GA4, Tagging & Consent Mode v2 (EEA-Ready)

Privacy by default means that consent for measurements has to be collected before any kind of analytics or advertising related scripts or cookies can be on the website. This changes how companies around the world measure ads success or user behavior on their properties. Companies have to be able to prove that robust privacy is a key value of their company, in the customers associated language, or else risk losing customers. If there is no consent for analytics related data collection, analytics after a GA4 implementation will become incomplete and probably pretty useless.

Even though the regulatory bodies are applying hard rules for the collection of this data, Google Analytics is still one of the most popular tools used to collect analytics data on properties. With GA4, Google made the right moves in terms of compliance with reality of measurement. GA4 is reliant on these signals coming from the Consent Mode implementation and is ready to work in states where these signals put restrictions on the collected and analyzed data.

Why Privacy-Compliant Analytics Matters in 2025

Privacy compliance must be included in analytics and measurement strategies. Privacy advocates pushed for privacy-by-default online ecosystems like the GDPR in 2018. Ensuring such ecosystems function without compromising measurements and advertising isn’t trivial, but Google has provided a viable path via GA4’s new data model, EEA-Ready tagging, and Consent Mode v2. Implementation attracts attention, but as these sections emphasize, privacy approaches and logics are what underpin the way GA4 and Tagging function, and ultimately what GA4 means for Google and advertisers.

Without accurate, reliable advertising data traffic acquisition becomes much more difficult. When mechanisms for tracking users are not available, consent is required to place tracking cookies on users’ devices. Ensuring that the majority of users consent to the use of tracking cookies is crucial for analytics to remain effective. Without traffic acquisition insights, determining the correct budget and channel allocations becomes much riskier. Moreover, audiences for retargeting must be large enough to fully leverage the advertising budget. In light of these challenges that businesses face, determining how much data will be lost, whether it is possible to gain consent back, and how to maintain a high ROI in light of privacy restrictions during the setup of GA4, Tagging, and Consent Mode v2 is essential.

The End of Universal Analytics and Rise of GA4

On 1 July 2023, Universal Analytics properties stopped processing new hits and were rendered permanently inactive. The migration to Google Analytics 4 was motivated not just by a need for GA4 to become available for all websites, but also by the desire to provide a modern analytics platform that meets current user expectations and legal requirements.

As discussed above, GA4 has been designed as a solution that spans the web and apps, works more effectively in a cookieless environment, and supports a privacy-first approach through minimization of data collection and 1st-party data in ads personalization. These requirements were articulated by Google in June 2021 and again in 2022 in relation to GDPR and the Digital Markets Act (DMA) of the EU

The future-ready nature of GA4 and the steps to set it up correctly are covered in the subsequent sections. A key focus area for data collection is tagging – a topic that, together with the broader measurement ecosystem, must also be examined in sufficient depth before specific guidance can be provided. As with many earlier and subsequent discussions, the principles and requirements of tagging are presented in a vendor-neutral manner, free of brand-specific references, and expanded during the concrete implementation sequence.

Data Privacy Regulations Shaping Measurement (GDPR, ePrivacy, DMA)

Core requirements of the GDPR and ePrivacy directive include the principle of data minimization, explicit consent for most types of tracking, and the right to be forgotten. These considerations extend to most digital advertising and measurement systems and are especially relevant to Google’s Consent Mode v2 for GA4 tagging. The primary updates to that infrastructure concern the flow between Consent Management Platforms (CMPs) and GA4-compatible tagging. Consequently, the ad_storage, analytics_storage, and related signals have a direct impact on ads personalization and modeling, which require special consideration.

Privacy regulation is also being shaped by the Digital Markets Act (DMA), which establishes new rules about the operations of major online platforms. Google Ads is one of several ad networks currently being investigated for potential enforcement action. At the time of writing, the primary topics under scrutiny relate to behavioral advertising. As a result, Consent Mode v2 is designed to satisfy the GDPR and ePrivacy requirements as well as those for the DMA, without transferring user-level identifiers to systems operating under those domains.

What Is Google Analytics 4 (GA4)?

Google Analytics 4 (GA4) is the latest version of Google’s analytics platform, focused on event-based tracking and cross-platform measurement for web and mobile. Built for a future with limited third-party cookies, GA4 relies increasingly on first-party and zero-party data, data-minimization principles, and privacy-friendly adaptations like Consent Mode v2 (the EEA-ready version). At the same time, GA4’s association with other Google products and services can enhance observation, enable deeper integrations, and drive more precise measurement.

GA4 is best understood as the analytics counterpart to Google Ads, working together to provide insights into user behavior and ad performance. Measurement in both products is increasingly focused on users (rather than sessions) and their intent (rather than behavior). Consent Mode v2 orchestrates a user’s consent choices between the respective Consent Management Platforms (CMPs) and GA4/Ads tagging, and shaped by the user’s decisions, the observed analytics data flow influences audience building and ads measurement.

GA4’s Event-Based Data Model

A shift in data model and semantics underpins the switch to Google Analytics 4 (GA4) and Consent Mode v2. Universal Analytics was centered on Sessions, which can carry multiple Hits, and Events inherited Hit-level semantics along the way. In contrast, GA4 uses an Event-Based model: all data are Events, each with a unique set of parameters, and Events can convey User Properties as needed. Understanding this new model is crucial for correctly setting up tagging, leveraging consent signals, and using GA4 for privacy-aware measurement. The following overview introduces the Event-Based Model at a high level. More detailed information about Events, parameters, and User Properties is linked below.

The new Event data model lays the groundwork for GA4’s Server-Side Tagging recommendation, which is needed to embed first-party cookies for cross-domain tracking, enhance user privacy, and provide data to Analytics 360 and other privileged destinations. Modeled data is also critical to first-party data pipelines and modeling-based ad attribution in a privacy-compliant world. Cross-Platform Tracking for Apps and Web describes the integration with Google Analytics for Firebase, while Why GA4 Is Built for a Cookieless World explains how Cookies, Consent Signals, and Modeling help compensate for lost third-party data.

Cross-Platform Tracking for Apps and Web

The close integration of Google Analytics 4 (GA4) across app and web surfaces creates extensive opportunities for understanding user journeys. One significant benefit is that the Google Analytics App + Web property type is now superseded by GA4 properties and that Consent Mode v2 is designed to work seamlessly across both apps and websites. Support for first-party data pipelines and server-side tagging is also highly relevant for app measurements. These privacy-related enhancements are explained in “First-Party Data Pipelines and Google Ads Data Manager” and “Server-Side Tagging to Reduce Client Data Exposure.”

Modeled conversions help tack the attribution gaps that arise from Consent Mode operations. Yet Consent Mode v2 can also power GA4 attribution capabilities on its own when users decline consents that allow advertising system idealization for first-party expenditure tracking. The new model operates seamlessly with prioritization of one-touch visibility into performance patterns. This is detailed in “Modeling Conversion Behavior When Conversion Data Is Incomplete.”

