Google Consent Mode v2, that is consent mode in its second version, is a mechanism that makes Google tools depend on the user consent to process data. If you run a company website and use Google Analytics 4 or Google Ads, this topic concerns you directly. It is not just a technical detail for agencies, but a point where marketing and GDPR compliance meet, and where it is easy to make a costly mistake.

For years the standard was to collect data about users regardless of whether they had agreed to it. GDPR and case law, including positions taken by authorities such as the data protection authority, forced a change. Consent to cookies and tracking must be informed, freely given and expressed before processing starts, not assumed. A banner with a single accept button and a hidden refusal is not enough.

Google responded with a mechanism that adjusts its own scripts to the user decision. The second version, marked as v2, added two new signals related to advertising and is now a condition for using the full functionality of Google advertising and measurement tools on the European market.

Consent mode is based on four signals that your website passes to Google scripts:

  • analytics_storage, that is consent to measuring traffic and behaviour in Analytics.
  • ad_storage, that is consent to storing data for advertising purposes.
  • ad_user_data, that is consent to sending user data for advertising purposes.
  • ad_personalization, that is consent to personalising ads and remarketing.

The last two signals are new in version v2. Depending on the user decision, each signal takes the value granted or denied. The key point is that Google scripts load before consent appears, but behave differently depending on its state.

Basic and advanced mode

Google offers two implementation variants:

  • Basic mode. Measurement scripts run only after consent is given. When consent is refused, you collect practically no data.
  • Advanced mode. Scripts load straight away, and when there is no consent they send only anonymised signals without identifiers and cookies. Google uses them for statistical modelling to partly reconstruct the picture of traffic.

In practice we see companies reflexively choose advanced mode because it gives more data. That is sound from a marketing perspective, but it requires exceptional legal care. Even cookieless data can be subject to assessment under GDPR, which is why the choice of mode should be a conscious decision based on analysis, not a default taken from a tutorial.

What it means for your company website

There are two main consequences. First, the consent banner and the Consent Mode mechanism have to genuinely work together. A pretty banner means nothing if the user decision does not translate into granted and denied signals sent to Google. Second, you collect less data than you used to, because some users will refuse. That is natural and lawful, and attempts to get around it usually end with more risk than benefit.

A correct implementation usually requires putting a few things in order:

  • A consent management platform (CMP) that handles the banner and stores decisions.
  • Configuration of Google Tag or Google Tag Manager so that tags respect the consent state.
  • A default consent state set to denied before the user decides.
  • A consent register that lets you show who consented to what.

The technical and legal elements have to go hand in hand here. An experienced team maintaining the website will take care of the correct integration of the CMP with the tags, which is why it is worth basing it on ongoing website and app maintenance rather than deploying the script once and forgetting about it.

Common mistakes we see

  • The consent banner works visually, but the signals to Google are always granted, regardless of what was clicked.
  • The default consent state is set to granted, so data flows to Google before the user decides.
  • No reject all button on the same level as accept.
  • No consent register, so in the event of an inspection there is no way to demonstrate a lawful basis for processing.
  • Treating Consent Mode as a replacement for a privacy policy, which you need anyway.

Compliance is not just technology

Consent Mode v2 is a tool that helps meet GDPR requirements, but it does not replace them. You still need a lawful basis for processing, clear information for the user and a lawful way of collecting consent. Assessing whether your configuration is compliant is a task at the intersection of law and technology. A good starting point is a GDPR audit, which will check whether the banner, the consent signals and the documentation form a coherent whole rather than three independent things.

Summary

Consent Mode v2 has become a standard without which Google tools work in a reduced scope, and at the same time it is a real mechanism that supports GDPR compliance. Companies that implement it correctly gain two things at once: reliable data within the limits of the law, and peace of mind during any inspection. Those that do it sloppily risk both understated analytics and an accusation of unlawful processing.

If you are not sure whether your website collects consent correctly, start by diagnosing the current state. We will gladly review the configuration and show what to fix so that marketing and compliance finally play towards the same goal.