Google's Consent Mode changes the way you collect ads tracking data and your analytics. The feature allows you to modify tracking tags based on whether your site's users permit you to track them, and gives website owners a way to remain compliant with international privacy laws while still gaining insight into their businesses.

Let's take a deeper look at what Google Consent Mode is and how to utilize it to the benefit of your business.



There are two new tags (ad_storage and analytics_storage) which Google Consent Mode uses to control the behavior of cookies and Google tags.

The Cookie Information Consent Pop-up provides information about your user's consent status directly to Google's Consent Mode. Google Consent Mode essentially operates on two distinct strings based on your user's choice of whether they've given consent to your use of cookies.

Here's what happens:

When your user gives consent, you can use Google Analytics and Google Ads cookies to measure and retarget ads as you usually would because the associate tags will function normally. On the other hand, if a user declines to give consent, then Google's Consent Mode will use pings to convey the message that events have occurred.

Pings are used for events, such as:

  • Conversions (Pings are used as a notification that a conversion has taken place. For instance, on pages where Google Analytics has been applied, visits and events are logged and pings are then sent.)
  • Consent status (When a user visits a site, a ping is sent from each page visited for each category of cookie.)

When consent is not given, Google Consent Mode allows you to gain conversion measurements from website traffic and Ad campaigns, although you will not get detailed information about your visitors. In other words, you'll still get valuable information even though you won't be able to conduct personalized advertising or retargeting campaigns.

Using Google Consent Mode with Google Ads

Consent Mode helps advertisers to gain valuable insights into conversion data when users declined the use of cookies by useing the "ad_storage" tag to control cookie behavior and measure conversions. The tag is dependent on the user's consent choice and determines whether Consent Mode uses regular marketing cookies or switches to the use of pings to measure conversions.

Using Consent Mode, you'll be able to respect user privacy while still recording and measuring conversions from the following:

  • Google Ads
  • Campaign Manager
  • Search Ads 360
  • Display & Video 360

Think of it like this. Suppose a user visits your website and a conversion takes place. If the user accepts all cookies, reporting will continue as usual in your cookie pop-up. On the flip side, if the user declines to give consent and cookies aren't accepted, the ad_storage tag will ensure that marketing cookies are not read or written. In that case, you'll receive a more aggregated level of conversion data.

Using Consent Mode with Google Analytics

As previously mentioned, Google Consent Mode works with Google Analytics too. Here too, Consent Mode respects a user's choice to give or withhold consent when it comes to marketing cookies. If users don't consent to all cookies, then Google Analytics will disable features that rely on Google signals.

Here, Google Consent Mode uses the analytics_storage tag. In the same way that it uses the ad_storage tag, Consent Mode will use its analytics counterpart to determine whether it uses cookies as usual or whether cookieless pings are used. In that case, you'll still get basic measurements from Google Analytics.

You'll essentially get information on things like page views and the number of visitors. You won't gain enough data for retargeting purposes.

There are more than a few services, which Consent Mode supports. They include the following:

  • Google Ads
  • Google Analytics
  • Floodlight (the conversion tracking system for the Google Marketing Platform)

You'll still gain the following non-identifying, aggregated information when users decline cookies.

  • User Agent (You'll know if users visit your website)
  • Timestamp (You'll know when users visit your website)
  • Ad-click information in the URL (e.g., GCLID / DCLID)
  • Boolean data about the consent state
  • Referrer (You'll know how users got to your website)
  • Random number generated on each page load

Again, while you won't be able to use any of this kind of data for retargeting, you'll still be able to benefit from it by optimizing ad budgets, ad copy, and landing pages.

Why is Consent Necessary to Process Personal Data?

Today, just about every country has implemented some kind of data privacy law, which regulates how data is collected, the legal basis for that collection, the amount of control users have over their data once it's transferred, and more.

Companies that fail to comply with the relevant legislation face lawsuits, steep fines, and even the banning of the company's website in certain locations.

In order to stay compliant with these laws, companies that want to use tracking technologies that utilize cookies, etc., must gain explicit user consent.

For example, one of the most prominent laws that governs the use of cookies is the GDPR. It mentions cookies in Recital 30, which says the following:

"Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

Essentially, what this is saying is that because cookies can be used to identify users, they qualify as personal data and therefore fall under the GDPR's privacy requirements. Part of those requirements is obtaining consent before collecting personal data.