Why GA4 Is Built for a Cookieless World

A governing principle of measurement in Google Analytics 4 (GA4) is to support the collection, processing, and usage of first- and zero-party data in anticipation of a future without third-party cookies. The idea is not only to reduce reliance on third-party cookies but also to build a more compliant, privacy-respecting, and responsible advertising ecosystem.

To achieve that goal, GA4 relies on first-party data collected in a privacy-respecting way (with consent) and on zero-party data, which is data that the user has explicitly provided to the organization with the goal of enhancing their experience. For visitors that have not given consent to analytics tracking, GA4 uses modeling for a subset of analytics functions, provides signal intelligence for Ads personalization as well as for other ads planning and measurement functions, and supports conversion modeling within Google Ads.

Understanding Tagging in GA4

The terminology related to tagging in Google Analytics 4 (GA4)   tags, triggers, and parameters   differs from that of earlier versions. Tags send data to GA4, while triggers define when the tags activate. Application of logic is set in Google Tag Manager (GTM). Parameters provide details about the event and user. These concepts are introduced here to prepare for the subsequent detailed discussions on implementing tagging through GTM and working with server-side agents.

Tags are the mechanism to send data to services. The GA4 setup tag collects the configuration needed for data collection. Additional tags can be created to send events or conversions to the GA4 interface. Tags can also be set up in GTM as a central place to govern all tagging. Triggers determine when tags fire. For instance, a tag tracking purchases fires every time a purchase is made on the website or app, while a tag tracking page views is triggered whenever a user opens a page.

The Role of Google Tag and GTM (Google Tag Manager)

Understanding the high-level role, capabilities, and responsibilities of the Google Tag (gtag.js) and GTM (Google Tag Manager) products is essential for successfully implementing GA4, tagging, and Consent Mode v2.

Two different products serve all GA4 and tag implementations Google Tag (gtag.js) and Google Tag Manager (GTM). Google Tag is commonly referred to as gtag.js, the underlying library that manages data collection for Google. GTM is a tag management system that stores tags within a centralized, user-actionable interface. Only one of these products is used for any specific implementation, but both can be present on the same website.

The Google Tag is a direct implementation that allows minimal yet powerful tracking configuration in a few lines of code. It uses data layer commands to define the structure of data being transmitted, and Google’s built-in connectors retain the assigned value until it is overwritten by a different command. The consent signals, when declared in the JavaScript function gtag(), modify the behavior of the Google Tag. With Consent Mode v2, the absence of user consent alters data collection, and setting the signals disables particular types of tracking per directory level based on user consent.

Google Tag Manager is a centralized tag management system that allows tagging without adjusting the core structure of the site. Tags, triggers, variables, and templates operate together within the web interface to store any type of tracking or marketing tag. GTM can also read from the data layer, minimizing the need for developers to add custom implementations for anything added to the data layer. When using Google Tag Manager, the consent signals are managed directly within the Google Tag Manager web interface. GTM has specific built-in variables, commonly prefixed with gtm., which provide critical information to validate that the CMP is functioning correctly.

Server-Side Tagging Explained

Configure Server-Side Tagging in Your Google Tag Manager Account.

When using Server-Side Tagging, user interactions are captured in a first-party context (your website’s server), which also becomes the intermediary between users and analytics/advertising products. User information may pass through the address of your server before being fully sent to analytics products (such as Google Analytics) or advertising networks (such as Google Ads). As a result, sensitive user data is less available to unauthorized parties.

In this architecture, user data collected through tags before reaching the first-party domain (clients) are anonymized. Both IP addresses and the User Agent string which lets third parties know which device is being used can be anonymized.

This makes a difference, for example, when browsing the website with Safari or Firefox the main browsers blocking third-party cookies. Since the tag request comes from the first-party domain, it does not face the same “protection” as it would if it came from a third-party context.

In the previous architecture (without Server-Side Tagging), all APIs were triggered from the user’s web browser making it easy for some browsers to perform a few checks and stop unwanted external requests. When using Server-Side Tagging, permissions for allowed external requests are defined in the server-side tool, whether GTM or any other technology.

To start using Google Tag Manager (GTM) Server, there is a server container that can be linked to the GTM account being used.

The information above describes what may happen if the data is not protected during the journey from the client to the advertising networks or analytics platforms.

In addition to this, when it is known that Google Analytics will be replaced by GA4 (Google Analytics 4), which does not use third-party cookies and is more dependent on first-party data, it is necessary to pay attention to how to transmit the information stored in Google Analytics to Google Ads when using them together.

Google Analytics uses tags to send information to its servers whenever the user performs an interaction with the website.

When using GTM Server, it is possible to send first-party cookies to Google Analytics; thus, all actions performed by a user who clicked on a Google Ads advertisement should be properly closed with the Google Ads conversion tracking tag.

Consequently, the User-Agent IP address that is sent to Google (both Analytics and Ads) is made available in a first-party manner, which in Safari and Firefox browsers will allow the normal conversion tracking of Google Ads, allowing Google to build accurate audiences for Campaign targeting.

At the same time, Sitewide Remarketing Tags can be sent through GTM to a first-party cookie, enabling Google to build remarketing lists using its own first-party cookies.

Benefits of a Centralized Tagging Infrastructure

A centralized tagging infrastructure supports a Data Layer Governance strategy and facilitates other high-impact tagging techniques covered in this guide. A unified approach enhances measurement consistency, maintains privacy controls across a range of providers, and centralizes governance management and testing for all tags.

Governance, Consistency, and Privacy Controls

Using a single, organization-defined framework for tagging enables faster acceptance of new tags, improves setup and testing processes, and reduces the risk of measurement errors and data sprawl. A shared infrastructure ensures privacy requirements are included for every tag, no matter when it was created or which individual or team implemented it. This, in turn, reduces the risk of passing personally identifiable information (PII) to third parties inadvertently.

Consider any of the three popular Consent Management Platforms (CMPs) featured here. Each supports consent management by logging and displaying whether users have accepted or rejected cookies based on their privacy policy. Each application communicates with Google Tag Manager (GTM), its infrastructure relay, by setting variables that correspond to the tags that trigger on user consent.

Data Layer Governance

Governance of tag implementation via a centralized Data Layer has a long broader set of uses and requires structuring, naming, and defining all variables by set protocols. Centralized Data Layer Governance control means all data sent to tag logic from all tags has been tested and approved by a responsible team or manager.

Every data point going in and out should be declared clearly, understand by all those managing or working on the site, confirmed to be working accurately, and tested either automatically or daily. The process can generate natural control of data quality across all data-collecting areas of the marketing funnel and beyond.

What Is Consent Mode v2? (The EEA-Ready Version)

Dive into the what and how of Consent Mode v2, the EEA-compliant iteration that underpins the next tagging-generation strategy for GA4. Consent Mode governs how GA4 and Ads manage and react to user consent signals; modeling techniques compensate for measurement gaps.

At a high level, Consent Mode v2 orchestrates the interplay between tags and your Consent Management Platform (CMP). When users visit a site for the first time, they interact with the CMP before any GA4 or Ads tags fire. Tags then use the signal values provided by the CMP to tailor collective data collection. For example, if a user rejects consent for analytics cookies, GA4 will stop sending pageview events and other event data, while Ads will not personalize ads or record Analytics data.

