Skip to content
MJ Marketing
Setting up Consent Mode v2 for Google Ads – the four consent signals at a glance
Tracking & Analytics
12 min read
Mijo Jurisic

Consent Mode v2: Why It's Required & How to Set It Up

Consent Mode v2 explained: why EEA advertisers need it, an honest Basic vs. Advanced comparison, and step-by-step setup via CMP + Google Tag Manager.

TL;DR

Consent Mode v2 is Google's standard for passing your visitors' cookie banner decision to Google Ads and GA4 via four signals: ad_storage, analytics_storage, ad_user_data, and ad_personalization – since March 2024, Google requires it for remarketing and personalized advertising in the EEA. You set it up through a CMP plus Google Tag Manager; the critical part is that the default signals are set to denied before any Google tag fires and only get updated after the banner decision.

Share:

Quick context first: Since March 2024, Google requires Consent Mode v2 from all advertisers reaching users in the European Economic Area – without it, remarketing and personalized advertising simply stop working there. Yet in audits I regularly see setups where the cookie banner looks polished, but the consent signals never reach Google – or only after the tags have long since fired. This guide explains what Consent Mode v2 actually does, how Basic and Advanced mode honestly differ, and how to build and verify the setup cleanly with a CMP + Google Tag Manager.

Consent Mode v2 is Google's interface between your cookie banner (the consent management platform, or CMP) and the Google tags on your website. For every single visitor, it answers the question: What are Google Ads and GA4 allowed to do with this user's data?

The answer travels through four signals:

| Signal | Controls | In practice | |--------|----------|-------------| | ad_storage | Reading and writing advertising cookies | Click cookies for conversion attribution | | analytics_storage | Analytics cookies | GA4 session and user cookies | | ad_user_data | Sending user data to Google for advertising purposes | e.g. data for Enhanced Conversions | | ad_personalization | Personalized advertising | Remarketing lists, similar audiences |

Each signal can be granted or denied. Your CMP sets these values automatically – depending on what the user clicks in the banner.

What's new in "v2"? The first two signals have existed since 2020 (Consent Mode v1). With v2, ad_user_data and ad_personalization were added in March 2024. The background is the EU's Digital Markets Act (DMA): Google was designated a so-called gatekeeper and must demonstrate that user data from the EEA is only used for advertising with consent. Google passes this obligation on to you as the advertiser – technically, via these signals.

Important distinction: Consent Mode does not replace your cookie banner – it translates the banner's decision for Google. Whether and how you must obtain consent is governed by the GDPR and ePrivacy rules regardless. This article is hands-on tracking knowledge, not legal advice.

"Required" deserves precision here: there is no law called Consent Mode. But since March 2024, Google has made transmitting the v2 signals a condition for core advertising features in the EEA. Without correctly set signals, according to Google:

  • Remarketing breaks: users from the EEA are no longer added to remarketing lists. Existing lists shrink over time because no new users flow in – your remarketing strategies run on empty.
  • Personalized advertising is blocked: audience features based on user data are unavailable for EEA traffic.
  • Conversion measurement becomes less complete: without consent signals, you forgo conversion modeling, which Google uses to statistically close measurement gaps caused by declined consent. Smart Bidding then optimizes on a smaller data foundation – and makes worse decisions.

From my own client work: the cases where "remarketing suddenly stopped working" or conversions inexplicably dropped remarkably often share the same root cause – a missing or miswired Consent Mode. If you advertise in the EEA, there is no way around this topic.

Basic vs. Advanced Mode: The Honest Comparison

Consent Mode v2 comes in two variants, and the choice is a genuine trade-off – there is no single "correct" answer:

| | Basic mode | Advanced mode | |---|---|---| | Tags without consent | Don't load at all | Always load, but only send cookieless pings | | Data when declined | None – not even anonymous signals | Anonymous pings (no cookies, no user IDs) | | Conversion modeling | Only at a general level (according to Google) | More detailed, because your own pings serve as the basis | | Privacy assessment | Conservative, easy to defend | Contested – cookieless pings are not conclusively settled legally | | Complexity | Low | Higher (ping behavior must be understood and documented) |

Basic mode is the conservative variant: if a user declines, nothing happens – no tag, no ping, no data. The price: Google can only roughly model the missing conversions, because no signals from these users exist at all.

