By
Alex Franch
April 8, 2024
Google Consent Mode (CoMo) is a new way for Google to collect consent for its services.
The Digital Markets Act, a EU regulation that wants to make the digital economy fairer. Has come into play. As a response, Google has created a new set of tools to ensure customers' choices are honoured.
Google Consent Mode applies only to four of Google's services
Note that support for Google Ads support for Phone Call conversions is pending. You can find more in-depth information about the consent mode here.
Google Consent Mode has added two new settings:
If you have traffic from the European Economic Area (EEA) and use the Google Services above you do need to enable Google Consent Mode. Those who don’t adopt it by March 2024 may face their services' data (including conversion modelling) data drop in quality.
Google consent mode can be implemented manually or through a Consent Management Platform (CMP) such as Privasee’s Consent Management Platform (CMP).
Privasee’s Consent Management Platform is very easy to use and Google Consent Mode can be turned on by toggling a checkbox. However, if you want to manually implement Google Consent Mode, you can follow this guide.
Google has created two ways to implement Google Consent Mode. In short:
The main question to ask ourselves if these options are compliant with cookie laws (such as the ePrivacy Directive and PECR) and Data Protection Laws such as the GDPR.
Yes, as information is not sent to Google without the consent of the user.
Google is sending cookieless pings. This is deliberate as the cookie laws state that except for non-strictly necessary cookies, consent is always required for cookies. Google Services don’t fall under the definition of non-strictly necessary cookies.
Following this rule, if pings weren’t cookieless we would need consent and therefore Advanced Mode would make no sense. However, the question that remains is, is the information sent in those cookieless pings personal data or not?
Note that Google says that cookieless pings are sent to the Services and when we go to the definition of pings we see:
In all cases, pings may include:
There’s currently a debate as to whether the attributes above are personal data or not (especially GCLID, DCLID). While Google may be making advances to ensure anonymised cookieless analytics are possible (as some other vendors do), it’s still unclear if such attributes identify an individual.
Our stance is that Advanced Consent Mode is not compliant because:
However, we will continue to monitor the changes in regulation, guidance by the regulators, court decisions and fines to inform our decision.
URL Passthrough will send Google Click Identifier (GLICD) which is a unique identifier for a Google Ads Campaign. Similar to the section above on Advanced Mode being compliant or not.
Our stance is that URL Passthrough is not compliant as it’s collecting information when the user has not yet given consent and you intend to offer the choice.
At Privasee we've partnered with the industry-leading cookie banner provider Usercentrics to offer our customers a complete Cookie Banner solution that can help you enable Google Consent Mode to ensure you're following Google's guidance. Feel free to start with a Free GDPR Audit here to learn more.
Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.