Google Consent Mode v2: The Complete Guide

Google Consent Mode is a framework that allows your website to adjust the behavior of Google tags — Analytics, Ads, Floodlight, and others — based on the consent status of your visitors. It is Google's answer to a fundamental tension: how do you maintain measurement and advertising capabilities while respecting the user's right to refuse cookies?

Since March 2024, Google Consent Mode v2 has been mandatory for any website using Google advertising services that targets users in the European Economic Area (EEA). If you run Google Ads and target EU users, this is not optional.

What Is Google Consent Mode?

At its core, Google Consent Mode is an API that sits between your consent management platform (CMP) and your Google tags. When a user makes a consent choice — accept, reject, or customize — your CMP communicates that choice to Google's tags through the Consent Mode API. The tags then adjust their behavior accordingly.

Without Consent Mode, you have a binary choice: either fire all Google tags (and violate privacy law for users who did not consent) or block all Google tags for non-consenting users (and lose all measurement data for those users). Consent Mode introduces a middle ground.

The framework was first introduced in 2020 (v1) and significantly updated in late 2023 (v2), with a compliance deadline of March 6, 2024.

Version 1 vs Version 2

The jump from v1 to v2 introduced two new consent signals and made the entire framework mandatory for EEA advertising. Here is what changed:

Feature	Consent Mode v1	Consent Mode v2
Consent signals	ad_storage, analytics_storage	ad_storage, analytics_storage, ad_user_data, ad_personalization
EEA requirement	Recommended	Mandatory for EEA advertising (from March 2024)
Remarketing impact	Remarketing lists affected by consent	Remarketing audiences require explicit ad_personalization consent
Customer Match	Not explicitly addressed	Requires ad_user_data consent for uploading user data
Conversion modeling	Available with Advanced mode	Available with Advanced mode, improved algorithms

The Four Consent Types

Consent Mode v2 communicates user consent through four distinct signals. Each can be independently set to granted or denied:

ad_storage

Controls whether cookies related to advertising (such as Google Ads' _gcl_* cookies) can be stored on the user's device. When denied, no advertising cookies are set and ad click information is passed through URL parameters in a limited, cookieless fashion.

analytics_storage

Controls whether analytics cookies (such as Google Analytics' _ga and _gid cookies) can be stored. When denied, no analytics cookies are set. In Advanced mode, cookieless pings are still sent for conversion modeling.

ad_user_data

Controls whether user data can be sent to Google for advertising purposes. This is the new signal introduced in v2. It affects features like Customer Match (uploading customer lists to Google Ads) and Enhanced Conversions (sending hashed user data for attribution). When denied, Google will not use the user's data for advertising.

ad_personalization

Controls whether data can be used for ad personalization, including remarketing. When denied, the user will not be added to remarketing audiences and will not see personalized ads based on their activity on your site. This signal must be set to granted for remarketing lists and similar audience features to function.

Basic Mode vs Advanced Mode

This is the most important architectural decision when implementing Google Consent Mode. The two modes differ fundamentally in how they handle users who have not consented.

Basic Mode

In Basic mode, Google tags do not fire at all until the user grants consent. No data is sent to Google — not even anonymized or cookieless data. When consent is granted, tags fire normally. When consent is denied, tags are completely blocked.

How it works:

1. User arrives on your site. Default consent state is set to denied for all types.
2. The cookie banner appears. Google tags are blocked — no requests to Google servers.
3. If the user accepts: consent state is updated to granted, and Google tags fire with full functionality.
4. If the user rejects: consent state remains denied, and Google tags never fire. Google receives no data about this visitor.

Pros: Simplest implementation. Maximum privacy protection. No data leaves the browser without consent. Easiest to justify to data protection authorities.

Cons: You lose all measurement data for non-consenting users. In markets with low consent rates (Germany: ~40-50%), this can mean losing visibility on half or more of your traffic. No conversion modeling is available.

Advanced Mode

In Advanced mode, Google tags fire immediately on page load, but in a restricted, cookieless mode when consent has not been granted. No cookies are set. No user identifiers are stored. Instead, Google receives anonymous, cookieless "pings" — minimal signals that indicate a page was viewed or a conversion occurred, without any information that could identify the user.

How it works:

1. User arrives on your site. Default consent state is set to denied.
2. Google tags fire immediately, but in restricted mode: no cookies are written, no user identifiers are collected. Google receives a cookieless ping with basic information (page URL, timestamp, browser type).
3. If the user accepts: consent state is updated to granted, and Google tags switch to full functionality with cookies.
4. If the user rejects: consent state remains denied. Google tags continue sending cookieless pings but never set cookies or collect identifiable data.

Pros: Google can use the cookieless pings to model conversions for non-consenting users. Google estimates that Advanced mode recovers 50-70% of conversion data that would otherwise be lost. This is critical for optimizing Google Ads campaigns.

Cons: Data is sent to Google before consent. While the data is cookieless and anonymous, some data protection authorities may consider this problematic. The legal assessment varies by jurisdiction.

Which Should You Choose?