Consent Mode v2 represents a major revision of its predecessor, with profound effects on data collection, signaling, and modeling. Most notably, the new architecture allows tags to signal back to the CMP when no consent has been granted and for which cookie purposes. CMPs can then manage other scripts on the page according to these signals, improving compliance with privacy regulations and enhancing user experience. Note, however, that not every CMP has been updated to support the new functionality; consult your provider.

Definition and Overview

Consent Mode v2 is the tagging framework’s response to the stricter privacy demands of the EEA. As a subset of Google Analytics 4 and Google Tag Manager configuration, its purpose is to articulate when and how a user has provided consent for Cookies (or not) to be utilized during their session. The ultimate objective is to fulfill GDPR and ePrivacy obligations while optimizing measurement and advertising capabilities. Enhanced support for ad_storage and analytics_storage is critical: Consent Mode v2 must leverage deeper integration with Consent Management Platforms (CMPs) to enable communication of users’ consent status directly to Google Tag, GTM, Google Ads, and Analytics 4.

Cookie consent remains a thorny issue for users, agencies, advertisers, and measurement alike. Major gaps in traffic data and attribution accuracy exist when users reject consent on sites or apps. These pitfalls have sparked the demand for consent recovery: restoring visibility and accuracy when the user is not prepared to accept, or has not yet accepted, tracking using third-party Cookies. Such, then, is the intention of the GDPR: A user must have the option to visit a site without being tracked and profiled, and should be visibly clear that they remain trackable with appropriate consent.

Consent Mode v1 vs v2 – What Changed?

GA4, Tagging & Consent Mode v2 (EEA-Ready): The 2025 Ultimate Guide to Privacy-First Analytics and Measurement

Consent Mode v2 improves on its predecessor by better aligning data retention and GDPR principles. The key changes that shape tagging are:

1. Consent rates now influence analytics_storage and ad_storage, dictating data collection rather than firing all tags with storage false settings. Consent rates below 100% in any of the regions reduce visibility into audience segments while the analytics_storage signal remains unconsented. Other regions are unaffected.
2. When analytics_storage is set to false, all GA4 conversion and remarketing events should set the ad_user_data parameter to true. This change hibernates the cookies used for those functions, preventing any advertising-related browser activity tracking until consent is logged.
3. The ad_storage signal matters for GA4’s Tag Manager and Data Layer, indicating when remarketing and conversion tags and events can be executed and fired. If either storage setting is false, Analytics is signaled not to use or set third-party cookies. A timeout or user dismissal subsequently clears the cookies.
4. Google Ads Attribution now incorporates both consent modeling and consent states for attribution.

To reap these benefits, Sync your CMP configuration with the GA4 configuration, ensuring labels match exactly for the four consent parameters.

How Consent Mode v2 Works with Consent Management Platforms (CMPs)

Consent Mode v2 orchestrates between a website’s Consent Management Platform (CMP) and Google Analytics 4 (GA4) tagging infrastructure. The CMP signals the user’s consent state through custom JavaScript variables, and GA4 matches the consent decision with a four-part consent signal set. Each signal determines whether true or false writes to the associated integration.

When designing a new user experience outside the EU, the assistant described how tags respect users’ opt-out choices. Rejecting consent for analytics (when Identifying with Google) or for ad personalization influences attribution via a modeling technique. When opting in for ads and analytics, complete data collection enhances filtering of bot traffic and attribution accuracy. Users accepting only ad personalization block an important part of the analytics data, therefore modeling becomes essential. Now, Consent Mode v2 Ready is designed to accommodate regional differences in the consent signal state.

The Four Key Consent Signals: ad_storage, ad_user_data, analytics_storage, ad_personalization

These four core consent signals dictate GA4 tagging behavior to uphold GDPR and ePrivacy Directive requirements in the EU and EEA.

Consent Modes, Signals, and When They Fire:

These are the settings key to the improved Consent Mode in GA4, GTM, and gtag:

– **ad_storage** controls the analytics and advertising storage. A status of #00 allows the storage of related data unless the user has rejected storage consent with the CMP; if ad_storage = “denied,” analytics_storage is also denied.

– **ad_user_data** controls the analytics storage of user-level data such as the user_id and user_properties. When set to “denied,” it is not stored regardless of the value of ad_storage.

– **analytics_storage** controls the data storage for analytics (GA4, Floodlight, etc.) when the CMP provides storage consent. An Analytics CMP asks for storage consent at the highest level of granularity (for analytics, ads, statistics) and analytics_storage is allowed only if the user accepts.

– **ad_personalization** controls ads personalization and the matching of user identity which facilitates more accurate attribution (Google Ads, Ads Data Hub). A status change from “denied” to “granted” allows for more personalized ads for the moment but does not retroactively change the past; that is still based on user privacy preferences.

Meeting GDPR, ePrivacy, and DMA Requirements:

These signals are designed to ensure compliance with both the General Data Protection Regulation (GDPR) and ePrivacy Directive. These two regulations protect EU and EEA users, while the Digital Markets Act (DMA) ensures that a private company cannot abuse a market power position under EU law.

Data privacy laws such as the GDPR and ePrivacy Directive require a high level of protection for the user by providing users with a choice about whether they wish to receive tracking that enables personalized advertisements. Consent Mode v2 respects these choices and provides information on whether privacy consent was granted. As Consent Mode v2 is recently released, more scenarios could emerge and more testing should be done.

Why Consent Mode v2 Matters for EEA Compliance

These signals connect to requirements in the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the Digital Markets Act (DMA), while the Digital Advertising Alliance (DAA) provides self-regulatory guidance for interest-based advertising. Meeting these obligations means obtaining user consent for non-essential cookies, personalized ads, and web-based tracking. Measurement costs add complexity, as users may reject consent for multiple complementary services analytics, ads tracking, and third-party cookies leading to data loss that modeling can only partially recover.

GA4 is thus built for a privacy-restricted world, relying more heavily on first-party data, zero-party data, and reliable consent signals. Contributors also model unsignaled conversions, albeit with caveats. Using Consent Mode v2 correctly supports GDPR and DMA compliance.

Google’s Response to GDPR and the Digital Markets Act (DMA)

In the words of Google: “We take privacy seriously. We’ll follow the spirit of such legislation, but the rules can be complex to implement. Different interpretation, data collection methodologies, people’s desire for different privacy levels, and legal incentives may produce varied levels of data availability on the Internet. Google will strive to work with advertisers to support all this, but GA4 will be better suited for a privacy-sensitive world.”

GDPR and the ePrivacy Directive protect the EU citizens’ right to data protection, while the Digital Markets Act (DMA) aims to create a fairer digital marketplace for users. These regulations place certain limitations on how advertisers can build audiences, how users can be tracked between sites, and how the analysis of ROI can be performed. Audience building will require explicit consent from the user in order to provide private data. Attribution is based on observing the entire user journey, but if any part is not tracked, it can’t be used for attribution. Ads not personalized at the user level will have lower attribution accuracy. Therefore, the number of-modeled conversions will usually exceed observed conversions.”

How It Affects Ads Personalization and Measurement

For signals to work together, four key components must be taken into account and applied in conjunction with a Consent Management Platform (CMP). Using these signals informs GA4 tagging and signals how the data can and cannot be used. Specifically, consent given or denied by users will directly affect ads personalization and measurement in GA4.

According to Google, the changes related to ads personalization and measurement are mainly expressed in the following four areas:

1. Ads Personalization: The ad_user_data and ad_storage signals control whether data is used to personalize ads.
2. Capturing Data for Modeling: When updating your audience lists, data can still be captured for modeling when users have not given consent for storage or access. This allows data to be captured and modeled for measurement.
3. Attribution: When users do not grant access to their data for example, their interaction with the brand is not registered as a conversion in Ads. Instead, it is modeled using machine learning for the Auto, Smart Shopping, and Display campaigns outside of the EEA region. This data is made available in Google Ads through modeled conversions.
4. Measurement: When a user denies analytics consent, data about trigger events, products viewed or purchased, and other analytic events are not collected. As a result, these users are no longer included in the reach reports.

Impact on Conversion Tracking and Attribution

Changes in Conversion Tracking and Attribution Affecting privacy in digital advertising requires modifications to Google Analytics 4 error check and attributes in order to comply with these regulations, especially for measurements related to privacy-sensitive areas such as ads personalization. Conversion Tracking and Attribution concepts have been redefined, Consent Mode signals have been introduced, and Consent Mode has been updated to work with Consent Management Platforms. GA4 now has the ability to handle Consent Mode v2.0, which can utilize the new signals introduced. Consent Mode allows advertisers to use their existing analytics solutions while honoring users’ tracking preferences and helps in measuring the impact of advertising even when they do not receive explicit consent to place cookies.

AGA4 model also provides Conversion Modeling feature that helps in addressing the gaps in conversion tracking as a result of using Consent Mode with a Consent Management Platform. The Measurement Protocol v2.0 allows Modeled Conversions to flow into Ads as a new data source. These Modeled Conversions can then be used for modeling-driven attribution for campaigns. The links between controlled ads in Google Ads and Modeled Conversions now help in further enhancing attribution by controlling for whether a user had actually accepted ads personalization cookies during their visit to the website.

Modifications to Conversion Tracking and Attribution and with the Measurement Protocol v2.0 and its ability to send Modeled Conversion events to Google Ads. Under Consent Mode v2.0 both the Commerce Data and Commerce Purchase events can be tagged as conversion events. Support for Conversion Modeling provides an effective way to recover from the data loss that results from privacy compliance. When modeling is applied, the Modeled Conversions will flow to Google Ads and will be leveraged for attribution across channels.

How GA4, Tagging, and Consent Mode v2 Work Together

GA4, Consent Mode v2, and tagging work as a tightly integrated measurement stack that is triggered by user interactions and governed by a Consent Management Platform (CMP). GA4/Ads act as endpoints to the flow, collecting and responding to signals from the CMP and the tags. The process follows five main steps:

1. The user visits the site. If a CMP is installed, it determines whether to present the consent banner based on pre-defined criteria like region, language, and consent status.
2. When the user interacts with the CMP, that action triggers the firing of Consent Mode signals that inform the measurement stack of consent decisions.
3. GA4/Ads tags set with the appropriate Consent Mode parameter(s) then execute (or do not execute) as a result of those signals.
4. Consent Mode v2 influences how data is sent to the GA4 and Google Ads endpoints, either adhering to stated preferences or relying on estimations.
5. Modeled conversions help recover lost measurement for conversion actions in Google Ads.

Consider these five steps from the perspective of measurement in a privacy-first world, where user consent is the default. Modeled conversions in particular provide a partial recovery mechanism in the event that analytics storage is not granted.

The Data Flow: User → CMP → Tags → GA4/Ads

GA4, Tagging & Consent Mode v2 (EEA-Ready) describes technology-centric measurement details in 2025. The end-to-end data flow from user to measurement infrastructure captures interdependencies shaping technology implementation.

Measurement planning focuses on Consent Mode v2 for Google Analytics, Google Tag, and Google Tag Manager (GTM) containers. The full data flow steps through the user, consent management platform (CMP), tagging solution, and resulting data flows into GA4 and Google Ads, with conversion modeling serving as a recovery mechanism.

A consent-aware CMP unveils how GA4, tagging, and Consent Mode v2 work in tandem. The sequence commences with the user experiencing a CMP prompt. When users either accept or decline cookies or tracking, the CMP sends four key signals to the tags, governing the subsequent flow and the data collected along the way:

– ad_storage

– ad_user_data

– analytics_storage

– ad_personalization

The handling of these four signals determines the user tracking experience, influencing whether any analytics data is captured, including conversion events. Conversion modeling recaptures some data during later visits if users initially decline consent but later become engaged and willing to consent.

Using Conversion Modeling for Partial Data Recovery

Models analyze historic patterns to fill missing gaps. Although Consent Mode v2 cannot recover data for users who opted out of analytics storage, conversation models can fill gaps created by incomplete data. All modeled conversions use a probabilistic method that fills in some of the modeling data gaps.

Modeling is triggered when at least 20 conversions by a specific conversion action have been recorded within the selected attribution window. If enough conversions have not been reached, indicators switch off for that conversion action. Modeled conversions are highlighted if the proportion of modeled conversions currently exceeds 15 percent for the selected attribution window. If the proportion of modeled conversions stays above 50 percent over five consecutive days for a selected conversion action, marketers should consider removing the action.

Being characterized as a partial recovery model means that only a portion of conversions that are counted as modeled conversions are fully modeled. In this context, a modeled conversion can be seen as an estimate generated based on conversions associated with similar completion paths. The estimate is created by taking into account observed data, affinity-based modeling, and cross-device matching. Marketers should take these factors into consideration to ensure that they do not expect perfect precision. A successful privacy-first analytics implementation ensures that these conversions make up as little of the total conversion volume as possible.

Maintaining ROI in a Privacy-Restricted Environment

Ultimately, Privacy-First Analytics Is Pruned Monitoring ROI in a privacy-restricted environment requires careful decision-making. Three key metrics provide orientation: modeled versus observed conversions, the consent rate, and data loss and recovery trends.

The ratio of modeled to observed conversions helps measure data loss, while the consent rate at a global or regional level indicates diminishing signal availability. High opt-out levels necessitate additional scrutiny, particularly regarding attribution modeling. If loss rates exceed 10–20%, operations teams should identify strategies to boost consent rates, such as enhancing cookie consent notices and disclosures.

Setting Up GA4 with Consent Mode v2 (Step-by-Step)

The following concrete steps detail the exact sequence to implement GA4 with Consent Mode v2: first, set up a Google Tag or Google Tag Manager container. Then integrate your Consent Management Platform (CMP). Next configure the Consent Mode parameters. Finally, validate tag correctness and connect GA4 with Google Ads for modeled conversions. Much of the groundwork was laid in earlier sections, which discussed tagging definitions, tagging responsibilities, and the data flow from users through CMPs and tags to Google Analytics and Google Ads.

Step 1: Implement Google Tag or GTM Container. Deploy either gtag.js or a GTM container, ensuring that your tagging infrastructure is ready for use. A data layer is helpful for Consent Mode, but not essential. Tag Manager integration is recommended for a centralized tagging approach that simplifies implementation and governance. However, privacy-first measurements permit the use of first-party cookies, so GTM server-side support is not strictly required. See Understanding Tagging in GA4 and The Role of Google Tag and GTM (Google Tag Manager) for further details.

Step 1: Implement Google Tag or GTM Container

GA4 tagging and Consent Mode v2 rely on a Google Tag container (gtag.js) or GTM container. Ensure the chosen container is correctly implemented and the data layer is ready for Consent Mode integration.

Two options are available. Use the Google Tag (gtag.js) container for a straightforward implementation that places GA4 tags directly in the page; or implement a Google Tag Manager (GTM) container for centralized tag governance and customization.

If using GTM, implement it according to the GTM documentation. Focus on other parts for guidance on setting a data layer that will facilitate consent-mode tagging and on connecting consent management platforms, deploying privacy-specific consent mode parameters, and validating everything by region.

If using the Google Tag (gtag.js), ensure it is accessibly set up and working correctly. Then set the necessary consent parameters in the next step.

Step 2: Integrate Your Consent Management Platform (CMP)

Integrating your Consent Management Platform (CMP) involves combining the CMP scripts on the website/CMS with the Consent Mode v2 consent signals and parameters. These parameters allow setting preferences for data collection on the website, as defined by the CMP provider. The CMP controls the ad_storage, analytics_storage, and ad_user_data signals according to user consent decisions for personalized ads and analytics tracking. For normal website functionality, an “I accept to use these cookies” button should be displayed, without disturbing the user experience. When users select these options, they choose to have their data tracked. However, they have the right to be forgotten in accordance with GDPR.

The CMP must be configured correctly to obtain regional opt-in consent for ads and analytics by users. Consent Collection Settings allow opting users in or out of ads personalization across all regions. If a user is opted out of ads personalization, the ad_storage signal switches to “denied.” If ad_storage is set to “granted” in the CMP, this indicates that the user will be shown personalized ads in the Ads ecosystem if targeted based on interest. In regions that do not require personalized ads, such as the USA, the user should accept these cookies to have their data tracked.

Step 3: Configure Consent Mode Parameters

Set the following parameters in the chosen tag or container, adjusting defaults to suit your application and specifying fallback modes when required:

– `ad_storage`: Value (“granted” or “denied”) of the ad_user_data signal at the time the tag fires, or the default value if that signal does not exist.

– `ad_user_data`: Value (“granted” or “denied”) of the ad_user_data signal (set by the CMP) when the tag fires, or the default value if it does not exist.

– `analytics_storage`: Value (“granted” or “denied”) of the analytics_storage signal at the time the tag fires, or the default value if that signal does not exist.

– `api_secret`: The value of the secret used to link Consent Mode to a Google Ads account.

These parameters are defined in the Four Key Consent Signals section.

Step 4: Validate Tags and Debug with Consent Mode Testing Tools

An effective final check combines Google Tag Assistant with the native debugging tools in Google Tag Manager (GTM) Preview Mode. Highlighted indicators can help confirm tags operate as expected based on user interactions with the Consent Management Platform (CMP).

First, the Google Tag Assistant Chrome extension displays Sitewide Alerts for Consent Mode v2 compatibility. Here, the configuration file loads successfully with valid v2 settings. If it doesn’t, the specific issue is noted.

Next, GTM Preview Mode is opened, branching into a two-tab view highlighting client-side activity (tag executions, events, etc.) and the GTM Control Panel. The Control Panel differs from the client-side view by showing complete data for every GTM-related event. Clicking on an event replays the action and scrolls to that location in the Timeline.

To monitor CMP interactions, the Control Panel’s All Events list is followed for Consent Mode v2 activity. Filtering for unique Tag IDs shown only in the Control Panel can also summarize conditions for Consent Mode-v2-related tags.

After user interaction with the CMP, the active event’s trigger list reveals which triggers fired and which tags executed. For validation purposes, the expected status of the four Consent Mode signals is checked against the subset of executed triggers. As a final confirmatory step, the ga4_config tag is highlighted, expanding the previewed variable details to check the current values of the active Consent Mode signals.

The expected outcomes depend on the user’s consent actions. Tags that did trigger are also tested via the original tag preview for correct function and value assignment.

Step 5: Connect GA4 with Google Ads for Modeled Conversions

To complete GA4 setup with Consent Mode v2, link GA4 and Google Ads accounts to enable modeled conversions in Ads reporting and the Google Ads UI. Modeled conversion modeling integrates into the broader Google Marketing Platform and will track conversions in Ads reporting going forward. The modeled attribution info lets advertisers take full advantage of audiences defined by consented users.

For the connection to work properly:

1. Google Ads needs to be set up for conversion tracking.
2. Google Ads apply both the consent consent mode signals and the model-data doors on the imported conversions.

The linkage process consists of five simple steps:

1. Log into GA4 (not Google Ads).
2. Go to Admin → Property Settings.
3. Open the “Link with Google Ads” card.
4. Complete the flow in the pop-up and close it.

Once the connection is made, it can be used to share data continuously across the two accounts. It will also need to be done to complete the third-party partnership verification.

Advanced Tagging Strategies for Privacy-First Measurement

Implementing GA4 with Consent Mode v2 sets a functional privacy-first measurement baseline, but several advanced approaches further enhance and future-proof data collection and analysis. These strategies support compliance with emerging privacy regulations, optimize data management, and improve governance practices.

Privacy-First Tagging Strategies and How They Fit Together

Server-side tagging routes tagged data through a server-side Google Tag Manager layer before it hits the destination, allowing the site owner to control what data is sent and how it’s used. Client-side data submitted to the server-side container can be filtered, modified, or enriched before reaching third-party destinations and stored for first-party use. For instance, organizations might temporarily set up a first-party cookie on their domain using GTM Server so that product retargeting remains effective and data privacy disclosures can clarify the use of third-party cookies.

Integrating Enhanced Conversions into tagging processes permits ad networks to build richer user profiles even when third-party cookies are disabled or restricted, such as signing in to a website or making a purchase. Enhanced conversions capture the email address, phone number, first name, last name, zip code, and country of users who have opted in to ad personalization, and securely hash the data for submission to the enhanced conversion conversion API.

Organizations can implement Hybrid Tracking to detect both first-party and third-party cookies based on the requesting browser or device and maintain comprehensive data while complying with geo-targeted regulations. Data Layer Governance practices ensure that the data layer is actively maintained and consistently used across all properties, especially when integrating a Consent Management Platform (CMP). Such governance defines the Data Layer Naming Convention and consistently samples and validates the data layer.

