Google’s Consent Mode v2 became required in March 2024 for ads-data flow from European users. Almost every site needs it, even if your audience is mostly US — EU regulatory compliance affects ad bidding signals across borders. The good news: implemented correctly, Consent Mode v2 preserves meaningful data even when users decline cookies. Here’s the wiring.
What Consent Mode does
Consent Mode tells Google whether the user has granted consent for: analytics storage, ads storage, ad-user data, ad personalization. When a user declines, Google sends ‘consent denied’ pings with limited data — IP truncated, no cookies set, behavioral signals reduced. Google uses these pings to model the missing data via aggregated patterns. You get partial visibility instead of zero.
Without Consent Mode
If a user declines cookies and you have no Consent Mode, GA4 gets no signal at all. Worse: Google Ads can’t learn from the conversion if it happened. The data loss compounds across reporting and bidding.
With Consent Mode v2 (basic mode)
When user declines, the gtag stays loaded and sends pings to GA4 with `consent: denied`. Google fills in the gaps with conversion modeling. Conversions still get attributed; reports still show meaningful data; ad bidding still learns. Reported reduction in data loss: 30-70% depending on consent rate.
With Consent Mode v2 (advanced mode)
Same as basic but the gtag is allowed to set non-personal cookies, store a hashed user ID for cross-device deduplication, and run more sophisticated modeling. Better data, more privacy review required. We default to basic mode for most SMB clients and recommend advanced only when ads spend justifies the additional implementation complexity.
Step 1: pick a consent management platform (CMP)
You need a banner that asks consent and stores the user’s choice. Options:
- Cookiebot — comprehensive, $99/year. We use this on most FH client sites.
- OneTrust — enterprise-grade, $300+/month. Overkill for SMB.
- Iubenda — affordable, EU-focused, ~$30/year.
- Roll-your-own — feasible but most teams don’t maintain it well. Don’t.
Step 2: implement the gtag consent default
Before any other gtag call, set default consent values. Then the CMP updates them when the user makes a choice.
// app/components/Analytics.tsx
"use client";
import Script from "next/script";
export function Analytics() {
return (
<>
<Script id="consent-default" strategy="beforeInteractive">{`
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
ad_storage: 'denied',
ad_user_data: 'denied',
ad_personalization: 'denied',
analytics_storage: 'denied',
wait_for_update: 500
});
`}</Script>
<Script src={`https://www.googletagmanager.com/gtag/js?id=${GA4_ID}`} strategy="afterInteractive" />
<Script id="ga4-init" strategy="afterInteractive">{`
gtag('js', new Date());
gtag('config', '${GA4_ID}');
`}</Script>
</>
);
}Step 3: update consent on user choice
When the user clicks Accept or Decline in your CMP banner, call gtag.consent.update with their choices.
// When user accepts
(window as any).gtag?.("consent", "update", {
ad_storage: "granted",
ad_user_data: "granted",
ad_personalization: "granted",
analytics_storage: "granted",
});
// When user declines (only analytics, no ads)
(window as any).gtag?.("consent", "update", {
ad_storage: "denied",
ad_user_data: "denied",
ad_personalization: "denied",
analytics_storage: "granted", // optional, if your CMP allows partial
});Step 4: verify in GA4
GA4 → Admin → Property Settings → Reporting Identity. You should see the option for ‘Blended’ identity, which uses modeled data alongside observed data. Enable it. After 48 hours of traffic, GA4 reports start showing modeled conversions filling in the gaps from declined-consent users.
Banner copy that doesn’t kill conversion
Most ‘accept cookies’ banners are awful — full-screen modals that block the page, complex toggle hierarchies, dark patterns. Don’t do that. A small banner at the bottom of the screen with ‘Accept’ and ‘Decline’ buttons of equal visual weight, optional ‘Customize’ for the curious. Honest, fast, doesn’t harm bounce rate.
Consent and conversion tracking
Consent Mode applies to GA4 and Google Ads tags running in the browser. Server-side conversion events from your server action are NOT subject to the user’s browser consent. The lead form submission is a first-party transaction; the server can fire the conversion regardless. This is one of the reasons we fire critical conversions server-side.
What happens if you DON’T implement Consent Mode v2
- EU users who decline send zero data to GA4. You see massive data loss with no modeling fill-in.
- Google Ads can’t use EU conversion data for bidding learning. Smart Bidding degrades.
- Google has indicated they’ll deprecate non-CM v2 tags eventually. Updating later is harder than now.
Cookiebot setup specifically
Cookiebot has a Google Consent Mode integration that auto-configures gtag consent based on the user’s banner choice. You add Cookiebot’s script tag, configure your domain in the Cookiebot dashboard, and the integration handles the consent.update calls. Total wire-up time: 20 minutes.
Reporting once Consent Mode is live
GA4 reports will show a mix of observed conversions (consented users) and modeled conversions (declined users). The split is visible in the data quality settings. Total conversion counts approximate what you’d see without consent enforcement. CTR and engagement metrics from declined users are missing — those don’t get modeled.
How this lands across FH client work
Every FH client site that runs GA4 has Consent Mode v2 implemented via Cookiebot. Implementation time per site: about an hour. Annual cost per site: $99. The recovered data quality across declined-consent users is meaningful — typically 15-40% of EU traffic — and the regulatory posture is clean. If you’re running GA4 without Consent Mode v2 in 2026, book a consultation — implementation is a half-day engagement and the recovered data justifies the cost.
