How to Enable & Implement Consent Mode in GA4 (2024 Update)

As user privacy regulations continue to evolve, navigating consent has become a crucial aspect for websites leveraging Google Analytics 4 (GA4) and Google Tag Manager (GTM) to collect user data responsibly. Google Consent Mode acts as a bridge between your website's Consent Management Platform (CMP) and Google tags. It interprets the user's consent choices captured by your CMP and relays them to Google tags, dictating how user data can be used. This empowers you to collect valuable insights while respecting user privacy.

Basic vs. Advanced Consent Mode

There are two primary approaches to Consent Mode Implementation:

Basic Consent Mode
This simplified approach informs Google tags about a user's overall consent state (granted or denied) for any data collection. It's suitable for situations where you only need to track a user's general consent preference. It means that you prevent Google tags from loading until a user interacts with a consent banner and, before that, there’s no transmission of data to Google prior to user interaction with the banner. Once consent is given, the tags are loaded and execute the consent mode APIs.

Advanced Consent Mode (Optional)
When you implement the Advanced Consent Mode option, Google tags load when a user opens the website or app. The tags load the consent mode API and do the following:

1. 1. 1. Set default consent state. By default, it will be denied, unless you set your own control defaults. Keep in mind that, while denied, Google tags will send cookieless pings.

      2. Wait for user interaction with the banner and update consent states. It’s important to highlight that only when a user grants consent to data collection can Google tags send the full measurement data.

This method offers granular control, allowing you to send specific data points based on user consent for various purposes. For instance, you can configure Google tags to fire only when users grant consent for analytics (e.g., GA4 data collection) but withhold consent for ad personalization. Advanced Mode requires utilizing the Consent Mode API for more intricate communication with Google tags.

Choosing the Right Mode

Basic Consent Mode is recommended for a straightforward setup where you only want data collection after users explicitly agree.

Advanced Consent Mode is suitable if you need more control over tag behavior or want to gather some anonymized data even when consent is denied.  This anonymized data is sent through cookieless pings that are sent by Google tagging, when consent is denied, for things such as consent state, conversions, or analytics.  Google will use these pings to enable certain modeling for your measurement.  These models are meant to address the gaps in your observable data that will be present when consent has been denied.  For more information on Cookieless Pings and Consent Mode Modeling, visit Google’s  Support documentation.

Remember, Basic Consent Mode is mandatory if you want to continue using Google Ads products after March 2024.

Getting Started: Prerequisites

Before diving into implementation, ensure you have the following in place:

A Functioning CMP

This platform is the backbone of user consent management. It captures user choices through a consent banner or similar interface. This can be anything that fits your purposes such as OneTrust, CookieBot, CookiesYes, TrustArc, just to name a few.

Google Tag Manager Setup

GTM acts as your tag management system, where you'll configure how Google tags interact with your website based on user consent. Keep in mind that Consent Mode is not exclusive to GTM and it can be implemented in any Tag Management System; but, it will require individual knowledge and configuration to do so.

GA4 Property ID

Locate your unique GA4 property ID from the Google Analytics platform. This ID identifies your GA4 property within Google's system.

Consent Types

Here's a breakdown of Google Tag consent types with real-time examples for each. Keep in mind that websites may ask you for one or multiple consent types. It is also important to highlight that, denying all of them won’t reduce the number of ads (in case of ad_storage and/or ad_personalization) but how related to you they are.

• • ad_storage: This controls if cookies related to advertising can be stored on the user's device
    • Example: Imagine you visit a News website.. If you allow it, tags can store cookies that track your browsing habits and show you targeted ads for sports equipment because you recently read an article about a new soccer ball.
      
  • ad_user_data: This determines if user data can be sent to Google for advertising purposes.
    • Example: On a travel booking website,. If you don't allow it, your search for a beach vacation in Hawaii won't be used by Google to show you targeted ads for hotels or flights on other websites.
  • ad_personalization: This specifies if user data can be used for personalized advertising.
    • Example: A clothing store website. If you grant it, and you browse a specific brand of jeans, you might see targeted ads for similar styles from that brand on other websites you visit.
  • analytics_storage: This controls if cookies used for website analytics (e.g., visit duration) can be stored.
    • Example: You visit a recipe website.. Granting it allows them to store cookies that track how long you spend on a particular recipe page, helping them understand which recipes are most popular.
  • functional_storage: This allows storage essential for basic website functionality (e.g., language preferences).
    • Example: On a language learning app, consent for functional_storage might be needed to remember your chosen language preference so you don't have to reset it each time you log in.
      • Most of the time, this storage enhances website functionality, benefiting user experience. Therefore, users typically do not have the option to disable it.
  • personalization_storage: This permits storage for personalization features like video recommendations.
    • Example: A video streaming service If you allow it, they can store cookies that track the videos you watch and recommend similar content you might enjoy.

By configuring these consent types, you ensure Google tags only collect and use data according to user preferences, promoting transparency and user control over their information.