Server-Side Tagging to Reduce Client Data Exposure

Carrying data through server-side layers, where possible, enhances privacy and reduces the risk of cross-site tracking. To illustrate the architecture, consider a scenario in which a user visits a website and interacts with a privacy-compliant cookie banner. Server-side tagging amplifies privacy by instructing the client to make requests and share the necessary data with first-party domains.

  When the user accepts analytics consent, the client makes a request to the analytics server and shares the relevant data (without hl parameters) with it.

  When the user accepts optimization consent, the client makes a request to the optimization server and shares the relevant data (usually including hl parameters) with it.

These setups ensure that potentially sensitive or privacy-related information remains within the website owner’s ecosystem instead of being exposed to a third-party domain. In this scenario, the Google Tag Manager and other similar tags act as handlers for the user’s journey.

Moving data through server-side layers should be applied consistently throughout the entire user journey. The earlier data layer governance section brings further attention to this point. It specifies that the information flowing through the data layer must be treated as first-party data, so decisions can be made around its hygiene and source of truth. A future section on hybrid tracking discusses the details when first-party cookies are being created via server-side tagging.

Hybrid Tracking with Enhanced Conversions

The fourth advanced topic addresses hybrid tracking with enhanced conversions. The focus is on improving support for analytics and Ads attribution in the presence of privacy consent state changes during a user session.

Privacy regulation, browser defenses, and a general push for a respectful user experience are all resulting in greater numbers of requests being made without associated consent. During a session where analytics consent is denied, the resulting gaps can limit the accounts’ knowledge of the user and context, and also harm attribution in Ads reporting. A mitigation approach from Google (Enhanced Conversions) can improve the situation for both Ads and Analytics, but requires that these two services have a plumbing connection between the tracking layers.

Enhanced conversions offer the basis for sending additional data from the website or application after a user has completed a conversion event. The key point of difference is that the details of the event can be sent outside the core request made by the user and therefore can be sent along with first-party cookies that help match the events back to the right users.

Using GTM Server for First-Party Cookies

Setting up GTM Server to use first-party cookies is a straightforward process that offers several benefits. Firstly, it allows ownership of the cookies being set; second, it supports detection of browsers in the users’ intranet and avoids unnecessary cookie alerts. The steps to implement this solution are summarized below.

1. **Create the GTM Server Container** in Google Tag Manager
2. **Set the GTM Server Endpoint in the Tag Manager Account** (gtm.server.com)
3. **Update the DNS for Custom Cookie Domain** (e.g. gtmsite.mydomain.com or gtm.mydomain.com)
4. **Add Site URL Variable** in the GTM Server Container
5. **Add Fields to Modify to Set ‘cookie_domain’ to ‘{{Site URL}}’** to GDPR/CCPA Trigger with IP Address and User-Agent headers to avoid setting third-party cookies
6. **Change the Standard GTM Escape HTML Configuration** to prevent URL encoding of ‘content’
7. **Test Optimization of Cookies** by entering the URL used for cookies and the URL shown (Domain for cookie). During testing, the behavior of the first-party cookie must be verified on different browsers and using the incognito mode.

So, by following these steps, businesses can successfully set up GTM Server to use first-party cookies, ensuring data ownership and compliance with regulations.

Implementing Data Layer Governance

Data Layer Governance facilitates compliance with data privacy and consent regulations by implementing naming conventions for data layer push variables, providing a validation checklist and specifying how the configuration affects Consent Mode v2.

Data Layer Governance specifies a naming convention for variables pushed to the data layer, plus a validation checklist. Consistent processing helps implement other methods described in this guide and makes Data Layer integration with Consent Management Platforms (CMPs) easier and more reliable. With a Data Layer that follows the Governance naming convention, CMPs assign each push variable to the correct group, apply suitable opt-in messages and conditions, and help ensure that Consent Mode signals fire correctly. Moreover, the defined structure makes it easy to connect the data layer to a first-party cookie setup another method that reduces data exposure.

Frequent scrutiny and testing ensure that the Data Layer always meets requirements. The following checklist supports clear, secure implementation and facilitates compliance with all measurement methods described in this guide: Each event pushed to the data layer specifies an event name (event) and the user journey stage (page_view, purchase, sign_up, …) in the respective variables: event and dataPrivacy.personalisation.responding. Other variables should include grouping (group) and consent granularity (isAdConsent) at the least. Define additional variables in consultation with Data Privacy and Marketing departments. Naming conventions must match those specified in the Data Layer Governance schema. Regular testing confirms that the Data Layer always supports planned Privacy-Conformant approaches.

Consent Mode v2 for Advertisers: Practical Use Cases

The practical use of Consent Mode v2 for advertisers falls within four scenarios: when a user rejects analytics consent, acceptance of both ads and analytics consent, distinct consent states across different geographical regions, and consent recovery, allowing for modeled attribution. Expected signal behaviors and resulting data collection for each scenario are summarized below.

A user rejects analytics consent. Both the ad_storage and analytics_storage signals are set to deny. Ads tracking proceeds via third-party cookies, without analytics events. Consequently, the model cannot attribute any conversions to these ad views, leading to traffic and revenue loss. That drop in revenue is reflected in the mode of operation: Loss of observed conversions. A large enough volume of traffic may produce a modeled conversion, but be cautious: A modeled and an observed conversion are unrelated.

Both ads and analytics consent are accepted. All four signals are set to allow. Ad views appear with appropriate third-party cookie cookies. Ads attribution benefits from enhanced attribution via the analytics events collection.

Scenario 1: User Rejects Analytics Consent

When a user declines to consent to analytics tracking, the expected outcome is as follows. Only the ad_storage and ad_user_data signals are set to true. Therefore, an _add_to_cart event and an analytics tag can fire, but without parameters that would identify the page views, user properties e.g., category, language and all other events tagged for analytics.

Consequently, much of the collected data is new, and the consequences will be visible. When checking the loss of observations in Google Analytics 4, it is expected that no category page views appear (unless for other reasons) and that the GTM Preview generates a warning about missing data; the warning also appears when the Google Tag Assistant plugin for Chrome shows the tag firing. Given the absence of core events, the Search Console and linked Google Ads accounts do not receive information, although other signals transmitting query parameters still arrive.

A GAP also appears in the modelling explanation. Given that the gap could not be filled using all described information, the Modelled vs Observed Conversions metric will memorably differ from 0 although still perhaps offering partial assistance to Clients or Ads and Gap Analysis; in this scenario, accurate attribution is especially critical for conversion points later in the Buying Search.

Scenario 2: User Accepts Ads and Analytics

When a user accepts all consent categories, their browser signals those choices for the rest of the session. As expected, GA4 records full data from the page view onward, providing input for all configured events. Because GA4 can now collect and use data for personalization, ads serving and remarketing, attribution benefits from the full clarity of first-party data.

Privacy considerations of third-party cookies for ads targeting persist in the background so that third-party cookie databases must still be properly disclosed. Modeled data prepares for any such data loss.

Scenario 3: Mixed Consent States Across Regions

Privacy restrictions impact whether users can be tracked across domains, and different consent states across regions influence what data is captured and whether it will undergo conversion modeling. Users located in the European Economic Area (EEA) provide a different response than users located elsewhere, resulting in the following expected behavior.

When a user located in the EEA denies all forms of consent, the required consent signals are sent to indicate denial. As a consequence, analytics data is not collected, which results in a significant hole in the attribution for the corresponding conversions. Consent Mode v2 allows for conversion modeling in this scenario, which uses AI to fill in the gaps. The signal indicating that the data is modeled appears in the GA4 interface when modeled conversions are being reported.

Analytics PII User ID tracking will not be available unless the user provides consent, so GA4 cannot attribute conversions originating from the EEA region. If an EEA resident later provides consent for analytics, that consent state will also apply to subsequent visits. So, if a user crosses back and forth to the other side of the Atlantic, the user may be tracked in the United States but not in Europe, and GA4, therefore, reflects that inconsistency.

Simultaneously testing the behavior from another part of the world makes this condition even clearer, especially since the user is either accepting or declining analytics consent. However, when testing consent from the EEA, the analytics consent dialog must be declined to witness the impact on data collection.

Special attention must be given to testing with GA4 conversion modeling enabled. This feature allows testing the modeling approach by deleting the conversion event and ensuring that it is indeed being modeled.

Scenario 4: Consent Recovery and Modeled Attribution

Privacy Mode v2 grows even more relevant when a user opts out of analytics storage but later changes their mind. Although analytics data collection will be blocked during the opt-out phase, Consent Mode creates the opportunity for visitors to rejoin the GA/GA4 audiences at some later point (for example, during a second visit).

Take a look at the legend: three possible users are shown, so that one can travel through the region and make different kinds of decisions. User 1, in the first visit, does not agree with the analytics use and requests the decision not to track her; thus only the ADA consent event fires, blocking analytics, persisting and preserving allowed conditions. User 2 opts-in on the analytics and ADA segments, and receives modeled attribution full coverage throughout the sequence. In a second visit, User 3 agrees to track and analytics. In this case, the resulting allocation remains analytic, since the decision is accepted.

During the analysis, the distribution of modeled vs. observed conversions for the period and region of non-acceptance can provide anticipation thresholds for proposed behavior changes.

Common Implementation Mistakes to Avoid

Common implementation mistakes when setting up Consent Mode v2 can lead to unexpected behavior or gaps in measurement. Beware these pitfalls:

– Missing consent signals or using incorrect variable names prevent data reaching tags. Validate GA4 or Google Ads triggers using the Google Tag Assistant or GTM debugger. Incorrect names block tracking; sync with the CMP declaration.

– Failing to test region-specific behavior across the EEA and the rest of the world can conceal inaccuracies. Assess both flows in staging environments, especially for labels like “EU Visit” or “In the GDPR Region.”

– Neglecting to link GA4 with Google Ads causes modeled data to vanish from Ads reporting. Check the property link in GA4’s “Product Linking” section; view “Linking Status” in Google Ads for further details.

– Using third-party cookies without disclosure triggers penalties and erodes user trust. Avoid setting third-party cookies except when users are notified in clear, accessible language.

Missing Consent Signals or Wrong Variable Names

The absence of necessary consent signals or misnaming variables during data layer preparation often leads to data collection and consent processes misalignment. After implementing Consent Mode v2, it is advisable to validate the setup using GTM Preview Mode. Confirm that each consent signal for your region and all relevant consent states advertising, analytics, measurement, and ad measurement are present and correctly configured. Check for possible lack of analytics_enable variable, which indicates acceptance of analytics consent. Ensure that the names defined in the data layer align with tags in Google Tag Manager.

If the settings are incorrect, review both the consent processing steps and the configuration of the associated variables. Given that explicit consent is required in the EU and other parts of the world for the placement of Google Analytics tags, any misalignment may lead to breaches of local regulations, advertising policy violations, and even banning of a website.

Not Testing Region-Specific Behavior (EEA vs Non-EEA)

Testing users is important when implementing any global feature that might affect behavior. Region-specific behavior for Consent Mode v2 is no different.

Users in the EEA and the rest of the world will see different behavior. Make sure to validate using test users from both groups to account for this. Pay close attention to the Signal values for the non-EEA users. If they aren’t what you expected, check your CMP configuration.

Failing to Link GA4 and Google Ads for Modeled Data

GA4 and Google Ads need to be linked before modeled conversion data can flow back to Ads reporting, which is essential for monitoring performance on owned media. The linking process is straightforward, requiring only that the Google Account performing the linking has Edit permissions in GA4 and is an Admin in Google Ads. The link is established and authorized in Google Ads (Tools > Setup > Linked accounts), where any stated prerequisites are checked off. Once the connection is made, Analytics modeled conversions automatically appear in Google Ads alongside observed conversions.

If the final step has already been completed, troubleshooting examines the expected linkage outcome and checks the prerequisite consent signaling. When the link is missing, Modeling and ROI checks reveal that this constitutes a configuration gap needing resolution. Modeled Conversion data may often not flow into the Ads UI even though linking has been correctly performed. Instead, the volume of Modeled Conversions is consistently registered as zero. This outcome indicates that the requisite signaling from GA4 is not being processed correctly, despite that GA4 Tagging and Consent Mode v2 newsbox are clearly set up as recommended.

Using Third-Party Cookies Without Proper Disclosure

Using third-party cookies without proper disclosure is a violation of GDPR and its ePrivacy Directive. These regulations require clear and uncomplicated disclosure to users of great detail on how third-party cookies are utilized on a website. Regulators often rely on user reports of violations, compounding the risks that advertisers face as a result of non-compliance.

If relying on third-party cookies for ad personalization and attribution, ensure that disclosures are effective. In the domains of Europe, instead of directing users to a lengthy Privacy Policy that they are unlikely to read, consider simply displaying the following text in the cookie banner: “This website uses third-party cookies to personalize ads.”

Key Metrics to Monitor After Implementing Consent Mode v2

Focus on three clear business outcomes: Modeled vs Observed conversions, consent rate across regions, and tracking Data Loss % and recovery trends. Modeled vs Observed conversions scrutinizes measurement approximation against live data. The consent rate supports commercial plausibility and tracking state distribution. Data loss % helps gauge impact before corrective action.

Modeled vs Observed Conversions

Modeled and observed conversions differ in the data science and reporting behind them. Modeled conversions represent conversions for which no identifiers were sent to Google Analytics or Ads. Modeled conversions are the result of AI-based modeling techniques that help fill in any blanks in a measurement strategy, but they should be interpreted and reported accordingly. Observed conversions are the conversions that can be attributed to a specific Click ID and therefore have much richer attribution data associated with them.

The  metric can be useful when paired with the modeled conversions number: it can be used to monitor forecasted conversion loss (in comparison with observed conversions) and monitor what percentage of conversions remain modeled rather than observed. Other metrics, like Modeled Conversions Percentage, provide insight into how aligned the two values are over time. Monitoring this function helps to make decisions for the future, such as looking into reinforcing the strategy. The date range for this setting can be adjusted, such as looking for specific peaks in data.

Consent Rate and Region-Level Opt-In Metrics

Monitoring Region-Level Opt-In Metrics with Consent Management Platforms (CMPs)

Opt-in rates by region are an important consideration for assessing whether a consent management platform (CMP) is effectively communicating the necessity of consent to users within the European Economic Area (EEA). Dashboards in the format shown below alert users to low consent rates in the EEA region.

A region-level opt-in statistic is calculated using the consent rate across users in that region. It is useful for evaluating the performance of a CMP. If the consent rate in the region falls below an acceptable level (often less than 50%), either the opt-in message is not transmitted clearly enough to users, or the reason for tracking is not justified.

Similarly, a data loss percentage can be calculated based on the start of session events on the data layer to indicate how much data is potentially unavailable because users are not yet consenting to data storage. If this percentage gets too high (often over 15% or some other predetermined level), it may signal a need to relax cookie-consent options or rethink how the message is being received by users. These kinds of changes ultimately reduce data loss percentages, even if the consent rate does not change much.

Data Loss % and Recovery Trends

The  metric tracks the proportion of conversions unavailable for direct attribution due to consent refusal. Expressed as a percentage, it reveals the extent of data loss attributable to user opt-outs. A high or rising value necessitates corrective action, since these untracked conversions cannot be directly related to advertising efforts.

Data recovery trends should also be monitored, indicating whether the number of modeiled conversions is increasing or decreasing over time. A downward trend implies few users are returning to the site.

Future of Measurement in a Privacy-First World (2025–2030)

Achieving accurate and clear insight into users is becoming more difficult in the absence of third-party cookie support. Although Consent Mode v2 is designed to help, it can also be a source of potential data restrictions if configured incorrectly. Cookies without consent are allowed under certain circumstances, but these permissions must be made clear to the user. Support for the Digital Markets Act (DMA) signal is being introduced in ads personalization and measurement. The introduction of Consent Mode and the DMA must be reflected in every measurement channel and platform.

The future build-out of first-party data pipelines and data quality controls, including the Google Ads Data Manager, will restore the de facto level of privacy-preserving ads tracking without disrupting users. Within Google Ads, attribution will rely on a combination of first-party signals, machine learning, and, eventually, self-reported interest areas. Consent Mode v2 will help inform these algorithms.

Demand-side signals, created by combining populations of consented users, will enable more accurate audience prediction. Enhanced conversions, which add first-party signals directly to conversion pixels, are a key element of measurement in a privacy-restricted environment. They provide depth of understanding across the different Google Ads channels and ensure the accuracy of reporting and attribution models.

Companies can embed data-quality elements in their pipelines and allow users to provide signals about their interests in a transparent way. By making their own data-gathering transparent, they can create a source of explicit interest data that also complies with regulations.

First-Party Data Pipelines and Google Ads Data Manager

Ad Traffic and non-conversion events for Ads attribution will be largely managed and controlled by Google Ads Data Manager. A cookieless world demands a new strategy for managing the quality of consumer data and enhancing the effect of advertising. The first group is planning to drive a new approach of preparing, processing, and sharing data in compliance with laws and industry standards to manage the quality and volume of consumer data. After constructing a data pipeline that uses first-party IDs, companies will be able to assemble their own databases and share them in a secure way with partners such as Google Ads to increase the marketable audience size. These data groups will provide the world’s leading aggregator with consumer insight data to enable more accurate interest group targeting and drive higher performance for advertising campaigns run within platforms such as Google Ads.

GA4, Tagging & Consent Mode v2 (EEA-Ready): The 2025 Ultimate Guide to Privacy-First Analytics and Measurement. Privacy by design and privacy by default are the guiding principles of this framework, in which Consent Mode is a fundamental component. Implementing Consent Mode v2 is crucial when preparing GA4 for the Google Ads Management Data Pipeline, a white-labeling strategy that serves advertisers who supply quality consumer data in compliance with Digital Advertisement Alliance guidelines.

AI-Modeled Attribution and Consent-Aware Reporting

AI attribution models are poised to enhance cross-platform data quality and adapt to the privacy landscape. The premise is straightforward: as long as sufficient data is available, machine learning can build models that compensate for any missing information. Intelligent data recovery extends to the components required to sustain return-on-investment (ROI) for advertisers, including signals that govern ads personalization. Since the latter capability is under strict GDPR scrutiny in the European Union, all data pertaining to ad personalization must be collected lawfully and observed conversions made in accordance with consent preferences; otherwise, the consent mode ad_storage signal will govern what data is shared outside the website or app. AI modelling techniques can therefore include those aspects of the conversion journey for which there is little supporting data. Should a user have denied consent, though, attribution is focused solely on conversions that occurred in their assigned window.

When deploying attribution models, one consideration is how well the method can adapt to the quality of the data. More simply put, the model should factor in any limitations resulting from consent restrictions, such as missing dynamic creatives, disablement of cross-domain tracking that hampered the user journey, and insufficient data to perform inter-channel attribution. In particular, such restrictions need to be addressed when deploying consent-aware modelling and attribution techniques.

Zero-Party Data Collection and User Transparency

Privacy concerns are prompting marketers to rethink how they collect user data. In this context, zero-party data defined as “data that a customer intentionally and proactively shares with a brand” is one area of exploration. Since this data is willingly supplied by the user, it fundamentally helps brands adopt a more customer-centric approach.

Key zero-party use cases include preference centers, reconfirmation of tracking consent, explicit product interest surveys, loyalty programs, and gamification of the interaction sequence. However, offering incentives, rewards, and value exchanges for data sharing, as well as reinforcing privacy policy transparency, should be considered non-negotiables.

Building a Future-Proof, Privacy-Compliant Measurement Framework

Key takeaways set the stage for future efforts in this area, and how sections across the work interlink.

Privacy-first measurement remains both a state of mind and a collection of systematic adaptations. GA4 tagging, with Consent Mode v2, provides a foundational implementation that meets data-regulatory requirements while preserving data signals in a tighter-than-ever consent environment. Server-side tagging and enhanced conversions build upon that foundation, further boosting data privacy and the effectiveness of first-party cookies. These three adaptations can be leveraged individually, at various times, or in unison.

Concrete Next Steps

Practitioners looking for the practical steps follow a straight line: implement a GA4 container, integrate a CMP, define and validate privacy parameters, and achieve linked Accounts that enable modeled attribution. The journey together requires consideration of a broader set of factors. The words of historian Will Durant “Nature and human nature play a great part in history. Those who know them best will understand events most accurately and will have the best chance of predicting the future” encapsulate that wisdom, and the next five points integrate Measurement into that prophecy.

The information in a number of key intermediate sections remains critical to successful implementation. Common consent mistakes with GA4 or GA4+Consent Mode are either frequent pitfalls (History and Current Events), errors, neglect, or lack of connection (History), with appropriate warnings and preventive measures accompanying each.