Table of contents

Consent Mode V2 and Server Side Tagging: learn how to set it up and prevent data loss

consent-mode-v2-server-side-tracking

Online privacy requirements have intensified in recent years. One of the measures that has been in place for several years is the cookie banner. Website users must consciously consent to different types of cookies. In particular, as a marketer, you want to be able to use as much data as possible from analytical and marketing cookies. However, you also want to comply with the AVG. To help you align cookie behavior with consent levels, Google has introduced Consent Mode.

Consent Mode helps you customize tag behavior based on the website user's needs. However, it is so far only available in the web container. So can't you use this in the server container? Yes, but you have to set it up yourself. In this blog, we will explain to you step by step how to do this.

afIn this blog, we use Cookiebot (Cookie Consent Management System) as an example.

What types of cookies are there?

Cookies are used for many different applications. Roughly we can distinguish 4:

  1. Necessary cookies: These cookies are essential to the functioning of a website. For example, they enable users to log in to a secure area of the site or add items to a shopping cart when shopping online.
  2. Preferences: These cookies enable a website to remember choices users make (such as language preferences or custom settings) and provide enhanced and personalized features. They can also be used, for example, to play videos or display social media buttons.
  3. Analytical cookies: These cookies collect information about how users use a website, such as which pages are most visited or any error messages they receive. This data is used to improve the performance and functionality of the website.
  4. Marketing cookies: These cookies are used to display advertisements that are relevant to the user. They may collect information about a user's browsing history and share this information with third parties, such as advertisers.

Thus, the use of cookies may be necessary for the functioning of the website, but it may also serve the purpose of learning more about users or using them for its own marketing campaigns.

For more explanation, check out our blog on the difference between first party and third party cookies.

Privacy regulations such as the AVG require users to have a choice about which cookies they do/don't want to accept.

cookie-bot-banner

Google Consent Mode V2 is an advanced version of Google's framework for managing user permissions on Web sites, especially in light of stricter privacy laws. This update is critical for Web site owners and marketers using Google's advertising and analytics products. Here is a general explanation:

Background and Need for Update

The rise of privacy laws and the demise of third-party cookies and mobile identifiers has led to the need for a more sophisticated approach to permission management. Google Consent Mode v2 comes in response to this changing digital landscape.

Key Features

This new version introduces two additional permission states: 'ad_user_data' and 'ad_personalization'.

ad_user_data: Gives permission to send user data to Google for advertising purposes. Users must explicitly consent via a cookie consent banner.

ad_personalization: This manages the use of data for personalized ads, such as remarketing. Again, explicit user consent is required.

Comparison with Previous Version

Unlike the original Google Consent Mode, which focused primarily on data collection, v2 goes a step further by regulating how this data is used and shared.

Implementation

Effective implementation of Google Consent Mode v2 requires updating the GTM (Google Tag Manager) CookieScript template. This ensures that the website functions correctly under the new permission rules.

User impact

Companies that want to continue using Google ad products must switch to Google Consent Mode v2 by March 2024. Failure to do so could lead to limitations in online marketing and user engagement opportunities.

Model Types

Google offers two deployment models - basic and advanced. These should be chosen based on legal requirements and desired results. Both models support conversion modeling within Google Ads.

For a smooth transition to Google Consent Mode v2, it is recommended to use a Google-certified CMP. These platforms help manage cookie banners and respect users' consent preferences. We use Cookiebot as our CMP in this example.

1. Behind the Cookie Banner: Consent Mode is more than just a cookie banner, it is a system that enables data modeling. But to model data, data is needed. With the phasing out of third-party cookies, server-side tracking becomes essential for collecting this data, transforming third-party cookies into first-party cookies.

2. More Relevant Data: The combination of server-side tracking and consent mode allows you to collect more relevant data, resulting in more accurate data analysis. This is crucial for companies striving for data-driven decisions.

3. Privacy Compliance: This combination enables compliance with strict privacy laws while collecting valuable data. Consent Mode gives users control over their data, while Server side tracking ensures continuity of data collection.

Conclusion: Consent Mode and Server Side Tracking are a powerful duo. They not only ensure privacy law compliance, but also improve the quality of the data collected.

Below we explain the core aspects and operation of Consent Mode V2 in Google Ads. One of the key features of Consent Mode v2 is the ability to send certain non-personal data to Google for conversion modeling. These cookie-free pings include non-identifiable signals such as:

  • Device type
  • Type of conversion
  • Country
  • Time of day
  • Browser Type

This information is important for triggering Google Ads algorithm for conversion modeling.

