Introducing Google Consent Mode
Cookies - formerly only known as a snack now comes to represent something far more complex in the digital world. Is Consent Mode the answer?
If you are a business of any shape, size or sector with an online presence, cookies will (or should) have become a key consideration in recent years. Online privacy and data protection has become a prime concern (and rightly so), with users far more savvy as to how their data is or isn’t being stored and utilised.
We strongly suggest a level of cookie control is implemented as a standard on all sites (e.g. OneTrust, Civic etc) which safeguards businesses against potential cookie breaches. With such tools cookies are separated into categories - including ‘necessary’ (cookies that simply have to be created for the website to function), ‘analytics’ (cookies that are used to collect data as regards website performance e.g. Google Analytics), ‘marketing’ (cookies that collect user information in order to fuel marketing campaigns e.g. remarketing). Users are then able to select or deselect each cookie category and only those cookies which have been selected will be created.
Although it sounds relatively straightforward, the trouble comes when merging this concept with any tracking or tagging you might have already created or wish to create in the future (certainly if there is a degree of complexity to it). For example if you were to implement cookie control on a site which already had hundreds of tags attached to fire onsite via a number of different ways (e.g. page load, user interaction), that’s a lot of rewiring you’re going to have to do to get your site up to code!
Introducing Consent Mode
It is with this backdrop of site owners wrestling with both these enhanced expectations when it comes to user privacy and desire to holistically monitor website performance that Google launched Consent Mode as a beta offering in September 2020. In its own words it:
‘…lets you adjust how your Google tags behave based on the consent status of your users. You can indicate whether consent has been granted for Analytics and Ads cookies. Google's tags will dynamically adapt, only utilizing measurement tools for the specified purposes when consent has been given by the user.’
What this means in effect is that Google will do the ‘heavy lifting’ in deciding what tags should fire (and where the data is sent to) based off a user’s consent settings.
Implementation is achieved through configuration of your Google Tag Manager and your Consent Management Platform. This process is far slicker than a host of other alternatives to Consent Mode (such as trigger groups) and also takes up far less space in your GTM container (with one such client we implemented Consent Mode on saving around 42% worth of container space!). However to emphasise this point, as it’s an important one, Consent Mode does not replace a Consent Management Platform. You will still need a OneTrust or a Civic or another CMP in order for Consent Mode to function.
So what’s the catch?
A fundamental difference between how Consent Mode works and other cookie control methods is that Consent Mode doesn’t prevent data from being collected even if consent is denied, it simply anonymises the data and prevents you from viewing it (Google still receives the data).
This is where somewhat of a grey area comes into play, so as to answering the question; ‘is Google Consent Mode privacy law compliant?’ The answer really is ‘according to Google, yes’. Now is that good enough?
It’s fair to say the combination of Google and privacy law has been a topic of increased discussion in recent years, with rulings in 2022 by both Austria & France deeming GA’s implementation a breach of GDPR & EU privacy laws. Indeed although GA4, the newest iteration of Google Analytics, does have more of an accent on privacy, it certainly can’t be said that Google is seen as wholly privacy law-compliant by ruling bodies.
It is in this environment to which Consent Mode has been introduced. This has made some naturally more than a little sceptical, leaning more towards a judgement that any data collected by Google after a user has selected ‘no’ in tracking a breach of GDPR (even if no cookie is created). This is an argument which certainly could be argued.
A matter of interpretation and trust
A common word which might feature in discussions around Consent Mode may be ‘interpretation’ - a word which could make some a little nervous when it comes to legality. However, we would also emphasise that, at this point, we cannot find legal precedent either way as regards to Consent Mode and you would also like to believe that given Google’s heightened awareness around privacy laws they would not be launching a new feature which would apparently flagrantly disregard these rules.
We would suggest implementation of Google Consent Mode will depend on which half of the above paragraph your sentiment is drawn to. We have witnessed first hand how much easier Consent Mode can make wiring up user consent to user tracking and how much it can optimise your Google Tag Manager container. However, there are still lingering privacy concerns which make it difficult to embrace fully as the future without a more definitive legal ruling. With this in mind it may indeed be useful to consult legal advice (if available to you) in order to gain that all-round perspective you might be seeking.
If you’re in the UK, you may also be awaiting the progress through parliament of the new Data Protection and Digital Information Bill (completed its second reading at time of writing). The UK government seems to be adopting a slightly softer approach to cookies than their EU counterparts and it will be interesting to see how any amendments or subsequent adoption of this bill will affect data gathering generally or Consent Mode specifically here.
Let us know if you have any thoughts around Google Consent Mode and we’d be delighted to take the conversation further, we think it’s a topic primed for a debate! Find us on Twitter, LinkedIn & Instagram or give us a shout at hello@wearecore.co.uk.