Google Consent Mode V2, introduced in late 2023, enhances how websites manage user cookie consent for Google services. It requires websites to implement a consent banner by March 2024, allowing users to select consent levels that affect data handling.
This article outlines steps to obtain user consent, communicate it to Google, and ensure tags behave according to the consent choice, emphasizing the importance of compliance with GDPR and proper configuration of Google Tag Manager.
What is Google Consent Mode V2?
Google Consent Mode V2, introduced in late 2023, is an updated version of Google’s original Consent Mode. It allows websites to communicate users’ Cookie consent preferences to Google’s services, such as Google Ads and Analytics, more efficiently and privacy-compliantly. Websites must use these Google services by March 2024.
Google Consent Mode V2 introduces new parameters, including ad_user_data and ad_personalization, as well as the existing analytics_storage and ad_storage. These parameters offer enhanced control over user data and advertising personalisation based on user consent.
Google expects these parameters to be set to “Denied” or “Granted” based on a visitor’s selection in the Peppered Cookie banner. This instruction will show you how to do just that.
How to Manage Website Visitor Consent?
Source: Google
- Obtain the user’s consent choice to grant or deny the consent for storing information about their behaviour. You are responsible for obtaining users’ consent on your website or app or any data you upload to Google.For websites and apps, you can implement a (Peppered) consent banner or use a third party Consent Management Platform (CMP).
- Communicate the user’s consent choice , or consent state, to Google. Many CMPs handle sending the consent state to Google. If you implement a custom consent solution, you must implement a method to send the consent state to Google.
- Ensure that Google tags and third-party tags behave according to the user’s consent choice.
It looks easy, but you must ensure you set up everything correctly, according to Google Consent and GDPR. This article will help you do so by tackling the three points above.
1. Obtain the User’s’ Consent Choice
Your Peppered platform cookie banner is designed to obtain website visitor consent. The Peppered platform has two main layouts for cookie banners. Technically they both work the same, but only one is GDPR proof.
In order to provide a GDPR proof cookie banner, all consent options should be equally easy to make.
That's why our GDPR proof cookie banner offers the three consent levels as three distinct (but equal) buttons.
You will see your Peppered cookie banner now looks like this:
Default Consent States
There are 4 consent states controlled by the Peppered cookie banner:
- 0. undefined: The user did not supply a level of consent (The cookie banner is still showing). Google Tag manager (GTM) is usually not loaded (more on that later).
- 1. default: Only cookies required for the Peppered Platform website to function are set (the user selected "functional only). GTM is usually not loaded (more on that later).
- 2. limited: This consent level loads the GTM and the "limited" setting is passed to the datalayer to be used in the GTM.
You can activate tags in GTM that you think should be activate when a user has chosen "Allow limited" in the cookie banner. You can explain to the user what kind of cookies are set in this consent level in the text in the cookie banner.
Third party media (video, audio) and all iFrame content is also enabled.
- 3. all: This consent level loads the GTM and the "all" setting is passed to the datalayer to be used in GTM. You can explain to the user what kind of cookies are set in this consent level in the text in the cookie banner.
All cookies, including ad-tracking etc. are allowed once this level is chosen by the user by selecting "allow all" in the cookie banner.
If you are not using GTM at all, the only Cookies that are used are pure functional, and you don't have to do anything.
2. Communicate Consent to Google
First configure your GTM code in the Peppered Dashboard.
All Google Tag Manager settings are found in System > Control Panel > Marketing > Google Tag Manager.
For more information on all the GTM settings, check out the article Settings for Google Tag Manager.
After you added your GTM code to the dashboard, you will need to map the 4 consent levels of the cookie banner to the 7 Google consent tags. Luckily you don’t have to do that yourself, as we have prepared a template and set-up instructions for you that takes care of this mapping (attached at the bottom of this page).