You have a daily ad click threshold of 700 ad clicks over a 7 day period, per country and domain grouping. This is needed for the consent mode algorithm to start learning the learning period." (Source: Google Ads)

Once this threshold is met, cookie-free pings become active. This means that even if users do not consent to cookies, Google Ads still receives certain non-identifiable data. This data allows Google to create conversion models based on historical data.

consent-mode-conversion-modeling-google-ads

In addition, Consent Mode v2 facilitates remarketing activities without the use of cookies. This is an important development in online advertising, as it allows advertisers to remain effective in their campaigns while respecting users' privacy.

Now that you know what Consent Mode V2 is and what its benefits are we're going to set it up. Asking the user to agree to cookies is relatively easy. There are dozens of software/plugin solutions you can use for this. Google has a list of certified Consent Management Platforms (CMPs) that meet the new requirements for showing ads in the EEA and the UK.

However, it becomes more complex when you need to match the behavior of the cookie banner with the actual firing of tags & cookies in Google Tag Manager.

To make this easier, Google has developed Consent Mode. Consent Mode specifically helps you with analytics and marketing cookies. It adjusts the behavior of cookie settings based on user preferences so that only user-approved tags are activated. This provides a more transparent and auditable way to respect user privacy while extracting valuable insights from your data.

Tip: Go to the TAGGRS Template Gallery and get access to the Consent Mode V2 GTM Template.

consent-mode-v2-template-taggrs-gallery

To implement Consent Mode in the server container, you must first apply it in the Web container. Below is an explanation:

1. Container settings (Web Container).

Within your web container (client-side), go to Admin → Container settings and under Additional settings, click Enable consent overview. Then save the container.

2. Cookiebot CMP Tag Creation (Web Container).

Next, we need to create a tag. Within your workspace, click Tags and click New. Next, give the tag a name such as: Cookiebot CMP - All pages.

3. Cookiebot CMP Tag configuration (Web Container).

First, click on Tag Configuration. Under Choose tag type, click Discover more tag types in the Community Template Gallery. In the templategallery, search for Cookiebot and select: Cookiebot CMP.

4. Cookiebot CMP Tag Setting (Web Container).

Next, you need to enter your Cookiebot ID. You can find this within your Cookiebot account by selecting your domaingroup and then clicking on Your script. Here you will see Domain Group ID. You then enter this within Google Tag Manager.

5. Cookiebot CMP Trigger Setup (Web Container).

Next, you need to set up your trigger. Click on Triggering and here choose Initialization - All Pages. Next, save the tag.

In most situations, there is no need to make additional adjustments for tags such as Google Analytics, Google Ads and the Conversion Linker. In fact, these have built-in permission controls of their own. Just remember to check this within the CMP documentation.

In some situations, though, there is a need for additional customization, such as with the Facebook Pixel. For this, you need to create a custom event and add it to the tag. We explain this in the next step.

6. Create Trigger (Web Container).

Go to Triggers and click New.

7. Set Created Trigger (Web Container).

Click Trigger Configuration and choose Custom event here. Then enter cookie_consent_update as the Event name. Under This trigger fires on, make sure All Custom Events is checked. Next, save the trigger.

8. Customize Trigger of Tag (Web Container).

Next, go to the Tag requiring additional adjustments, in this case the Facebook Pixel. Click on this tag and replace the Trigger with cookie_consent_update (the trigger you just created). This replaces the all pages trigger.

9. Marketing cookies

On the TAGGRS website, you can choose which cookies you accept and which you do not. You can choose Marketing / Preferences / Statistics (Necessary required). We now need to make sure that these different levels of consent are forwarded. This means that if someone does not accept marketing, Google Tag Manager preferences / statistics will still send data. If you don't, for example with ad_storage, data is only forwarded when the marketing cookies are accepted.

For Consent Mode v2, ad_user_data and ad_personalization have been added. The Cookiebot - Consent variable only reads out the categories from Cookiebot (marketing, preferences & statistics). As a result, these two variables cannot be read out.

Cookiebot maps its own categories to the types according to consent mode as follows. Basically, the new types are read but fall under the marketing category.

  • ad_storage = Marketing
  • analytics_storage = Analytics
  • functionality_storage = Preferences
  • personalization_storage = Preferences
  • security_storage = Default granted
  • ad_user_data = Marketing
  • ad_personalization = Marketing

The above types can also be read instead of Cookiebot's categories. For this I created a new container, see attachment.

