Google Consent Mode

👋 F ind out here about Google Consent Mode for modeling data when the user has not given consent, how to set it up, what the limitations are, the subtleties as well as our recommendations.

🇪🇺 Implement Google Consent Mode before March 2024.
‍The European Union's new DMA regulations will be implemented at the beginning of 2024. It will introduce two new parameters - ad_user_data and ad_personalization.

Current configurations will need to be updated:

• Before March 2024 to maintain GA4 audience targeting.

• Before December 2024 to maintain advanced conversion tracking

Introduction

From March 6, 2024, it will be necessary to implement Consent Mode in cases where a website or application collects data for audience building or remarketing with Google's advertising services.

Google will require advertisers to collect user consent via a CMP (Consent Management Platform) such as Didomi, Axeptio or OneTrust. This process will be carried out via the "Consent Mode": a device designed by Google, and specially developed to adjust the operation of its products according to the authorizations given by users.

☝ If you have already set up Consent Mode V1, An update is now necessary with the introduction of two new consent signals in V2: ad_user_data and ad_personalizationand an overhaul of the URL scheme.

What is Google Consent Mode?

The "Consent Mode" allows data to be modeled within the Google products concerned (Google Analytics 4, Google Ads, Search Ads 360, etc.) in order to make up for the loss of data from users who have not given their consent to the collection of data and the reading of cookies by the associated Google tags (Google Analytics 4, Google Ads, Floodlight, etc.).

Google Consent Mode is a feature that allows you to :

1. Respect users' privacy choices by passing consent information to Google.

2. Model data when the user has not given their consent on the site they are visiting to maintain high-performance bid optimization algorithms.

☝ Consent rates on the site must be taken into account when evaluating campaign performance, as these audiences may have different consent rates.

It works in conjunction with an associated CMP (consent management platform) and compatible tags (Google Analytics, Google Ads, Google Floodlight and Conversion Linker).

⚠️ The implementation of Consent Mode does not replace your CMP (Consent Management Platform) such as Axeptio, Didomi, OneTrust, Cookiebot, etc.

If the user accepts cookies on the site, nothing changes, but if not, Consent Mode kicks in. This means that no cookies are deposited in the visitor's browser, but anonymized hits called "pings" are sent to the tools in the Google Marketing Platform suite.

🇪🇺 The European Union's new HHW regulations will be implemented in march 2024. It will introduce two new parameters - ad_user_data and ad_personalization. Current configurations will need to be updated to maintain advanced conversion tracking and audience targeting.

⚠️ It will be necessary to update your configuration by the end of March 2024, unless Google Consent Mode is already implemented via your CMP, in which case the update will be automatic.

The two versions of Consent Mode

1. The basic mode, which will become mandatory, works by activating beacons only with the user's consent. Consent status is transmitted via the four parameters. Google will use a data model to estimate conversions lost due to non-consent.

2. Advanced mode enables beacons to be activated with or without consent. The behavior of the tags will vary according to whether the user accepts or rejects tracking. This mode provides access to event/conversion modeling in tools such as Google Ads, GA4, based on a model trained on your data.

⚠️ Please note that advanced mode is not approved by the CNIL 🇫🇷 because it uses the user_agent without the user's consent. However, it is possible to suppress this parameter via a proxification. in Google Tag Manager Server-Side in the event of non-consent, in order to comply with CNIL requirements.

The advanced version offers more precise tracking of unauthorized traffic, providing Google with estimates of the percentage of unauthorized hits. In contrast, the basic mode is based on an estimate derived from current traffic.

The decision between advanced or basic mode will depend on the data controller, influenced by the DPO team's recommendations in favor of basic mode, while the marketing team might lean towards the advanced option.

In both cases, it becomes difficult to get an accurate count of conversions with Google Ads, and Google might even send notifications to block certain accounts in Europe.

Here are the trade-offs between advanced and basic implementations for Consent Mode:

(*) If tags are blocked for consent, data collection ceases and conversion modeling uses general, anonymous variables such as browser type or time, which are non-identifying variables.

How Google Consent Mode works

Google Consent Mode adds 4 new settings:

ℹ️ Le Consent Mode V2 includes advanced options such as ads_data_redaction to block the sharing of click identifiers and third-party cookies in ads; or allow_ad_personalization_signals who control Google's access to advertising data.

If the user gives consent, the parameter changes to ✅ granted and on the contrary in 🚫denied :

⚠️ It will be essential to communicate the consent status for these four parameters when sending data to Google Analytics, Google Ads, SA360, DV360.

Depending on the code sent to Google's analytics and advertising platform, the behavior of Consent Mode will be different.

The 4 prerequisites for enabling data modeling

• Having a CMP on site

• Have installed Google Consent Mode on your computer or via Google Tag Manager

• Having 1000 daily events with analytics_storage = denied

• Have 1000 daily users performing events with analytics_storage = parameter granted  for at least 7 days in the last 28 days.

The signals used for modeling

The models are run using the following aggregated and unidentifiable signals for the time being:

• Device model

• Conversion type

• Country

• Date and time (timestamp)

• Browser type and version

Integration with CMP

Google Consent Mode can be installed in various ways, depending on the CMP installed.

Some consent management platforms such as Cookiebot / Cookie Script etc. natively integrate consent mode into their Google Tag Manager tag template.

Other solutions such as Axeptio, Didomi or OneTrust will require configuration via Google Tag Manager.

To simplify this work Simo Ahava has created a template for the Google Tag in the tag gallery.

Consent-based operation

• When a user specifies his or her refusal to share his or her data with Google's advertising products, the consent status ad_user_data is set to denied.

• If, on the other hand, the user consents to sharing his/her data with Google's advertising products, the consent status ad_user_data becomes granted.

• When a user expresses his or her opposition to receiving targeted advertising (retargeting) from Google, the consent status ad_personalization is fixed on denied.

• Finally, if the user agrees to be the target of personalized advertising (retargeting) from Google, the consent status ad_personalization is based on granted.

Not all data can be modeled at present

Not all data can be modeled, at least for the time being. In its documentation, Google specifies that audiences, real-time data, segments, predictive metrics, data export and Explorer are not eligible.

Modeling therefore remains at the scale of the GA4 UI and cannot be exported to a Data Studio or BigQuery, nor can it be used to build audiences in Google Ads (which is logical).

⚠️ Up to 90% of daily data can be lost if the data collected is no longer statistically significant. it is essential that the property collects at least 1,000 events per day with analytics_storage = denied for at least 7 days, and hosts at least 1,000 daily users with analytics_storage= granted for at least 7 of the last 28 days.

Server-Side operation

Server-side tracking enhances the deployment of Google Consent Mode v.2 by offering greater control and personalization of data sent to third-party platforms, while complying with privacy regulations such as RGPD and ePrivacy.

This method reduces the impact of restrictions on customer-side tracking, by filtering or modifying data on an intermediate server, enabling companies to strike a balance between respecting privacy and optimizing marketing performance.

By integrating Google Consent Mode v.2 (advanced) with server-side tracking, companies can maintain efficient data collection for advertising modeling, while improving regulatory compliance.

Google Consent integrates naturally with Server-Side tracking via Google Tag Manager. Settings G100, G101, G110, G111 are sent to the GA4 client and then dispatched to Google Analytics and Google Ads, and operation proceeds in the same way as with client-side tracking. Configuration continues to be carried out via the GTM client, so migration to server-side tracking involves no modification whatsoever. So why deprive yourself?

The next steps for you

1️⃣ Have Google Tag or SDK in place on Web and Mobile Applications
2️⃣ Identify traffic coming from the 🇪🇺 EEA (European Economic Area)
3️⃣ Make sure you you collect consent from users in the EEA 🇪🇺
4️⃣ Check if your CMP is integrated or work with them to upgrade

Should we adopt Consent Mode?

The case presented in the previous section leaves little doubt. If you qualify for Google's consent mode, set it up! Especially as this feature is perfectly compatible with a Google Analytics server-side configuration.

In any case, you have the option of whether or not to add behavioral modeling to your reports, which will give you some leeway, should the data not be entirely consistent with the rest of your sources.

☝ We recommend activating Google Consent Mode Advanced, but with a few remarks:

• We've seen problems with duplicate transactions on consent mode customers, and Google support hasn't been able to explain them. The effects on data are not 100% clear.

• The use of filters in BigQuery queries is necessary to ignore a "super user" who refuses consent.

• Advanced mode does not meet CNIL expectations 🇫🇷 as it uses the user_agent without the user's consent. However, proxification is possible to comply with the guidelines.

Conclusion

Updating privacy and consent rules in analytics and digital advertising tools requires particular attention.

For GA4 users who do not share their data with advertising services, there will be no significant impact a priori. However, those using advertising products such as Google Ads must update their consent management before the end of March, although those already using a partner CMP do not need to act, a check is advised as not all CMPs are yet compliant.

💡 You can still manually transmit Consent Mode data via Google Tag or partner tags, if your CMP is not compliant but meets EU design standards.

This update does not guarantee the recovery of 100% of agreed traffic, but rather aims to obtain a more realistic estimate of conversions through data modeling. For those requiring more precise analysis across their entire audience, exploration of other tools offering exempt or hybrid tracking is recommended.

Finally, it's crucial to wait for the official documentation update to fully understand the implications of this update.

Other questions / answers

Is TCF an alternative to Google Consent Mode?

Yes, it's an alternative to Consent Mode. However, TCF is not compatible with GA4 because it does not contain analytics_storage

What happens if you are not in good standing in March 2024?

From March 2024, advertisers who are not in good standing will not be able to capture new users in the EEA zone.

What about Consent Mode on mobile applications?

You can enable Consent Mode using the Google Analytics SDK for Firebase👇

Manage consent settings (apps) | Security and Privacy hub | Google for Developers This page is for developers that use the Google Analytics for Firebase SDK in their app and want to integrate consent mode. For an introduction to consent mode, read Consent mode overview.