Step-by-step implementation of Basic Consent Mode

This guide is for generic implementation only. For more customizable and advanced implementation support please reach out to us.

1. Enable Consent Overview in GTM

• • • Log in to your GTM account and navigate to the container you want to modify.

    • Click on "Admin" in the top menu.

    • Under "Container Settings," locate the option "Enable consent overview" and check the box.

    • Click "Save" to activate this feature. This functionality provides a visual interface within GTM to see which tags require consent and their corresponding categories (e.g., Analytics, Ads).

If it’s already enabled you will notice an icon like this.

2. Integrate with Your Consent Management Platform (CMP) (if applicable)

If you're using a CMP to manage user consent, you'll need to integrate it with Google Consent Mode v2. The specific steps will vary depending on your chosen CMP. Here's how to approach this:

• Consult your CMP's documentation
  • Most CMPs provide detailed instructions on integrating with Google Consent Mode v2. This documentation will typically outline specific configuration steps within the CMP's interface and any code snippets you might need to add to your website. Examples, OneTrust, Ketch, etc…
• Leverage pre-built GTM templates
  • Some CMPs offer pre-built GTM templates that streamline the integration process. These templates handle the communication between the CMP and Google Consent Mode v2, automating much of the configuration within GTM. I highly recommend using Simo’s template.

To implement basic consent mode, you should have a default value of all consent types that should be denied.

3. Set Up Consent Initialization Trigger

1. 1. 1. In GTM, go to "Triggers" and click "New."

      2. Choose "Consent Initialization" as the trigger type. This trigger fires when the consent mechanism (like a cookie consent banner) initializes on your webpage.

      3. Since you want this to happen before any tags fire, leave the firing conditions set to "All Pages."

      4. Click "Save" to create the trigger. This trigger ensures that GTM is aware of the user's consent status before any tags are loaded.

4. Configure Tags to Respect Consent (Recommended)

Select ‘No additional consent required’ or the required option. Let’s explore both.

Built-in Consent Checks: All GTM tags have built-in logic that modifies their behaviour based on consent. For instance, a Google Ads tag might fire only when ad_storage consent is granted.

Additional Consent Checks:  You can configure additional consent requirements on top of built-in checks. This provides fine-grained control over which tags fire based on specific consent purposes (e.g., analytics, advertising, personalization) defined by your CMP (Consent Management Platform). 

As mentioned earlier, some CMPs offer pre-built GTM templates that handle consent integration automatically. If your CMP provides such a template, refer to their documentation for specific instructions on implementing it. These templates typically leverage the Google Consent Mode API to dynamically control tag firing based on user consent.

Go to the individual tag, select the required user consent type for that and save the tag.

5. Test and Debug

After implementing Consent Mode v2, thoroughly test your website to ensure tags fire only after users grant consent. Here are some testing strategies:

• • • Use GTM's preview and debug mode: GTM offers a preview and debug mode that allows you to simulate different consent scenarios. This helps you verify that tags only fire when expected based on the user's consent status.

1. 1. 1. 1. Head over to https://tagassistant.google.com/.

         2. Add the domain of your website you want to debug.

         3. In the Tag Assistant interface, choose a Tag ID from the top. This represents a specific tag on your site.

         4. Navigate through the event options on the left-hand side and select the "Consent" tab from the right-hand side.

         5. The below section will display the state of different consent signals at the time the chosen tag is fired.

• • • Test with different consent choices: Manually interact with your website's consent banner to grant or withhold consent for various categories. Observe how the tag firing behaviour aligns with your expectations.

    • Additionally, in the network tab where you can see all network requests, in regular GA4 requests, look for parameter gcd. That parameter will have a value like this:
      Gcd:13r3r3r3r5 -> This means that previously all consent was denied by default but later it was granted by the user.
      • You can decode it like this:
        1[number]<ad_storage>[number]<analytics_storage>[number]<ad_user_data>[number]<ad_personalization>5
        

So this string value will start with 1 and the GCD parameter follows a specific format:

• • • • It starts with "1" followed by a series of numbers separated by "[number]". In the above example, it’s ‘3’.

      • Each letter represents the consent status for a specific signal with its respective position.

      • The string ends with a number (often "5"), signifying the format version.

The letters within the gcd string hold the following meanings:

• • • • l: Consent signal not set with Consent Mode.

      • p: Consent denied by default (no update).

      • q: Consent is denied by default and remains denied after user interaction.

      • t: Consent granted by default (no update).

      • r: Consent denied by default but granted after user update.

      • m: Consent denied after user update (no default setting).

      • n: Consent granted after user update (no default setting).

      • u: Consent granted by default but denied after user update.

      • v: Consent granted by default and confirmed by the user.

        
        
        

Napkyn would like to issue a huge thanks to Simo Ahava for his detailed research on this topic. Some areas of this blog have been inspired by his blog.