Consent Mode V2: Complete Guide to Google's Updated Framework
Learn what Consent Mode V2 is, how it works, and what your website needs to do. Covers implementation, tag behavior, and compliance.
Consent Mode V2 is Google's updated framework for handling user consent signals across Google tags, including Analytics, Ads, and Floodlight. If your website uses any Google advertising or measurement tools and serves visitors in the European Economic Area or the United Kingdom, understanding and implementing Google Consent Mode V2 is no longer optional.
This guide covers what Consent Mode V2 does, how it differs from the original version, the technical implementation details, and what it means for your compliance obligations. This is educational content and does not constitute legal advice. Consult a qualified attorney for guidance specific to your situation.
What Is Consent Mode V2?
Consent Mode V2 is a signaling framework that communicates a visitor's consent choices to Google tags running on your website. It tells Google services whether a user has agreed to cookies for analytics, advertising, user data collection, and ad personalization, allowing each tag to adjust its behavior accordingly.
Google originally launched Consent Mode in September 2020 with two consent parameters: ad_storage and analytics_storage. These controlled whether Google could set cookies for advertising and analytics purposes, respectively. When a user denied consent, the tags would either stop firing entirely or send limited, cookieless pings depending on the implementation mode.
Consent Mode V2, which Google began requiring in March 2024, expanded this framework with two additional parameters:
- ad_storage: Controls whether cookies for advertising (such as Google Ads remarketing) can be stored
- analytics_storage: Controls whether cookies for analytics (such as Google Analytics) can be stored
- ad_user_data: Controls whether user data can be sent to Google for advertising purposes
- ad_personalization: Controls whether data can be used for personalized advertising, including remarketing
These four parameters give Google a more granular picture of what each visitor has consented to, which is particularly relevant under the GDPR and the Digital Markets Act (DMA).
Why Google Consent Mode V2 Matters
Google introduced the updated consent mode version 2 in direct response to regulatory pressure in Europe. The Digital Markets Act, which took effect in March 2024, designates Google as a "gatekeeper" and imposes specific obligations around user consent for combining data across services.
Regulatory compliance
Under Article 5(2) of the DMA, gatekeepers must obtain end-user consent before combining personal data across their core platform services. For Google, this means combining data from Google Ads, YouTube, Search, and other properties. Consent Mode V2 provides the technical mechanism for Google to track whether that consent exists.
Advertising functionality
Without Consent Mode V2 implementation, websites targeting EEA and UK audiences lose access to critical Google Ads features:
- Remarketing lists stop growing for users who visit without the V2 signals
- Conversion measurement becomes unreliable or unavailable
- Audience segments degrade over time as existing cookies expire
- Smart Bidding strategies lose the data signals they rely on for optimization
Data modeling
Google uses the consent signals from GCM V2 to power its behavioral and conversion modeling. When Advanced Consent Mode is enabled, Google receives cookieless pings from users who deny consent. These pings contain no personal identifiers but provide enough aggregate signal for Google's machine learning models to estimate the conversions and behaviors that would have been measured if consent had been granted.
Basic vs. Advanced Consent Mode V2
Google Consent Mode V2 offers two implementation approaches, and the distinction between them has significant implications for both data quality and legal risk.
Basic Consent Mode
Basic Consent Mode takes a strict approach. When a user denies consent, all Google tags are completely blocked from firing. No data of any kind is sent to Google. Tags only activate after the user affirmatively grants consent through your cookie banner.
This approach provides the clearest legal footing because no information reaches Google without explicit consent. The trade-off is that you lose all measurement and modeling data for visitors who decline cookies.
Advanced Consent Mode
Advanced Consent Mode takes a different approach. Google tags load on every page, but their behavior changes based on the consent state. When consent is denied, tags send cookieless pings that include:
- Timestamp of the page view
- User agent (browser type)
- Referrer information
- Aggregated, non-identifying page information
These pings do not contain cookies, client IDs, or any data that identifies the individual user. Google uses them as inputs for its statistical modeling, estimating conversions and audience patterns from the anonymized aggregate data.
Which mode should you choose?
