New laws like the Digital Markets Act (DMA) have brought in fresh rules for big tech companies, including Google. Because of this, Google needs to set up specific privacy rules for using its services, such as Google Marketing Platform, Google Ads, or Google Analytics. As a result, since March 2024, the use of Google Consent Mode 2.0 is mandatory for websites that use google ads and create audiences for personalization in the European Union (EU) and European Economic Area (EEA).
For both advertisers and publishers, implementing Consent Mode 2.0 is now essential. It allows advertisers to continue to use personalized ads within the boundaries of the law, while publishers can monetize their content without compromising user privacy.
Discovering Consent Mode: What’s the Buzz?
Consent Mode is designed to improve privacy on websites by managing the way Google tags handle data collection and ad personalization, according to user consent. It plays a key role in maintaining privacy standards alongside data-driven marketing efforts.
A brief history about Consent Mode
Launched in 2020, Consent Mode 1.0 was Google’s first attempt to balance user consent with data collection needs. This version introduced basic and advanced consent mode.
In basic mode, tags are triggered only upon consent, while in advanced mode, data is sent regardless of the user’s consent, but without setting any cookies (known as cookie less tracking), enabling functionalities like modeling of visitor behavior and conversions for Google Ads, Floodlight and GA4.
Legally, this could result in complications since even with cookie less tracking, there is still a connection to Google’s servers, revealing the user’s IP address. Thus, it is advised is to use Basic Mode, as it is sufficient for most cases and requires only initialization and updating of the Consent Mode flags.
Consent Signals
Consent Mode is built upon various consent signals, each designed for distinct data processing and user interaction areas. These signals typically correspond to the cookie categories present in your Consent Management Platform:
ad_storage (Advertising Consent)
Controls consent for storage and access of cookies, local storage, or other identifiers for advertising purposes. This signal affects ad targeting and remarketing.
analytics_storage (Analytics Consent)
Manages consent for the storage and access of cookies, local storage, or other identifiers used for analytics and performance measurement.
functionality_storage (Functional Consent):
Though not always explicitly mentioned, this signal could be used to manage consent for cookies and storage necessary for website functionality.
personalization_storage (Personalization Consent)
This signal could control consent for personalization cookies and identifiers, enabling customized user experiences based on individual preferences and behavior.
security_storage (if applicable):
This signal might be used to manage consent for cookies and storage necessary for ensuring website security.
Consent mode 2.0
In November 2023, Google updated its Consent Mode to 2.0 with the addition of two crucial consent signals: ad_user_data and ad_personalization.
ad_user_data
This signal allows the use of user data for advertising operations, such as ad effectiveness and audience insights, with user consent. It’s essential for advertisers to optimize campaigns within privacy guidelines.
ad_personalization
It indicates user consent for tailoring ads based on their interests and online behavior, offering a more relevant ad experience. This signal is key for delivering targeted advertising that aligns with user preferences.
These additions are designed to specify the allowed use of collected data for advertising objectives and the customization of advertisements. Accompanying these signals is an improved URL schema to facilitate the transmission of consent states to Google’s platforms.
Since March 2024, the implementation of these signals is required for all users of Google Analytics and Google Ads who intend to create audience segments.
How to implement Consent Mode
Integrating Consent Mode into your website involves configuring your site to handle user consent signals in a manner that complies with privacy regulations.
Here’s a simplified approach to get started:
- Understand Consent Signals Familiarize yourself with the key consent signals. Knowing how these signals interact with your website’s data collection is crucial.
- Update Privacy Policy Ensure your privacy policy is up to date, clearly explaining how and why you collect data and how Consent Mode impacts data collection and processing.
- Implement a Consent Management Platform (CMP) or Use Consent Mode API Use a CMP compatible with Consent Mode 2.0. The CMP should be capable of capturing user consent preferences and communicating these preferences to Google’s services through Consent Mode.
- Set-up the tags and test the Implementation After setting up Tags with Consent Mode, thoroughly test it to ensure that it correctly interprets and applies user consents. Check that data is only collected based on the user’s preferences.
- Monitor and Maintain Regularly review your Consent Mode implementation and CMP settings to ensure ongoing compliance with privacy regulations and adapt to any updates in Consent Mode specifications or legal requirements.
How to test the implementation for the Google Tags?
When Consent Mode is activated, it sends out special codes in the website’s data requests. To check if Consent Mode is active and whether it’s collecting data for advertising or analytics purposes with or without user consent, you can look for these parameters in the Network tab of your web browser.
These codes are identified by the “gcs” parameter in the data requests. When you spot “gcs” in the requests, it will have a format like G1xy.
In this format, “x” indicates whether the user has given consent for Google Ads cookies, with “1” meaning yes (consent given) and “0” meaning no (consent not given, no cookie set). The “y” value works the same way but for Google Analytics cookies, where “1” means consent is given and “0” means it’s not.
G100: No consent is given for any cookies
G110: Consent is given for Google Ads cookies only.
G101: Consent is given for Google Analytics cookies only.
G111: Full consent is given for both Google Ads and Google Analytics cookies.
Version 2 of the consent mode introduced a new parameter, “gcd” (e.g., gcd=13r3r3r3r5), to capture the new signals. The value’s format and its significance have not been officially documented by Google and are subject to change. For those interested in further details and insights, Markus Baersch (in German) has written an article based on his observations.
Conclusion
Google Consent Mode V2 is a mandatory update for websites serving ads or analyse user behavior in the EU and EEA. It introduces new consent signals and a revamped URL schema to better align with European privacy and consumer protection laws.
Ressources:
- https://ec.europa.eu/commission/presscorner/detail/en/IP_23_4328
- https://support.google.com/admanager/answer/13554116?hl=en
- https://support.google.com/tagmanager/answer/13695607?hl=en
- https://developers.google.com/tag-platform/security/guides/consent?hl=de
- https://support.google.com/admanager/answer/13554116?sjid=3911152106923728473-EU#google-cmps&zippy=%2Cgoogle-certified-cmps
- https://www.thyngster.com/ga4-measurement-protocol-cheatsheet/
- https://www.markus-baersch.de/blog/consent-mode-2-0-faq/
Disclaimer: This document provides an overview of Google Consent Mode and is not a substitute for legal advice. Consult with your legal team for specific compliance requirements.