This container contains a template variable Consent State. This reads the status of the cookie storage and returns"denied" or"granted". A separate variable must be created for each type. These can then be added as parameters to the Google Tag.

10. Upload new template (Web Container).

To choose the Consent State by state, we need to upload a Template. Go to Templates and click on New.

create-new-template-gtm-web-container

When you are in the Template Editor click on the 3 dots at the top right and click import.

template-editor-gtm-webcontainer-import-template

Next, add the Consent State Template via Github by clicking on Code and Download ZIP. Import and then choose Save to save the template.

download-taggrs-consent-state-template-from-github

We are now going to create a separate variable for each consent type you have. Go to Variables and click on New. We are going to do Ad Personalization as the first level of consent. Give the Variable a name like Consent State - Ad Personalization.

create-new-variable-consent-state-webcontainer.

As variable type, we choose Consent State (Template you just uploaded) . Next, under Consent Type here, choose the type it is about, in this case ad_personalization. Then click on Save.

create-consent-state-ad-personalization-state-web-container

Then do this for each Consent State.

create-variable-for-every-consent-state-consent-mode-v2

13. Create Event Settings Variables (Web Container).

Now that the Variables per consent have been created we are going to combine them into one Variable. Click new again to create a new variable. Give the Variable a name, Google tag - Event settings. Then choose as Variable Type: Google Tag: Event settings. Next, add all Consent Statuses under Event Parameters.

google tag-event-settings-variables

14. Google Tag - Add Event settings Variables (Web Container)

Now that this Variable is created we are going to add it to the Google Tag. This will send the data to the server container per consent level. Go to the Google Tag and then add the Google Tag: Event settings Variable under Event Settings Variable.

add-google-tag-event-settings-to-google-tag-webcontainer

Do you still have tags sent from the Web container data to third-party companies? If so, follow the next steps as well. This happens when, for example, you have both the FB Pixel and the Facebook Conversion API running for Facebook. Then you are still sending data from the web container to Facebook using the Pixel.

In many platforms there is built-in consent, as for example in Google Analytics. But this is not the case in all platforms, you can check this by going to Tags and clicking on the shield icon.

go-to-consent-overview-google-tag-manager

Under Built-in consent, you will see the Tags that have built-in consent. Some tags do not have this set, such as the Facebook Pixel. You need to add additional consent to these tags. You must do this within your tag.

consent-overview-settings-gtm

set-up-consent-settings-on-facebook-pixel-tag-gtm

Go to the tag where you want to add additional consent and check Require additional consent for tag to fire under Consent settings. The most commonly used (and often the only ones you need) are ad_storage and analytics_storage. You choose ad_storage when it comes to tags that deal with tracking such as ads (ads) and you choose analytics_storage when it comes to tracking statistics, such as google analytics. In the case of the Facebook Pixel, we choose ad_storage.

Once you've created the Cookiebot Tag in Google Tag Manager, you still need to add a script to your website for Consent Mode to work properly. How to do this? Check out this blog.

We are going to manually add Consent Mode in server container. For this we use the different variables including the new V2 consent states. We will send these along with the Google Tag to the server container and in the server container we will use variables added to triggers to ensure that tags are sent at the correct consent level.

Note! For all Google products (Google Ads, GA4 Etc. ) you don't need to add any additional settings in the Server Container. So you only need to set up the Google products in the web container.

The permission banner collects user choices and sends them to the server via the Google tag and permission parameters in an HTTP request, then Google product tags adjust the data types and amounts sent based on user preferences.

consent-v2-server-google-ads

For all other platforms such as Facebook, you can follow the following steps.

The data enters the server container from the web container by creating new variables. You need to do this for the consent states how they are sent to the server container.

We show this in an example for the consent state: ad_personalization.

Go to the server container and create a new variable. Name it Consent State - Ad Personalization. Choose Event Data as Variable Configuration. Then enter ad_personalization as Key Path because that is how it is sent from the web container to the server container. Next, click Save.

create consent state variable Consent State - Ad Personalization - server container consent mode v2

You can add Consent States variables to the tag you need. To use Certain tags, it is important that marketing has been accepted by the user. If this is not the case, the tag should not be activated.

You can do this by adding the Consent State - Marketing to the appropriate Tag. Adding the newly created variable as a condition to the trigger will fire the Facebook Conversion API only when marketing cookies are accepted by the user. You can do that by doing the following:

This tells you that the Tag may be fired only when consent has been given for marketing cookies. This is consistent with enforcement of the Digital Markets Act (DMA).