The choice depends on your interpretation of EU data protection law and your risk tolerance:
- Basic Mode is the safer choice if your legal counsel advises that sending any data to Google without consent is incompatible with the ePrivacy Directive or the GDPR
- Advanced Mode is appropriate if your legal team concludes that cookieless, non-identifying pings do not constitute processing of personal data requiring consent
- Several EU data protection authorities have not issued definitive guidance on whether Advanced Mode pings fall within the scope of Article 5(3) of the ePrivacy Directive
Many organizations in regulated industries or those with conservative compliance postures choose Basic Mode to eliminate ambiguity.
How to Implement Consent Mode V2
Implementation requires two components working together: a consent management platform that collects visitor choices, and a technical integration that communicates those choices to Google tags.
Step 1: Set default consent state
Before any Google tags fire, you must set the default consent state. For visitors in the EEA, all four parameters should default to "denied":
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'region': ['EEA', 'GB']
});The region parameter allows you to set different defaults for different regions. Visitors outside the specified regions will default to "granted" unless you set a global default.
Step 2: Connect your CMP
Your consent management platform must update the consent state when a visitor makes a choice. After the visitor interacts with the cookie banner, the CMP should call:
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});The values should reflect exactly what the visitor agreed to. If they accepted analytics but declined advertising, only analytics_storage should change to "granted."
Step 3: Verify with Google Tag Assistant
Google Tag Assistant (the browser extension and the Tag Assistant website) can verify that consent signals are being sent correctly. Check for:
- Default consent state fires before any tags
- Consent update fires after user interaction with the banner
- All four V2 parameters are present in the consent signals
- Tags respect the consent state (no cookies set when denied)
Step 4: Configure Google Ads and GA4
In your Google Ads account, verify that consent mode is detected. Google Ads shows a consent mode status in the tag diagnostics section. In Google Analytics 4, enable Consent Mode in the property settings to activate behavioral and conversion modeling for users who deny consent (if using Advanced Mode).
Consent Mode V2 and Your Cookie Policy
Implementing GCM V2 has direct implications for your cookie policy generator output and your website's cookie disclosures.
What your cookie policy should cover
Your cookie policy must accurately describe how Google tags behave on your site, including the consent mode implementation. Key disclosures include:
Cookie Policy Generator
Create a cookie policy for GDPR compliance. Create yours in minutes with TermsBox.
Generate Now- Which Google services are active: List Google Analytics, Google Ads, and any other Google tags by name
- How consent affects tag behavior: Explain whether you use Basic or Advanced Mode and what happens when consent is denied
- Cookieless pings (if using Advanced Mode): Disclose that non-identifying data may be sent to Google even when cookie consent is denied, and explain what that data includes
- Data recipients: Google LLC and any other third parties that receive data through these tags
- Retention periods: How long Google retains the data collected through each service
GDPR requirements for cookie disclosures
Article 13 of the GDPR requires transparent information about data processing. Recital 58 emphasizes that this information should be concise, easily accessible, and in clear, plain language. A cookie policy that simply lists "Google Analytics" without explaining its consent mode behavior is incomplete.
The ePrivacy Directive, specifically Article 5(3), requires clear and comprehensive information about the purposes of cookie storage. If you use Advanced Consent Mode, the cookieless pings must be disclosed even though they do not involve cookies, because transparency obligations extend to all forms of information collection.
Common Consent Mode V2 Implementation Mistakes
Several technical and compliance errors recur across websites implementing Google Consent Mode V2. Avoiding these issues will save you from both regulatory risk and data quality problems.
Firing tags before setting default consent
If Google tags execute before the gtag('consent', 'default', ...) call, they will operate as if consent is granted. This means cookies are set before the visitor sees the consent banner, which violates Article 5(3) of the ePrivacy Directive and GDPR consent requirements.
The consent default must be the first thing in your tag configuration, before the Google tag snippet loads.
Missing the new V2 parameters
Some implementations only set ad_storage and analytics_storage, omitting ad_user_data and ad_personalization. This is effectively a V1 implementation and does not satisfy Google's requirements. Google Ads will flag this in tag diagnostics, and you will lose access to audience features for EEA traffic.
Treating Consent Mode as a replacement for a CMP
Consent Mode V2 is not a consent banner. It does not collect consent. It is a technical bridge between your CMP and Google tags. You still need a compliant cookie consent banner that meets GDPR requirements: prior consent, granular choices, easy withdrawal, and no pre-ticked boxes. A compliance scanner like TermsBox can verify that your consent implementation meets these requirements.
