Important notice: Beware of fake recruiters and scammers who misuse Promodo's logo and company name. Learn more in our LinkedIn post!

GDPR and CCPA: Google's Consent Mode V2 and Data Privacy Updates

Analytics
April 16, 2024
15 mins
Content

In March 2024, Google updated user data requirements for users residing in the EU. To continue using personal data for ads’ customization and remarketing, businesses should switch to the updated version of user consent: Consent Mode V2. Otherwise, you will lose access to ad personalization options, while some GA4 and Google Ads’ features will be limited.

The issue may sound alarming, though calm down. Take the new consent format as an update to the old rules. Its sole purpose is to solidify user data protection.

In this article, Promodo marketers explain the regulations of the consent mode, Google’s update, and the way to set up Consent mode V2 for proper business performance.

GDPR and CCPA: Legal Protection of User Data

User security on the Internet is subject to legal regulations. The first and the oldest is the EU’s ePrivacy Directive of 2002. In 2018 the EU introduced the General Data Protection Regulation (GDPR). It is currently the most comprehensive personal data protection regulation applied in the EU and the European Economic Area (EEA).

The rules of GDPR marketing apply to any organization that processes personal data of EU residents. These are detailed requirements for the data that can be collected, special conditions, and a type of user consent. Failing to comply with GDPR, a company risks getting a solid fine from the EU and a permanent block from Google.

The US citizens, namely the residents of California, are subjected to a separate regulation, the California Consumer Privacy Act (CCPA). It is less prescriptive and applies only to companies with annual revenue exceeding $25 m. or serve more than 50,000 users in California.

Useful links:

The GDPR and its impact on interaction with Google

EU User Consent Policy

Adapt to privacy and regulatory changes with consent mode

European regulations overview and guidance

Data Collection Limitations Implied by Google

Since March 2024, the default value for user consent will be “consent denied.” This means you should obtain user consent to transfer data to Google Ads and Google Analytics and customize targeted advertising.

New data collection restrictions apply to:

🔴 Websites (tags that send data to Google)

🔴 Applications (SDKs that send data to Google)

🔴 Data uploads (tools for uploading data from non-Google sources, such as importing offline conversions or in-store sales).

To continue using metrics, ad customization and remarketing functions, you should obtain consent to use personal data from the end-users residing in the European Economic Area (EEA) and exchange consent signals with Google.

Consent signals are indicators received by Google Analytics from a user or a consent management platform to inform Google about a user's consent. These signals control the ability of Google Analytics to collect data, what type of data can be collected, and for what purposes.

A user may agree to use cookies for analytical purposes, but not for advertising. Once that’s the case, Google Analytics will adjust data collection and further processing in line with the consent settings.

Consent Mode V2: Google’s Update

Consent mode V2 comes as an update to Google's consent mode. It complies with the GDPR data privacy regulations applied in Europe and will help website owners manage user consent settings for data tracking and ad cookies.

The new version of Consent mode V2 entails the mandatory transfer of parameters:

🔴 For web platforms, these are ad_personalization and ad_user_data

🔴 For Apps, these are ad_personalization_signals and ad_user_data.

Consent Mode V2 Personalization Options:

🔴 (EU) not configured - no consent mode: consent mode V2 is not implemented on the page at all (the above-mentioned user consent parameters are not passed and/or the cookie banner is not configured). User data will not be collected, i.e. it will be sent to the traffic source 'not set.'

🔴 Baseline consent mode: consent mode is implemented, but data is collected only under a user’s consent. However, when there’s no consent from a user, no data is transmitted to Google - not even the consent status. The launch of Google tags is completely blocked.

🔴 Advanced consent mode: consent mode is implemented, and user data is collected regardless of whether users grant consent or not. However, once a user refuses to grant consent to process their data, Google tags will collect information about the user as pings without cookies.

Baseline and Advanced Consent Mode 

The baseline version is set up as follows:

  • Users visit your website.
  • Some refuse to be tracked, whereas others agree.

GA4, Google Ads, and other ad systems will process user data regarding those visitors who agreed to be tracked.

The extended version of Consent Mode V2 will transfer the data about the visitors who refused to be tracked to GA4 and Google Ads using "pings without cookies". Without an update to Consent mode V2 or without user consent to data processing, the following GA4 and Google Ads features will be unavailable:

🔴 Personal data collection for online ad

🔴 User_id

🔴 Enhanced conversions

🔴 Data receipts by Google Ads, Display & Video 360, and Search Ads 360

🔴 Personalized ads in Google advertising products.

To remarket to audiences and track user activity, it is important to update the SDK or implement the advanced consent mode on the website by March 2024.

For further information on user consent settings and their descriptions, please follow the link.

Google's Updates

Some users will probably refuse to collect data, so you won't be able to track their activity on the site. In this case, Google suggests using the Behavioral Modeling Tool for Consent Mode V2.

It applies machine learning and models user behavior who have refused cookies based on the data about similar users who accept analytical cookies. For example, it evaluates data based on user and session metrics such as daily user activity and conversion rates.

To use the Behavioral Modeling Tool, your Google Analytics (GA4) account should comply with the following requirements:

  • Consent mode is enabled on all pages of your websites or all screens of your apps
  • Google Analytics, Google Ads, Meta, etc. tags should be loaded before the consent dialog box appears. If a user does not accept the consent, the mandatory user parameters (described above) will pass the default value (when Consent mode V2 is released, the default status will be denied)
  • The above tags should be loaded whenever a user responds to the consent banner. In this case, user actions will be collected though not personalized
  • GA4 collects at least 1000 events per day with ‘analytics_storage='denied' for 7 days
  • GA has at least 1000 users daily sending events with ‘analytics_storage='granted' for 7 days from the last 28.

Behavioral Modeling starts collecting data after all these conditions are met. It may take 7 - 28 days to train the modeling, however, it’s possible that even additional data will not be enough for training.

Alterations in Google Chrome Browser

Along with new GDPR restrictions and requirements for data collection, there have been updates to the Google Chrome browser. 

From now on, users will block cookies at the browser level. That is, users who do not want to share their data may refuse once, and then Google Chrome will automatically block their cookies whenever they transfer to third-party websites.

Beta version of the updated Google Chrome browser is already available with the ability to refuse cookies at the browser level. Therefore, we advise to set up a cookie banner on the website to ask users about their decision to transfer data for processing.

However, there is an exception: when a website does not work without third-party cookies in which case a user should provide consent to data transfer to access the content on the website. In this case, Chrome notices that the page has been refreshed several times and prompts a user to temporarily enable third-party cookies for the current site. A user may use an "eye" icon on the right side of the address bar.

How to Implement the New GDPR Requirements on your Website

Install the ‘Consent banner’ on your website or application using the Consent Management Platform (CMP). You may alternatively come up with your solution, in which case you’ll first have to integrate with the Google Consent API.

Having received a response to the Consent banner from the user (confirmation or refusal to transfer personal data), you need to transfer this information to Google.

To quickly implement the Consent banner, you may use Cookie bots, however, most of these services require a subscription fee.

🔴 For websites: implement advanced consent mode V2.

🔴 For applications: update the SDK to the latest version of consent Mode V2.

Once You Operate Within the EU Zone:

Set up a banner cookie: either via a banner cookie service or with your development.

Configure the transfer of ad_persinalization, ad_user_data parameters to analytics:

  • using Google Tag Manager (Documentation)
  • with the help of developers through the front end (Documentation)

Check the transfer of user consent parameters to Google Analytics.

Once You Operate Outside the EU:

‍Configure banner cookies. Optionally, user parameters: ad_persinalization and ad user_data will be automatically recorded when the browser is updated.

Configure the processing of ad_persinalization, ad_user_data parameters in Google Analytics:

  • using Google Tag Manager (Documentation)
  • with the help of developers through the front end (Documentation)

Check the transfer of user consent parameters to analytics.

You may set up Consent mode V2 with Google Tag Manager or with the help of developers by implementing the code on your website. Regardless of the chosen method, user consent parameters should be uploaded to: 

🔴 Google analytics code

🔴 Tag Manager

🔴 Google Ads.

Major Takeaways

Consent Mode V2 updates will apply to the companies that use personal data of the EU residents. To avoid any road bumps underway, they must be implemented on the site through GTM or with the help of developers.

For the projects that use paid channels and remarketing campaigns, it is necessary to change the settings to track user preferences on the website. This functionality is pivotal for all future uses.

Google data collection updates will adversely affect the number of conversions and traffic volume in all channels except Google Ads and Organic since this is the channel where Behavioral Modeling is used to compensate for the lost data.

Frequently Asked Questions

How Long Will It Take to Set up Consent Mode V2?

Implementation through a cookie bot will not take long. You need to pay for the service, take the script, and put it on your website, preferably with the help of developers. Further, you should configure Google services in line with the requirements for Consent mode V2.

If you do it yourself without third-party services, the developer's work may take longer because your banner should meet GDPR marketing consent

requirements.

May I Use "Yes-agree-only” Banners?

Some websites will use cookie banners that won’t allow refusing data transfer. The problem is that these banners violate GDPR and user rights. Therefore, if the verification service or the user notices that you do not give them the choice to refuse data transfer, you may be fined. So far, this requirement applies to websites and users located in the EU zone only. 

The violation of the Regulation is punishable by fines of up to 20 m. Euros, the amount depends on which GDPR Article applies. 

If the company's capital is more than 500 m. Euros, the maximum fine is calculated as a percentage of the global turnover for the previous year: from 2% to 4%. Supervisory authorities are entitled to impose administrative fines on both controllers and data processors. Fines are levied instead of or along with other measures imposed by the supervisory authorities.

Top 6 fines recorded during the Regulation's validity

🔴 Google

🔴 H&M

🔴 TIM

🔴 British Airways

🔴 Marriott International, Inc.

🔴 Amazon. 

That is why GDPR compliance is much more secure for businesses than facing potential fines. Supervisory authorities detect violations based on the complaints of dissatisfied customers, media, bloggers, former employees, etc. Hence, privacy becomes a crucial marketing indicator for startup brands and to attract customers. 

Putting your systems in order and setting up all processes is an inevitable challenge every business will face.

How Will Data Transmission Updates Affect GA4 Performance?

The total number of users, sessions, conversions, and events will not change. The new rules will only affect user parameters like 

🔴 Geo

🔴 Device

🔴 Channel

🔴 Campaign.

Will New GDPR Rules Apply to Other Analytics Systems?

Along with Google Analytics, the Google Chrome update applies to all analytics programs. It means that you cannot circumvent the innovations by using another analytics service. On the contrary, with the new changes, it is better to switch to Google Analytics as it is a Google product that better integrates with other programs and has additional Behavioral Modeling capabilities.

What Would Happen if a User Disagreed or Refused to Transfer the Data, and Closed the Banner instead?

If there is no ‘Yes’ or ‘No’ answer from the user, you have no right to track their data. Some banners have an option to close it with a ‘cross’ mark - if the user does this, it counts as a rejection. Therefore, your task is to help users take action on your website or make an informed decision.

Need Help With Google Analytics?
Let's Discuss Your Project!

Written by
Dayana Danyliuk

Journalist at Promodo


For over 4 years, I have been working as a journalist in the communications and marketing industry. I help brands communicate effectively through written content, engage with market experts, and create professional materials on topics related to business and marketing, sharing insights on working with marketing tools.

Published:
April 16, 2024
Updated:
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
Subscribe to our newsletter
This is some text inside of a div block.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
List of the US Trust worthy Automotive Forums
DOWNLOAD

You may also like

Check our similar articles

Choose quality and trusted services to improve the presence of your company on the Internet, and feel free to contact our UK team if you have any questions.

All categories
Digital Marketing
What is Closed-Loop Marketing?

In this article, we'll take a look at what closed-loop marketing is, what its benefits are, and how to implement it in practice to achieve the best results.

December 20, 2024
10 mins
SEO
How to Write Shopify SEO Product Descriptions That Drive Traffic and Sales

If your products aren’t showing up at the top of search results, no one will click on them.

December 19, 2024
8 min
Boost your effectiveness

We at Promodo are ready to help you improve your performance across all digital marketing channels.

Get started
Contact us
Get a free strategy session

Let us look at your business challenge from a different angle and share our ideas.

Valid number
Send message

By clicking on “Send message” button, you agree to our Privacy Policy, and allow Promodo to use this information for marketing purposes.

Please check your inbox for a new email containing a list of reputable automotive forums.
Got it
Oops! Something went wrong while submitting the form.