Are You Prepared For Consent Mode V2 In Google Tag Manager?

Find out what you need to safeguard user privacy across your tech stack.

The Privacy Apocalypse will take many forms, and many of them are already here. Google has announced its decision to phase out cookies for 100% of Chrome users by Q3 2024, but this is only the most prominent example of a trend which will have lasting consequences across the growth marketing ecosystem. For every major headline like this, there are dozens of other companies downstream that let you manage, track, and inspect 3rd-party data. And all of them are updating their products to comply with tightening privacy regulations. 

Are you ready for this?

The Privacy Apocalypse Is Here Right Now

We can see a cautionary example of this with the consent and privacy management platform OneTrust, and steps they have taken to comply with consent mode V2 for Google Tags. Google added two additional parameters to their consent mode API, which means anyone (or any product) using consent mode must update these fields to avoid disruption to their ad personalization and remarketing efforts. For a detailed overview of these changes to consent mode and what they mean, please refer to this article

What kind of impact can you expect if you ignore this change?

Let’s explore what happened with OneTrust. One of our former clients called us in a bit of a panic because they had seen an 80% reduction in traffic through one of their paid channels on Google Ads. This channel is a major revenue driver for them, and an 80% drop in traffic was crippling their growth. After a bit of sleuthing we were able to trace the problem to its source. This former client - who is based in the US - was using OneTrust as their consent and privacy management system. And we realized that OneTrust had been quietly rolling out changes to their products to bring them up-to-date with the modifications to Google Tags’ consent mode we mentioned above. 

Bottom line: a privacy vendor made a change to their product to adhere to the European Union User Consent Policy, and a US company was caught completely off guard. Before we came in with a fix, this company had spent a week and a half trying to figure out what was wrong with ad traffic to their most important product channel.

What Can You Do To Fix This Privacy Compliance Issue?

The former client we mentioned above is just the latest example of a trend which has been brewing for quite some time. We have seen multiple clients (particularly those with an EU focus) have to implement this update in Google Tag Manager. Here’s how to address this issue related to recent OneTrust product changes:

  1. Whoever is responsible for Google Tag Manager in your organization must implement consent mode.
  2. This involves updating the two additional parameters Google recently added to their consent mode API
  3. Specifically, you will need to assign all tags in Google Tag Manager rules that say:some text
    • "this Google Ads tag should only fire if the user has consented to ads storage", and, 
    • "this Google Analytics tag should only fire if the user has consented to analytics storage" 
  4. Once these tags are assigned, you can see whether a user has consented to ads / analytics by looking at the OneTrust cookie 
  5. Google Tag Manager will read the OneTrust cookie and adjusts the behavior of these two tags accordingly 

For a guided walk through of this fix, please refer to this detailed breakdown.

Will this fix solve the Google Tag Manager issues related to OneTrust’s product updates? Yes. Is this the only problem you might encounter as the privacy ecosystem evolves?

Far from it.

Thriving In The Privacy Apocalypse

Careful readers will recall our subtle warning above. Here it is again in case you missed it:

“For every major headline like this, there are dozens of other companies downstream that let you manage, track, and inspect 3rd-party data.”

Fixing the issue related to OneTrust and Google Tag Manager is akin to getting a cut and slapping on a bandage to stop the bleeding. It’s important and it won’t go away on its own, but it’s not the only thing you need to worry about. Multiply this across your tech stack, and you risk playing a constant game of Whack-A-Mole just to stay compliant with privacy regulations and avoid falling behind on your growth goals.

But there’s an even deeper issue at stake. How you manage users’ data to preserve their privacy is a data governance challenge, and not simply a software setting. If there are systemic problems with your data governance policies, quick fixes won’t be enough to get you back on track. We’ve seen issues like this crop up over and over again, and we’ve helped companies like Calendly and Deliveroo weather the storm every time. When you’re ready to address the root cause of issues like this, talk to us about data governance. We can help you navigate your current and future data privacy challenges so you don’t lose any sleep.

P.S. We cannot emphasize strongly enough: the recommendations in this article are solely technical in nature. We are not your legal team, and we are not qualified to give legal advice.

Ready to unlock new
growth opportunities?

We and selected third parties collect personal information. You can provide or deny-  your consent to the processing of your sensitive personal information at any time via the “Accept” and “Reject” buttons.