Implementing Google Consent Mode
What is Google Consent Mode?
Google Consent Mode allows you to configure how Google tags behave based on the consent users choose to provide or withhold through . The feature indicates whether consent has been granted for analytics and/or ads cookies, which allows Google's tags to dynamically adapt by only utilizing cookies for the specified purposes or cookie categories.
Note
Google Consent Mode is an alternative to script blocking.
Google Products that support Google Consent Mode include the following:
Consent Mode V2 Updates
The European Commission announced that Google has been designated as a gatekeeper under the Digital Markets Act (DMA). The DMA is a new piece of legislation designed to harmonize platform regulation across the EU and ensure fair and open digital markets. To keep using measurement, ad personalization, and remarketing features, you must collect consent for use of personal data from end users based in the EEA and share consent signals with Google. To support you with collecting granular user consent, Google has updated the consent mode API to include two additional parameters:
See Implementing Google Consent Mode with OneTrust Cookie Consent to see how you can ensure the V2 updates are added to your OneTrust implementation.
Note
You must implement the 202311.1.0 script version or newer to support the new parameters.
Google Consent Storage Types
Google Consent Storage Types are as follows:
-
ad_storage
-
analytics_storage
-
functionality_storage
-
personalization_storage
-
security_storage
-
ad_user_data
-
ad_personalization
Basic vs. Advanced Consent Mode
Google Consent Mode can be implemented in basic or advanced modes.
Basic
When Consent Mode is implemented in the basic version, the Google tags are prevented from loading until a user interacts with the consent banner.
-
When a user grants consent, Google tags load and execute the consent mode APIs.
-
When a user rejects consent, no data is transferred to Google, not even the consent status. Tags are completely blocked from firing.
Advanced
When Consent Mode is implemented in the advanced version, Google tags and consent mode APIs load when a user lands on the website. The tags and APIs then do the following:
-
Set the default consent state. By default, consent will be denied, unless you set your own defaults. When consent is denied, Google tags send cookieless pings.
-
Wait for user interaction with the cookie banner and updates the consent status. Only when a user grants consent to data collection will Google tags send the full measurement data.
Advanced mode implementation can be used for behavioral modeling.
Note
For basic Consent Mode, you will implement both Tag Manager blocking as well as Google Consent Mode. For advanced Consent Mode, you only need to implement Google Consent Mode.
Implementing Google Consent Mode with OneTrust Cookie Consent
Step 1: Mapping the OneTrust Cookie Categories to Google Consent Types
-
On the menu, select . The Geolocation Rule Groups screen appears.
-
Select a geolocation rule group from the list. The Geolocation Rule Group screen appears.
-
Select a rule to configure.
-
Click the Edit icon 
in the rule header to configure the rule.
-
Enable the Google Consent Mode setting.
By default, the Performance category will be associated with analytics_storage and the Targeting category will be associated with ad_storage, ad_user_data, and ad_personalization. You can change categories to associate with each consent key setting and save the settings for the Geolocation Rule.
-
Configure the categories.
-
Once Google Consent Mode and all other configurations are ready, publish the domain script.
For more information, see Publishing and Implementing Cookie Consent Scripts.
Step 2: Defining Consent Storage Type Defaults
To adjust your tags' behavior relative to the users' preferences, consent defaults must be defined. There are two options available to choose from when setting the default Google Consent Storage types:
Option 1: Defining Consent Defaults Using OneTrust CMP-GCM Template
The OneTrust CMP Template is available in the Tag Manager Community Template Gallery.
The advantage of the CMP template is the consent defaults are already built in the template, so it is not required to explicitly set the defaults on the website. Using this template, you can associate your OneTrust purpose IDs with the Google Consent Mode storage types so that Google Consent Mode setting defaults and updates will occur based on user consent.
Caution
The CMP template will inject a banner script into your page. If you choose to utilize this method, please remove any other banner scripts that may already be implemented on your website. Running two banner scripts simultaneously on a page can lead to unexpected behaviors.
-
On the menu, select . The Templates screen appears.
-
In the Tag Templates section, click the Search Gallery button. The Community Template Gallery appears.
-
Enter "OneTrust CMP" in the Search field.
-
From the search results, select the OneTrust CMP template.
-
Click the Add to Workspace button. A confirmation modal appears.
-
Click the Add button.
-
On the menu, select . The Tags screen appears.
-
Enter a name for the tag.
-
In the Tags section, click the New button. A popover pane appears.
-
Click the Tag Configuration section. The Choose tag type pane appears.
-
Select the OneTrust CMP, available in Custom Tag Types. The Tag Configuration screen appears.
-
Under CMP Settings, add your Data Domain Script.
-
Select the Determine the language from HTML page setting if your scripts have the Enable Language Detection on Scripts setting enabled and configured as Determine the language from HTML page in .
-
Select Yes for the setting Do you want to use Google Consent Mode?
-
Click the Add GCM Category button. The Add Google Consent Mode Category pane appears.
-
Map each GCM category to a OneTrust category ID. Configure the Global Default Consent for each mapped category to match the consent model configured for the Global region in the OneTrust tool.
Note
The GCM consent storage-type mapping to each OneTrust category should match the configuration in your Geolocation Rule Group. For more information, see Configuring Geolocation Rules. To find cookie category IDs, navigate to Categories tab of the Categorizations screen in OneTrust. For more information, see Managing and Categorizing Cookies and SDKs.
-
Click the Add button for each category once configuration is complete. Repeat step 16 and 17 as necessary.
-
Click the Add region-specific default button if you have region-specific Geolocation Rules configured in the OneTrust tool. Ensure that country codes follow ISO-3166 standards.
Tip
Example: If the California region is added in the OneTrust tool with an opt-out consent model, then add the region-specific default with the region code as us-ca and select On by default for required storage types.
-
Once the category mapping and region-specific defaults are configured, click the Triggering section of the Tag Configuration screen. The Choose a trigger screen appears.
-
Select Consent Initialization - All Pages.
-
Click the Save button.
Option 2: Defining Consent Defaults Without Using OneTrust CMP-GCM Template
To adjust your tags' behavior relative to consent, use the gtag('consent') API:
gtag('consent', '<consent_command>', {<consent_type_settings>});
where <consent_command> is one of:
-
'default': Used to set the default consent settings that apply to a page.
-
'update': Used to update existing consent settings. This command will be used after a user grants consent via the OneTrust Cookie Consent application.
-
<consent_type_settings> is an object that defines which consent types are 'denied' or 'granted'.
'denied' is when cookieless pings are sent (consider this as an opt-in consent model).
-
'granted' is when cookies are written on the page and all measurement data is sent (consider this as an opt-out consent model).
Important
Remember that the default settings must be called before Google Tags or OneTrust loads. The order of the code here is vital. If your consent code is called out of order, your consent defaults will not function as expected.
Order of scripts:
-
Define consent defaults.
-
Place GTM script or gtag script.
-
Deploy the OneTrust CDN.
Tip
Where ‘G-XXXXXX’ is seen below, please replace this with the unique ID Google ID being used on your site.
Where ‘XXXXXX’ is seen below, please replace this with the unique data domain ID from your OneTrust banner CDN.
Example 1, without CMP template and GTM script:
<script>
// Define dataLayer and the gtag function.
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('set' , 'developer_id.dYWJhMj', true);
// Default ad_storage to 'denied'.
gtag('consent', 'default', {
ad_storage: "denied",
analytics_storage: "denied",
functionality_storage: "denied",
personalization_storage: "denied",
security_storage: "denied",
ad_user_data: “denied”,
ad_personalization: “denied”,
'wait_for_update': 500
});
</script>
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXX');</script>
<!-- End Google Tag Manager -->
<!-- OneTrust Cookies Consent Notice start -->
<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="XXXXXX" ></script>
<script type="text/javascript">
function OptanonWrapper() { }
</script>
<!-- OneTrust Cookies Consent Notice end -->
Example 2, without CMP template and gtag script:
<script>
// Define dataLayer and the gtag function.
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Default ad_storage to 'denied' as a placeholder
// Determine actual values based on business requirements
gtag('consent', 'default', {
'ad_storage': 'denied'
});
</script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=TAG_ID">
</script>
<!-- OneTrust Cookies Consent Notice start -->
<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="XXXXXX" ></script>
<script type="text/javascript">
function OptanonWrapper() { }
</script>
<!-- OneTrust Cookies Consent Notice end -->
Region-Specific Behavior
If you are proceeding without the OneTrust CMP template:
To change the default behavior of your tags for users from certain regions, specify a region in your consent command. By providing a region value, you can fine-tune defaults based on your users' geographic locations. For example, to set ad_storage to denied for users from Spain and California, and to set ad_storage to granted for all other users:
gtag('consent', 'default', {
‘ad_storage': 'denied',
'region': ['ES', 'US-CA']
});
gtag('consent', 'default', {
'ad_storage': 'granted'
});
For more information, see Configuring Geolocation Rules.
The most specific takes precedence. If two default consent commands occur on the same page with values for a region and subregion, the command with a more specific region will take effect.
For example, if you have ad_storage set to granted for the region US and ad_storage set to denied for the region US-CA, a visitor from California will have the more specific US-CA setting take effect. For this example, that would mean a visitor from US-CA would have ad_storage set to denied.
Important
Ensure the defaults you add to your page align with the expected behavior per region.
Testing Google Consent Mode
Testing the functionality of Google Consent Mode is crucial for ensuring compliance with data privacy regulations and providing a better user experience. Testing this functionality ensures that user consent is properly collected and tracked.
The datalayer console command can be used to see the "consent" event that is triggered when the user provides or revokes consent for data processing in Google Consent Mode.
After using the datalayer console command, it is possible to see all the events that are being triggered on the domain. Within this list the "consent" event can be seen, which shows the default settings for Google Consent Mode and also any updates to these settings due to user interaction.
Before user interaction:
After user interaction:
If Google Tag Manager is being used, this "consent" event can also be tracked using the tag assistant preview mode available.
Before user interaction:
After user interaction:
Checking the Network Call
You can test whether Google Consent Mode is working as expected and check for the Google Consent State (GCS) value within the network call with the following steps:
-
Visit the website that has implemented Google Consent Mode.
-
Use the browser's Developer Tools to monitor network activity.
-
Look for the network call to Google Analytics or Google Ads.
-
Check for the gcs= parameter on URLs for consent status. The gcs parameter has the following format: gcs=G1[ad_storage][analytics_storage].
-
Check for the correct gcs= parameter values based on the provided consent. The value for ad_storage and analytics_storage will be one of the following:
For more information on testing, please see Google’s developer guide for Consent Mode.
Example network call:
In this example, gcs=G100, which means consent is denied for both ad_storage and analytics_storage.
-
Verify that Google services are behaving as expected based on the user's consent status. For example, if the user has not provided consent, certain types of data should not be collected by Google services.
Adding Additional Consent Checks to tags within Google Tag Manager
There may also be tags within the Tag Manager container that do not have built-in consent checks, so additional consent checks will need to be added if user consent is necessary.
Note
Adding additional consent checks is an alternative to the standard Google Tag Manager blocking method using active/blocking triggers.
Leverage the following instructions on how to add Additional Consent Checks to tags:
-
Click Tags in the left-hand menu. A list of tags appears.
-
Select the tag to which you want to add the additional consent checks.
-
In the Tag Configuration section, click Edit to open the tag editor.
-
Click the Consent Settings selection menu in the Advanced Settings section.
-
Select the Require additional consent for tag to fire option.
-
Click the Add Required Consent button.
-
Input the storage type for which you want consent to be checked.
-
Click on the Save button to save the changes to the tag.
