With privacy laws flourishing around the world, Google (Alphabet) has finally found itself obliged to adjust its tools to be compliant with new legislations such as GDPR, LGPD, CCPA, PIPEDA, DPDPA, etc.

While these laws (some not so new) continue to be a novelty for many, for Google, this is a serious problem that comes with a high cost. After all, Google has already been fined in several countries (Sweden, Spain, France) for disobedience regarding the use of personal data, accumulating millions of dollars and euros in fines of various kinds.

Therefore, Google Consent Mode (GCM) is nothing more than a way for you to integrate the consent you collect from your visitors into Google technologies.

In this way, upon receiving this consent information, collection can only occur with authorization, thus complying with the legislation and having direct evidence of compliance as defense for both you and Google.

However, with this, the collection of consents gains even more value, making Cookie Notices that are not in compliance harm the entire chain.

It is no coincidence that Google now has a list of CMPs (Consent Management Platforms) approved by them so that fake and illegal tools do not harm them.

The major benefit of Google Consent Mode for citizens worldwide is nothing more than having their rights respected. That is, that their privacy choices are actually respected, should they choose not to share data, for example.

This may seem a bit strange. But unfortunately, there are several Cookie Notices out there that do not work, are not serious, and end up acting as a "fake button."

Therefore, by implementing a serious Consent Management Platform (CMP), like AdOpt, it will act as an intermediary between the visitor and the website, allowing only the cookies for which it has collected consent to be triggered, and consequently, blocking the others.

A true CMP generates consent receipts, audit logs, policy versioning, among other features that contribute to accountability, if requested by the authorities.

Not necessarily. But here's a rule of least effort and opportunity cost.

Is it worth developing everything from scratch and maintaining this documentation for every Google change, or hiring a ready-made solution and focusing on growing your business?

If you're not aware yet, Google has a list of approved CMPs that are capable of performing this work aligned with their technology. With this, you can choose to integrate your CMP via code or save this work by using an official CMP.

If you have a CMP that is not yet approved, ask them why. It may be that they are not complying with some compliance premises.

This rule applies to CMPs that comply with TCF v2.2, a certification from IAB Europe, and has an even greater impact if you use AdSense to monetize your website with ads. In this case, official CMPs are mandatory for you to avoid losing monetization from visits coming from Europe.

• Here you can access the list of CMPs approved by IAB

• Here you can access the list of CMPs approved by Google

AdOpt's CMP is approved in both cases and can help you right away!

Google Consent Mode is like an assistant that helps balance things out in Google Ads, ensuring that users' privacy preferences are respected. It adjusts the behavior of Google Tags based on user consent, sent by the CMP, allowing data collection in a more aggregated way, without violating users' wishes.

(Ah, but what if the visitor doesn't give consent? Don't worry, we'll talk about that.)

With this mode, there are two important new settings: ad_storage and analytics_storage. These settings control how Google products respond according to user consent:

If the user agrees to advertising cookies, everything works as usual, no issues.

However, if the visitor chooses not to allow advertising or analytics cookies, Google Consent Mode does not allow the firing of cookies. This initiates a statistical inference for that user, called Conversion Modeling.

This brings Google closer to what regulations impose and ensures the functioning of tags while still firing essential product information. Something that Google calls "Consent State Indicators":

Below is the transcription from Google's documentation about these indicators:

Consent state pings: Sent from each page accessed by the user where this mode was implemented. These pings communicate a "granted" or "denied" state for each type, such as analytics or advertising data storage.

Conversion pings: Sent to indicate that a conversion has occurred.
Google Analytics pings: Sent on every page of a site using Google Analytics when events are recorded.

Pings may include the following:

1 - Functional information (such as headers passively added by the browser):
- Date/time stamp
- User agent
- Referrer

2 - Aggregated / non-identifying information:

An indication if the current page or a previous one in the user's site navigation included click information in the URL (e.g., GCLID/DCLID).
- Boolean information about consent state
- Random number generated on each page load

As we're talking about one of the largest data companies in the world, when forced not to track that visitor, Google developed a method called: Conversion Modeling, which uses statistical cross-referencing, historical trends, and Artificial Intelligence to provide useful and anonymous information, creating the so-called "attribution paths for non-consented journeys".

This process analyzes patterns, via data cross-referencing and Artificial Intelligence, without identifying users, allowing useful information to be obtained even without the use of advertising or statistical cookies.

In summary, Google draws parallels between users who consent and click on ads with those who do not consent but still click, creating patterns and trends. This way, it obtains a more complete and accurate view of advertising spend and results, all while respecting user consent choices.