The GDPR goes on to clarify what constitutes "consent." According to the law, consent is "the informed, prior, clear and unambiguous indication of a user's wishes." In effect, to be compliant, your users must give explicit consent to your use of their personal information, which according to the GDPR, includes cookies.

Another relevant law is the EU's ePrivacy Directive. Under this directive, companies that use cookies need to:

  • Acquire user consent before using any cookies except those that are strictly necessary for the website to function
  • Provide specific and accurate information about the information each cookie tracks and its purpose in straightforward, plain language before consent is received
  • Document and store all consent received from users
  • Permit users to access services even if they decline to give consent for the use of specific cookies
  • Make the process of removing consent as easy as giving consent in the first place

Other laws that require consent for the collection and processing of personal information include:

  • Brazil's General Personal Data Protection Act (LGPD)
  • Children's Online Privacy Protection Rule (COPPA)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Privacy Rights Act (CPRA)

Is Google Consent Mode Compliant With Privacy Laws?

Some may wonder if Google's Consent Mode is actually compliant with data privacy laws since it allows companies to use certain kinds of data via Google Analytics even without consent. According to Google, the answer is yes.

When user consent is declined, all data provided to companies via Google Analytics will be anonymized. The information captured will be delivered in an aggregated form and without a client ID.

However, some German authorities, like the German Federal Court of Justice, disagree with Google's assertions. Their view is that a completely anonymous interaction isn't possible since a website visitor's IP address is transmitted during most interactions.

For instance, the German authorities wrote that:

"If a website operator does not think that collecting consent is necessary, from a technology perspective they must ensure that an anonymous interaction is possible in 100% of users' website interactions ... otherwise consent will always need to be collected."

Despite Google's confidence, and in light of some of the misgivings certain EU authorities may have concerning the use of the tech giant's Consent Mode, it would be prudent to consult with an attorney before adopting its use.

How Can You Obtain Explicit Consent?

You can help ensure that you obtain explicit user consent for GDPR compliance by using a consent management platform on your company's website, such as a cookie banner.

Here's an example of a cookie consent banner in use on a website:

Credit Agricole cookie consent banner notice

Of course, this can also help remove any potential downsides to using Google's Consent Mode.

Using a cookie consent banner known as a "cookie wall" allows you to block user access to your website until they either explicitly accept all cookies or manage which ones they'll deny or allow. With this model, users have to actively click on a link or a button that says something like "I accept cookies" or "Manage my cookies."

Here's an example of a cookie wall:

Tweakers cookie wall

With that said, remember that Google Consent Mode isn't a consent management platform. Obtaining explicit consent is your responsibility, not Google's.

To enable consent mode for your website, you can use Tag Manager and a CMP along with a community template. Follow the instructions provided by the CMP Partner and the provided Tag Manager templates.

To enable consent mode for your app, you can use gtag.js consent commands, or can use a Tag Manager consent mode template to create a tag. App developers can also opt to enable consent mode via the Google Analytics for Firebase SDK.

Summary

Consent Mode is a feature that Google began slowly phasing in during 2020. It's a new pair of website settings, which use Google's analytics and advertising services. How these settings behave is dependent on whether a user gives consent or not to the use of cookies.

When a user gives consent, Google Consent Mode will collect data as it normally would through Google Ads and Google Analytics. When users withhold consent, Google will anonymize and aggregate data, which it obtains through pings instead of cookies.

Google believes that Consent Mode is an effective method of remaining compliant with worldwide privacy laws regarding customer consent while still obtaining useful data. That information can then be used to help optimize things such as landing pages, ad copy, and budgets.

For instance, by using Google Consent Mode you can still receive basic, non-identifying information when a user has declined analytic cookies. While you won't gain any personal information about that user, you'll still get data on how they arrived, where they're located, and how much time they spend on your website.

In the same way, Google will still be able to show ads even when a customer declines to give consent regarding advertising cookies. Those ads won't be customized or personalized based on that customer's activities or profile, but the topics on your website can still provide Google with some context.

In theory, even if the ads aren't hyper-targeted, many users who decline the use of cookies will still click on them, which can allow you to continue earning revenue from them.

Remember that Consent Mode can potentially help you to comply with worldwide data privacy laws, which demand explicit user consent given in advance of data collection and processing.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy