Content
In March 2024, Google updated user data requirements for users residing in the EU. To continue using personal data for ads’ customization and remarketing, businesses should switch to the updated version of user consent: Consent Mode V2. Otherwise, you will lose access to ad personalization options, while some GA4 and Google Ads’ features will be limited.
The issue may sound alarming, though calm down. Take the new consent format as an update to the old rules. Its sole purpose is to solidify user data protection.
In this article, Promodo marketers explain the regulations of the consent mode, Google’s update, and the way to set up Consent mode V2 for proper business performance.
User security on the Internet is subject to legal regulations. The first and the oldest is the EU’s ePrivacy Directive of 2002. In 2018 the EU introduced the General Data Protection Regulation (GDPR). It is currently the most comprehensive personal data protection regulation applied in the EU and the European Economic Area (EEA).
The rules of GDPR marketing apply to any organization that processes personal data of EU residents. These are detailed requirements for the data that can be collected, special conditions, and a type of user consent. Failing to comply with GDPR, a company risks getting a solid fine from the EU and a permanent block from Google.
The US citizens, namely the residents of California, are subjected to a separate regulation, the California Consumer Privacy Act (CCPA). It is less prescriptive and applies only to companies with annual revenue exceeding $25 m. or serve more than 50,000 users in California.
The GDPR and its impact on interaction with Google
Adapt to privacy and regulatory changes with consent mode
European regulations overview and guidance
Since March 2024, the default value for user consent will be “consent denied.” This means you should obtain user consent to transfer data to Google Ads and Google Analytics and customize targeted advertising.
New data collection restrictions apply to:
🔴 Websites (tags that send data to Google)
🔴 Applications (SDKs that send data to Google)
🔴 Data uploads (tools for uploading data from non-Google sources, such as importing offline conversions or in-store sales).
To continue using metrics, ad customization and remarketing functions, you should obtain consent to use personal data from the end-users residing in the European Economic Area (EEA) and exchange consent signals with Google.
Consent signals are indicators received by Google Analytics from a user or a consent management platform to inform Google about a user's consent. These signals control the ability of Google Analytics to collect data, what type of data can be collected, and for what purposes.
A user may agree to use cookies for analytical purposes, but not for advertising. Once that’s the case, Google Analytics will adjust data collection and further processing in line with the consent settings.
Consent mode V2 comes as an update to Google's consent mode. It complies with the GDPR data privacy regulations applied in Europe and will help website owners manage user consent settings for data tracking and ad cookies.
The new version of Consent mode V2 entails the mandatory transfer of parameters:
🔴 For web platforms, these are ad_personalization and ad_user_data
🔴 For Apps, these are ad_personalization_signals and ad_user_data.
🔴 (EU) not configured - no consent mode: consent mode V2 is not implemented on the page at all (the above-mentioned user consent parameters are not passed and/or the cookie banner is not configured). User data will not be collected, i.e. it will be sent to the traffic source 'not set.'
🔴 Baseline consent mode: consent mode is implemented, but data is collected only under a user’s consent. However, when there’s no consent from a user, no data is transmitted to Google - not even the consent status. The launch of Google tags is completely blocked.
🔴 Advanced consent mode: consent mode is implemented, and user data is collected regardless of whether users grant consent or not. However, once a user refuses to grant consent to process their data, Google tags will collect information about the user as pings without cookies.
The baseline version is set up as follows:
GA4, Google Ads, and other ad systems will process user data regarding those visitors who agreed to be tracked.
The extended version of Consent Mode V2 will transfer the data about the visitors who refused to be tracked to GA4 and Google Ads using "pings without cookies". Without an update to Consent mode V2 or without user consent to data processing, the following GA4 and Google Ads features will be unavailable:
🔴 Personal data collection for online ad
🔴 User_id
🔴 Enhanced conversions
🔴 Data receipts by Google Ads, Display & Video 360, and Search Ads 360
🔴 Personalized ads in Google advertising products.
To remarket to audiences and track user activity, it is important to update the SDK or implement the advanced consent mode on the website by March 2024.
For further information on user consent settings and their descriptions, please follow the link.
Some users will probably refuse to collect data, so you won't be able to track their activity on the site. In this case, Google suggests using the Behavioral Modeling Tool for Consent Mode V2.
It applies machine learning and models user behavior who have refused cookies based on the data about similar users who accept analytical cookies. For example, it evaluates data based on user and session metrics such as daily user activity and conversion rates.
To use the Behavioral Modeling Tool, your Google Analytics (GA4) account should comply with the following requirements:
Behavioral Modeling starts collecting data after all these conditions are met. It may take 7 - 28 days to train the modeling, however, it’s possible that even additional data will not be enough for training.
Along with new GDPR restrictions and requirements for data collection, there have been updates to the Google Chrome browser.
From now on, users will block cookies at the browser level. That is, users who do not want to share their data may refuse once, and then Google Chrome will automatically block their cookies whenever they transfer to third-party websites.
Beta version of the updated Google Chrome browser is already available with the ability to refuse cookies at the browser level. Therefore, we advise to set up a cookie banner on the website to ask users about their decision to transfer data for processing.
However, there is an exception: when a website does not work without third-party cookies in which case a user should provide consent to data transfer to access the content on the website. In this case, Chrome notices that the page has been refreshed several times and prompts a user to temporarily enable third-party cookies for the current site. A user may use an "eye" icon on the right side of the address bar.
Install the ‘Consent banner’ on your website or application using the Consent Management Platform (CMP). You may alternatively come up with your solution, in which case you’ll first have to integrate with the Google Consent API.
Having received a response to the Consent banner from the user (confirmation or refusal to transfer personal data), you need to transfer this information to Google.
To quickly implement the Consent banner, you may use Cookie bots, however, most of these services require a subscription fee.
🔴 For websites: implement advanced consent mode V2.
🔴 For applications: update the SDK to the latest version of consent Mode V2.
Set up a banner cookie: either via a banner cookie service or with your development.
Configure the transfer of ad_persinalization, ad_user_data parameters to analytics:
Check the transfer of user consent parameters to Google Analytics.
Configure banner cookies. Optionally, user parameters: ad_persinalization and ad user_data will be automatically recorded when the browser is updated.
Configure the processing of ad_persinalization, ad_user_data parameters in Google Analytics:
Check the transfer of user consent parameters to analytics.
You may set up Consent mode V2 with Google Tag Manager or with the help of developers by implementing the code on your website. Regardless of the chosen method, user consent parameters should be uploaded to:
🔴 Google analytics code
🔴 Tag Manager
🔴 Google Ads.
Consent Mode V2 updates will apply to the companies that use personal data of the EU residents. To avoid any road bumps underway, they must be implemented on the site through GTM or with the help of developers.
For the projects that use paid channels and remarketing campaigns, it is necessary to change the settings to track user preferences on the website. This functionality is pivotal for all future uses.
Google data collection updates will adversely affect the number of conversions and traffic volume in all channels except Google Ads and Organic since this is the channel where Behavioral Modeling is used to compensate for the lost data.
Implementation through a cookie bot will not take long. You need to pay for the service, take the script, and put it on your website, preferably with the help of developers. Further, you should configure Google services in line with the requirements for Consent mode V2.
If you do it yourself without third-party services, the developer's work may take longer because your banner should meet GDPR marketing consent
requirements.
Some websites will use cookie banners that won’t allow refusing data transfer. The problem is that these banners violate GDPR and user rights. Therefore, if the verification service or the user notices that you do not give them the choice to refuse data transfer, you may be fined. So far, this requirement applies to websites and users located in the EU zone only.
The violation of the Regulation is punishable by fines of up to 20 m. Euros, the amount depends on which GDPR Article applies.
If the company's capital is more than 500 m. Euros, the maximum fine is calculated as a percentage of the global turnover for the previous year: from 2% to 4%. Supervisory authorities are entitled to impose administrative fines on both controllers and data processors. Fines are levied instead of or along with other measures imposed by the supervisory authorities.
Top 6 fines recorded during the Regulation's validity
🔴 H&M
🔴 TIM
🔴 British Airways
🔴 Marriott International, Inc.
🔴 Amazon.
That is why GDPR compliance is much more secure for businesses than facing potential fines. Supervisory authorities detect violations based on the complaints of dissatisfied customers, media, bloggers, former employees, etc. Hence, privacy becomes a crucial marketing indicator for startup brands and to attract customers.
Putting your systems in order and setting up all processes is an inevitable challenge every business will face.
The total number of users, sessions, conversions, and events will not change. The new rules will only affect user parameters like
🔴 Geo
🔴 Device
🔴 Channel
🔴 Campaign.
Along with Google Analytics, the Google Chrome update applies to all analytics programs. It means that you cannot circumvent the innovations by using another analytics service. On the contrary, with the new changes, it is better to switch to Google Analytics as it is a Google product that better integrates with other programs and has additional Behavioral Modeling capabilities.
If there is no ‘Yes’ or ‘No’ answer from the user, you have no right to track their data. Some banners have an option to close it with a ‘cross’ mark - if the user does this, it counts as a rejection. Therefore, your task is to help users take action on your website or make an informed decision.
You may also like
Choose quality and trusted services to improve the presence of your company on the Internet, and feel free to contact our UK team if you have any questions.
In-App Events are available to users directly in the App Store in the form of an event card that includes a visual, the name of the event, and a description.
We at Promodo are ready to help you improve your performance across all digital marketing channels.
Get started