This ensures that both the website and Google's service offer a higher level of data protection, as required by privacy laws such as GDPR, LGPD, DPDPA, or CCPA, without completely losing the ability to track user interactions and campaign performance.

So far, the Google products already integrated with Google Consent Mode are:

• Google Ads
• Google Analytics
• Floodlight
• Conversion linker

According to Google's documentation, it's natural that conversion rates among users who do not consent are considerably lower than those who do consent. After a thorough analysis, Google found that conversion rates vary depending on user consent.

Tip

Generally, consenting users are 2 to 5 times more likely to convert than non-consenting users. However, these numbers can vary widely depending on factors such as consent rates, industry, and the type of conversion in question.

In the scheme below, a demonstration of how Conversion Modeling would work for accesses with and without consent.

Source: Google Ads Help

The previous example illustrates how consent rates and variations in conversion rates are not aligned since non-consenting users usually convert less frequently.

In this scenario, the advertiser has a consent rate of 50% but registers only a 19% drop in conversions (12 out of 62) and an 18% increase in the conversion rate, thanks to conversion modeling.

Important

It's worth noting that the documentation establishes a minimum volume of ad clicks for the modeling to work, namely: 700 ad clicks over 7 days, per country and domain group.

This causes the modeling to enter a "learning period," and over time, an improvement in performance reports is expected.

In summary, as we've seen above, consenting users are more valuable because they convert 2 to 5 times more than users who browse anonymously.

This is a direct logical relationship, after all, this user not only interacts with ads but also with Cookie Notices, thus allowing tracking of visitor behavior to adjust media campaigns, retargeting, and other attribution models.

We at AdOpt ourselves have conducted various tests to understand how to increase consent conversion and have analyzed our users' websites. Want to know how? Talk to us!

One point worth highlighting in Google's documentation is the strategy of programmatic bidding using CPA or ROAS to maximize campaign performance.

Starting with your reports and bids, which with Consent Mode will bring inputs from these models into the same "Conversions" column of the report. If you are tracking values, modeled conversion values will also appear in the "Conversion value" column. All reports using conversion columns will be impacted by modeled conversions.

Below is a free translation of Google's recommendations regarding campaign strategy using target CPA and target ROAS:

"If you previously switched from target CPA or target ROAS bidding strategies to Maximize conversions or Maximize conversion value bidding strategies to control the impact of consent changes, we recommend switching back to target CPA or target ROAS for optimized performance after the launch of modeling. If you previously adjusted automatic bidding targets to mitigate the impact of consent changes, you should monitor spending to gradually adjust targets and return to your previous ROI goals."

Source: Google Ads Help

In practice, this means that if you previously changed your bidding strategies in Google Ads from CPA (Cost per Acquisition) or ROAS (Return on Ad Spend) to bidding strategies like Maximize Conversions or Maximize Conversion Value to handle consent changes, it is advisable to return to CPA or ROAS strategies for optimized performance after the launch of consent modeling.

Additionally, if you previously adjusted automatic bidding targets to compensate for the impact of consent changes, it's important to monitor your spending in order to gradually adjust targets and return to your previous ROI goals. This will ensure that your campaigns are aligned with your business objectives and optimized to achieve the best possible results.

Moving on to the configuration possibilities, now that we understand the behavior of Google Consent Mode technology, we will discuss the details of consent that the CMP (Cookie Banner) must provide to Google.

This reflects the regulations (LGPD, GDPR, CCPA, etc...) that require consent to be Specific / Detailed, meaning that the characteristics of data usage must be described so that the visitor can choose or opine.

Important

This is why Cookie Notices have the so-called second-level banner, or, the possibility of configuration, as they translate the details of the choice into product, hence the right acquired by law.

That being said, we can then understand what constitutes TOTAL consent and PARTIAL consent.

Total Consent = Accepted all Tags / Cookies

Partial Consent = Accepted some Tags / Cookies

Unlike the categories used in the market, Google uses 7 layers of information which it calls "Consent Types." Below are their names and descriptions.

Consent Type | Description

1. ad_storage | Allows storage, such as cookies (Web) or device identifiers (apps), related to advertising.

2. ad_user_data | Defines consent to send user data to Google for the purpose of online advertising.

3. ad_personalization | Defines consent for personalized advertising.

4. analytics_storage | Allows storage, such as cookies (Web) or device identifiers (apps), related to analytics, for example, visit duration.

5. functionality_storage | Allows storage compatible with site or app features, for example, language settings.

6. personalization_storage | Allows storage related to personalization, such as video recommendations.

7. security_storage | Allows storage related to security, for example, authentication functionality, fraud prevention, and other user protections.

Source: Google Help Center / Security & Privacy / Tags

These 7 types of consent are independent and, as described, perform different response functions within Google products.

Thus, when a CMP sends data to Google, it must create a rule to fill in this information based on its tag categories.

This rationale is freely filled in by each CMP.

At AdOpt, we use the following rationale for Brazil - LGPD:

'analytics_storage' | statistics | granted
'ad_storage' | marketing | denied
'ad_user_data' | marketing | denied
'ad_personalization' | marketing | denied
'personalization_storage' | marketing | denied
'functionality_storage' | functional | denied
'security_storage' | functional | granted

Important

If you need to change this GCM model from AdOpt, send an email to sos @goadopt.io and talk to our support team. We are currently working to integrate this functionality into our Dashboard so that everything can be editable.

Along with this completion, the CMP must inform Google whether the categories are "pre-granted" (Granted) or "pre-denied" (Denied) according to the rules of the current legislation for that interaction with that website visitor.

Once consent is given, the CMP sends the data again, updating the consent and continues to block or release cookies.

As these adjustments are part of the pillars of technology compliance in response to each legislation, it is important for you to know the default configuration of the CMP you use and how it responds to each legislation.

Let's now explore the possibilities of installing Google Consent Mode on your website. A fundamental principle to consider before starting the installation is how you configure events within Google tools and the level of detail and performance you seek in your campaigns.

For example, if you use advanced conversion triggers like click events, page scrolls, etc., this provides greater "specificity" to the data. Your analysis becomes more elaborate and complex, so this will also change the installation modes to Basic or Advanced.

Both modes aim to respect users' choices regarding data tracking but have different effects on how we use this data, especially in the context of Google Ads.

In Basic mode, the process is quite simple. When visitors access your site, they are asked to agree or disagree with tracking. If they agree, their data is sent to Google Analytics 4 (GA4) and Google Ads as usual. If they disagree, GA4 and Google Ads tags are blocked, preventing data processing.

This approach estimates the data of users who reject tracking based on the data of consenting users. Although it is a simpler method, it limits the collection of data from users who refuse consent, which can affect the modeling of Google Ads campaigns due to the lack of data.

This is not necessarily bad. It is just a simpler statistical modeling that may be more superficial or biased. Because the more data and detail, the higher the quality of the analysis.

Here's a complete tutorial for installing Google Consent Mode - Basic mode on your site, via GTM, and using AdOpt as your CMP, certified by Google.

On the other hand, Advanced mode adopts a more sophisticated approach:

Logically, it also requests user consent for tracking.

For consenting users, data is processed in GA4 and Google Ads, similar to Basic mode.

However, for non-consenting users, Advanced mode still sends anonymized and non-personal data to GA4 and Google Ads. This data includes information such as device type, time of day, and country, but does not identify the user.

This approach allows for the collection of some data even without full consent, providing valuable information about campaign performance and user behavior. This is especially useful for modeling in Google Ads, as it ensures a broader dataset for analyzing campaign effectiveness and conversion rates, even in situations of low consent volume.

By opting for Advanced mode, you also bring some advantages to your Google Ads campaigns, as statistical analysis for non-consenting visitors is more robust and refined:

• Better insights: By collecting aggregated data, you get a more comprehensive view of your campaign performance, even without full user consent. This allows for a more accurate understanding of campaign effectiveness.

• Minimizes consent bias: While Basic mode may distort your perceptions of conversion rates by focusing only on consenting users, Advanced mode offers a more complete view, including data on actions taken even without consent.

Here's a complete tutorial for installing Google Consent Mode - Advanced mode on your site, via GTM, using AdOpt as your CMP certified by Google.

Google Consent Mode is a powerful tool for website owners to boost their advertising revenue, providing more precise targeting and more effective bid optimization for Google Ads campaigns.

By leveraging the consent data provided by Google Consent Mode, website owners can ensure that their ads are shown only to users who have consented to use their data for advertising purposes. This results in more relevant ads being shown to users interested in their products or services, which, in turn, increases engagement rates and brings improved return on investment (ROI) for advertisers.

For example, imagine a website owner running a Google Ads campaign to promote a line of children's clothing. With Google Consent Mode, they can ensure that ads are displayed only to users who have consented to the use of their data for advertising purposes.

This means that ads will be presented only to people interested in children's clothing, thereby increasing the likelihood of interaction and engagement with the ad.

Yes, AdOpt is one of Google's certified partner CMPs!

Its technology and Cookie Notice are integrated with Google Consent Mode v2 and Google Tag Manager, ensuring seamless integration and helping to resolve technical challenges, while also ensuring compliance with the latest Google requirements.

