Google Consent Mode Recommendations
In GTMTips, Updates

Google Consent Mode Recommendations

On by Igor Smirnov

Before you continue reading, please aknowledge the date of the updated post. The information may change, which is common with ever evoling Google products.

There is an abundance of information and documentation available on what Consent Mode is, how it works, and how to implement it. However, let’s review some of the more unique questions. Hopefully, the following tips will enhance your understanding of this topic.

No. (on 07.04.2024)

Do I need both, default and update tags/settings?

It is recommended by Google to implement both. However, there’s a shared experience where having only a default tag works just fine, assuming consent information is available at the very start of the page load. Obviously, first-time visitors may need to interact with a cookie banner and submit their preferences before the Consent Mode storages can be set to granted.

It is rather recommended, which translates into - if you are absolutely sure that you have obtained the consent of a user by the time the default settings on the page get initialized, then the storage can be ‘granted’ in the default settings.

No. You must be cautious and double-check what CMP really covers. It is common for CMPs to only signal an update of the consent status to the Consent Mode. The default tag settings must be still implemented manually.

Is it OK to trigger CoMo update tag more than once?

Yes. No visible abnormalities were reported. Such cases may happen in the complex event sequence, where firing an update of the CoMo status, can be just simplier.

Yes, the URL Passthrough feature ensures that all clickable links are silently decorated with parameters (e.g., campaign parameters) from the current page, so those are preserved as a user navigates to the next page. This intervention can result in JavaScript features stopping working. For example, web components built on <a> tags with a hashed link, such as various call-to-action buttons, might simply reload the page instead of performing their programmed actions. This issue is particularly common in web applications that use modern UI libraries or are built as single-page applications (SPAs).

alt text

The only solution here is to disable the URL Passthrough feature.

Simply put, it’s best to avoid it, even if you’re confident in your understanding. Stick to the recommended instructions. Beyond the well-discussed GCS and GCD parameters, there are others like DMA, DMA_CPS and maybe more to come. This is particularly critical in the EEA, where compliance with Consent Mode (CoMo) regulations is mandatory. Deviating from default behaviors can have tangible repercussions, affecting your data.

Should I base my debugging on the status of GCD parameter?

No. Although, this is common amongst the experts. GCD parameter’s value will evolve with the Consent Mode. Indeed, it is good to reverse-engineer sometimes to understand the mechanics. Do not waste your time here. The preview of the container and the events in the queue, should depict the lifecycle of the consent status on the page.

alt text

Will my data change in Google Analytics 4 (GA4) after enabling the CoMo?

YES, and you may have already experienced that. Your data may show some temporary, but quite apparent, abnormalaties in the GA4. What can you do with it? The regular reporting operations will most certainly suffer. You may consider switching the GA4 reporting identity to the Observed data and rely on it for several weeks.

The CoMo is not mandatory in my area, will I still benefit somehow from implementation?

Here are mainly two cases to consider.

  1. CoMo is not mandatory but you still deal with an unconsented traffic. You will definitely benefit from the Consent Mode which will fill the void in conversions from unconsented traffic.

  2. CoMo is not mandatory and the tracking setup does not process unconsented traffic (with other words, you collect data from 100% of user sessions). Then, do not try to implement the CoMo.

The traffic light analogy somewhat, underpins the point. Would you try to pass on amber light? Frankly, it does not matter, because the rule says that you can cross a tarffic light only when it lits up in green. If you are afraid of fine while having a bad habbit of taking off too soon, it is still quite unlikely that you will be convicted, unless this behavior leads up to a serious accident and unveil even more issues.

The advanced implementation of Consent Mode potentially meets all the prerequisites to conflict with privacy regulations in the EEA. At a minimum, it could be considered an unethical solution. However, from a devil’s advocate perspective, the laws governing this area are broad and multi-layered, possibly requiring more serious allegations for a clear violation. It’s challenging to outright reject or perhaps, allow the use of advanced Consent Mode based solely on a superficial reading of the rules. Nonetheless, there is room for an adaptation that offers a more acceptable version of implementation.

Advanced Consent Mode involves sending anonymous pings from the user’s browser directly to Google servers. By design, internet networking reveals certain parameters (or combinations thereof) that are unique to each user, such as IP address, User-Agent, and potentially some cached data. Proxy services, like server-side Google Tag Manager (or equivalents), can mitigate privacy risks by managing HTTP Headers, IP addresses, and handling identifiable custom data, e.g., transaction IDs. This approach can significantly lessen the risk of inadvertently compromising user data, while still fulfilling the legitimate interests of your business. Additionally, disabling URL Passthrough and opting to redact ads data further aligns the implementation with compliance standards, making it appear as a more privacy-conscious solution.

Yes. But, you must understand the simple rule of thumb. The more data you feed to the model, the more precise is going to be an estimation of the unconsented conversions and especially, attribution.