Gretelfy
Back to Blog
Technical Guides

Google Consent Mode v2: What It Means for Your Website in 2026

Gretelfy TeamFebruary 3, 202612 min read
GoogleConsent ModeGA4Google Adscompliance

If you run Google Analytics or Google Ads, Google Consent Mode v2 isn't optional anymore—it's essential. But what exactly is it, how does it work, and what do you need to do?

This guide breaks down everything you need to know about Google Consent Mode v2 in 2026.

Google Consent Mode is a framework that lets you communicate user consent choices to Google tags (Analytics, Ads, etc.). Instead of completely blocking Google services when users decline consent, Consent Mode allows Google to receive signals about consent state and adjust its behavior accordingly.

The Key Difference from Blocking

Traditional approach:

  • User declines consent → Google scripts don't load → Zero data

Consent Mode approach:

  • User declines consent → Google scripts load but operate in restricted mode → Cookieless pings, modeled data

This allows Google to provide "conversion modeling" and "behavioral modeling" that fills in data gaps while respecting user choices.

What's New in Version 2?

Google Consent Mode v2 introduced two new required consent signals:

New Signals

Signal Purpose Required?
ad_storage Cookies for advertising (existing) Yes
analytics_storage Cookies for analytics (existing) Yes
ad_user_data Sending user data to Google for ads (NEW) Yes
ad_personalization Personalized advertising (NEW) Yes

Why the New Signals Matter

The Digital Markets Act (DMA) in Europe requires explicit consent for sharing user data with "gatekeepers" like Google. The new signals specifically address:

  • ad_user_data: Whether you can send user identifiers to Google for ad measurement
  • ad_personalization: Whether data can be used for remarketing/personalized ads

Without these signals properly configured, your Google Ads campaigns targeting EU users may have limited functionality or be non-compliant.

When your page loads, you declare a default consent state before any Google tags fire:

gtag('consent', 'default', {
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  analytics_storage: 'denied',
  wait_for_update: 500, // Wait up to 500ms for CMP
})

This tells Google: "Assume no consent until we say otherwise."

When your CMP collects user consent, you update the consent state:

// User accepts marketing cookies
gtag('consent', 'update', {
  ad_storage: 'granted',
  ad_user_data: 'granted',
  ad_personalization: 'granted',
})
 
// User accepts analytics only
gtag('consent', 'update', {
  analytics_storage: 'granted',
})

What Happens Under the Hood

When consent is DENIED:

  • No cookies are written
  • No advertising identifiers are stored
  • Google receives "cookieless pings" with limited data
  • Google uses machine learning to model the missing data

When consent is GRANTED:

  • Full cookie functionality
  • Complete tracking data
  • Standard measurement capabilities

Step 1: Understand Your Current Setup

Before implementing, answer these questions:

  • Do you use Google Tag Manager or hardcoded gtag.js?
  • Which CMP do you use (Cookiebot, OneTrust, etc.)?
  • Do you have EU/EEA traffic that requires DMA compliance?

Step 2: Implementation Options

Option A: CMP Integration (Easiest)

Most major CMPs now support Consent Mode v2 natively:

CMP Consent Mode v2 Support
Cookiebot Built-in, automatic
OneTrust Built-in with configuration
CookieYes Built-in, automatic
Didomi Built-in with configuration
Usercentrics Built-in, automatic

Check your CMP's documentation for activation steps.

Option B: Google Tag Manager

Using GTM's built-in consent mode:

  1. Go to Admin > Container Settings
  2. Enable "Enable consent overview"
  3. Configure each tag's consent requirements
  4. Set up consent initialization (via your CMP's GTM template)

Option C: Manual Implementation

For custom setups or headless sites:

<script>
  // Load BEFORE Google tags
  window.dataLayer = window.dataLayer || []
  function gtag() {
    dataLayer.push(arguments)
  }
 
  // Set default consent state
  gtag('consent', 'default', {
    ad_storage: 'denied',
    ad_user_data: 'denied',
    ad_personalization: 'denied',
    analytics_storage: 'denied',
    wait_for_update: 500,
  })
</script>
 
<!-- Then load gtag.js or GTM -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>

Then, in your consent acceptance handler:

function handleConsent(analyticsAccepted, marketingAccepted) {
  if (analyticsAccepted) {
    gtag('consent', 'update', {
      analytics_storage: 'granted',
    })
  }
 
  if (marketingAccepted) {
    gtag('consent', 'update', {
      ad_storage: 'granted',
      ad_user_data: 'granted',
      ad_personalization: 'granted',
    })
  }
}

Step 3: Region-Specific Configuration

You can set different defaults for different regions:

gtag('consent', 'default', {
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  analytics_storage: 'denied',
  region: ['EU', 'EEA'], // Only applies to EU/EEA
})
 
gtag('consent', 'default', {
  ad_storage: 'granted',
  ad_user_data: 'granted',
  ad_personalization: 'granted',
  analytics_storage: 'granted',
  region: ['US'], // Different defaults for US
})

Caution: While this is technically possible, be careful about assuming consent is acceptable anywhere. Many non-EU regions have their own privacy laws.