The Consent Management Platform from AdOpt was developed to manage cookie consent on websites or applications, allowing you to adjust the behavior of Google tags according to users' consent status, especially regarding advertising and statistics cookies, regardless of the privacy regulations your company needs to follow.

We are the best CMP on the market, with 100% humanized service and support.

Learn more about how to choose a CMP for your privacy management!

Important

The installation of GCM on AdOpt needs to go through your Google Tag Manager.

It's a two-step process, one on AdOpt and the other on GTM.

1. In your AdOpt dashboard, go to the tags section.

Activate the automatic blocking of cookie scripts in AdOpt. (see image below) This will ensure that the tags are already blocked according to consent.

Next, we'll talk about the next step in GTM.

Tip

First, make sure that AdOpt is also installed on your website via GTM.

Here's a complete tutorial for installing AdOpt via GTM.

1. Installation of GCM - via GTM, Basic Mode

Here's a complete tutorial for installing Google Consent Mode - Basic mode on your site, via GTM, using AdOpt as your CMP certified by Google.

2. Installation of GCM - via GTM, Advanced Mode

Here's a complete tutorial for installing Google Consent Mode - Advanced mode on your site, via GTM, using AdOpt as your CMP certified by Google.

If you have any questions, just chat with us or open a ticket at email: sos@goadopt.io

After installing the Tag via Google Tag Manager and following the Google Consent Mode installation tutorials, go to the AdOpt dashboard and activate the Installation Check in the installation section of your notice.

If there is still any error in your configuration, the system will show this warning:

This check is a bit more detailed but will help you understand the installation details and how data is being sent to Google after consent.

For this check, Google itself has created a Tag Assistant that does this job. In this step, we'll show you two checks, one no-code, and another looking at the code with Google's documentation.

Here is the official Google documentation for the Tag Assistant.

Open Tag Assistant

If you don't understand programming but have access to GTM, you can also do a no-code check. Below is a step-by-step guide.

1. Access the Tag Assistant with the same email as the GTM installed on the site to be verified.

2. Enter your domain and give permission for the Assistant to perform debugging, within GTM.

3. Click on the generated card, it will have the ID of the GTM containers identified on it.

4. It will open a pop-up with a new page in your browser, while loading a verification status. Once connected, click continue.

5. It will show a summary with all tags fired and not fired, according to your configuration where you classified the tags as: Granted or Denied.

6. Click on Consent.

7. Now, go to the pop-up screen opened by the verifier, and give consent to the installed cookie notice.

8. After giving consent, go back to the assistant screen and see the list of events in the left column.

9. Look for consent events and click on them.

10. You will have a table, like the one below, showing the events fired for each "consent type" received by Google. The "On-page Default" being the default you configured in the template and the "Current State" being the state of the tags after approval with the given consent.

If you are a developer, Google explains the step-by-step process for checking API calls, etc. (Below are images from the documentation).

Here is the complete documentation. Follow these guidelines:

Open your site in an incognito or private browsing window to ensure a clean cache. Use your browser's developer console and type "dataLayer" to access the corresponding object. Look for the first "consent" event. Check if the

analytics_storage

parameter has the value "denied". Accept all cookies from your cookie banner, or at least the categories related to Google services. Monitor any changes in the "consent" event within the

dataLayer

; the

analytics_storage

parameter should have the value "granted". If all steps are completed without issues, Google Consent Mode will be properly installed and functioning on your site!

At AdOpt, you can integrate with Google Consent Mode starting from the Starter plan (Free).

Features like automatic recognition of the country of access by IP, adjusting the Consent Mode template, are exclusive only from the Business plan.

Info

Don't forget to update your policies with the use of consent mode! After all, trigger rules and settings may be changed to the AdOpt Model standard for certain countries.

If you have any questions, email us and we can help you. sos@goadopt.io

The best way to set up third-party tag blocking, with Google Consent Mode installed, is by using AdOpt to do it automatically.

This facilitates the installation and verification of AdOpt, as well as preventing errors from occurring throughout the process.

To do this, go to the tags section of your website, within the AdOpt dashboard.

Activate automatic blocking and keep all tags that are subject to blocking with the button turned on.

Important

With AdOpt's automatic blocking enabled, all tags will be blocked until consent is given. Once consent is given, Google services and other accepted tags will be unblocked, and processing activities will begin.

However, for Google Consent Mode (GCM), in BRAZIL (due to the release of the Guidance Guide for Analytics Cookies with the Legal Basis of Legitimate Interest, we at AdOpt use the rationale that releases analytics_storage in our default model.