Consideration	Basic Mode	Advanced Mode
Data sent before consent	None	Cookieless pings (anonymous)
Conversion modeling	Not available	Available (recovers 50-70% of data)
Privacy stance	Maximum privacy	Privacy-respecting with utility trade-off
Google Ads optimization	Limited to consenting users only	Full optimization capability
Implementation complexity	Simple	Moderate
Regulatory risk	Lowest	Low but jurisdiction-dependent

For most businesses running Google Ads in the EU, Advanced mode provides the best balance of compliance and measurement capability. If you are in a highly regulated industry or operate in a jurisdiction with strict DPA interpretations (e.g., Austria, France), Basic mode may be the safer choice.

Implementation Steps

Implementing Google Consent Mode v2 requires coordination between your consent management platform and your Google tag configuration.

Step 1: Set Default Consent State

Before any Google tags fire, you must set a default consent state. For EEA users, all consent types should default to denied:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied',
  'analytics_storage': 'denied',
  'wait_for_update': 500
});

The wait_for_update parameter tells Google tags to wait up to 500 milliseconds for a consent update from your CMP before firing. This gives your banner time to load and check for existing consent.

Step 2: Update Consent on User Choice

When the user interacts with your cookie banner, your CMP must communicate the choice to Google tags:

// User accepts all
gtag('consent', 'update', {
  'ad_storage': 'granted',
  'ad_user_data': 'granted',
  'ad_personalization': 'granted',
  'analytics_storage': 'granted'
});

// User accepts only analytics
gtag('consent', 'update', {
  'ad_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied',
  'analytics_storage': 'granted'
});

Step 3: Configure Region-Specific Defaults

You can set different default consent states for different regions. For example, defaulting to denied in the EEA while defaulting to granted in jurisdictions without consent requirements:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied',
  'analytics_storage': 'denied',
  'region': ['BE', 'BG', 'CZ', 'DK', 'DE', 'EE', 'IE', 'EL', 'ES',
             'FR', 'HR', 'IT', 'CY', 'LV', 'LT', 'LU', 'HU', 'MT',
             'NL', 'AT', 'PL', 'PT', 'RO', 'SI', 'SK', 'FI', 'SE',
             'IS', 'LI', 'NO']
});

Step 4: Verify Implementation

Use these tools to verify your implementation is working correctly:

• Google Tag Assistant — shows consent state for each tag and whether tags are firing in restricted or full mode.
• Browser developer tools — inspect network requests to google-analytics.com and googleads.g.doubleclick.net. Look for the gcs parameter, which encodes consent state.
• GA4 DebugView — in Google Analytics 4, enable DebugView to see events in real time and verify that consent-dependent features behave correctly.

Impact on Google Ads, GA4, and Conversion Tracking

Google Ads

Without Consent Mode v2, Google Ads will not process conversion data from EEA users. This means your Smart Bidding strategies (Target CPA, Target ROAS, Maximize Conversions) will operate on incomplete data, degrading performance. With Consent Mode, Google can model conversions for non-consenting users, maintaining bidding optimization.

Google Analytics 4

GA4 natively supports Consent Mode. When analytics_storage is denied, GA4 does not set cookies but can still receive cookieless pings (in Advanced mode). These pings contribute to behavioral modeling, which GA4 uses to fill gaps in reporting caused by non-consenting users.

Enhanced Conversions

Enhanced Conversions — which send hashed first-party user data (email, phone, address) to Google for improved attribution — require ad_user_data consent under Consent Mode v2. Without this consent signal, Enhanced Conversions data will not be processed.

Working with CMPs

Most modern consent management platforms support Google Consent Mode v2 out of the box. The CMP handles the consent UI and communicates the user's choice to Google tags via the Consent Mode API.

When evaluating a CMP for Consent Mode compatibility, verify that it:

• Supports all four v2 consent types (ad_storage, analytics_storage, ad_user_data, ad_personalization)
• Sets default consent state before Google tags load
• Updates consent state in real time when the user makes a choice
• Persists consent across sessions
• Is listed in Google's CMP partner program (recommended but not required)

Passiro's consent management fully integrates with Google Consent Mode v2, supporting both Basic and Advanced modes. Consent signals are communicated to Google tags automatically — no custom code required. Learn more about Passiro's Google Consent Mode integration.

Frequently Asked Questions

Does Advanced mode set cookies without consent?

No. This is the most common misconception about Consent Mode. In Advanced mode, Google tags fire before consent, but they operate in a restricted, cookieless mode. No cookies are set on the user's device. No user identifiers are stored or read. The tags send anonymous, cookieless pings — minimal data signals that cannot identify the user. Cookies are only set if and when the user explicitly grants consent.

Is Advanced mode GDPR compliant?

This depends on interpretation. The cookieless pings do not contain personal data in the GDPR sense (no identifiers, no cookies, no device fingerprinting). However, some data protection authorities may consider the transmission of any data to Google's servers — even anonymized — as processing that requires a legal basis. Google's position is that the pings are anonymous and do not constitute personal data processing. Consult with your data protection officer or legal counsel for your specific situation.

What happens if I do not implement Consent Mode v2?

Since March 2024, Google requires Consent Mode v2 signals for EEA users. Without it, your Google Ads audience features (remarketing, similar audiences, Customer Match) will stop working for EEA traffic. Conversion measurement will be degraded. Your campaign optimization will suffer.

Can I use Consent Mode without a CMP?

Technically yes — you can implement the consent API calls manually in your own JavaScript. However, this means you are also responsible for the consent UI, persistence, and legal compliance of your custom solution. Using a purpose-built CMP is strongly recommended.