Step 4: Verify Implementation

After implementation, verify it's working:

Check 1: Browser DevTools

  1. Open DevTools → Console
  2. Type: dataLayer and look for consent commands
  3. Verify default state shows 'denied'
  4. Accept consent and verify update shows 'granted'

Check 2: Google Tag Assistant

  1. Install Google Tag Assistant extension
  2. Visit your site and check consent state
  3. Verify tags are respecting consent

Check 3: Gretelfy Scan A compliance scan verifies that Google tags respect consent:

Scan your site →

Check that _ga, _gid, and _gcl_* cookies don't appear before consent.

Impact on Your Analytics

When users decline consent:

  • No user-level tracking
  • No cross-session data
  • No remarketing audience building
  • No conversion tracking (traditional)

Google's modeling fills some gaps:

  • Conversion modeling: Estimates conversions from unconsented users
  • Behavioral modeling: Fills in analytics gaps
  • Enhanced conversions: First-party data for better attribution

Data Quality Expectations

Consent Rate Data Coverage Modeling Accuracy
80%+ Excellent High confidence
50-80% Good Moderate confidence
20-50% Limited Lower confidence
<20% Minimal Highly modeled

If most of your users decline consent, your analytics will be heavily modeled. This is the trade-off for respecting user choices.

Common Implementation Mistakes

// WRONG: Update before default
gtag('consent', 'update', {...});  // This does nothing useful
gtag('consent', 'default', {...});
 
// CORRECT: Default first, then update
gtag('consent', 'default', {...});
// Later...
gtag('consent', 'update', {...});

Mistake 2: Missing the New v2 Signals

// WRONG: Only old signals
gtag('consent', 'default', {
  ad_storage: 'denied',
  analytics_storage: 'denied',
  // Missing ad_user_data and ad_personalization!
})
 
// CORRECT: All v2 signals
gtag('consent', 'default', {
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  analytics_storage: 'denied',
})

Mistake 3: Not Waiting for CMP

// WRONG: No wait time
gtag('consent', 'default', {
  ad_storage: 'denied',
  analytics_storage: 'denied',
  // CMP might not have loaded yet!
})
 
// CORRECT: Wait for update
gtag('consent', 'default', {
  ad_storage: 'denied',
  analytics_storage: 'denied',
  wait_for_update: 500, // Wait up to 500ms for CMP
})

Consent Mode tells Google about consent state, but it doesn't prevent cookies on its own. You still need your CMP to block Google scripts until consent OR use Consent Mode's restricted mode correctly.

Both pieces are needed:

  • CMP for the consent interface and blocking
  • Consent Mode for telling Google the consent state

Short answer: Yes, ideally.

Consent Mode alone:

  • Google respects consent state
  • Other vendors still track
  • May not satisfy all GDPR requirements

Cookie blocking alone:

  • Complete blocking when consent denied
  • No data at all from unconsented users
  • No conversion modeling benefits

Both together (recommended):

  • CMP blocks all scripts until consent
  • When consent given, scripts load with Consent Mode signals
  • Non-consented users get cookieless pings
  • Maximum data recovery while respecting choices

Testing Your Implementation

  1. Clear all cookies
  2. Visit your site
  3. Don't interact with consent banner
  4. Check for _ga, _gid, _gcl_* cookies
  5. They should NOT be present
  1. Clear all cookies
  2. Accept only analytics cookies
  3. Check for cookies:
    • _ga, _gid: Should be present
    • _gcl_au, _gcl_aw: Should NOT be present
  1. Clear all cookies
  2. Accept all cookies
  3. Check for cookies:
    • All Google cookies should be present
  4. Verify conversion tracking works
  1. Start with full consent
  2. Modify preferences to reject all
  3. Cookies should be cleared (depends on CMP)
  4. New tracking should not occur

FAQ

No. Consent Mode is one piece of the puzzle. You still need a valid consent mechanism (CMP), proper cookie categorization, and respect for user choices across all vendors (not just Google).

What about non-Google tracking?

Consent Mode only affects Google services. Facebook Pixel, LinkedIn, TikTok, and other vendors need their own consent handling.

Is the modeled data accurate?

It's an estimate. Google uses machine learning to model behavior from unconsented users based on patterns from consented users. Accuracy decreases as consent rates drop.

Technically, no. But state privacy laws (California, Virginia, etc.) have consent requirements, and it's becoming best practice globally.

What if I don't implement v2?

Google may limit your ability to run personalized ads to EU users, and your measurement may be less accurate. As a gatekeeper under the DMA, Google is required to verify consent for EU user data.

Next Steps

  1. Check your current setup: Verify if Consent Mode is implemented
  2. Verify v2 signals: Ensure all four signals are configured
  3. Test consent scenarios: Verify proper behavior for each state
  4. Scan for pre-consent violations: Ensure Google respects consent state

Verify your implementation →

Get your Gretel Score and see if Google cookies appear before consent. A compliant setup means no Google cookies until users consent.

The Crumb Trail is Gretelfy's blog about cookie compliance, privacy regulations, and building trust with your website visitors. Subscribe for weekly insights.

See how your website measures up

Run a free compliance scan and get your Gretel Score in seconds.