior of marketing cookies on your website based on the consent state of your end users. For example, if a user doesn’t consent to marketing or advertising cookies, Google Consent Mode will ensure that all marketing-related Google tags will adjust and not use those cookies.
If users do not give consent to marketing cookies, your website will still be able to show contextual advertisements based on anonymous data instead of targeted advertising based on tracking of personal data..
Google Consent Mode enables your website to measure conversions related to a specific campaign on an aggregate level, rather than on an individual user level. This helps ensure that you get insights into the performance of your website’s marketing in a fully GDPR-compliant way without the use of personal data.
Additionally, Google Consent Mode enables Google tags to change behavior if a user later changes their consent state. It also enables you to configure Google tag behaviors to specific regions, e.g. automatically ensuring that no cookies are activated without consent for users inside the EU, while using cookies for users in the US.
By using Cookiebot CMP and Google Tag Manager together you can now control all tags on your website based on the consent state of your end users without manual configuration.
Combining Google Consent Mode with Cookiebot CMP enables you to receive vital insights and analytics through conversion modeling and non-identifying data if your end users choose to opt out of cookies.
Conversion modeling for Google Ads
Another feature of Google Consent Mode, introduced in April 2021, is conversion modeling, a probability-based and privacy-friendly measurement tool for ad interactions and conversions on your website.
Conversion modeling provides anonymous analytics data on your website for users who choose to reject or decline cookies, filling in missing attribution paths by using observable data from people who chose to opt in to cookies and thereby giving you an estimate of how the anonymous users might have behaved on your domain as well.
Conversion modeling is integrated automatically in your Google Ads campaign reports.
What changes does Google Consent Mode v2 bring?
Google has introduced two new tag settings with the latest version of Google Consent Mode released in November 2023. These two new tag settings are set based on the same trigger as the “ad_storage” key:
- ”ad_user_data”: determines whether personal data is sent to a Google service
- “ad_personalization”: determines whether data can be used for displaying personalized ads (e.g. for remarketing)
How do you integrate Google Consent Mode with Google Tag Manager?
Google Tag Manager (GTM) can be integrated with or without a Consent Management Platform (CMP).
With a CMP: Some CMPs, including Cookiebot CMP, come with a Tag Manager template that’s designed to work with the Consent API. This template is readily available within the Google Tag Manager interface, which reduces the need for coding and makes the integration process easy to set up.
Without a CMP: Implementing Google Consent Mode without the Cookiebot CMP template tag is only slightly more difficult, as you would need to add an additional script that must be loaded before the Google Tag Manager container.
Cookiebot CMP and Google Consent Mode
Cookiebot CMP fully integrates with Google Consent Mode right out of the box.
- Cookiebot CMP scans and detects all cookies and trackers on your website, automatically blocking them until your end users give their consent.
- Cookiebot CMP enables users to give their consent through a highly customizable consent banner on your website that is user-friendly details on each specific cookie (such as purpose, provider and duration).
- Cookiebot CMP forwards the consent state of the user to the Google Consent Mode, which then determines the behavior of all tags and scripts from its services based on the consent state, e.g. through Gtag.
Once users give their consent through Cookiebot CMP, only the consent state is forwarded to Google – i.e. no personal data is sent from Cookiebot CMP to Google, but only the specifics of the anonymous user’s consent, e.g. whether they have accepted marketing cookies or not.
Example: Cookiebot CMP and Google Consent Mode at work
A user visits your website and is presented with a Cookiebot CMP consent banner that shows them four cookie categories up front and the option to see how many cookies and trackers the Cookiebot™ scanner has found on your domain.
The user chooses not to give their consent to any analytics or marketing cookies, and Cookiebot CMP keeps blocking all such trackers from activation, respecting the user’s consent choice.
Cookiebot CMP sends the user’s consent state to Google Consent Mode, and this specific consent state becomes the basis of operation for all Google services that you are using on your website, e.g. by controlling Google Analytics data collection based on user consent states.
Try Cookiebot free for 14 days… or forever if you have a small website.
Consent is sustainable, targeted advertisement is not
A “wild west” environment where the mass collection of user data has existed for years on the Internet, but only really surfaced to public knowledge over the last few years. Major news headlines about data breaches and questionable operations by large tech companies have contributed to creating distrust in big tech companies, in addition to growing public awareness of data privacy.
Landmark data protection laws have emerged, partly as a response, most notably the EU’s General Data Protection Regulation (GDPR). That regulation empowers individuals in Europe with enforceable rights over the data they generate every day, and defines clear rules and responsibilities for websites and tech companies when processing this data.
Google, consent and the “hard block”
Consent management platforms are a safe and effective way for websites to become compliant with the GDPR, by handing over the controls for the activation of cookies and trackers to the user through consent.
But when users choose not to consent to analytics and marketing cookies through a website’s CMP, this often means a hard block of the domain’s analytics and marketing services. These run on such cookies and trackers, so such actions effectively cut off vital analytics insights and marketing revenue streams that are crucial for the commercial survival of not only major tech companies or media domains, but smaller, independent websites and ecommerce operations as well.
Ad blockers and privacy browsers have acted as self-defense tools for end users, but have not been able to solve the larger, structural issues around the coexistence of data privacy and digital advertisement, partly because of their blanket approach to blocking everything, and partly because many users don’t have the time or the skills to defend themselves in this way to begin with.
Add to this research showing targeted advertisements provide only marginally better results compared to contextual advertising that isn’t based on users’ personal data, and the industry move away from mass personal data collection for privacy-infringing behavioral advertising seems to have been an event horizon coming ever closer.
Google moves the Internet, again
When Google launched Consent Mode in September 2020, website operators got new options so it was no longer only a choice between protecting user privacy and optimizing opt-in rates for websites big and small.
Harvard Professor Emeritus Shoshana Zuboff argues in The Age Of Surveillance Capitalism that surveillance capitalism — the business model of mass data collection for user behavioral predictions — started in 2002 when Google decided to commodify the unfathomable amounts of data their search engine collected.
In 2020, Google’s decision to move the digital advertising industry in the direction of consent with the launch of the Google Consent Mode marks a defining chapter in this story, providing a way forward to a more safe, private and fair Internet.
Consent in the making
Consent is the basis of the EU’s GDPR, ePrivacy Directive and the Digital Markets Act (DMA), as well as data privacy laws in other countries, such as Brazil’s LGPD, because it empowers individuals with enforceable rights over all the digital traces of their lives, they live online every day.
But in practice, consent keeps evolving to become more complex. It was once a mere scroll on a web page or pre-ticked checkboxes on cookie banners.
In 2002 and 2009, the ePrivacy Directive (also known as the “EU cookie law”) first introduced a requirement for cookie banners on websites. But these cookie banners only required website owners to state that the website uses cookies, with an accompanying “OK” button for users to click on. But cookies and trackers would already be in activation, rendering their consent meaningless.
In 2018, the GDPR carved out a clear definition of consent that many data privacy laws around the world have adopted or at the least reflected. Together with courts and data protection authorities this fundamental digital right keeps evolving.
The GDPR defines consent as the informed, prior, clear and unambiguous indication of a user’s wishes, i.e. that users must be made aware of exactly how your website processes personal data, what cookies and trackers are in use (including their purpose, provider and duration), and that users have the ability to give their explicit consent to each of these before any processing of their personal data can take place.
The Digital Markets Act (DMA), which came into force on November 2022 in the European Union and European Economic Area, reinforces the definition of consent under the GDPR, and requires the companies it has designated as “gatekeepers” under the regulation, as well as third-party businesses using the gatekeepers’ platforms, to collect and process user data only after obtaining valid consent, per this definition.
Cookiebot CMP has pushed to shape consent management since 2012, to make “consent” a no-nonsense term with real-world application: the explicit, informed and empowered voice of the individual person being the governing force for the processing of personal data on our digital infrastructures.
Try Cookiebot CMP free for 14 days… or forever if you have a small website.
FAQ
Google Consent Mode is an open API developed by Google that lets your website run all its Google-services, such as Google Analytics, Google Tag Manager and Google Ads, based on the consent state of your end-users. Google Consent Mode governs the behavior of all Google tags and scripts on your website based on the user consent sent by your websites consent management platform.
Try Cookiebot CMP free for 14 days with the Google Consent Mode
Google Consent Mode receives the consent state of your website’s end-users from its consent management platform. No personal data is sent to Google, only the specifics of the user’s consent, e.g. if the user has chosen not to consent to marketing cookies. Google Consent Mode then operates based on the consent state, e.g. displaying contextual advertisement on your website without the use of personal data if the user didn’t consent to the activation marketing cookies.
Scan your website with Cookiebot CMP to see what cookies and trackers your website uses
Conversion modeling is a way for Google Consent Mode to give you anonymous analytics data from users on your website who haven’t consented to cookies. What conversion modeling does is to offer you insights into user journeys on your website from end-users who chose to opt-out of cookies by using observable data from people who did consent to cookies, thereby giving you an estimate of how that end-user’s journey on your website looked like.
Try Cookiebot CMP free for 14 days with the Google Consent Mode
The EU’s General Data Protection Regulation requires websites who have users from inside Europe to ask for and obtain their explicit consent before processing any of their personal data. Cookies and trackers used for analytics and advertisement on your website process personal data from users, such as unique IDs, IP addresses, search and browser history, which is why you must inform users and ask for their consent for their activation.
Using a consent management platform on your website can help you obtain the granular and GDPR compliant consent from your end-users that your website needs in order to activate its cookies and trackers. Through a consent banner on your website, users will be able to filter their selection of cookies and give a specific consent to their purpose, provider and duration.
Try Cookiebot free for 14 days… or forever if you have a small website.
You can implement Google Consent Mode by using a consent management platform like Cookiebot CMP. To easily set it up on a WordPress website, you can use the Cookiebot CMP Plugin for WordPress and enable the toggle in the plugin settings. You can also add a short code snippet to your website template above the gtag.js or Google Tag Manager tag, or use the Cookiebot CMP tag template from the Google Tag Manager Template Gallery.
Google Consent Mode helps website owners obtain GDPR-compliant consent from users to collect their data. However, using Google Consent Mode alone is not enough to be GDPR-compliant, and website owners must continue to comply with other provisions of the GDPR, including the right to object and the right to be forgotten, having a detailed and updated cookie policy and keeping GDPR-compliant consent records.
Google Analytics on its own is not GDPR compliant or noncompliant. Rather, you must ensure you follow all the relevant GDPR requirements to use Google Analytics in a compliant manner. This includes obtaining explicit consent from end users before activating Google Analytics cookies, as well as describing all personal data processing in your website’s privacy policy. Using a consent management platform can help to automate the Google Analytics GDPR compliance process.
Google Analytics cookies data, like the broader use of GA4 and other data it collects, may be GDPR-compliant. It depends on a number of factors, especially how users are notified and how consent is collected. Read our article to get all the details.
If you or your web team are unsure if Google Consent Mode is implemented on your website, you can use Google Tag Assistant to check. Browse your website in Tag Assistant as a visitor. In the Tag Assistant window, click on a page or message and navigate to the ‘Consent’ tab. If you see a consent status for the “ad_storage” and “analytics_storage” tags then Google Consent Mode is implemented, otherwise, you’ll see a message that says “Consent not configured.”
Businesses with visitors in the European Union must already obtain valid user consent under the GDPR before collecting their data. The DMA (which covers users in the EU and European Economic Area) reinforces the definition of consent under the GDPR. It places strict obligations on gatekeepers — which will establish rules for third-party businesses to continue using their services — to achieve compliance. Businesses that use gatekeepers’ platforms will need to follow these rules and align their data privacy policies with the DMA to continue using these platforms.
Read more: How important is consent management under the Digital Markets Act (DMA)?
The Digital Markets Act (DMA) requires prior consent or opt-in consent from consumers before website operators can collect their personal data. Third-party businesses that use Google platforms and services can use Google Consent Mode to signal users’ consent status to Google, so that Google services don’t collect their data unless they explicitly give consent. This helps achieve compliance with the DMA so that businesses can enjoy uninterrupted access to Google’s platforms and services.