Thus, analytics tags are under the legal basis of legitimate interest.

Below is the AdOpt model of GCM for Brazil again.

'analytics_storage' | statistics | granted
'ad_storage' | marketing | denied
'ad_user_data' | marketing | denied
'ad_personalization' | marketing | denied
'personalization_storage' | marketing | denied
'functionality_storage' | functional | denied
'security_storage' | functional | granted

With this, even if the Google Analytics tag is blocked on the dashboard, the GCM default pattern authorizes Google to trigger analytics_storage. Thus, the tag would only be blocked if the consent after the 1st access does so.

That is, if the analytics tags are turned off by default in the notice before consent, they will be released due to the AdOpt GCM model for Brazil, and after consent collection, they will be blocked by the notice information.

If you need to change this AdOpt GCM model, send an email to sos@goadopt.io and talk to our support team. We are currently working to integrate this feature into our Dashboard, so that everything can be edited directly by the user.

For manual blocking via code or via GTM, below is our documentation.

If you have different parameters, such as specific conversion events and triggers (click, page scroll, session time...), we have a complete GTM tutorial, search for advanced information.

Here's the tutorial for blocking third-party tags - Via GTM

Here's the tutorial for blocking third-party tags - Via code / Manual

This is a rather complex reality! In some countries, Google Analytics' attribution and tracking models are considered illegal.

As of the latest update of this article (April 30, 2024), we have been able to list the following countries where such restrictions are in place:

- Germany - Illegal
- Austria - Illegal
- Finland - Illegal
- France - Illegal
- Denmark - Illegal
- Italy - Illegal
- Norway - Illegal
- Sweden - Illegal

In these cases, not even firing after consent is permitted. In other words, the use of Google Analytics tool itself is seen as criminal.

Some countries are not as radical and allow it as long as the use is permitted by users through consent, as is the case in:

- England - All tags need consent
- Switzerland - All tags need consent
- Other countries in the European Union - All tags need consent

Thus, for these countries, AdOpt will adopt the most restrictive and pro-privacy model in its CMP.

- 'analytics_storage' | statistics | denied (blocked)
- 'ad_storage' | marketing | denied (blocked)
- 'ad_user_data' | marketing | denied (blocked)
- 'ad_personalization' | marketing | denied (blocked)
- 'personalization_storage' | marketing | denied (blocked)
- 'functionality_storage' | functional | denied (blocked)
- 'security_storage' | functional | denied (blocked)

Brazil - No consent required

Since the publication of the Guideline on Cookies by ANPD, the use of Google Analytics through the Legal Basis of Legitimate Interest has been allowed, being treated as an Essential tag.

That's why in Brazil, the CMP model has Analytics allowed.

- 'analytics_storage' | statistics | granted (allowed)
- 'ad_storage' | marketing | denied (blocked)
- 'ad_user_data' | marketing | denied (blocked)
- 'ad_personalization' | marketing | denied (blocked)
- 'personalization_storage' | marketing | denied (blocked)
- 'functionality_storage' | functional | denied (blocked)
- 'security_storage' | functional | granted (allowed)

USA - No consent required

In the United States, laws vary by state and are not yet National / Federal. Therefore, an analysis by regulation will be necessary to understand how the CMP model stands for American states.

At the time of updating this article (April 30, 2024), current US laws allow all cookies to be released until the user / visitor expresses refusal or "Do Not Sell," as requested in the CCPA.

Below is the CMP model for the USA:

- 'analytics_storage' | statistics | granted (allowed)
- 'ad_storage' | marketing | granted (allowed)
- 'ad_user_data' | marketing | granted (allowed)
- 'ad_personalization' | marketing | granted (allowed)
- 'personalization_storage' | marketing | granted (allowed)
- 'functionality_storage' | functional | granted (allowed)
- 'security_storage' | functional | granted (allowed)

Other countries - No consent required

Since there is no current and specific legislation for the country, AdOpt's model will be the same as that used for LGPD in Brazil, where the use of Google Analytics is allowed by default and can be framed under a Legal Basis of Legitimate Interest.

- 'analytics_storage' | statistics | granted (allowed)
- 'ad_storage' | marketing | denied (blocked)
- 'ad_user_data' | marketing | denied (blocked)
- 'ad_personalization' | marketing | denied (blocked)
- 'personalization_storage' | marketing | denied (blocked)
- 'functionality_storage' | functional | denied (blocked)
- 'security_storage' | functional | granted (allowed)

If there are any changes, or if you need an adaptation to these models, send an email to sos@goadopt.io so we can discuss your case specifically.