Google’s Consent Mode remains a trending topic, particularly with the upcoming requirement in 2024 for its implementation on websites or apps that gather data for audience building or remarketing through Google’s advertising services. With the introduction of V2, the most significant updates include the addition of two new consent signals, namely ad_user_data and ad_personalization, along with a redesigned URL structure for conveying consent states to Google’s services. This article serves as a comprehensive guide to the latest updates in Consent Mode, providing you with all the essential information you need to know, with a special focus on Consent Mode V2.
What is Consent Mode?
Consent Mode primarily focuses on gathering additional signals from users who haven’t provided consent for accessing their personal data or browser storage for data collection purposes. Google utilises these signals to model conversions (Google Ads, Floodlight, etc.) and visitor behaviour (Google Analytics 4). The approach involves collecting analytics and advertising pings from users who haven’t given consent, aiming to avoid accessing browser storage. This prevents Google’s services from retrieving cookies with personal data, such as online identifiers, and instead uses random, ephemeral identifiers. Unconsented data undergoes a modeling process to resemble data collected from consenting users before appearing in Google’s reports.
Consent Mode V2
In V2, the initial Consent Mode signals (ad_storage for advertising cookies and analytics_storage for analytics cookies) are now accompanied by two extra signals:
ad_user_data: indicates whether the user consents to using their personal data for advertising purposes.
ad_personalization: signifies whether the user consents to their data being utilized for remarketing.
Unlike ad_storage and analytics_storage, these indicators don’t directly influence how tags operate on the site itself. Instead, they serve as additional parameters sent with the pings to Google services, guiding these services on how to utilize user data for advertising.
In essence, while ad_storage and analytics_storage govern which identifiers are sent with the pings (upstream qualifiers), ad_user_data and ad_personalization provide downstream instructions to Google services on data processing.
Modes: Advance Vs Basic
Consent Mode V2 has introduced Advanced Consent Mode and Basic Consent Mode, which, while not entirely novel concepts, offer distinct functionalities.
In essence, Advanced Consent Mode aligns with Google’s recommended usage, involving the collection of data pings from users, whether or not they grant consent. On the other hand, Basic Consent Mode activates Consent Mode on the page or app, but Google’s tags remain inactive, refraining from data collection until the user provides consent.
To break it down:
No Consent Mode:
The page lacks any implementation of Consent Mode, assuming all data sent to Google services has user consent.
Basic Consent Mode:
Consent Mode is implemented, but data collection occurs only when the user grants consent.
Advanced Consent Mode:
Consent Mode is implemented, allowing data collection from users who both grant and deny consent.
The choice between these modes carries implications for the quality of modeling (source).
Consent Settings - Google Tag Manager
Google Tag Manager provides an interface for managing consent settings within your tags.
The Built-in Consent Checks feature outlines all the consent states accessed by the tag template code. This serves as an indicator that the template interacts with consent states in its code. The specific actions taken with this consent state depend on the tag template.
Meanwhile, the Additional Consent Checks section lists the consent states requiring a granted status for the tag to be triggered. If, upon the tag’s trigger activation, any of the listed consent states are in denied status, the tag will not activate.
It’s important to note that these settings are specific to Google Tag Manager and do not have equivalents in gtag or Consent Mode itself. For instance, Google Analytics 4 tags are sensitive to all four Consent Mode signals, but they have Built-in Consent Checks only for analytics_storage and ad_storage. This distinction arises because these two consent states are the ones that actively influence how the tag code operates. In contrast, ad_user_data and ad_personalization are URL flags automatically included in GA4 requests, requiring no direct interaction with the GA4 event tag.
Is Consent Mode Required in 2024?
Certainly, particularly if your operations are within or your website visitors are data subjects in the European Economic Area.
In 2024, it’s highly likely that implementing Basic Consent Mode for all your Google tags will be necessary. While it might involve additional tagging and implementation efforts, it’s not necessarily a drawback. Adopting Basic Consent Mode implies that you’re exclusively collecting data from users who have granted consent, and this granted state is communicated to Google’s services along with the collected data.
For those utilizing Google’s advertising services, either directly or through Google Analytics 4, Consent Mode could be a mandatory requirement.
For scenarios involving the collection of first-party user data, utilization of the Google Ads user_id, or sharing Conversions from Google Analytics 4 to Google Ads, implementing Consent Mode with the ad_user_data flag is essential. Similarly, for collecting data for remarketing with Google’s advertising services, implementing Consent Mode with the ad_personalization flag is a requisite.
If you find it necessary or mandatory to implement Consent Mode, it’s advisable to do so at the earliest convenience. Deploying Consent Mode early in the page or app render flow is encouraged, and Google Tag Manager for the web conveniently provides a built-in trigger, Consent Initialization, for this purpose.
How to check if Consent Mode is active?
When Consent Mode is active, be it in Basic or Advanced Mode, extra parameters accompany each request sent to Google’s services for analytics and advertising.
To inspect these parameters, you have multiple options: Google’s Tag Assistant, the Network tab in your browser’s developer tools, or a browser extension.
For the original iteration of consent mode, if you’re scrutinizing the network requests, focus on the parameter named &gcs. It carries a value in the format G1xy, where:
- x indicates consent to Google Ads cookies (1 for granted, 0 for denied).
- y indicates consent to Google Analytics cookies (1 for granted, 0 for denied).
Possible combinations and their meanings are as follows:
- G100: No consent has been granted.
- G110: Consent for Google Ads, no consent for Google Analytics.
- G101: Consent for Google Analytics, no consent for Google Ads.
- G111: Consent granted for both Google Ads and Google Analytics.
It’s important to note that G100 is exclusive to “Advanced Consent Mode.”
With Consent Mode V2, an additional parameter, gcd, is present in all requests. Further details about its composition can be explored below.
Consent Mode V2 signals
The gcs parameter exclusively pertains to ad_storage and analytics_storage. For the novel signals and Consent Mode V2 in general, an extra URL parameter, gcd, needs decoding. Regardless of Consent Mode activation, gcd is present in all interactions with Google services. It encapsulates values for all four consent signals (ad_storage, analytics_storage, ad_user_data, and ad_personalization) while also detailing how the consent signal originated.
The string’s format is as follows:
Initiating with 11, it uses 1 as a separator between distinct consent signals and concludes with a number like 5 (or occasionally something else) to denote closure.
Here are the potential values for the signals, as currently understood:
l -The lowercase L signifies that the signal hasn’t been set with Consent Mode.
Example – 11l1p1l1l5 (Only analytics_storage has been denied by default).
p -Denied by default (no update).
Example – 11p1p1p1p5 (all consent states are denied by default).
q-Denied both by default and after an update.
Example – 11p1q1p1p5 (the user updated their consent choice to set analytics_storage to denied after it was already set to denied by default).
t-Granted by default (no update).
Example – 11t1t1t1t5 (all consent states are granted by default).
r-Denied by default and granted after an update.
Example – 11r1r1r1r5 (the user grants consent to all services after they were first denied by default).
m-Denied after an update (no default).
Example – 11p1m1p1p5 (all other states were denied by default, but analytics_storage was only set after the user denied it).
n-Granted after an update (no default).
Example – 11n1n1n1n5 (the site did not set a default consent state and instead set all states to granted after the user chose so).
u-Granted by default and denied after an update.
Example – 11u1u1u1u5 (the user withdrew all consents after they were set to granted by default).
v-Granted both by default and after an update.
Example – 11v1v1v1v5 (all states were granted by default and by user confirmation).
In conclusion, Consent Mode V2 brings substantial enhancements to the data privacy landscape by introducing two crucial signals—ad_user_data and ad_personalization. These signals offer a more nuanced approach to user consent, especially in the realm of advertising and analytics. The updated gcd parameter further refines the process, providing detailed information on the origin and status of each consent signal. Whether in Basic or Advanced mode, Consent Mode V2 allows for a more tailored and transparent handling of user data, ensuring compliance with evolving privacy regulations. As we navigate the intricacies of Consent Mode, it becomes evident that staying informed and adapting to these advancements is crucial for maintaining a robust and ethically sound digital presence.