Consent mode allows web and app developers to adjust tag and app SDK behavior based on user consent choices.
How to manage consent
Managing user consent requires the following:
- Obtain the user’s consent choice to grant or deny consent for storing
information about their behavior. You are responsible to obtain users’
consent on your website or app or any data you upload to Google.
For websites and apps, you can implement a consent banner or other custom consent solution, or use a Consent Management Platform (CMP).
For data uploads to Google, please consult with your legal department on a consent management solution that fits your business needs. - Communicate the user’s consent choice, or consent state, to Google. Many CMPs handle sending the consent state to Google. If you implement a custom consent solution, you must implement a method to send the consent state to Google, see Choose a framework to manage consent.
- Ensure that Google tags and third-party tags behave according to the user’s consent choice.
Tags that support consent mode
Tags and SDKs for the following Google products contain built-in consent checks and adjust their behavior based on consent state:
- Google tag
- Google Analytics (includes Google Analytics for Firebase SDK)
- Google Ads (includes Google Ads Conversion Tracking and Remarketing; support for Phone Call Conversions is pending.)
- Floodlight
- Conversion Linker
Consent mode terminology
The following terms have a special meaning in the context of consent mode:
- Consent checks: Causes tags and SDKs to modify behavior based on consent state and consent type.
- Consent state: Represents user choices and can be granted or denied, for each consent type. Tags and SDKs with consent checks modify their behavior as described in How consent affects tag behavior.
- Consent type: Indicates the type of storage. Consent can be
granted
ordenied
for each type.
Consent types
Consent types include:
Consent Type | Description |
ad_storage | Enables storage, such as cookies (web) or device identifiers (apps), related to advertising. |
ad_user_data | Sets consent for sending user data to Google for online advertising purposes. |
ad_personalization | Sets consent for personalized advertising. |
analytics_storage | Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration. |
functionality_storage | Enables storage that supports the functionality of the website or app, for example, language settings |
personalization_storage | Enables storage related to personalization, for example, video recommendations |
security_storage | Enables storage related to security such as authentication functionality, fraud prevention, and other user protection |
Basic versus advanced consent mode
You can implement consent mode on your website or app in either of two ways: basic or advanced.
Basic consent mode
When you implement consent mode in its basic version, you prevent Google tags from loading until a user interacts with a consent banner. This setup transmits no data to Google prior to user interaction with the consent banner. When the user grants consent, Google tags load and execute the consent mode APIs. The tags send the consent states to Google in the following order:
- Send default consent states.
- Send updated consent states.
However, when the user doesn't consent, no data is transferred to Google at all – not even the consent status. Google tags are completely blocked from firing. Consent mode's conversion modeling in Ads is then based on a general model.
Advanced consent mode
When you implement consent mode in its advanced version, Google tags load when a user opens the website or app. The tags load the consent mode API and do the following:
- Set default consent states. By default, consent may be
denied
, unless you set your own defaults. While consent isdenied
, the Google tags send cookieless pings. - Wait for user interaction with the banner and update consent states. Only when a user grants consent to data collection, Google tags send the full measurement data. Learn more about tag behavior.
This implementation enables improved modeling compared to the Basic one as it provides an advertiser-specific model as opposed to a general model.
Overview
Feature | Basic consent mode | Advanced consent mode |
---|---|---|
Tag loading | Blocked until user interaction with a consent banner. | Loads with defaults set to denied , unless configured
otherwise. |
Data transmission | No data is sent before a user consents - not even the default consent status. | When consent is denied , consent state and cookieless
pings are sent.When consent is granted , cookies are
written and all measurement data is sent. |
Consent states | Set after user interaction. | Defaults set to denied , unless configured otherwise;
updates based on user choice. |
Tag behavior after user interaction | Loads and executes consent mode APIs only when a user grants consent. | Adjusts tag behavior based on user consent choice. |
Conversion and key event modeling | General model (less detailed modeling). | Advertiser-specific model (more detailed modeling). |
How consent affects tag and app SDK behavior
In general, when users grant consent, tags function normally.
When users deny consent for ad personalization or ad user data, tags or app SDKs can't use user data for ad targeting purposes.
When users deny consent for storage, consent-aware tags or app SDKs do not store cookies (web) or device identifiers (apps). Instead, tags communicate consent state and user activity by sending cookieless pings (web), or signals (apps), to the Google server. This enables Google Ads and Google Analytics 4 properties to model conversions and key events, see Consent mode modeling.
The following signals communicate consent state:
Consent state pings: Consent state pings are sent from each page the user visits where consent mode is implemented. These pings communicate a consent state of granted or denied for each consent type, such as ad storage or analytics storage.
Key event pings: Key event pings are sent to indicate that a key event has occurred.
Google Analytics pings: Google Analytics pings are sent on each page of a website using Google Analytics when events are logged.
Pings can include:
- Functional information (such as headers added passively by the browser):
- Timestamp
- User Agent
- Referrer
- Aggregate / non-identifying information:
- An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID)
- Boolean information about the consent state
- Random number generated on each page load
Besides allowing the consent state to modify tag behavior, you can also redact
stored data when a user denies consent. For example, a user might have granted
consent to store data for ads and then change their mind and deny consent. If
you enable ads_data_redaction
, when the user denies consent, Google Ads will
delete the stored information.
Tags with built-in consent checks amend their behavior based on different
consent states. The following table explains tag behavior by consent types,
consent state, and whether ads_data_redaction
is set to true
.
Consent type(s) | Denied or granted | Behavior |
ad_storage and analytics_storage |
granted granted |
|
ad_personalization |
denied | Personalized advertising is disabled, the following features won't receive data:
|
ad_user_data |
denied | Personal data collection for online advertising is disabled, including:
|
ad_storage |
denied |
|
analytics_storage |
denied |
|
ad_storage and ads_data_redaction
|
denied and true |
|
Consent mode HTTP parameters
When you implement consent mode, consent mode parameters are translated into
HTTP request parameters such as dma
, gcd
, and gcs
.
Consent to Google services is encoded using dma_cps
.
These fields collectively provide information about consent states and related
configuration settings. Google tag fields may be encoded to improve transmission
efficiency. These fields may be subject to change as these services evolve.
The gcs
parameter is used to transmit the ad_storage
and analytics_storage
parameters, indicating the user's consent choice regarding the storage of
advertising and analytics cookies (web) or device identifiers (app). The gcd
parameter is always sent to Google services, regardless of whether consent mode
is activated or not. The gcd
parameter encodes detailed information about the
user's consent choice through the consent types.
Tag Assistant can help you understand these fields and how your Google tag is behaving, so that you can better debug your setup. Learn how to debug consent mode.
Consent mode modeling
To mitigate any data collection gaps, Google products use these pings to model your metrics for your measurement solutions. In order to protect user privacy, your tag or app SDK needs to meet a certain data collection threshold. You can find more information about what is modeled and under which circumstances in the articles linked below:
- Google Ads consent mode modeling
- Google Ads online conversion modeling
- Google Analytics conversion modeling
- Google Analytics behavioral modeling