FewCookies

Guide · Updated: July 9, 2026

What is Google Consent Mode v2 and how do you implement it correctly?

Google Consent Mode v2 is the mechanism through which your site sends Google four consent signals — ad_storage, analytics_storage, ad_user_data and ad_personalization — before and after the visitor decides. Since March 2024 it is required for any site with an EEA audience that uses Google remarketing or ad personalization. It does not replace your cookie banner: it presumes one that sets the default state to "denied" before gtag loads and sends the update right after the choice.

Google Consent Mode v2 is the mechanism through which your site sends Google four consent signals — ad_storage, analytics_storage, ad_user_data and ad_personalization — before and after the visitor decides. Since March 2024 it is required for any site with an EEA audience that uses Google remarketing or ad personalization. It does not replace your cookie banner: it presumes one that sets the default state to "denied" before gtag loads and sends the update right after the choice.

What is Consent Mode v2, in short?

Consent Mode is a communication layer between your consent banner and Google's tags (gtag.js, Google Tag Manager). The banner tells Google what the visitor accepted or refused, and the Google Ads and Google Analytics 4 tags adapt their behaviour: with consent they set cookies normally, without it they don't.

Version 2, announced in late 2023, adds two new signals on top of the existing two. The short version:

VersionSignalsWhat it covers
Consent Mode v1ad_storage, analytics_storageAdvertising and measurement cookies
Consent Mode v2+ ad_user_data, ad_personalizationAdditionally: sending user data to Google, and remarketing/personalization

The requirement comes from the Digital Markets Act: Google, as a designated "gatekeeper", must be able to prove it received valid consent before using EU users' data for personalized advertising. The v2 signals are exactly that proof.

What do the four signals mean?

Each signal has two states — granted or denied — and controls a distinct behaviour of Google's tags:

SignalWhat it controls
ad_storageAdvertising cookies (e.g. Google Ads click attribution)
analytics_storageMeasurement cookies — _ga and the rest of the GA4 cookies
ad_user_dataWhether user data may be sent to Google for advertising purposes
ad_personalizationWhether data may be used for remarketing and personalized ads

Order matters as much as the signals themselves: all four must be declared with a default state before any Google tag loads, then updated the moment the visitor presses a banner button. A banner that only sends the update, without the default state, is misconfigured.

Since when is it mandatory in the EEA?

Google enforces the requirement since March 2024 for all sites with an audience in the European Economic Area that use personalized-advertising features.

MilestoneWhat happened
November 2023Google announces Consent Mode v2 and the two new signals
March 2024The requirement takes effect for EEA + UK audiences
After March 2024Without v2 signals, personalization features degrade progressively

"Mandatory" does not mean a fine from Google — it means lost functionality: without ad_user_data and ad_personalization set correctly, remarketing lists stop filling with EEA users and personalized conversion measurement degrades. For a shop running Google Ads, that shows up directly in campaign performance.

Basic or Advanced: which one do you pick?

Consent Mode can run in two modes, and the choice has both technical and legal consequences:

BasicAdvanced
Google tags before consentNot loaded at allLoaded, but cookieless
Data sent without consentNothingAnonymous, cookieless pings
Google conversion modelingLimited (general model only)Richer (the pings feed the modeling)
Legal risk profileThe most cautiousWorth assessing: some EU authorities view any pre-consent transmission with reserve

The honest recommendation: unless you have a measurable reason for Advanced (large Google Ads volumes, where modeling recovers conversions), Basic is the prudent choice — nothing leaves the browser before consent, so there is nothing to justify.

How do you implement it correctly?

Whatever your platform, a correct implementation has three steps, in this strict order:

  1. The default state. Before any Google tag, all four signals are declared as denied (the gtag('consent', 'default', …) command). This must be the first relevant script in <head>.
  2. The visitor's choice. The consent banner collects the decision — per category, with "Reject" as accessible as "Accept".
  3. The update. Right after the decision, the banner sends gtag('consent', 'update', …) with the real states, and applies them from the start on subsequent visits.

In practice you don't write these commands yourself: a correctly installed CMP (consent banner) sends them for you. The FewCookies banner declares all four v2 signals in the correct default → update order and, on top of that, actually blocks trackers before consent — it doesn't just announce them. See the per-platform install guides, for example WordPress or Next.js, or check your site for free to see what it sends today.

How does it relate to GDPR and Romanian Law 506/2004?

Consent Mode solves your relationship with Google, not your relationship with the law. The obligation to obtain valid consent before non-essential cookies comes from the GDPR and, in Romania, from Law 506/2004 (the Romanian transposition of the ePrivacy directive), supervised by ANSPDCP, the Romanian data-protection authority.

RequirementWho imposes itDoes Consent Mode solve it?
Valid consent before non-essential cookiesGDPR + Law 506/2004No — that is the banner's job
Actually blocking trackers until consentGDPR (prior consent)Only for Google tags; every other tracker remains your problem
Signalling the decision to GoogleGoogle (DMA)Yes — that is exactly what it does
Proof of consent (GDPR Art. 7)GDPRNo — you need a consent log

The practical conclusion: Consent Mode v2 without a banner that actually blocks trackers is paper compliance. You need both — and if one script does both, all the better.

Frequently asked questions

Does Consent Mode v2 replace the cookie banner?

No. Consent Mode transmits the visitor's decision to Google, but the decision must first be collected by a GDPR-valid consent banner. Without a banner there is nothing to transmit; without Consent Mode, Google never learns what you collected.

What happens if I don't implement Consent Mode v2?

For EEA visitors, Google Ads remarketing lists stop filling and personalized conversion measurement degrades. You do not get a fine from Google — you lose advertising functionality and measurement data.

Can I implement Consent Mode v2 without a CMP?

Technically yes — you can hand-write the gtag default and update commands. In practice a CMP sends them correctly, in the correct order, and solves your banner, tracker blocking and consent proof at the same time, so a manual implementation is rarely worth it.

Does the FewCookies banner send all four signals?

Yes. The widget declares all four v2 signals with a "denied" default before gtag and sends the update right after the visitor's choice, in the correct default → update order. It costs €6/month, tax included, with a 7-day no-card trial.

Want to see which cookies and trackers fire on your site before consent? The scan is free and needs no account. Check your site for free →