Google Consent Mode

Overview

Google built a Consent Mode feature into some of their products to help comply with current privacy regulations such as GDPR.

Requirements

If you are unfamiliar with this feature from Google, check out Google's Consent documentation for more understanding before setting up GCM with your Enforce configuration.

Configure Google Consent Mode

Follow the steps outlined in this guide to integrate the Google Consent Mode feature with your Enforce implementation. 

Enable Google Consent Mode

1. Navigate to the User Consent section of the gateway.
2. Use the toggle toggle_on to enable.
3. Data Layer: This can be blank, using the default value dataLayer or enter a custom one. 
4. URL Passthrough: When enabled, this will pass events, session-based analytics, and even conversions without cookies across pages. 
5. Ads Data Redaction: Prevents potential collection of Personally identifiable information (PII).

6. Consent Type: The following consent types can be used and Google tags that support consent mode have their behavior automatically adjusted based on these consent types (no changes are needed to be made to the Google tags).

   1. ad_storage: Enables storage (such as cookies) related to advertising.
   2. ad_user_data: Sets consent for sending user data related to advertising to Google.
   3. ad_personalization: Sets consent for personalized advertising.
   4. analytics_storage: Enables storage (such as cookies) related to analytics e.g. visit duration.

   In addition to the consent mode parameters, there are the following privacy parameters:

   1. functionality_storage: Enables storage that supports the functionality of the website or app e.g. language settings.
   2. personalization_storage: Enables storage related to personalization e.g. video recommendations.
   3. security_storage: Enables storage related to security such as authentication functionality, fraud prevention, and other user protection.
7. Select a mapping: Choose a corresponding Enforce category, tag, or a static value to map to the Google Consent Mode type. If the Google Consent Mode type is mapped to a Enforce category or tag, the type value (granted or denied) will automatically be adjusted based on the user's consent status for that category/tag.

Basic & Advanced Consent Mode

The key difference between Basic and Advanced implementations of Google Consent Mode is, when consent is denied, Basic mode blocks the entire request to Google whereas Advanced mode allows the request to Google, but Google does not set any user identifiers in the form of cookies. We strongly recommend using a Basic mode for GDPR and CCPA compliance. For more information, refer to Google's Documentation.

Basic Consent Mode

In Basic Consent Mode, Google tags do not load until the user interacts with a consent banner. No data is sent to Google before this interaction. It is best practice to include Google domains/technologies in the consent categories in the List Manager. Once consent is given, Google tags load and execute the consent mode APIs, sending consent states to Google in this order:

1. Send default consent states.
2. Send updated consent states.

Advanced Consent Mode

In Advanced Consent Mode, Google tags load when a user visits your website or app. It is recommended to include Google domains/technologies in the always allowed section of List Manager. These tags load the consent mode API and perform the following actions:

1. Set default consent states. By default, consent is denied unless specified otherwise. While consent is denied, Google tags send cookieless pings.
2. Wait for user interaction with the banner and update consent states. Full measurement data is sent only when the user consents to data collection.

This approach offers better modeling than the Basic mode, as it provides a model tailored to the advertiser rather than a general one.

Consent Information

It is also recommended that you add information in your consent experience that explains the purpose of data collection and provide a link on how Google processes personal information (https://business.safety.google/privacy/)

Verify Google Consent Mode Settings

If using Google Tag Manager as your primary tag management solution, you can follow Google's instructions on how to verify the consent mode implementation here: https://support.google.com/tagmanager/answer/14218557.

Otherwise, verify the implementation using the below steps:

1. Open a private or incognito browser window and navigate to a page with Enforce consent configured. Using a new private or incognito window, the browser will treat you as a new visitor.
2. Before making any consent selections, open the browser's Developer Tools console tab.
3. In the console input box, type dataLayer and hit Enter.
4. From the console output, the initial "consent" "default" dataLayer push reflects default consent for a new visitor per the User Consent settings within the Gateway.
   
5. Any subsequent changes in consent appear as separate "consent" "update" pushes.
   
6. For visitors with prior consent, the sequence typically begins with the same "consent" "default" but followed by an immediate "consent" "update" push.
   
7. Leave the Developer Tools console tab open and make your consent selections. Be sure to opt-in to the consent categories(s) to test different statuses.
8. Reopen the dataLayer in the console, type dataLayer and hit Enter.
9. The relevant consent type values should be set to "granted" or "denied" respectively.

If you experience any issues, please reach out to our support team for assistance.