Incorrect region targeting
Setting all four parameters to "denied" globally (without a region parameter) means visitors in countries without consent requirements, such as the United States, will also have tags blocked by default. This unnecessarily reduces your data coverage. Use the region parameter to apply strict defaults only where required.
Not persisting consent across pages
The consent state must persist as the visitor navigates your site. If it resets on each page load, Google tags will revert to the default (denied) state on every navigation, even for visitors who already granted consent. Your CMP must store the consent choice (typically in a first-party cookie) and re-apply it on each page.
How Google Uses Consent Mode V2 Data
Understanding how Google processes the consent signals helps you make informed decisions about your implementation and explain it accurately in your privacy documentation.
When consent is granted
When all four parameters are set to "granted," Google tags operate normally. Cookies are set, user IDs are generated, and full measurement data flows to Google Analytics and Google Ads. This is identical to how tags operated before Consent Mode existed.
When consent is denied (Basic Mode)
No data reaches Google. Tags do not fire. No cookies are set. Google has zero signal from that visitor.
When consent is denied (Advanced Mode)
Tags send cookieless pings to Google. These pings do not contain:
- Client IDs or user IDs
- Cookies of any kind
- Data that identifies the individual visitor
Google aggregates these pings across all visitors and applies machine learning models to estimate:
- How many conversions likely occurred among non-consenting visitors
- What audience segments non-consenting visitors likely belong to
- How campaigns are performing across the full visitor population, not just the consenting portion
Google reports these modeled figures alongside observed data in Google Ads and GA4 reports, clearly labeled as modeled conversions.
Consent Mode V2 Compliance Checklist
Use this checklist to verify your implementation meets both Google's technical requirements and EU data protection law.
Technical requirements
- Default consent state fires before any Google tag snippet
- All four parameters (
ad_storage,analytics_storage,ad_user_data,ad_personalization) are present - Default state is "denied" for EEA and UK visitors
- Consent update fires immediately after user interacts with the CMP
- Consent state persists across page navigations
- Google Tag Assistant confirms correct signal transmission
- Google Ads tag diagnostics shows Consent Mode V2 detected
Legal and compliance requirements
- Cookie consent banner meets GDPR standards (prior, specific, informed, freely given, unambiguous)
- Cookie banner offers granular category choices (analytics, advertising, personalization)
- Refuse button is equally prominent as the accept button
- Cookie policy discloses consent mode behavior, including Advanced Mode pings if applicable
- Privacy policy lists Google as a data recipient with specific purposes
- Consent withdrawal is as easy as giving consent (Article 7(3) GDPR)
- No cookies are set before consent is granted (verified in browser DevTools)
A cookie policy generator can help you create disclosures that cover these requirements systematically, and TermsBox's compliance scanner can verify that your banner and tag configuration are working correctly in practice.
Frequently Asked Questions
What is the difference between Consent Mode V1 and Consent Mode V2?
Consent Mode V1 supported two consent signals: ad_storage and analytics_storage. Consent Mode V2 adds two new parameters, ad_user_data and ad_personalization, which give Google more granular information about what the user has agreed to. V2 also introduced Advanced Consent Mode, which sends cookieless pings even when consent is denied, allowing Google to model conversion data without identifying individual users.
Is Consent Mode V2 required for Google Ads in the EEA?
Yes. Since March 2024, Google requires websites serving users in the European Economic Area or the United Kingdom to implement Consent Mode V2 in order to use audience features, remarketing, and conversion measurement in Google Ads. Without it, Google cannot process user data from those regions for advertising purposes, and your remarketing audiences will stop growing.
Does Consent Mode V2 replace the need for a cookie consent banner?
No. Consent Mode V2 is not a consent mechanism itself. It is a signaling framework that communicates a user's consent choices to Google tags. You still need a compliant consent management platform (CMP) that collects consent according to GDPR or ePrivacy Directive requirements. Consent Mode V2 simply translates those choices into signals that Google tags can read and act on.
What is the difference between Basic and Advanced Consent Mode?
Basic Consent Mode blocks all Google tags from firing until the user grants consent. No data is sent to Google when consent is denied. Advanced Consent Mode allows Google tags to send cookieless pings even when consent is denied. These pings contain no personal identifiers but let Google use statistical modeling to estimate conversions and audience behavior. The choice between the two depends on your organization's risk tolerance and interpretation of EU data protection law.