Data Privacy

2 Min

Google Consent Mode v2 - what do you need to know?

DataGuard Privacy Experts
DataGuard Privacy Experts

Google Consent Mode v2 became mandatory from March 6, 2024.

We've looked to see if you can use Google Consent Mode v2 in compliance with data privacy regulations. Here's what we discovered.

In this blog post, we'll cover:

 

What is Google Consent v2?

Google Consent Mode v2 was a significant update that aims to boost user privacy and data compliance. It's an interface that tells Google what consent the website user has given for using cookies. It only takes effect if your website users refuse cookies. If they consent, Google uses its cookies for tracking as usual.

This updated version introduces new features that allow for more granular control over user consent, mainly concerning personal advertising and analytics trackers.

 

What are the key updates in Google Consent v2?

Key features of Google Consent Mode v2 include the introduction of two additional parameters to the consent mode API: ad_user_data and ad_personalisation. These parameters allow websites to more accurately manage and reflect user consent preferences, particularly about advertising data and personalised ads, alongside the existing analytics_storage and ad_storage parameters.

 

Can you use Google Consent Mode v2 compliantly?

The default setting is always important when using tools such as Google Consent Mode. To comply with the principles of the GDPR, such as privacy by default, the default settings of the tags - "analytics_storage" and "ad_storage" - should have the value "Denied" by default.

You should also block the Google tags until the user gives their consent. According to Google, this is possible in "consent mode with basic implementation."

Consent Mode v2 is available in two variants: Basic and Advanced. Website operators can now choose between these two options. In the Basic mode of Google Consent Mode v2, no data is collected, and no cookie-free pings are sent if consent is not given.

This significantly limits data collection if users refuse their consent. But what about the advanced version? This allows so-called "pings" to be sent to Google even if the user does not consent. These pings contain data such as:

  • Timestamp
  • Referrer user agent
  • Signals about ad-click information in the URL (e.g. GCLID)
  • Information on the consent status
  • Information on the CMP
  • And random numbers generated during page load

This will enable websites to recover certain amounts of data for Google Ads and Google Analytics 4, even without the data subject's consent.

In our opinion, using the advanced version would not be compliant with data protection regulations, as from our perspective, this ping data can represent personal data being processed without consent. We’ll continue to monitor how the supervisory authorities and courts will assess the use of Google Consent Mode v2.

What do DPOs and IT leaders need to know, and what actions can I take?

So, what does this mean for you and your organisation? Here are some steps you can take as you consider the impact of the Google Consent Mode v2 settings.

  • Assess Google Analytics and Google Consent Mode v2: Which mode is right for you? The basic version might be sufficient for your needs.
  • Check alternatives: Consider European or local providers that can provide similar insights and goals to reduce your reliance on Google Analytics.
  • Server-side tracking: Consider implementing tracking on your server side. This way, the data isn’t sent to Google 1:1, but is first forwarded to your own tracking server. You can make adjustments (like anonymising - or completely removing - the IP address) before the request is forwarded to Google to minimise risk.
  • Update your privacy policy: If you need to use Googe Consent Mode v2, you’ll need to update your privacy policy. This will make sure you keep your website users informed, and that you’re fulfilling your transparency obligations.

 

What do marketing teams need to know about Google Consent v2?

There are some providers that already support Google Consent Mode v2. Your website owners should check their traffic and consider implementing a consent management platform (CMP) that does. This will help make sure you stay compliant with data regulations and minimise the negative impact on your marketing campaigns.

It's also important to note that consent mode does not replace a regular cookie banner but must link to it. Obtaining user consent will remain the responsibility of the website operator.

 

 

Need help updating your privacy policy?

Explore how DataGuard can help you stay compliant, or reach out to us for a free consultation. We've helped many companies like yours to keep their customers informed and privacy policies up to date.

 
Originally published updated
Tags Data Privacy

About the author

DataGuard Privacy Experts DataGuard Privacy Experts
DataGuard Privacy Experts

Dive into the world of data protection, compliance, ethics, and data security with hands-on advice and actionable opinions from our certified Data Protection Officers and Privacy Consultants from Germany, the UK, and Austria. Coming from a wide range of backgrounds like business, legal, tech, or marketing, our specialists share the latest news and solutions to current challenges, as well as their takes on recent judgements and legal decisions with you. Their aim? Enable you to make the right decisions and keep your business safe, build trust, and grow revenue while remaining compliant with current privacy laws. What makes our specialists qualified? These are some of the certifications of our privacy experts: Certified Information Privacy Professional/Europe (IAPP), Certified Information Privacy Manager (IAPP) Information Security, Certified Information Privacy Technologist (IAPP), Certified Practitioner in Data Protection (BCS), Certified Data Protection Officer (TÜV), Fellow of Information Privacy (IAPP), Certified EU General Data Protection Regulation Practitioner (IBITGQ), Data Protection Officer & Europrivacy Auditor, Practitionier Certificate in Data Protection, PC.dp. (GDPR)

Explore more articles

Don’t miss these topics:

Related Articles

Why resilience requirements are key to long-term business success
Information security

6 Min

Why resilience requirements are key to long-term business success

Discover how resilience strategies, from risk assessment to adaptability training, help businesses reduce financial losses, protect reputation, and retain customers.

Read more
The key components of a compliance risk assessment matrix
Risk management

4 Min

The key components of a compliance risk assessment matrix

Learn why a compliance risk assessment matrix is crucial, its key components, and how it strengthens risk management to protect your organisation.

Read more
From identification to mitigation: Understanding risk assessment methodology
Risk management

6 Min

From identification to mitigation: Understanding risk assessment methodology

Explore the steps and methodologies of risk assessment to manage vulnerabilities, reduce risks, and implement effective mitigation strategies for your business.

Read more
What is policy lifecycle management and why is it important?
Information security

6 Min

What is policy lifecycle management and why is it important?

Effective policy lifecycle management ensures compliance, improves communication, and streamlines updates for continuous improvement and risk reduction.

Read more
How to perform a privacy impact assessment: a step-by-step guide
GDPR

6 Min

How to perform a privacy impact assessment: a step-by-step guide

Learn the essentials of conducting a privacy impact assessment to identify and mitigate data risks, comply with GDPR, and enhance trust and security.

Read more
The benefits of using a risk management framework for risk mitigation
Risk management

5 Min

The benefits of using a risk management framework for risk mitigation

Discover how a risk management framework identifies, prioritises, and mitigates risks to support compliance, resilience, and informed decisions.

Read more

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Transparent consent collection
  • Comply with GDPR, CCPA, LGPD, ePrivacy, and more
  • Consolidate consents across multiple touchpoints
  • Support from privacy experts
  • Integrates with your marketing tools and CRM

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Let's talk