Advanced mode always loads the tags and sends cookieless pings without user identifiers when consent is declined. Google models conversions more precisely from these. The catch: whether these pings are permissible without consent is disputed among legal experts, and data protection authorities have not taken a unified position.

My honest recommendation from practice: Basic mode is the safe default that rarely gets you into trouble. Advanced mode can be worthwhile if your decline rate is high and data quality for Smart Bidding matters to you – but only as a deliberate decision, aligned with your data protection officer or lawyer. Advanced "by accident", because the CMP suggests it as a preset, is the worst of all options.

Setup via CMP + Google Tag Manager

The prerequisites: an installed Google Tag Manager, working conversion tracking, and a CMP. Then it takes five steps:

Step 1: Choose a CMP and Configure the Banner

Use a CMP with native Consent Mode v2 support – ideally one from Google's CMP Partner Program. Widely used options include Cookiebot, Usercentrics, and Borlabs. Important for the banner configuration: declining must be as easy as accepting, and the categories (marketing, statistics) must be cleanly mapped to the consent signals.

Step 2: Define the Default State

Before any tag fires, all four signals must be set to denied for EEA visitors. With most CMPs, the template integration handles this automatically. Done manually, the default looks like this:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'analytics_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied',
  'wait_for_update': 500
});

wait_for_update gives the CMP time (here 500 ms) to load an already stored consent before the tags fire – otherwise returning users with granted consent are wrongly counted as declined.

GTM has a dedicated trigger type: Consent Initialization – All Pages. It is guaranteed to fire before all other triggers. That is exactly where the CMP template (or your default snippet) belongs – not on the regular page view trigger. This is the most common wiring mistake.

In the GTM container settings, enable the consent overview (gear icon → "Enable consent overview"). It shows you per tag which consent checks are built in. Google tags (Google Ads conversion, GA4) come with the checks for ad_storage and analytics_storage out of the box – you usually don't need to configure additional consent requirements for them. For non-Google tags (Meta Pixel and the like), you define additional consent requirements manually.

Step 5: Verify the Update Behavior

When the user clicks accept in the banner, the CMP must send a consent update:

gtag('consent', 'update', {
  'ad_storage': 'granted',
  'analytics_storage': 'granted',
  'ad_user_data': 'granted',
  'ad_personalization': 'granted'
});

With template integrations, this happens automatically – but don't rely on it, test it (more on that in a moment).

How It Interacts with Enhanced Conversions and Server-Side Tracking

Consent Mode v2 is the foundation that other tracking building blocks sit on – the order is non-negotiable:

  1. Consent Mode v2 first: without clean consent signals, everything else lacks its foundation.
  2. Then Enhanced Conversions: hashed first-party data may only flow when ad_user_data is set to granted. An Enhanced Conversions setup without consent wiring is a privacy problem, not a feature.
  3. Then server-side: with server-side tagging, the consent state must be passed from the browser to your server container. Server-side is explicitly not a consent workaround – tracking fully server-side without consent is a violation, no matter where the data is processed. For the full picture, read the server-side tracking guide.

Reversing this order – buying server-side first, retrofitting consent someday – means building on sand. The complete technical foundation including GTM structure is covered in our tracking setup guide.

Mistake 1: Default Signals Fire After the Tags

The classic. The CMP loads asynchronously somewhere in the page source while gtag or GTM have already fired. Result: the first hits run without a consent state – and Google treats them as non-consented when in doubt. Fix: put the default snippet or CMP template consistently on the Consent Initialization trigger.

Mistake 2: A Banner Without Wiring

The banner is displayed, users click away diligently – but the decision never reaches Google, because the Consent Mode integration in the CMP was never activated. From the outside everything looks correct; in Tag Assistant, default and update are completely missing. In my experience, one of the most frequent audit findings.

Mistake 3: Only v1 Signals Set

Older setups transmit ad_storage and analytics_storage, but not ad_user_data and ad_personalization. Consequence: remarketing for EEA users breaks even though "Consent Mode is running". Explicitly verify that all four signals are being sent.

A hard-coded default snippet in the source code plus a CMP template in GTM, overwriting each other. Depending on load order, sometimes one wins, sometimes the other – the data becomes unpredictable. Decide on exactly one place where consent is set.

