Google Consent Mode v2: what it actually does and why you need it
Google Consent Mode v2 became mandatory in March 2024 for anyone serving ads or analytics to EEA users. If you are still on v1, or not using it at all, Google is modeling your missing data and you have no say in how.
What Consent Mode actually does
When a visitor lands on your site, Consent Mode sends four signals to Google before any tags fire:
| Signal | What it controls |
|---|---|
ad_storage | Can Google drop advertising cookies? |
analytics_storage | Can Google drop analytics cookies? |
ad_user_data | Can Google use user data for ads? |
ad_personalization | Can Google personalize ads? |
If the visitor says no, Google does not get the cookie. Instead, it uses conversion modeling: statistical guesswork based on users who did consent.
v1 vs v2
v1 only sent two signals (ad_storage and analytics_storage). v2 adds ad_user_data and ad_personalization.
More importantly, v2 requires that you send these signals on every page load, before any Google tags fire. If you do not, Google assumes consent and drops cookies. That is a GDPR violation.
What happens if you ignore it
If you have not implemented Consent Mode v2 by the deadline (already past), Google will still serve your tags, but it will not have consent signals. It will treat every visitor as if they consented. For EEA traffic, that means you are tracking without consent.
Google’s own documentation is diplomatic about this. Regulators are not.
How Zest handles it
Zest pushes all four Consent Mode v2 signals automatically. If you are using the default configuration, it just works. The gtag default is set to denied, and Zest updates it to granted only when the visitor explicitly consents. No extra config, no separate script.
Check your own site
Open your site in an incognito window. Before accepting cookies, open DevTools → Application → Cookies. If you see _ga or _gcl_* cookies before you have consented, your Consent Mode is broken. Fix it.
—
May the source be with you.
Alex @ FreshJuice