Any business that uses Google Ads to create personalized advertisements directed at individuals who live in the European Economic Area (EEA) and/or the United Kingdom (UK) needs to be aware of Google's new consent requirements for ad personalization.

This article explains why consent is necessary for Google Ads personalization, the steps you can take to comply with Google's consent requirements for advertisers, and what happens if you don't comply with its requirements.

Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:

  • For GDPR, CCPA/CPRA and other privacy laws
  • Apply privacy requirements based on user location
  • Get consent prior to third-party scripts loading
  • Works for desktop, tables and mobile devices
  • Customize the appearance to match your brand style

Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:

  1. Start the Privacy Consent wizard to create the Cookie Consent code by adding your website information.

    TermsFeed Privacy Consent: Add website information - Step 1

  2. At Step 2, add in information about your business.

    TermsFeed Privacy Consent: Add about your business type, select the country - Step 2

  3. At Step 3, select a plan for the Cookie Consent.

  4. You're done! Your Cookie Consent Banner is ready. Install the Cookie Consent banner on your website:

    TermsFeed Privacy Consent: Install the Cookie Consent banner on your website - Step 4

    Display the Cookie Consent banner on your website by copy-paste the installation code in the <head></head> section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.



What is Google Ads?

Google Ads is a popular Google product for businesses used to aid companies of all sizes in their digital marketing endeavors. With no minimum ad spend and easy-to-analyze metrics that indicate ad performance, Google Ads is a favorite.

Google is the most used search engine in the world, making its marketing products - including Google Ads - top choices for businesses that want to reach a wide audience.

In the context of Google Ads personalization, consent is when a user agrees to have their data collected and used for targeted advertising purposes.

"Targeted advertising" is when an advertiser uses personal information about consumers (such as characteristics, preferences, interests, and online behavior) to create personalized ads designed to appeal to them.

Google requires businesses that cater to residents of the EEA and the UK to get users' consent before collecting or using their personal data for personalized ads.

There are many privacy and data protection laws requiring consent that Google (and any businesses that use its products) must comply with. Many privacy laws apply to businesses that are based in or target residents of the region where the law originates.

These laws include state laws such as the California Consumer Privacy Act (CCPA) and global legislation, such as Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

The European Union's (EU) General Data Protection Regulation (GDPR) is an essential privacy law that Google must abide by, and Google's consent requirements for personalized ads are designed with GDPR compliance in mind.

Google's consent mode is a way that lets you, a website owner or app developer, communicate your users' cookie or app identifier consent status to Google. It's a method to respect users' choices regarding their consent status.

Obtaining user consent (and communicating that consent status to Google) is usually done through a cookie consent notice banner. For a cookie notice banner, you have multiple options:

When a user makes a consent choice, the notice banner you implemented (either through a CMPs or your own) would send information about users' choices to Google, and certain Google products (such as Google Analytics 4 and Google Ads) adapt the way they track, manage, and store that user's information to honor their consent choice.

Google's consent mode v2 is an updated version of its original consent mode that focuses on personalized advertising, or "remarketing." It allows you to adjust the way your Google tags (technology that sends data from your website or app to Google Ads or Google Analytics 4) behave based on users' consent choices.

Google Consent Mode V2 helps businesses respond appropriately to and communicate EEA and UK users' consent choices regarding the use of their personal data for advertising purposes to Google.

For example, with Google's Consent Mode V2, if a user denies consent to use their personal data for targeted advertising purposes, Google Ads will not use advertising cookies to profile that user.

If you don't ask EEA and UK users for consent and send their consent choices to Google, you won't be able to build certain audiences or run personalized Google Ads campaigns within the EEA.

Google's Analytics Help page explains how consent mode works on websites and mobile apps:

Google Analytics Help: Consent Mode on Websites and Apps page excerpt

What is Conversion Modeling?

If a user does not grant consent to the collection or use of their data, Google can use conversion modeling to fill the data gaps that are otherwise occupied by personal data. Conversion modeling uses non-identifying data to predict online conversions (when a user takes a desired action in response to a marketing effort).

Conversion modeling enables businesses to get a more complete picture of how their marketing is performing and helps prevent under, or overbidding, while protecting the privacy of individuals who do not want their personal data used for marketing purposes.

The Google Ads Help page explains that conversion modeling works by using historical data to predict unobserved conversions:

Google Ads Help: How Conversion Modeling Works page

Anyone who runs personalized advertising campaigns focused on residents of the EEA and/or the UK on Google Ads needs to meet the following requirements by March 2024:

  • Comply with relevant legal agreements, including Google's EU User Consent Policy
  • Get EEA and UK users' consent before using their personal data using Google Consent Mode V2
  • Share consent signals (users' consent choices) with Google using Google Consent Mode V2

Google's Tag Manager Help page explains that advertisers must comply with its EU User Consent Policy by getting consent from EEA users before using their personal data, and sharing consent signals with Google:

Google Tag Manager Help: Updates to consent mode for traffic in EEA page excerpt

A popup from Google explains that an advertiser is not complying with Google's requirements and that they must make the following appropriate changes by March 2024 to avoid campaign performance issues:

Google popup: Implement consent for ads personalization

It says:

"Implement consent for ads personalization - You are not providing EEA end-user consent signals required for ad personalization features. Take action before March 2024 or your campaign performance will be impacted."

Anyone who runs personalized ads on Google that are directed at residents of the EEA and the UK must comply with Google's ad personalization consent requirements must comply with Google's Ad Personalization Consent requirements.

That means businesses need to get EEA and UK users' consent before using cookies to track their behavior or collecting or processing personal data for personalized advertising purposes.

The EEA consists of the EU, plus Iceland, Liechtenstein, and Norway, so businesses that create ads targeting members of those 30 countries and/or the four countries that comprise the UK must comply with Google's ad personalization consent requirements.

Google's Tag Manager Help page explains the steps you should take to manage user consent, including obtaining consent choices, communicating those choices to Google, and ensuring that Google tags and any third-party tags are responding appropriately to users' consent choices.

Let's take a look at some of the steps you can take to ensure compliance with Google's ad personalization consent requirements.

Businesses that use Google Ads must comply with Google's EU User Consent Policy.

Google's EU User Consent Policy requires anyone who uses certain Google products (including Google Ads) to get consent from users based in the EEA and the UK before:

  • Using cookies or storing users' information
  • Collecting, sharing, or processing personal data for personalized ads

Additionally, you will need to:

  • Keep a record of consent obtained from users
  • Explain how users can withdraw their consent
  • List any third parties who collect, receive, or process users' personal data due to your use of a Google product
  • Provide an easily accessible explanation of what third parties do with users' personal data

Google's EU User Consent Policy explains that you must get consent before using cookies or collecting, sharing, or processing users' personal data for ad personalization purposes:

Google EU User Consent Policy: Properties under your control section

Google's EU User Consent Policy explains that users of its products must provide specific disclosures and get consent from end users who live in the EEA and the UK, or else their use of its products may be negatively impacted:

Google EU User Consent Policy intro

Comply With Customer Match Requirements

Customer Match is a Google Ads feature that enables you to use customer data for targeted advertising purposes. Customer Match is available on several Google products, including Search, the Shopping tab, YouTube, Gmail, and Display.

If you use Customer Match, Google's EU User Consent Policy requires you to communicate with your Customer Match partner to ensure that consent signals are being sent to Google.

Google's FAQ page explains that if Customer Match users don't communicate consent signals to Google, then personal data from EEA users cannot be processed or used for personalized advertising:

Google Ads Help: FAQs about the EU user consent policy for Customer Match upload partners section

You should get consent from EEA and UK users before collecting or processing their personal data by using a cookie consent banner, as seen here:

TermsFeed WordPress: Preview: Cookie Consent banner with Google Consent Mode V2

You should ensure that your cookie consent banners are up to date, accessible to residents of the EEA and the UK, and fully functional.

To comply with Google's consent requirements you should:

  • Explain that users' personal data will be used for ad personalization
  • Make sure that users have to take action to provide consent (such as clicking an "I Agree" button or checkbox)
  • List any third parties you disclose personal data to (such as in your Privacy Policy)
  • Explain how third parties will use EEA and UK users' personal data (also can be in your Privacy Policy)
  • Link to Google's Business Data Responsibility page

Google's Help With the EU User Consent Policy page includes a consent mechanism checklist with information that businesses should include in their consent banners, including an explanation of how users' personal data will be used for personalized ads and a list of any third parties you share users' personal data with:

Google Help with EU User Consent Policy checklist

Once you obtain user consent, you will need to send it to Google. You can send user consent to Google by enabling consent mode and updating Google tags.

In November 2023, Google released Consent Mode V2, a new way for businesses to communicate EEA and UK users' consent choices regarding the use of their personal data for advertising purposes to Google.

To comply with the new requirement, you'll need to implement Consent Mode V2 by March 2024. We've updated our Free Cookie Consent to work with Google Consent Mode V2.

Here's how you can integrate our Free Cookie Consent with the new Consent Mode V2:

  1. Create the gtag function with the default consent states as denied:

    TermsFeed: Google Consent Mode V2: Example: Copy the gtag function with default consent states as denied

  2. Load the Google Analytics/Tag Manager script:

    TermsFeed: Free Cookie Consent: Example: Copy Google Analytics or Tag Manager script code

  3. Communicate user consent status using Cookie Consent callbacks:

    TermsFeed Free Cookie Consent: Example: Cookie Consent config code with callbacks parameter

These instructions can be found on our Cookie Consent & Google Consent Mode V2 page. We also have a video walkthrough on how to integrate a cookie notice banner with Consent Mode V2.


If you use a Google-certified CMP, your CMP will be automatically updated with consent mode v2. If you have your own consent banner, you will need to manually enable consent mode v2.

If you don't enable consent mode v2, Google will be unable to verify users' consent choices, and you may lose data necessary to take full advantage of Google Ads and Google Analytics.

Update Google Tags

Once you have received users' consent choices, you should update Google tags to reflect those choices and double-check that Google tags (and third-party tags) are reacting appropriately.

You can choose which Google destinations can receive data from EEA residents for personalized advertising purposes from the Google tag settings page within your Google Ads account.

Google's Tag Manager Help page explains how you can configure your Google tag settings, including communicating consent choices from EEA users to Google Ads:

Google Tag Manager Help Page: Configure tag settings chart

Google's Analytics Help web page lists best practices for using consent mode, including updating users' consent choices as soon as they are made and loading Google tags regardless of whether users grant or deny their consent:

Google Analytics Help Page: Consent mode best practices excerpt

Maintain a Privacy Policy

A Privacy Policy is a legal document that explains how you handle the personal information you collect and process, amongst other things.

One effective step towards compliance with Google's EU User Consent Policy is including relevant information within your Privacy Policy, such as how to withdraw consent and what third parties you share personal data with.

Your Privacy Policy should be clearly written and easily accessible. It should contain clauses about:

  • The types of data you collect and how you collect them
  • How you use the data you collect
  • How you keep the information you collect secure
  • Any third parties you share data with
  • How users can exercise their rights, including withdrawing their consent and opting out of the sale of their personal data or use of their personal data for targeted advertising purposes
  • Your contact information
  • A link to Google's Business Data Responsibility page, as required by Google's EU User Consent Policy

If you don't comply with Google's ad personalization consent requirements by March 2024, then you may be unable to collect or process data from EEA residents. That means that you won't be able to run personalized ads or accurately measure ad performance in the EEA region.

Google Ads relies on data to run efficiently. If you don't comply with Google's ad personalization consent requirements, you will be missing out on data from over 30 countries, which could have a significant impact on your ad campaign conversion rates.

There may also be legal implications.

Summary

Google Ads is an online platform that enables businesses to create advertisements (including personalized ads) directed at consumers from all around the world.

Consent in the context of Google Ads personalization is when you get agreement from EEA and UK users to allow you to collect and process their personal data for targeted advertising purposes.

The GDPR is the primary privacy law driving Google's consent requirements for ad personalization.

To comply with Google's ad personalization requirements, businesses that wish to create personalized ads targeting members of the EEA and the UK need to:

  • Comply with Google's EU User Consent Policy
  • Get consent before collecting EEA and UK users' personal data
  • Communicate users' consent signals to Google
  • Verify that Google tags are operating in response to users' consent choices
  • Maintain a Privacy Policy

To comply with Google's EU User Consent Policy, you should:

  • Get EEA and UK users' consent before using cookies, storing their data, or collecting, sharing, or processing their personal data for personalized ads
  • Maintain a record of consent obtained from users
  • Explain how users can withdraw their consent
  • List third parties who collect, receive, or process users' personal data due to your use of a Google product
  • Explain what third parties do with users' personal data
  • Communicate with your Customer Match partners to ensure that users' consent choices are being sent to Google

Your Privacy Policy should include the information required by Google's EU User Consent Policy, including:

  • The categories of personal data you collect and process
  • How you collect the data
  • How you keep personal data safe
  • A list of third parties you share data with
  • An explanation of how users can exercise their rights, including how to withdraw their consent and opt out of the sale of their personal data or use of their personal data for targeted advertising purposes
  • Your contact information
  • A link to Google's Business Data Responsibility page

If you don't comply with Google's ad personalization consent requirements, you stand to lose data and receive incomplete information about your Google Ad campaign performances.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy