What is Google Consent Mode?
Google Consent Mode is a feature introduced by Google to help website owners comply with data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union. It provides a solution for obtaining and managing user consent for various Google services and tags, including Google Analytics.
With Google Consent Mode, website owners can configure their websites to display personalized content and ads to users based on their consent preferences. It allows website owners to adjust the behavior of Google tags based on the user’s consent status. This means that if a user has not provided consent for certain services, those services will not be activated, thereby ensuring compliance with data protection regulations.
One of the key features of Google Consent Mode is the “two-state” solution, which provides two distinct states for tags based on user consent:
- Consent Required: This state is used for tags that require explicit user consent before they can be activated. For example, if a user has not provided consent for personalized ads, the tags associated with personalized ads will remain inactive.
- Non-Consent: This state is used for tags that can be activated without explicit user consent. However, these tags have limitations on the data they can collect and use. For example, if a user has not provided consent for analytics tracking, the tags associated with analytics will still be activated but will collect only limited data.
By implementing Google Consent Mode, website owners can customize their websites’ behavior based on the user’s consent preferences while ensuring compliance with data protection regulations.
How does it work?
In order to adjust how Google’s services operate based on the consent status Google Consent Mode introduces parameters (named as consent types). These parameters enable the configuration of Google’s tags to respect user consent for cookies and data collection, especially concerning analytics and advertising services. The primary parameters involved in Google Consent Mode include:
- ad_storage
- analytics_storage
- functionality_storage
- personalization_storage
- security_storage
As of March 2024, Google is updating from Google Consent Mode to Google Consent Mode v2 which includes two additional parameters:
- ad_user_data
- ad_personalization
Cookie Compliance has fully automated integration with both Google Consent Mode and Google Consent Mode v2.
Implementing Google Consent Mode
You can easily implement the Google Consent Mode no matter how you integrated Google Tag Manager.
Step 1: Place the Google Tag Manager Code in the site header, just below Cookie Compliance script:
If you use GTM the code would look like this:
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXXX');</script>
<!-- End Google Tag Manager -->
If you use direct implementation of Google Analytics or gtag.js it would look like this:
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXXX-X"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-XXXXXXXX-X');
</script>
Step 2: Enable the Google Consent Mode in the Cookie Compliance dashboard (Configuration -> Consent).
Once Google Consent Mode is enabled, Cookie Compliance will automatically take care of adding the relevant parameters (consent types) to your site. However, you can use the ability to adjust how Google’s consent types are associated with Cookie Compliance purpose categories.
The logic behind this functionality is simple: When a visitor sets consent on your website, external services associated with the enabled categories are triggered. Similarly, in the context of Google Consent Mode, enabled categories set the status of associated consent types to ‘granted’ and disabled categories set the status to ‘denied’.
Which services are associated with which consent types and when they are trigger is then handled directly on Google’s side and in Google Tag Manager.
Google Consent Mode & Cookie Compliance
Cookie Compliance has a unique, fully automated integration with Google Consent Mode, which requires no coding, JavaScript templates or other complex user actions. Still, it allows you to control how the integration is implemented and how it works.
Basically, if Google Consent option is enabled, there are two basic modes of operation:
– with Autoblocking enabled (recommended for many reasons, as it affects more than just Google services)
– with Autoblocking disabled.
Autoblocking enabled
In this mode, which is recommended due to the GDPR and many other privacy regulations, all third-party services are blocked until consent is given. But if the Google Consent option in the Cookie Compliance configuration is enabled the above mentioned Google code is never blocked. It does not affect visitors privacy however, because no data is transferred except for consent information. Instead, Google services are automatically informed that all consent purposes that Google has defined have been declared by the site visitor as: denied.
'ad_storage': 'denied', 'analytics_storage': 'denied', 'functionality_storage': 'denied', 'personalization_storage': 'denied', 'security_storage': 'denied', 'ad_user_data': 'denied', 'ad_personalization': 'denied',
When the user’s consent is set, regardless of the level of consent, the parameters for the consent purposes are updated and sent to Google using the methods they provide. Consequently, the same process takes place as for other third-party services handled by Autoblocking – if the visitor has consented to a certain level of data access (and therefore to certain purposes), the services corresponding to that level (and purposes) will be activated.
Autoblocking disabled
In this mode, in which prior blocking of third-party services is not active, Google code is not blocked either (understandably), but there is one important difference – all categories of consent purposes defined by Google are automatically set to: granted.
'ad_storage': 'granted', 'analytics_storage': 'granted', 'functionality_storage': 'granted', 'personalization_storage': 'granted', 'security_storage': 'granted', 'ad_user_data': 'granted', 'ad_personalization': 'granted',
As a result, all services handled by Google are automatically activated. However, upon the visitor’s consent this could change and depending on the level of data access enabled (purposes), some of them may be deactivated and blocked from running on each page visited within your website.