Since March 2024, Google requires Consent Mode V2 for any website running Google Ads or Analytics in the European Economic Area. Without it, your remarketing audiences shrink, conversion data becomes unreliable, and your ad campaigns lose effectiveness. Here's how to set it up correctly.
What Is Google Consent Mode V2?
Consent Mode is a Google API that adjusts how Google tags (Analytics, Ads, Floodlight) behave based on user consent. When a user declines cookies, instead of losing all data, Consent Mode sends "consent pings" — cookieless signals that Google uses for conversion modeling.
V2 introduces two new required parameters:
- ad_user_data: Controls whether user data can be sent to Google for advertising
- ad_personalization: Controls whether personalized advertising is allowed
Combined with the existing V1 parameters:
- analytics_storage: Controls Google Analytics cookies
- ad_storage: Controls Google Ads cookies
Why It Matters
| Without Consent Mode | With Consent Mode V2 |
|---|---|
| No data from users who decline cookies | Modeled conversions from cookieless pings |
| Remarketing audiences shrink 30-70% | Audience recovery through modeling |
| Conversion data gaps in EU markets | Up to 70% conversion recovery via modeling |
| Risk of losing Google Ads features | Full access to all Google Ads features |
Implementation Methods
Method 1: Google Tag Manager (Recommended)
- Enable Consent Overview: In GTM, go to Admin → Container Settings → enable "Enable consent overview"
- Set default consent state: Add a Consent Initialization tag that sets all four parameters to "denied" by default for EEA visitors
- Connect your CMP: Your Consent Management Platform should fire an update command when the user grants consent
- Verify with Tag Assistant: Check that consent states change correctly when users accept or reject
Method 2: Manual Implementation (gtag.js)
<!-- Set defaults BEFORE loading gtag.js -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Default: deny everything for EEA
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500 // ms to wait for CMP
});
</script>
<!-- Load gtag.js AFTER consent defaults -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA-XXXXX"></script>
<!-- When user consents, update: -->
<script>
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
</script>CMP Integration
Your consent banner must communicate with Consent Mode. Most major CMPs support this natively:
| CMP | V2 Support | Setup |
|---|---|---|
| Cookiebot | Native | Automatic when GTM template is used |
| OneTrust | Native | Enable in cookie compliance settings |
| Iubenda | Native | Automatic with TC string support |
| Didomi | Native | Built-in Google Consent Mode integration |
| Osano | Native | Enable in platform settings |
Testing and Verification
- Google Tag Assistant: Check consent state changes in real-time
- Chrome DevTools: Monitor Network tab for consent parameters in Google requests
- Google Analytics Debug View: Verify events arrive with correct consent status
- PrivacyChecker: Scan your site to verify Google tags respect consent state
Common Mistakes
- Loading gtag.js before setting defaults: The consent default must execute BEFORE the Google tag loads
- Missing ad_user_data or ad_personalization: V2 requires all four parameters — missing two means V1 only
- Not setting wait_for_update: Without it, tags may fire before the CMP loads
- Granting by default for EU users: Violates GDPR — default must be "denied" in EEA
- Not testing reject flow: Verify that declining cookies actually sets parameters to "denied"
Run a PrivacyChecker scan to verify your Consent Mode V2 implementation and ensure Google tags behave correctly with and without consent.