If your site receives traffic from the European Economic Area, Consent Mode v2 is not optional. Google made it a requirement for all advertisers using Google Ads or Google Analytics on EEA traffic from March 2024. Properties that haven't implemented it are missing modelled conversion data, may be risking ad personalisation features, and are operating in a grey area on data compliance.

This guide explains what Consent Mode v2 actually does, what changed from v1, and exactly how to verify your implementation is working.

What Consent Mode actually does

Consent Mode doesn't replace your cookie consent banner — it works alongside it. When a user interacts with your CMP (consent management platform), their consent choices are passed to Google's tags as consent signals. Google then adjusts what data it collects and how it processes it based on those signals.

The key thing Consent Mode enables that nothing else can: conversion modelling. When a user declines analytics cookies, GA4 can't directly observe their behaviour. But with Consent Mode active, Google uses machine learning to model what those users likely did — filling in the gaps caused by cookie refusal without recording individual data. Without Consent Mode, those users are simply invisible in your reports.

Consent Mode is not a workaround for GDPR. It doesn't allow you to collect personal data without consent. It's a framework for adjusting what Google tags do based on user consent — not for bypassing consent requirements.

What changed from v1 to v2

Consent Mode v1 had two consent signals: analytics_storage and ad_storage. Consent Mode v2 adds two more, and those two new ones are the reason the update matters:

analytics_storage
Recommended
Controls whether GA4 can store analytics cookies and collect measurement data. When denied, GA4 sends pings without cookies — no user identification, no session continuity.
ad_storage
Recommended
Controls whether Google Ads can store advertising cookies. When denied, ad personalisation and remarketing are disabled for that user.
ad_user_data
Required (new in v2)
Controls whether user data can be sent to Google for advertising purposes. Required for Google Ads to function properly for EEA traffic. This is the new signal that v1 properties are missing.
ad_personalization
Required (new in v2)
Controls whether data can be used for ad personalisation, including remarketing. Also new in v2. Without this signal, Google cannot distinguish between users who consented to personalisation and those who didn't.

Properties still on Consent Mode v1 — or with no Consent Mode at all — are missing ad_user_data and ad_personalization. Google cannot properly handle EEA user data for advertising without them.

What happens without Consent Mode v2

Without Consent Mode v2
EEA users who decline cookies are invisible. Conversions from these users are not modelled. Google Ads may lose access to conversion signals needed for Smart Bidding. Risk of non-compliance with EU data regulations.
With Consent Mode v2
Cookieless pings sent for declined users. Google models conversions for opted-out users. Smart Bidding retains signal. Compliant with Google's EU User Consent Policy. Conversion data is more complete.

For most EEA-facing sites, cookie consent decline rates run 20–40%. Without modelling, that's 20–40% of your conversion data that simply doesn't exist in your reports. For Google Ads campaigns, it means Smart Bidding is working with substantially incomplete data.

How to verify your implementation

How to implement it

If you're using a CMP (OneTrust, Cookiebot, CookieYes, Usercentrics, etc.), most of them now have native Consent Mode v2 support. You typically need to:

  1. Update your CMP to the latest version
  2. Enable Consent Mode v2 in your CMP's settings
  3. Ensure your CMP's GTM template or script is configured to pass all four signals
  4. Set default consent states (usually denied for all four) before the CMP loads

The default consent state matters. Consent Mode requires you to set a default state — what Google's tags assume before the user has made a choice. For EEA traffic this should be denied by default, updating to granted when the user consents. Setting defaults to granted and only denying on opt-out is the wrong approach for GDPR purposes.

Basic vs. Advanced Consent Mode. Basic mode blocks all GA4 tracking until consent is given — simpler to implement but you lose cookieless pings and conversion modelling for opted-out users. Advanced mode sends cookieless pings before consent and enables full modelling. Advanced is the recommended implementation for most sites that care about data completeness.

Check your Consent Mode automatically

Our audit checks whether Consent Mode v2 signals are present in your GA4 property, verifies that all four required signals are being sent, and flags properties that are still on v1 or have no Consent Mode implementation at all. It's one of 47 checks we run in under 60 seconds.

Run your GA4 audit — $179 →

Travis Gunn
Travis Gunn
Founder of GA4 Health Check. Working with Google Analytics since 2013, with over 250 clients audited across almost every industry vertical. 100% Job Success on Upwork for over a decade.