Consent Mode v2 and Privacy Basics for WordPress

Consent Mode v2 lets GA4 respect user privacy while still providing insights. Here’s how to implement it on WordPress with a CMP.

What is Consent Mode v2

Privacy-first analytics

Consent Mode v2 adjusts how Google tags behave based on user consent. If a user opts out of analytics cookies, GA4 switches to cookieless pings that record basic engagement without storing identifiers. This helps you stay compliant with GDPR and similar regulations while still measuring traffic.

Key benefits:

  • Compliance with GDPR, ePrivacy Directive, and other privacy laws
  • Continued measurement (aggregated) even when users deny consent
  • Better data quality by respecting user choices

How Consent Mode Works

Consent states

Consent Mode tracks two main states:

  • analytics_storage: Permission to store analytics cookies (like _ga)
  • ad_storage: Permission to store advertising cookies

Each state can be granted or denied. You update these states based on user choices in your consent banner.

Default vs. update

Set default consent before GA4 loads, then update consent when the user makes a choice:

// Default: deny consent
gtag('consent', 'default', {
  'analytics_storage': 'denied',
  'ad_storage': 'denied'
});

// Update when user accepts
gtag('consent', 'update', {
  'analytics_storage': 'granted'
});

CMP Integration

Choose a CMP

A Consent Management Platform (CMP) handles consent banners and user preferences. Popular CMPs for WordPress include:

  • OneTrust: Enterprise-grade, comprehensive features
  • Cookiebot: Mid-market, good GDPR support
  • Complianz: WordPress plugin, easy setup

Configure CMP to send consent signals

Most CMPs support Consent Mode v2. Configure your CMP to send gtag('consent', 'update', ...) calls when users make choices. Check your CMP’s documentation for specific setup instructions.

Test consent flows

Test with consent accepted, denied, and dismissed. Use GA4 DebugView to verify that consent parameters appear on hits and that behavior changes based on consent state.

GDPR Compliance Basics

Key requirements

For European Union (EU) traffic, GDPR requires:

  • Clear consent banners before setting non-essential cookies
  • Easy opt-out and preference management
  • Privacy policy that explains data collection and usage
  • Data processing agreements with third-party services (Google, etc.)

Cookie categorization

Classify cookies as:

  • Essential: Required for site functionality (can set without consent)
  • Analytics: Require consent under GDPR
  • Advertising: Require consent

Consent banner best practices

Your banner should:

  • Appear before any tracking scripts load
  • Offer granular choices (accept all, reject all, customize)
  • Be accessible (keyboard navigation, screen reader support)
  • Store preferences and not re-prompt on every visit

Verification and Debugging

Check consent parameters

Use browser dev tools (Network tab) to inspect GA4 hits. Look for gcs parameter (Google Consent State) in request URLs. This confirms consent signals are being sent.

GA4 DebugView

Enable GA4 DebugView (via browser extension or debug_mode parameter) to see real-time events with consent states.

Test with VPN

Test from EU IP addresses to verify that consent banners appear correctly for EU users.

References

Google Consent Mode Documentation
GA4 Consent Mode Implementation

Key Takeaways

  • Consent Mode v2 adjusts GA4 behavior based on user consent choices.
  • Integrate a CMP to manage consent banners and send consent signals to GA4.
  • Test consent flows and verify with DebugView and network inspection.

Get help with consent setup

Leave a Reply

Your email address will not be published. Required fields are marked *