Understanding Consent Mode in Google Analytics 4

Google introduced consent mode with Google Analytics 4. It adds an additional layer of control for data collection (privacy protection) for Google Analytics and Google Ads.

Google Analytics uses cookies to gather and store information about user behavior. A cookie is a small file stored on a web browser where the website is being loaded. It stores information such as a unique identifier to identify the user or preference whether the user wants to see an Ad or not. With consent mode, you can control the cookie behavior. Prior to consent mode, if you had Google Analytics installed on your website, you did not have control over what data could be written on cookies.

Consent Types

Google Analytics provides the following consent options.

Consent Type Description
ad_storage Enables storage (such as cookies) related to advertising.
analytics_storage Enables storage (such as cookies) related to analytics e.g. visit duration.
functionality_storage Enables storage that supports the functionality of the website or app e.g. language settings.
personalization_storage Enables storage related to personalization e.g. video recommendations
security_storage Enables storage related to security such as authentication functionality, fraud prevention, and other user protection.

We can make it simpler with an actual example.

Consent Mode Example with Google Analytics 4

Consider a scenario where Google Analytics is installed on a website.  When a user visits the website following pop-up is shown giving user 3 choices.

  1. Accept All
  2. Reject All
  3. Customize

We will now look into what these choices can mean and how we will use Google Analytics’ consent mode to modify data collection.

1. Accept All

Clicking this option means the user accepts this website’s cookie policy. Assuming our cookie policy allows for default data collection of Google Analytics. Our Google Analytics tag can now do the following :

  1. Read or write first-party analytics cookies
  2. Store numeric identifiers to model user behavior.
  3. Store personalization information to show ads.
  4. Store any other information for all consent types.

The configuration for Accept All at the backend will be

Consent Type Parameter value
ad_storage granted
analytics_storage granted
functionality_storage granted
personalization_storage granted
security_storage granted

2. Reject All

Clicking this option means user rejects the website’s cookie policy. “Consent mode” can now set parameters to inform the analytics collection tag.

  1. Do not read or write first-party analytics cookies.
  2. Do not allow for ad personalization cookies.
  3. Do not store any kind of information.

Cookieless Data in Reject All

When cookies are not allowed, google will send cookieless pings to the server. This enables google to model user behavior from anonymous pings. Following cookieless data is sent to the server.

  1. Cookieless signals for consent state: Actual state whether the user has Accepted / Rejected the privacy policy.
  2. Cookieless conversion pings: Anonymous data when a conversion occurs.
  3. Cookieless google analytics ping: A ping is sent from all pages where Google Analytics beacon is loaded and when events are triggered.

The configuration for Reject All at the backend will be:

Consent Type Parameter value
ad_storage denied
analytics_storage denied
functionality_storage denied
personalization_storage denied
security_storage denied

3. Customize

Certain websites allow users to customize their cookie preferences. As an example, let us say the user chose to customize and refused the website permission to store any ads data or personalization data while allowing other types of data.

The configuration for this scenario at the backend will be :

Consent Type Parameter value
ad_storage denied
analytics_storage granted
functionality_storage granted
personalization_storage denied
security_storage granted

Privacy Options:

Consent mode settings can be configured with code logic based on end-users’ choice (accept/reject etc).  Google Analytics 4 and Google Ads also provide privacy options. These options can be configured from Google Analytics and Google Ads interfaces.

Privacy Option Function Analytics Parameter
allow_google_signals  When disabled, events sent from the tag will not be used for ads personalization, demographics, and interests reports. No effect when not set or set to true. When set to false, all join beacons are suppressed.
allow_ad_personalization_signals when disabled, events will not be used for ad personalization, but signals can be used for demographics and interests reporting. No effect when not set or set to true. When set to false, include an &npa=1 parameter on all beacons.
restricted_data_processing When enabled,  Google will limit how it uses the events sent from the tag. It will not use events data for
A. Adding users to remarketing lists, B. Adding users to similar audience remarketing seed lists, and related functionality.
No effect when not set. When set to true, an &rdp=1 parameter is included in beacons. When set to false, an &rdp=0 parameter is included in beacons.

Configuring Consent Settings:

Consent settings are configured via  Google Tag Manager. Privacy parameters on the other hand can be turned on or off from the actual interface of Google Analytics or Google Ads.  You can follow this guide to learn how to configure consent mode settings in Google Analytics 4 with Google Tag Manager.


Related Articles


Your email address will not be published. Required fields are marked *