You can then add these back to your tags. You do this again on the basis that if certain consent states are not checked then you are not allowed to fire the tags.

Note! So you need to create different GA4 Client Triggers for the different consent states.

Now comes the tricky part. You have to determine for each event under which consent it falls. As mentioned before, in the Server Container for Google products you don't need to do any additional settings in the server container. For example, a Purchase in GA4 falls under statistics because you use it for statistics and not for marketing purposes. So then you have to make sure that the purchase trigger is set so that the statistics cookies are accepted by the visitor .

How to move forward?

Consent Mode is a good initiative by Google to make compliance with privacy guidelines more accessible. It helps marketers and developers comply more easily. However, as we move away from browser tracking and increasingly use Server Side Tracking, it is important to also build a built-in Consent Mode into the server container.

For now, using this blog, you will have to set it up yourself. Our expectation is that Google will come up with a server side solution in the foreseeable future. However, it is currently impossible to predict when this will be. Need help or want to check the setup? If so, please contact us.

Why Should I Implement Google Consent Mode v2 for Improved Online Marketing?

To remain competitive in digital advertising within Europe, it is essential to adopt Google Consent Mode v2. This update, effective from March 2024 in line with the Digital Markets Act (DMA), is important for GDPR compliance and access to the European market. Google products such as Google Ads are integral to advertising strategies and user engagement; non-compliance could mean losing a significant European user base.

What is the Deadline for Implementing Google Consent Mode v2?

The transition to Google Consent Mode v2 must be completed by March 2024. This is in line with enforcement of the Digital Markets Act (DMA), a crucial step in data protection and user privacy within the European Economic Area (EEA). Failure to comply will restrict access to Google's advertising tools, affecting remarketing and user acquisition from Europe.

What Happens If a Website Has Not Implemented Consent Mode?

Neglecting to implement Google Consent Mode v2 before March 2024 will result in the restriction to use some Google Advertisement products, impacting remarketing capabilities in Google Ads, Floodlight, and Display. This could significantly reduce website performance analysis and ad campaign effectiveness.

What is the Role of the Two New Parameters of Google Consent Mode v2?

The introduction of ad_user_data and ad_personalization in Google Consent Mode V2 represents a significant step forward in user privacy and ad customization. These parameters manage user consent regarding data use for advertising and personalized marketing.

What is the Difference between Basic and Advanced Consent Mode?

The advanced Consent Mode in Google Consent Mode v2 enables initial cookie-less data collection focused on user privacy while still collecting essential insights. Unlike the basic consent mode, it completely forgoes collecting user data until consent is granted. Both modes offer different approaches for data protection and ad efficiency.

Does the deadline of setting Consent Mode V2 for March apply only to Europe?

Compliance with the March 2024 deadline specifically targets organizations operating in or offering services to users in Europe.

Is Consent Mode just for Google Tag Manager?

Consent Mode is not a function of Google Tag Manager. It is a function of the overall Google Tag ecosystem and is managed by the Google Tag library. Google Tag Manager provides tools and utilities that make it easy to interact with Consent Mode, but it does nothing more than what Consent Mode already naturally does.

For which tags is the Consent Mode relevant?

Consent Mode is generally focused on tags within the Google universe, such as Google Analytics, Google Ads and Floodlight, as well as conversion linker type tags. Other tags could theoretically also be managed with Google's additional general flags for "personalization, security and functionality. There is an important difference, however: these settings are for tag display only and do not affect behavior, as with Google Tags regarding the use of cookies. An exception to this rule is Microsoft Ads, which also has a permission mode, but it must be initialized and used in a similar way, does not live in the dataLayer and is completely independent of the Google Consent Mode.

What should I do if my CMP does not support the new consent modes?

If you are using a CMP (Consent Management Platform) that does not support permission mode, you can include initialization in your own configuration. This initialization can be added via JavaScript directly on the page or as an HTML tag via the Tag Manager. If you use Google Tag Manager (GTM), you can also do this using Simo Ahava's tag template. As an HTML tag, executed as early as possible when permission is granted (possibly as a setup tag for Google tag or Google Ads conversions, etc.), it can look like this when manually configured:

<script> 

venster.dataLayer = venster.dataLayer || []; 

function gtag(){dataLayer.push(argumenten);} 

gtag('toestemming', 'default', { 

'ad_storage': 'toegekend', 

'analytics_storage': 'toegekend', 

'ad_user_data': 'toegekend', 

'ad_personalization ': 'toegekend', 

'wait_for_update': 500 

}); 

</script>
About the author

Recently published

magnifiercrossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram