Destination Digital

Are You Ready For The March 2024 Deadline? A Guide to Consent Mode v2 Compliance

As the digital landscape continues to evolve, privacy regulations play a crucial role in shaping the way businesses handle user data. One such milestone is the upcoming March 2024 deadline for implementing Consent Mode v2, which affects your consent management implementation, especially if you are running ads accounts such as Google Ads.

In this blog, we will explore key aspects of Consent Mode, including how to determine if you have it in place, the process of implementation, adding a consent banner if you don’t have one, and the potential penalties for non-compliance for consent management (aka GDPR in layman’s terms) and what happens to you if you ignore Consent Mode v2. These are two separate things!

 

What is Consent Mode and what is Consent Mode v2?

Consent Mode is responsible for enabling the data handling that allows for a tracking and conversion modelling system to be run against your web traffic by Google.

Data modelling is now an embedded part of GA4, and helps to help plug the gap left behind by GDPR’s advent of cookie banners that hit websites across the world following the roll out of GDPR in the EU in May 2018. However with total blocking of cookies by a user, comes total drop out of web traffic tracking which is where Google’s Consent Mode steps in to help avoid a complete blocking of data transmission when a user clicks the ‘decline cookies’ button on your website.

“What is ‘conversion’ or ‘data modelling’?” we hear you cry! It could be called ‘guestimating’ in some quarters, but it is basically Google using permissible tracking, AI and other software development trickery to model the typical customer behaviours that it can, based on the behaviour patterns of the customers you are allowed to track. In GA4 if you have ever seen the little orange triangle against any of your reports, it will tell you that ‘thresholding’ is being applied to that report. This means that some of the data has been ‘modelled’, aka ‘guessed’. They do this in order you can’t personally identify someone via the Analytics reporting. For anyone who was used to being able to zone right in on an invoice number and channel of origin and which hour of the day that sale happened, this shift in GA4 is one that’s hard to get used to.

Consent Mode is a means of activating Google tracking codes in a way that communicates to Google Analytics and Google Ads what the current user consent status is, and utilises permissible analytics tracking when ads tracking has been denied to help model the results.

Crucially, cookie banners that have been rolled out over websites all over the world as a result of becoming GDPR compliant (giving people the right to be tracked by Cookies or not tracked by Cookies) means that a vast number of people visiting your website will become invisible and untrackable to your business because they said ‘no’ to tracking on your Cookie banner if it weren’t for Consent Mode. For those people who only put up banner-lookalikes that say ‘by being on our website you are consenting to tracking’… it’s time to take swift action and put a proper cookie banner in place.

Google Consent Mode v2 (CMv2) is a piece of code that works with your website’s consent banner. It helps integrate your Google ads and analytics software with the visitor tracking choices they have made and has a couple of extra features that Google have now stated are mandatory from March 2024 onwards.

The extra two features relate to your cookie banner being able to convey to Google whether user data can be used for advertising purposes, and whether remarketing can be enabled. These two new features are in addition to the ‘analytics storage’ and ‘ads storage’ permissions.

CMv2 was introduced in late November 2023, and is an updated version of the original Consent Mode developed by Google. Consent Mode v2 comes with a deadline of March 2024, where Google requires all advertisers to adopt CMv2 as a mandatory requirement for uninterrupted ads serving.

 

How to tell if you have Consent Mode in place

To confirm if your website has consent mode enabled, start by reviewing your website’s privacy settings or consulting with your web development team, who will have put the code in place and managed any integrations with tracking software you have in place.

Consent Mode typically involves obtaining explicit user consent before collecting and processing personal data. Check your analytics tools or third-party services to ensure that user consent is being actively sought and given before any tracking is recorded. If you log into your Google GA4 account you might be confronted with this message, which then takes you through to the consent settings issues your website is facing at the click of a button.

A sure-fire way of knowing you DON’T have Consent Mode in place is if you still don’t have a cookie opt-in banner. So if you don’t, then in all likelihood, you aren’t compliant, and if you do, but it’s not certified by Google, then you might still not be compliant for Consent Mode v2 purposes.

Cookie banner plugins have been around for a long time and there is now an additional status of “Cookie CMP partnerships” that are verified as compliant by Google, to the extent these organisations have become partners with Google. Take a look here at Google Cookie CMP Partners.

There is an additional much fuller list of Google-certified CMPs here.

 

How do I put Consent Mode v2 in place on my website?

Implementing Consent Mode involves incorporating scripts or code snippets that prompt users to provide explicit consent for data processing activities. Consult the documentation provided by your analytics and cookies tracking tools for specific instructions on enabling Consent Mode as each provider has a different method.  Some involve using Google Tag Manager, others are plugins for your WordPress or Shopify website, and you can also hard code if that’s a skill available to you with a web developer on a proprietary website.

It may require adjustments to your existing website’s cookie management system, and it’s crucial to ensure compliance with relevant privacy laws, such as GDPR or CCPA (CCPA is a GDPR-like legally enforced requirement relating to natives of California in the USA, so this may be important if you sell overseas).

Integrating a consent banner with Google Consent Mode involves a combination of implementing the banner itself and configuring the behaviour of Google tags based on user consent preferences.

There is a handy comparison table here, published by Google, which is a helpful place to start if you don’t yet have a cookie banner in place. As already outlined, there is a comprehensive list of Google-certified CMPs here.

These providers will often give you great guidance in implementing the banners on your website, as well as give you step by step guides to help you configure any tags you use to be in alignment with the requirements of Consent Mode.

 

Penalties after March 2024 for non-compliance with Consent Mode v2

Failing to implement Consent Mode v2 by March with a Google-certified CMP will mean that businesses and organisations that rely on Google Ads for their customer acquisition will have limited ability to be able to continue to serve ads on Google platforms.

Consent Mode v2 uncompliant accounts will only be able to serve ads that are not personalised and that are based on aggregated data instead of specific user analysis of your website via GA4. So it’s important if Google Ads is a big part of your marketing and you use any of the remarketing functionalities .

 

Penalties for non-compliance with GDPR

This is the greater of the two problems if you do not appropriately offer cookie banners and cookie setting options for users of your website, and this has been enshrined in law since May 2018.

The issue of GDPR is not just confined to cookie setting on websites, but also extends to all areas of your business where you might control or gather data about individuals.

So for instance, if you are an ecommerce website – or even an ecommerce seller via a platform like Etsy, for instance – you will be beholden to GDPR law on the lawful processing and retention (and destruction) of data you hold about your customers. So, you need to have policies in place that deals with the storage and retention of customer information, clearly outlining how long you will keep the information (e.g. addresses that are on invoices) and your process for destruction of data. You also need to ensure the way you store this data is secure to prevent a data breach happening (someone hacking your IT system, for instance, or ways of minimising risk should an employee leave their laptop behind on a train).

If you aren’t an ecommerce company, but you gather people’s details via web forms, or any other form of digitised mechanism such as DMs on Instagram or Facebook, the same rules apply there too. Have you ever run a competition and needed to get the address of the winner on Facebook DMs in order to send them their prize, for instance?

And of course, if you have a mailing list that you build for emailing people about your services, you also need to comply with GDPR in the gathering and storing of that information.

All the major ‘software as a service’ organisations scrambled to become compliant on the advent of GDPR. So many of the ‘big names’ like Mailchimp, Dotmailer, Google, Facebook, Microsoft, Xero, Sage, Adobe, Dropbox, Slack, Survey Monkey, Zoom, Shopify, Hubspot, ZenDesk, Github etc…etc…are now 99.99% certain to be GDPR compliant when it comes to storing data securely on your behalf (and hence the prolific rise of the great and mighty, but mightily annoying 2FA). However, storing data securely and acting in a compliant way are not the same thing, so you still need to exercise process orientated compliance, and ensure your employees stay on the right side of the law too.

☝️But…back to the purpose of this blog, which is about Consent Mode and cookie banners on websites.

Cookies are one part of this huge GDPR jigsaw. Cookie setting is considered by the ICO to form a part of being able to identify users. Some cookies will do exactly this – in terms of being able to welcome a customer back on site by name, for example (it’s universally accepted by users that this kind of personalisation is good, ergo this is a ‘good use’ of a cookie). More often than not though, cookies are used to track people across the internet in order to push adverts at based on their behaviours online (and it is this that is generally considered to be ‘bad cookies’ by most people).

The headlines are that the fines can hit 20 million Euros or 4% of total turnover, whichever is higher. So don’t mess up, and if this has had you feeling a little uneasy, then go and check out the ICO enforcement processes in the UK 😱

 

Contact us

If you’d like help with any aspect of digital marketing, then email us on info@destination-digital.co.uk or give us a call on 01629 810199 for a chat.

We’ll Be Supporting Mr Fothergill’s and Griffin Glasshouses at RHS Chelsea 2024

Posted 22.04.2024

Our Friends Arts Derbyshire Present A Fundraising Evening Filled With Creativity & Fun!

Posted 15.04.2024

Debbie is Back in the Judge’s Seat at This Year’s UK StartUp Awards

Posted 08.04.2024
contact us

If you’d like help with digital marketing, ads management, SEO, copywriting, websites, branding or social media management… or anything else related to the internet and digital, then get in touch with us. We’re a friendly bunch.

You can email us on info@destination-digital.co.uk or give us a call on 01629 810199 or you can use the contact form at the bottom of this page.