Mistake 5: Advanced Mode Active Unintentionally

Some CMPs enable Advanced as the preset. But if your privacy policy and your records of processing assume Basic, documentation doesn't match reality. Check the setting deliberately and document the decision.

If wait_for_update is missing or set too tight, tags fire for returning visitors before the CMP has loaded the stored consent. The result is an unnecessary number of denied hits despite granted consent.

Verifying with Tag Assistant

This is how you verify the setup in roughly ten minutes:

  1. Open tagassistant.google.com and connect your domain (incognito window, so no old consent is stored)
  2. After the page loads, open the Consent tab on the left: there must be a default entry with all four signals set to deniedbefore the first Google tag in the event list
  3. Click accept in the banner: an update entry with granted must now appear
  4. Reload the page: the stored consent must take effect within the wait_for_update window on the next visit
  5. Cross-check with decline (new incognito window): signals stay on denied, and in Basic mode no Google tags may fire
  6. Additionally, check in GTM preview mode per tag which consent state applied when it fired

It's also worth looking at Google Ads under Goals → Conversions → Diagnostics: Google flags problems with the consent signals there.

Consent Mode v2 is not a nice-to-have – since March 2024, it has been the entry ticket for remarketing and reliable conversion data in the EEA. The key points:

  1. Four signals, two new ones: ad_user_data and ad_personalization make the difference between v1 and v2
  2. Basic vs. Advanced is a trade-off: privacy certainty versus data quality – decide deliberately, don't leave it to the CMP preset
  3. Order decides everything: default signals before all tags, update after the banner decision
  4. Test instead of hope: ten minutes in Tag Assistant uncover most mistakes

If you don't want to build this yourself or aren't sure whether your existing setup is wired cleanly: as part of our Consent Mode & cookie banner implementation, we set the whole thing up for a fixed price – CMP-agnostic, whether you use Cookiebot, Usercentrics, Borlabs, or another system.


FAQ on Consent Mode v2

Is Consent Mode v2 mandatory?

For advertisers reaching users in the EEA with Google Ads who want to use remarketing, audiences, or personalized advertising: effectively yes. Since March 2024, Google requires the consent signals ad_user_data and ad_personalization – without them, EEA users can no longer be added to remarketing lists and conversion measurement becomes less complete. There is no law called Consent Mode, though: the consent obligation itself comes from the GDPR and the ePrivacy rules, while Consent Mode v2 is Google's technical requirement on top.

What is the difference between Basic and Advanced Consent Mode?

With Basic mode, Google tags only load after consent is given – if a user declines, Google receives no data at all, not even anonymous pings. With Advanced mode, tags always load but only send cookieless pings without consent, which Google uses to model conversions. Advanced provides more data for modeling but is legally contested from a privacy standpoint – you should make this decision together with your data protection officer.

How do I set up Consent Mode v2 with Google Tag Manager?

The usual approach: a CMP with Consent Mode support (e.g. Cookiebot, Usercentrics, or Borlabs) sets the default signals to denied before any tag fires and updates them after the banner decision via a consent update. In GTM, you enable the consent overview, make sure the CMP template fires on the Consent Initialization trigger, and check the built-in consent checks for every Google tag. Then you test everything with Tag Assistant.

What happens if I don't use Consent Mode v2?

Without the v2 signals ad_user_data and ad_personalization, you can no longer add EEA users to remarketing lists or reach them with personalized advertising – your audiences gradually empty out. On top of that, you forgo conversion modeling: conversions from users who decline are then completely missing from Google Ads, and Smart Bidding optimizes on a smaller data foundation.

How do I check whether Consent Mode v2 works correctly?

Open tagassistant.google.com, connect your website, and look at the Consent tab: on page load, all four signals must show a default of denied – before any Google tag fires. After clicking accept, a consent update to granted must follow. The order is the critical point: if the default signal only appears after the tags, the setup is broken. Additionally, GTM preview mode shows you per tag which consent state applied when it fired.

Mijo Jurisic

Mijo Jurisic

Google Ads consultant & founder of MJ Marketing. Five-plus years of hands-on practice — from a self-taught start to the Google Premier Partner programme with 500+ direct Google Ads clients and €20M+ in managed media spend.

Share this article:

Share: