top of page
Writer's pictureDiogo Ferreira Cardoso

How to deploy Google's Consent Mode

In an era where user privacy is becoming more and more sensitive, all tracking tools have been forced to evolve their technology to ensure user consent is respected. A concrete example of this evolution can be observed in the latest move of Google with the release of Consent Mode. A new layer of tracking that allows your Google Tag Manager instance to integrate with most consent banners (eg. OneTrust) in order to capture user consent preferences. This new information is then utilized by Google to automatically adjust the behavior of every Google tags, including GA4, Google Ads, and Floodlight (DV360).


What is Consent Mode and its Evolution?


Beyond managing cookie consent as mentioned above, Consent Mode goes further by leveraging machine learning to model data for users who decline cookies. 



How does this work in a nutshell? When the user consents to be tracked, Google drops some cookies to help it identify the user and keep track of his actions. While this process is compliant when the user consents, this is not the case when the user does not consent. If the user does not consent to be tracked, Google can no longer store cookies on the user’s browser and will therefore collect anonymous data instead.


These new machine learning capabilities are interesting for all marketers because they will allow them to get a more realistic picture of how users interact with their websites as all users, consented and not consented, will be tracked in some way. However, it’s important to mention that in order to benefit from these machine learning capabilities your GA4 property or Google Ads accounts must meet certain volume criteria. In order to be eligible, your GA4 properties need to capture a significant amount of data on consented and non-consented users to properly train the models.    


This article focuses on the second version of Google’s Consent Mode, which is a response to stricter European regulations regarding user consent. This version introduces two new consent statements, "ad_user_data" and "ad_personalization," alongside the existing "ad_storage" and "analytics_storage" consents.


  • ad_user_data: must be sent if you share user data with Google for advertising purposes

  • ad_personalization: must be sent in the case of personalized advertising.


Consent Mode Implementation Steps


To effectively implement Consent Mode, a three-step process is necessary:


1. Deploy the “Default Consent” Call


The Default Consent Call sets by default the values of all consent statements to “denied”. This ensures that non-consented users are not tracked in any case.


The Default Consent Call is recommended to be hardcoded before Google Tag Manager (GTM) and Consent Management Platform (CMP) scripts. It's crucial to note that this call cannot be deployed separately from the remaining steps, as Google tracking will be automatically blocked even if consent is granted.


// Default Consent Call
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'default', {
    ad_storage: "denied",
    analytics_storage: "denied",
    functionality_storage: "denied",
    personalization_storage: "denied",
    Security_storage: "denied",
    ad_personalization: "denied",
    ad_user_data: "denied",
    //'wait_for_update': 500 - Not necessarily needed
  });
</script>

2. Deploy the “Update Consent” Call


The Update Consent Call captures the consent values updated when the user interacts with the CMP banner. This information is then shared with Google to adjust the behavior of all Google tags. Obviously, the CMP banner must be available on the website for this script to function correctly.


// Update Consent Call
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'update', {
    ad_storage: "granted | denied",
    analytics_storage: "granted | denied",
    functionality_storage: "granted | denied",
    personalization_storage: "granted | denied",
    Security_storage: "granted | denied",
    ad_personalization: "granted | denied",
    ad_user_data: "granted | denied"
  });
</script>

3. Set up Consent Mode tracking in GTM


Activate Consent Mode in Google tags by updating the Consent Settings to switch from the Not Set to No additional consent required option and removing consent blocking triggers. The No additional consent required option only works with Google tags as they benefit from built-in consent checks.


Note: The "Consent Overview" feature (located in the Container Settings section) facilitates bulk updates of tags' Consent Settings.



Note: Consent Mode can also be applied to non-Google tags, by simply switching from the Not Set to Require additional consent for tag to fire option and removing consent blocking triggers. After selecting the Require additional consent for tag to fire option, the type of consent to satisfy will need to be entered. However, it’s recommended to fully test your setup before validating the use of Consent Mode for non-Google tags.





Implementing Consent Mode


There are various methods for deploying Default and Update Consent Calls and implementing Consent Mode, depending on your available resources.


Each approach comes with its own set of advantages and disadvantages, and the best choice largely depends on your specific tracking setup and preferences. However, we recommend the second approach for most scenarios. It offers a good balance of control over your Consent Mode implementation and provides flexibility to identify and resolve any potential issues.


