GDPR Consent Mode v2 Is Now Mandatory for Google Analytics. Here's How to Implement It Correctly.

Google Consent Mode v2 became mandatory for all Google Analytics 4 customers from March 2024. Non-compliant implementations -- where analytics tags fire before explicit user consent -- are in violation of GDPR Article 6 and Recital 32.

What Consent Mode v2 does

Consent Mode v2 introduces two new consent parameters -- ad_user_data and ad_personalization -- in addition to the existing analytics_storage and ad_storage parameters from v1.

The four parameters you must configure

analytics_storage: Controls whether analytics cookies are set. Default: denied. ad_storage: Controls whether advertising cookies are set. Default: denied. ad_user_data: Controls whether user data is sent to Google for advertising purposes. Default: denied. ad_personalization: Controls personalised advertising. Default: denied.

Verifying your implementation

Use Chrome DevTools Network tab -- filter for 'collect' -- to verify GA4 requests do not fire until after the user has interacted with your consent banner. Run an acessio.ai scan to get a structured compliance report with specific page-level violations and remediation guidance.