GA4 Mandatory Update: The Practical Guide to Implementing Consent Mode v2
Google’s Consent Mode v2 (CMv2) is no longer optional—it's mandatory for all advertisers and analysts who collect data for users in the European Economic Area (EEA) and the UK. Failure to implement CMv2 correctly means you risk losing critical audience and measurement functionality for your Google Ads campaigns.
This guide provides a direct, code-focused, and practical workflow for setting up CMv2, distinguishing between the two implementation methods.
Introduction: Why Consent Mode v2 Is Mandatory
Consent Mode v2 introduces two new, mandatory parameters related to personal data handling:
When a user denies consent, CMv2 ensures Google tags fire in a limited, non-identifying way while still enabling enhanced modeling.
Prerequisites: Your Compliance Checklist (Non-Negotiable)
- Mandatory CMP: Must be certified by Google (OneTrust, Cookiebot, Usercentrics, etc.).
- GTM Access: Access to the active GTM container.
- Google Tag Installed: GA4/Google Ads tag must exist on all pages.
Step 1: Choosing Your Implementation Method
Step 2: Implementation Workflow (Method A — CMP Integration)
2.1 Configure Your CMP
- Log into your CMP dashboard.
- Enable Consent Mode v2.
- Copy the CMP script and place it as high as possible in the
<head>.
2.2 CRITICAL Script Order
Step 2: Method B (Custom Code Implementation)
2.1 Setting the Mandatory Default Consent State
This script MUST run before GTM or Google Tag loads.
// DEFAULT CONSENT — gtag.js
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500
});
// ACCEPT ALL — gtag.js
function grantAllConsent() {
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
}
// DEFAULT CONSENT — GTM (before GTM snippet)
window.dataLayer = window.dataLayer || [];
dataLayer.push({
'consent': {
'default': {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500
}
}
});
// ACCEPT ALL — GTM
function grantAllConsentGTM() {
dataLayer.push({
'event': 'consent_update',
'consent': {
'update': {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
}
}
});
}
Step 3: Verification Using Tag Assistant
- Open Tag Assistant and start debugging.
- Reload the page—verify a “Consent (default)” event appears.
- Click Accept on your CMP banner—verify a “Consent (update)” event appears.
- Open the event and confirm:
- ad_user_data → granted/denied
- ad_personalization → granted/denied
- ad_storage / analytics_storage
Step 4: Verify GTM Tag Consent Settings
- Check every GA4, Ads, and Floodlight tag.
- Ensure Consent Settings is enabled.
- Assign correct consent types (e.g., GA4 requires
analytics_storage).
Conclusion: Future-Proofing Your Data
Correct implementation of CMv2 ensures you stay compliant with EU consent law and preserve measurement through Google’s modeling features. The priority is placing the default consent script correctly and including the two new parameters: ad_user_data and ad_personalization.
Next Step: Test behavior for EEA vs. non-EEA regions to confirm region-specific defaults and updates are working.
