Consent Mode v2 tells Google tags how to behave based on user choices. Done right, it preserves modeling and conversion measurement when users decline cookies—while keeping you aligned with Google’s requirements for Ads and Analytics in the EU and UK.

Getting v2 wrong is one of the most common reasons teams see conversion drops or policy warnings in Google interfaces.

Required signals for Google Ads and GA4

Consent Mode communicates storage and ads-related permissions:

• analytics_storage — GA4 cookies and analytics identifiers
• ad_storage — advertising cookies (e.g. DoubleClick)
• ad_user_data — sending user data to Google for ads purposes
• ad_personalization — personalized advertising and remarketing

All four matter for modern Google Ads setups—not only the two analytics/ad storage flags from earlier Consent Mode versions.

Default vs update behavior

Defaults apply before the user interacts with your banner. In regulated regions, defaults are often denied for non-essential types.

Updates apply when the user accepts, rejects, or changes preferences. Your CMP must push an update to GTM immediately— not on the next page load.

GTM implementation pattern

Step 1: Consent Initialization (early)

Fire a tag on Consent Initialization – All Pages (or equivalent early trigger) that sets:

• Region-specific defaults (use Google's geo guidance or CMP auto-config)
• wait_for_update milliseconds so tags pause briefly for CMP signal

Step 2: CMP → data layer

Configure your CMP to push events such as:

• cookie_consent_update with category flags, or
• native Google consent API calls if supported

Map CMP categories to the four Consent Mode types explicitly—do not assume “marketing” covers ad_user_data.

Step 3: Consent Update tag

On CMP accept/reject/customize, fire a tag that calls:

gtag('consent', 'update', { ... });

or use GTM’s consent settings variable if your container uses built-in consent types.

Step 4: Tag-level consent requirements

Set consent checks on:

• GA4 Configuration / Event tags → analytics_storage
• Google Ads Conversion / Remarketing → ad_storage, ad_user_data, ad_personalization as applicable
• Floodlight and other Google Marketing Platform tags similarly

Step 5: Non-Google tags

Meta, TikTok, LinkedIn do not use Consent Mode—they need blocking triggers based on CMP categories until consent granted.

Validation checklist

• GTM Preview: on first load, Google tags show “Not fired” or consent-paused until update
• Tag Assistant Consent tab: states match banner choice after accept/reject
• Network tab: no ad/analytics cookies before consent on reject-all path
• Ads / GA4 UI: conversions still recorded with modeled data where eligible
• Locales: test /en, /de, /ro if banners differ by geography

Common mistakes

• Only implementing analytics_storage and ad_storage
• Setting defaults to granted globally “to keep data volume high”
• CMP auto-blocker fighting GTM Consent Initialization (double logic)
• Consent update only on second pageview
• Missing ad_personalization denial when user rejects marketing

Advanced: regional defaults

Use CMP geo-rules or GTM geo triggers to apply stricter defaults in EEA/UK and different behavior elsewhere—document this clearly in your privacy notice.

Consent Mode is not a replacement for a CMP—it is the bridge between your banner and Google’s measurement stack. Build both together, test together, audit together.