1. Hardcode Default Consent call & Push Update Consent Call via CMP


Some CMPs are Google Partners and benefit from integration with Consent Mode. These CMPs, such as OneTrust or CookieBot can handle the Update Consent call tracking for you after having enabled Consent Mode in the CMP platform. 


2. Hardcode Default Consent Call & Push Update Consent Mode via GTM


If the CMP platform implementation doesn't meet expectations, Consent Mode can be implemented using GTM exclusively. The Update Consent Call can be pushed directly via GTM, which will allow you to keep control over the Update Consent call tracking. However, this approach will require you to set up some new variables, that will look into the CMP cookie, to capture the updated consent values and feed the Update Consent Call.


3. Handle Default & Update Consent Calls via GTM Templates


For added convenience, GTM also offers some templates for implementing Consent Mode. These templates will handle both the Default and Update Consent Calls, and eventually the CMP banner. However, it's important to thoroughly test these templates before publishing as they are not official templates for some:

  • OneTrust CMP (non-official)

  • Cookiebot CMP (non-official)

  • Axeptio CMP (official)

  • Axeptio Consent Mode V2 (official)


Debugging Consent Mode Implementation


When Consent Mode is activated, a crucial parameter known as gcs (Google Consent Mode) is appended to Google pings. Debugging a Consent Mode implementation involves a systematic approach to ensure accuracy and adherence to user consent preferences. Follow these steps for effective debugging:


1. Inspect GA4 Collect Requests for gcs Parameter


  • Utilize the browser network tab or preview mode to scrutinize GA4 collect requests

  • Verify the presence of the gcs parameter in the requests




2. Analyze gcs Parameter Variation with Consent Status


  • Examine GA4 collect requests to observe how the value of the gcs parameter changes based on consent status

  • Ensure that the gcs parameter aligns with the user's consent preferences

Consent scenario

Value

If no consent is given, the gcs parameter should take as value

G100

If only analytics consent is given, the gcs parameter should take as value

G101

If only advertising consent is given, the gcs parameter should take as value

G110

If both consent are given, the gcs parameter should take as value

G111

3. Validate Data Layer Values


  • Within the data layer, confirm the correctness of the "Default" and "Update" arguments

  • Verify that the values of default arguments consistently reflect "denied"

  • Check that the values of update arguments correspond appropriately to the consent status


Once these three steps are meticulously executed, it's important to note that the Consent Mode implementation cannot be considered validated yet. The gcs parameter exclusively captures information about ad_storage and analytics_storage. The introduction of Consent Mode V2 brings two new signals, ad_personalization and ad_user_data, which also require thorough quality assurance (QA) validation.


4. Verify gcd Parameter Inclusion


  • Inspect GA4 collect requests to confirm the presence of the gcd parameter

  • Note that the gcd parameter should be included in all collects, even when Consent Mode is not enabled


5. Evaluate gcd Parameter Relevance


  • Assess GA4 collect requests to ensure the meaningful inclusion of the gcd parameter

  • Confirm that the value of the gcd parameter aligns logically with the actions performed

  • Verify that the gcd parameter remains relevant and accurate in various scenarios

Letter

Description

l

Consent signal is not set with Consent Mode

m

Consent is denied after update (no default)

n

Consent is granted after update (no default)

p

Consent is denied by default (no update)

q

Consent is denied by default and after update

r

Consent is denied by default and granted after update

t

Consent is granted by default (no update)

u

Consent is granted by default and denied after update

v

Consent is granted by default and after update


Consent Mode Main Takeaways


In conclusion, Google's Consent Mode exemplifies the evolving landscape of user privacy and data tracking technology. By integrating with consent banners and exploiting the power of machine learning, it ensures user consent preferences are respected while providing marketers with crucial insights. Implementing Consent Mode is a detailed, multi-step process that requires precise execution to guarantee compliance and accuracy.


As privacy regulations become more stringent, businesses must adapt and embrace these innovations to maintain compliance and build user trust. We encourage you to evaluate your current tracking setup, consider the various implementation approaches, and thoroughly test your Consent Mode configuration. Embrace Consent Mode today to enhance your data tracking practices and uphold user privacy.


Need help with Google's Consent Mode and/or Analytics in general? Feel free to reach out !

Comments


bottom of page