After installing the consent template in GTM, Google consent tags should be set to “Denied” or “Granted” based on the given cookie banner preference:
- The default values of Google tags when no consent was given:
- The default values of Google tags when consent was given for "functional only" cookies:
- The default values of Google tags when consent was given for "limited" cookies:
- The default values of Google tags when consent was given for "all" cookies:
Installing the Peppered GTM consent template
This instruction provides the above standardised mapping of Cookie banner settings to the 7 Google Consent tags.
The template will set the Google tags to "denied" or "granted" based on the chosen Cookie banner option:
In order to get these default consent levels mapped to the cookie banner, we first need to import the template file.
- Download the Peppered GTM template file
- In GTM, head to "templates" and click new under the Tag Templates section. When you click on the three little dots, you’ll have the option to import.
- Once it is imported successfully, you should see it listed:
- We now need to head to the Tags section on the left hand menu. Click to add a new tag. You should see the Peppered tag available when selecting.
- We then need to add triggers for the tag to fire. You can set it up with the configuration below, this sets a default consent and then updates according to the cookie settings on the site:
Once this is all in place, we should be finished.
Testing your GTM/Cookie Setup
Instructions on how to Test your Google Tag Manager setup
Go to Preview Mode.
- We need to remove the site cookie using chrome developer tools to run through all the tests.
- Pressing delete while highlighting the cookie_consent item in the application will remove it. This should cause the cookie banner to show when you reload the site.
- When you first load the site in tag manager preview mode, don’t interact with the cookie banner. You should see something like the following in the tag assistant preview mode.
- This shows that we are defaulting to deny all consent except security_storage. This consent level does not require an explicit opt-in.
- We should see the following after choosing the option for ‘Functional Only’. This option only allows cookies that are required to run the site. The consent level communicated to GTM is equivalent to the consent required for functional cookies set by the Peppered platform itself.
Again, this only applies when "Load Tag Manager Always" is set to ‘Yes’ in the dashboard. If not, GTM is not loaded at all in this phase.
- If we choose ‘Allow Limited’, we should see something like the below screenshots:
- We are granting the additional consent for analytics storage at this level.
- Repeating the test but choosing ‘all’ should show the following:
- Again, a default state of denied that is then updated to granted for all consent levels.
When "Load Tag Manager Always" is set to ‘No’, The consent levels sent to GTM when the ‘Allow Limited’ or ‘Allow All’ options are chosen are the same. However, nothing is sent to GTM in the "default" or "Functional only" states of the Cookie banner.
3. Ensure that Google tags and Third-party tags behave according to the user’s consent choice
For each tag you use in the GTM you will need to decide for yourself at which consent level this tag will be activated.
You could also already have tags that are directly connected to the Peppered Cookie banner consent levels "default", "limited" and "all". These tags will keep working, but you can reassign them to one of the new Google tags.
Make sure the explanations next to the three buttons in your cookie banner reflect what kind of cookies the user is giving consent for. We provided some default text in the cookie banner, but you are welcome to rewrite this to reflect your own situation. You can find all template texts available in the cookie banner in the article
How to properly use Third party content on your Website
Third party embeds like Youtube, Vimeo, Spotify, etc use third party cookies. That means every time you embed third party content, these cookies are set. In order to make sure this complies with the given consent by the visitor, all dedicated third party content fields in the Dashboard already take consent levels into consideration, and will not load the third party content unless consent level 3 has been set.
These fields are:
- Primary video URL
- Embed URL
- iFrame
To comply with GDPR rules, only embed third party content via these designated fields. This guarantees the third party content will only be shown (and only third party cookies will be used) in cookie consent level 3 and higher.
If the appropriate consent level was not given, the third party content is replaced by the cookie banner:
- Note that this option is not suitable for embedded content with third party tracking cookies, since that would require a level 4 consent.
- Also note that any third party content embedded via any general text/HTML editor cannot be blocked in the cookie settings and will violate GDPR rules when the third party uses cookies.
Our template works on the basis that users have opted to accept all cookies. Users who have not selected all cookies will only provide limited data, mostly limited to heatmaps/single-page sessions. This can skew your perception of sessions in Microsoft Clarity; please keep this in mind.
Related articles