Written by

William Blesch

Legal and data protection research writer at TermsFeed.

LinkedIn youtube Website

William Blesch

On this page

In 2020, Google began phasing in a privacy feature called "Consent Mode," which changes the way you collect ads tracking data and your analytics. The new feature allows you to modify tracking tags based on whether your site's users permit you to track them.

Right now, the Consent Mode framework is compatible with both opt-in and opt-out users. Opt-in users have explicitly said yes to your tracking efforts while opt-out users are tracked by default, but who have the right to say "no."

Google's Consent Mode is still in beta, which means it's essentially in early or limited release. It's an optional feature that allows you to manage the consent preferences of your website's visitors when interacting with Google-owned properties, such as Google Ads and Google Analytics.

It's brand new, still in a testing phase, and the mode's purpose is to permit websites to honor the individual user's consent preferences while still collecting anonymized metrics.

For instance, some privacy laws demand that websites honor a user's preferences regarding cookie use. When someone decides to withhold consent, website owners are deprived of valuable data.

Google's Consent Mode gives website owners a way to remain compliant with international privacy laws while still gaining insight into their businesses.

All in all, many experts believe that the new Consent Mode meshes nicely with Google's efforts to align its services with laws, such as Europe's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA).

Let's take a deeper look at this.

Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:

  • For GDPR, CCPA/CPRA and other privacy laws
  • Apply privacy requirements based on user location
  • Get consent prior to third-party scripts loading
  • Works for desktop, tables and mobile devices
  • Customize the appearance to match your brand style

Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:

  1. Start the Privacy Consent wizard to create the Cookie Consent code by adding your website information.

    TermsFeed Privacy Consent: Add website information - Step 1

  2. At Step 2, add in information about your business.

    TermsFeed Privacy Consent: Add about your business type, select the country - Step 2

  3. At Step 3, select a plan for the Cookie Consent.

  4. You're done! Your Cookie Consent Banner is ready. Install the Cookie Consent banner on your website:

    TermsFeed Privacy Consent: Install the Cookie Consent banner on your website - Step 4

    Display the Cookie Consent banner on your website by copy-paste the installation code in the <head></head> section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.



There are two new tags (ad_storage and analytics_storage), which Google Consent Mode uses to control the behavior of cookies and Google tags.

The Cookie Information Consent Pop-up provides information about your user's consent status directly to Google's Consent Mode. Google Consent Mode essentially operates on two distinct strings based on your user's choice of whether they've given consent to your use of cookies.

Here's what happens:

When your user gives consent, you can use Google Analytics and Google Ads cookies to measure and retarget ads as you usually would because the associate tags will function normally. On the other hand, if a user declines to give consent, then Google's Consent Mode will use pings to convey the message that events have occurred.

Pings are used for events, such as:

  • Conversions (Pings are used as a notification that a conversion has taken place. For instance, on pages where Google Analytics has been applied, visits and events are logged and pings are then sent.)
  • Consent status (When a user visits a site, a ping is sent from each page visited for each category of cookie.)

When consent is not given, Google Consent Mode allows you to gain conversion measurements from website traffic and Ad campaigns, although you will not get detailed information about your visitors. In other words, you'll still get valuable information even though you won't be able to conduct personalized advertising or retargeting campaigns.

Using Google Consent Mode with Google Ads

Until now, it's been a difficult proposition for advertisers to gain valuable insights into conversion data when users declined the use of cookies. Optimizing budgets and campaigns without cookie consent was tricky at best.

However, Consent Mode changes that dynamic by using the "ad_storage" tag to control cookie behavior and measure conversions. The tag is dependent on the user's consent choice and determines whether Consent Mode uses regular marketing cookies or switches to the use of pings to measure conversions.

Using Consent Mode, you'll be able to respect user privacy while still recording and measuring conversions from the following:

  • Google Ads
  • Campaign Manager
  • Search Ads 360
  • Display & Video 360

Think of it like this. Suppose a user visits your website and a conversion takes place. If the user accepts all cookies, reporting will continue as usual in your cookie pop-up. On the flip side, if the user declines to give consent and cookies aren't accepted, the ad_storage tag will ensure that marketing cookies are not read or written. In that case, you'll receive a more aggregated level of conversion data.

Using Consent Mode with Google Analytics

As previously mentioned, Google Consent Mode works with Google Analytics too. Here too, Consent Mode respects a user's choice to give or withhold consent when it comes to marketing cookies. If users don't consent to all cookies, then Google Analytics will disable features that rely on Google signals.

Here, Google Consent Mode uses the analytics_storage tag. In the same way that it uses the ad_storage tag, Consent Mode will use its analytics counterpart to determine whether it uses cookies as usual or whether cookieless pings are used. In that case, you'll still get basic measurements from Google Analytics.

You'll essentially get information on things like page views and the number of visitors. You won't gain enough data for retargeting purposes.

There are more than a few services, which Consent Mode supports. They include the following:

  • Google Ads
  • Google Analytics
  • Floodlight (the conversion tracking system for the Google Marketing Platform)

You'll still gain the following non-identifying, aggregated information when users decline cookies.

  • User Agent (You'll know if users visit your website)
  • Timestamp (You'll know when users visit your website)
  • Ad-click information in the URL (e.g., GCLID / DCLID)
  • Boolean data about the consent state
  • Referrer (You'll know how users got to your website)
  • Random number generated on each page load

Again, while you won't be able to use any of this kind of data for retargeting, you'll still be able to benefit from it by optimizing ad budgets, ad copy, and landing pages.

Why is Consent Necessary to Process Personal Data?

Today, just about every country has implemented some kind of data privacy law, which regulates how data is collected, the legal basis for that collection, the amount of control users have over their data once it's transferred, and more.

Companies that fail to comply with the relevant legislation face lawsuits, steep fines, and even the banning of the company's website in certain locations.

In order to stay compliant with these laws, companies that want to use tracking technologies that utilize cookies, etc., must gain explicit user consent.

For example, one of the most prominent laws that governs the use of cookies is the GDPR. It mentions cookies in Recital 30, which says the following:

"Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

Essentially, what this is saying is that because cookies can be used to identify users, they qualify as personal data and therefore fall under the GDPR's privacy requirements. Part of those requirements is obtaining consent before collecting personal data.

The GDPR goes on to clarify what constitutes "consent." According to the law, consent is "the informed, prior, clear and unambiguous indication of a user's wishes." In effect, to be compliant, your users must give explicit consent to your use of their personal information, which according to the GDPR, includes cookies.

Another relevant law is the EU's ePrivacy Directive. Under this directive, companies that use cookies need to:

  • Acquire user consent before using any cookies except those that are strictly necessary for the website to function
  • Provide specific and accurate information about the information each cookie tracks and its purpose in straightforward, plain language before consent is received
  • Document and store all consent received from users
  • Permit users to access services even if they decline to give consent for the use of specific cookies
  • Make the process of removing consent as easy as giving consent in the first place

Other laws that require consent for the collection and processing of personal information include:

  • Brazil's General Personal Data Protection Act (LGPD)
  • Children's Online Privacy Protection Rule (COPPA)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Privacy Rights Act (CPRA)

Is Google Consent Mode Compliant With Privacy Laws?

Some may wonder if Google's Consent Mode is actually compliant with data privacy laws since it allows companies to use certain kinds of data via Google Analytics even without consent. According to Google, the answer is yes.

When user consent is declined, all data provided to companies via Google Analytics will be anonymized. The information captured will be delivered in an aggregated form and without a client ID.

However, some German authorities, like the German Federal Court of Justice, disagree with Google's assertions. Their view is that a completely anonymous interaction isn't possible since a website visitor's IP address is transmitted during most interactions.

For instance, the German authorities wrote that:

"If a website operator does not think that collecting consent is necessary, from a technology perspective they must ensure that an anonymous interaction is possible in 100% of users' website interactions ... otherwise consent will always need to be collected."

Despite Google's confidence, and in light of some of the misgivings certain EU authorities may have concerning the use of the tech giant's Consent Mode, it would be prudent to consult with an attorney before adopting its use.

How Can You Obtain Explicit Consent?

While consulting with an attorney is recommended, as mentioned previously, you can help ensure that you obtain explicit user consent and become GDPR compliant by using a consent management platform on your company's website, such as a cookie banner.

Of course, this can also help remove any potential downsides to using Google's Consent Mode.

Using a cookie consent banner known as a "cookie wall" allows you to block user access to your website until they either explicitly accept all cookies or manage which ones they'll deny or allow. With this model, users have to actively click on a link or a button that says something like "I accept cookies" or "Manage my cookies."

With that said, remember that Google Consent Mode isn't a consent management platform. Obtaining explicit consent is your responsibility, not Google's.

Because Consent Mode is still in beta, you'll need to reach out to your Google account team. There are extra lines of code, which must be added above your Tag manager container or global site tag.

Summary

Consent Mode is a feature that Google began slowly phasing in during 2020. It's a new pair of website settings, which use Google's analytics and advertising services. How these settings behave is dependent on whether a user gives consent or not to the use of cookies.

When a user gives consent, Google Consent Mode will collect data as it normally would through Google Ads and Google Analytics. When users withhold consent, Google will anonymize and aggregate data, which it obtains through pings instead of cookies.

Google believes that Consent Mode is an effective method of remaining compliant with worldwide privacy laws regarding customer consent while still obtaining useful data. That information can then be used to help optimize things such as landing pages, ad copy, and budgets.

For instance, by using Google Consent Mode you can still receive basic, non-identifying information when a user has declined analytic cookies. While you won't gain any personal information about that user, you'll still get data on how they arrived, where they're located, and how much time they spend on your website.

In the same way, Google will still be able to show ads even when a customer declines to give consent regarding advertising cookies. Those ads won't be customized or personalized based on that customer's activities or profile, but the topics on your website can still provide Google with some context.

In theory, even if the ads aren't hyper-targeted, many users who decline the use of cookies will still click on them, which can allow you to continue earning revenue from them.

Remember that Consent Mode can potentially help you to comply with worldwide data privacy laws, which demand explicit user consent given in advance of data collection and processing.

These laws include:

  • Brazil's General Personal Data Protection Act (LGPD)
  • Children's Online Privacy Protection Rule (COPPA)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Privacy Rights Act (CPRA)

Finally, remember that Google Consent Mode is still in beta, and you'll need to speak to your Google account team to get things set up. You'll also already need to be using a consent management system that allows you to obtain explicit cookie consent.

If you're thinking about using Google Consent Mode, you should also consider consulting with an attorney specializing in privacy law in the geographic locations you do business.