Google Consent Mode v2: Understand, Install, Verify

Since March 2024, without Google Consent Mode v2, your Google Ads campaigns lose up to 30% of measurable conversions. Worse: Google is progressively limiting access to audiences, remarketing and Smart Bidding for sites that do not transmit the v2 signals. It is no longer a recommendation, it is a technical requirement of the platform.

If your site uses Google Analytics 4, Google Ads, Floodlight, Campaign Manager 360 or Display & Video 360 — and part of your audience comes from the EU, the EEA, the United Kingdom or Switzerland — you are concerned. Whether you are an e-commerce shop with a €5,000 monthly Ads budget or a six-figure advertiser, the rules are exactly the same. Google does not distinguish by size.

In this guide, you will understand the difference between Basic and Advanced Consent Mode, see how to install it in 10 minutes via Google Tag Manager or in raw code, verify that everything works before your next campaign, and avoid the four mistakes that silently break your conversions. Without jargon, with concrete examples you can copy-paste today.

Google Consent Mode v2: definition and timeline

Google Consent Mode v2 is a technical standard developed by Google that allows its marketing tags (GA4, Google Ads, Floodlight, DV360) to adapt their behaviour in real time to the consent declared by the user. Concretely, your cookie banner transmits four signals to Google — accepted or refused — and each Google tag adjusts what it collects, what it stores and what it sends based on these signals.

The difference between v1 (launched in 2020) and v2 (imposed in 2024) comes down to two new signals: ad_user_data (authorisation to transmit user data to Google for advertising purposes) and ad_personalization (authorisation to use that data for ad personalisation and remarketing). These two signals directly impact Google Ads, where v1 only covered cookie storage.

The timeline is strict. November 2023: Google announces the obligation. 6 March 2024: Consent Mode v2 becomes required for any Google Ads advertiser in the EEA, UK and Switzerland. June 2024: extension to Google Marketing Platform products (DV360, CM360, SA360). Throughout 2024-2025, Google progressively tightens the consequences: deactivation of custom audiences, degradation of remarketing, restriction of advanced measurement features.

Watch out for a frequent misunderstanding: Google Consent Mode v2 is not a substitute for the cookie banner. It is the technical complement that communicates to Google the choice collected by your CMP. You still need a CNIL-compliant cookie banner upstream — GCM v2 simply applies that choice on Google's side.

Basic vs Advanced Consent Mode: which mode to choose?

Google offers two implementation modes that answer two different philosophies. The choice directly impacts the volume of data you will collect and the performance of your campaigns.

Basic mode is the most restrictive. As long as the user has not clicked "Accept" in your banner, no Google tag is loaded on the page. No GA4 script, no Ads pixel, nothing. As soon as the user accepts, the tags are dynamically injected and start collecting. It is the legally "cleanest" approach, but you lose 100% of the data of users who refuse or who leave before choosing — typically 30 to 40% of your European audience.

Advanced mode adopts a different logic. Google tags load on the very first page render, but in a "cookieless" state: no cookie is set, no identifier is stored, and personal data is absent. These tags send Google "pings" — extremely lightweight anonymous signals that allow Google to reconstruct a statistical estimate of conversions through its machine learning model called "Consent Mode modeling". Result: you recover 65 to 70% of lost conversions, without ever setting a single non-consented cookie.

Our recommendation: Advanced for any site investing more than €1,000 per month in Google Ads. Conversion recovery via modeling literally changes ROAS (Return On Ad Spend) — it also lets Smart Bidding continue to optimise your bids correctly. Basic remains relevant for showcase sites without conversion goals, charities, or contexts where technical sobriety matters more than marketing performance.

Important point: in both modes, no non-essential cookie is set without consent. The difference concerns only the loading of the Google script, not the GDPR compliance. Both modes are legal if your banner correctly collects consent.

Step-by-step installation with Google Tag Manager

If your site uses Google Tag Manager (which is the case for 70% of French e-commerce sites), here is the complete procedure. Allow 15 minutes if you know GTM, 45 minutes otherwise.

1. Verify your CMP supports Consent Mode v2. Most major CMPs (ConsentLab, Cookiebot, Didomi, Axeptio, OneTrust) natively emit the four v2 signals. Consult your tool's documentation to confirm it pushes ad_storage, analytics_storage, ad_user_data and ad_personalization — not just the two v1 signals. If your CMP only handles v1, that is blocking: change CMP or update before going further.

2. Configure default settings in GTM. In your GTM container, create a "Consent - Default" tag. Trigger: the built-in "Consent Initialization - All Pages" event (which loads before any other tag). Tick the four v2 signals plus functionality_storage and security_storage. Default value: denied for marketing and analytics signals, granted for functional and security. Region: enter EEA, GB, CH to limit application to Europe (or leave blank to apply globally as a precaution).

3. Enable Consent Mode in all Google tags. Open each GA4, Google Ads Conversion, Google Ads Remarketing or Floodlight tag. In the advanced settings, tick "Enable consent overrides" then select "Advanced Consent Mode". Associate each tag with the right signal: GA4 respects analytics_storage, Ads tags respect ad_storage AND ad_user_data AND ad_personalization. This is where most integrations fail — see the warning below.

4. Configure the consent update. Your CMP must trigger a dataLayer event (typically cmp_consent_updated or equivalent) every time the user accepts, refuses or modifies their preferences. Create a GTM "Custom Event" trigger on this name, then a "Consent - Update" tag that reads the current values from the CMP and pushes them to Google via gtag('consent', 'update', ...). Serious CMPs provide a ready-to-use GTM template.

5. Publish the container. Increment the version, add an explanatory note ("Enable GCM v2"), test in Preview mode on your site with the console open, then publish to production. Verify that no JavaScript errors appear during the first loads — that is the moment when conflicts with legacy tags appear.

6. Verify in GA4. In the GA4 interface, go to Admin > Consent settings. After 24 to 48 hours, the "Consent state" line must show that users are arriving with an explicit state (consented/denied). If this line stays empty, your configuration is not communicating correctly with GA4.

Manual installation without GTM (raw code)

If your site loads GA4 or Google Ads directly — without going through Google Tag Manager — you must implement Consent Mode v2 by hand. The principle is simple: the consent snippet must load BEFORE the Google snippet, with an initial "all refused" state.

Place this block in the <head> of your site, as the very first script, before the GA4 or Ads code:

<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
 
  // Default state: all refused
  gtag('consent', 'default', {
    'ad_storage': 'denied',
    'analytics_storage': 'denied',
    'ad_user_data': 'denied',
    'ad_personalization': 'denied',
    'functionality_storage': 'granted',
    'security_storage': 'granted',
    'wait_for_update': 500,
    'region': ['EEA', 'GB', 'CH']
  });
</script>

Then, in your CMP code, after the user has clicked "Accept all" (or equivalent), emit the consent update:

// Example: user accepts everything
gtag('consent', 'update', {
  'ad_storage': 'granted',
  'analytics_storage': 'granted',
  'ad_user_data': 'granted',
  'ad_personalization': 'granted'
});

Two parameters deserve explanation. wait_for_update: 500 tells Google to wait 500 milliseconds after page load before falling back to default values if your CMP has not responded. It is a safety net: if the CMP loads fast (under 500 ms), Google uses the real user signals; otherwise, it stays in refused mode. region: ['EEA', 'GB', 'CH'] limits the application of Consent Mode to the European Economic Area, the United Kingdom and Switzerland — zones where the law mandates prior consent. Outside these regions, tracking can start immediately.

For a granular refusal (for example the user accepts measurement but refuses advertising), adapt the values signal by signal. That is the value of v2 mode: each purpose is handled independently.

Verify your Consent Mode works

Deploying without testing means risking the discovery, three months later, that your conversions no longer report. Here are three complementary methods to validate your installation.

1. Chrome DevTools Network tab. Open your site in private browsing, open DevTools (F12), Network tab, "collect" filter. Click "Refuse all" in your banner, then navigate. Look at requests to google-analytics.com/g/collect: in the URL, search for the gcs=G1... parameter. gcs=G100 means all four signals are refused (cookieless mode active). gcs=G111 means analytics and ad_storage signals are granted. The digits of the gcs code literally reflect the state of the signals — it is the fastest test to confirm that your CMP correctly transmits the refusal.

2. Google Tag Assistant (Chrome extension). Install the official extension, activate it on your site, click the icon in the toolbar. The assistant displays the consent state in real time for each detected Google tag, as well as the events emitted. Very useful to debug tags that do not respect consent — they appear in red in the interface.

3. GA4 DebugView. In your GA4 property, go to Admin > DebugView. Activate debug mode in your browser (via the Google Analytics Debugger extension or by adding ?debug_mode=1 to the URL). You then see events live with their consent_status state. Toggle your consent via the CMP (accept, then modify) and observe the reaction: the state must change instantly in DebugView.

For a detailed step-by-step procedure with screenshots, consult the ConsentLab documentation.

The 4 mistakes that break your conversions

These four mistakes appear in the vast majority of audits we run at ConsentLab. They go unnoticed for weeks and then blow up your Google Ads reports.

1. Forgetting ad_user_data and ad_personalization. These are the two v2 signals most often forgotten in GTM integrations done from an out-of-date v1 tutorial. Result: your Google Ads tags continue tracking for conversion (ad_storage granted) but Google considers they do not have personalisation authorisation (ad_personalization absent or denied). Your custom audiences progressively deactivate. Make sure all four signals are present in your default AND update tags.

2. Setting the default to granted. This is the most serious mistake legally. If your "Consent - Default" tag pushes ad_storage: 'granted' instead of denied, that is equivalent to tracking all your users before they have given consent — CNIL sanction almost guaranteed in case of audit. The initial state MUST be denied for all marketing and analytics signals. The update to granted happens after the user clicks, never before.

3. Not emitting the update after the choice. Classic failed configuration: the default tag is in place, but the CMP triggers no dataLayer event after the user choice. Result: even when the user accepts, the tags stay in denied mode and no data is collected. Systematically test the complete flow in Preview mode: click "Accept all" → dataLayer event emitted → "Consent - Update" tag triggered → signals moved to granted.

4. Mixing Basic and Advanced on the same site. Some teams configure GA4 in Advanced but leave Google Ads in Basic (or the reverse), thinking they are doing well. Result: double-counting, measurement inconsistencies, conversions appearing in one report and not the other. Choose a single mode and apply it uniformly to all your Google tags. It is simpler, more reliable, more auditable.

FAQ — Google Consent Mode v2

Is it mandatory if I only use Google Analytics without Google Ads? Technically yes, Consent Mode v2 is required for GA4 too — but the immediate impact is smaller than for Google Ads. Google is progressively applying the same restrictions (audience loss, modeling degradation) to GA4 properties that do not transmit the v2 signals. Better do it now, the cost is the same.

Does my existing Consent Mode v1 still work? Partially. The two historical signals (ad_storage, analytics_storage) are still accepted, but Google Ads deactivates custom audiences and limits remarketing if the two new v2 signals (ad_user_data, ad_personalization) are absent. The v1 → v2 migration usually takes less than 30 minutes on GTM.

Can I implement it without a dedicated CMP? Technically yes, by coding yourself a banner that handles the storage of the choice, revocation, proof of consent, multilingual compliance and the update of signals. In practice, that represents 20 to 40 hours of initial development plus ongoing maintenance. A CMP like ConsentLab does all of this natively for a few euros per month.

What is Google's Consent Mode modeling? A proprietary statistical model that reconstructs lost conversions by extrapolating from users who accepted. Google compares the behaviour of "consented" and "denied" users and statistically estimates how many conversions would have happened. In a typical e-commerce, modeling recovers 65 to 70% of conversions. Only available in Advanced mode.

How long before seeing the effect in Google Ads? Allow 72 hours for new conversions to appear in the Ads interface, and 7 to 14 additional days for modeling to stabilise the reports. Avoid taking optimisation decisions in this window — numbers oscillate while Google learns the new consent distribution of your site.

Consent Mode v2 and GDPR: is it enough for the CNIL? No. Consent Mode v2 is a technical mechanism on Google's side, nothing more. The CNIL requires a compliant cookie banner (refusal as simple as acceptance, explicit purposes, stored proof) upstream. GCM v2 simply applies the choice collected by your CMP — it does not collect it. Both are essential and complementary.