The European Commission has recently designated Google as a gatekeeper under the Digital Markets Act (DMA), a legislation set to reshape the digital landscape in the European Union. With this designation comes a responsibility for Google to adapt and innovate, ensuring that their products and services align with the DMA’s objective to foster fair and open digital markets.
As Google gears up to meet the DMA compliance deadline in March 2024, one of their focus areas is the development of their privacy solutions, including an update to Google Consent Mode. Moving forward, Google will make the usage of Consent Mode mandatory for all advertisers operating in the European Economic Area (EEA) as of March 2024. The changes, including the transition from Universal Analytics (UA) to Google Analytics 4 (GA4), are Google’s attempt to meet technological and regulatory demands while trying to continue to offer innovative, safe, and user-friendly products.
In this blog post, we will explore how Google’s updates, particularly to the Consent Mode, are aligning with the DMA’s vision and what actions businesses operating in Europe should take to ensure a seamless adaptation to these changes to avoid their performance marketing taking a negative hit.
The EU User Consent Policy
Google’s EU User Consent Policy integrates the requirements for compliance with the General Data Protection Regulation (GDPR), the ePrivacy Directive and the DMA. This policy outlines specific responsibilities for advertisers using Google products on websites, apps, or other digital platforms under their control, particularly in the EEA and the UK.
Under this policy, you as an advertiser are obligated to:
1. Obtain legally valid consent from end users for using cookies or other local storage as legally required.
2. Secure consent for the collection, sharing, and use of personal data for ad personalization.
Furthermore, you must:
- Maintain a record of the consents provided by end users.
- Offer clear guidance to end users on how they can revoke their consent if they choose to.
Incorporating these directives into your operational practices is not only a compliance requirement but also a step towards fostering trust and transparency with your users in the evolving digital landscape of the EU.
Google Consent Mode in a nutshell
Google’s Consent Mode is a central tool for advertisers using Google products, helping them to meet the aforementioned compliance requirements. Its key function is to dynamically modify the behavior of tags associated with services like Google Analytics, Google Ads, and others in the Google Marketing Platform (GMP) that use cookies.
This feature ensures respect for user privacy by aligning with the consent choices made by website users. It enables advertisers to communicate the consent status for cookies or app identifiers to Google. Consent Mode works in tandem with your Consent Management Platform (CMP) or any custom solution for obtaining user consent, such as a cookie consent banner. It adapts the functionality of Google Analytics, Google Ads, and other tags—those handling analytical or advertisement-related cookies—according to the consent preferences relayed through your cookie banner or widget. Advertisers can signal the consent status to Google tags either from within Google Tag Manager or the gtag API by setting the respective consent fields analytics_storage or ad_storage to “granted” (consent given) or “denied” (consent denied).
Consent Mode offers two implementation options:
Basic Mode: If a user denies consent, it blocks all tags, preventing any data transmission to Google’s servers.
Advanced Mode: When consent is denied, rather than storing cookies, the tags send signals to Google about the user’s consent state.
Choosing to block Google tags until users provide consent (Basic Mode) limits the full potential of Consent Mode. For instance, you won’t receive modeled data in GA4 or Google Ads to compensate for the absence of observed data when consent is declined. Regardless of whether you opt for blocking (Basic) or unblocking (Advanced) tags, Google adjusts the tags’ behavior based on the user’s consent state.
Consent Mode becomes mandatory in March, 2024
Starting in March 2024, as the EU begins enforcing the DMA, Google will also start enforcing its EU User Consent Policy. GA4 has been designed to adapt to the evolving regulatory landscape. However, Universal Analytics 360 (UA360) properties have not been similarly updated. Consequently, advertisers who are still using UA360 should anticipate limitations in certain advertising features for traffic within the EEA. For instance, from March 6th, 2024, the ability to export conversions and audiences from UA360 to Google Ads and the Google Marketing Platform will be restricted for EEA traffic.
Additionally, Google plans to introduce an enhanced version of Consent Mode, termed Consent Mode v2. This updated version includes two new fields that provide advertisers with more nuanced control over how they use data in downstream systems like Google Ads or DV360:
- ad_user_data controls whether user data can be sent to Google for advertising purposes.
- ad_personalization controls whether personalized advertising (e.g., remarketing) can be enabled.
For advertisers that do not have Consent Mode implemented by March 2024 EEA users won’t be included in Google Ads, Floodlight, or GA4 audiences – potentially harming campaign performance further down the line.
Advertisers need to be particularly aware of the new granular controls introduced by Google’s Consent Mode v2. This framework brings forth additional parameters that dictate the flow of user data for analytics and advertising purposes. The ad_user_data field is a feature, governing the transmission of hashed first-party data, like email addresses, to Google Marketing Platform for Enhanced Conversions. This ensures that user information is handled in a privacy-compliant manner while still enabling sophisticated measurement strategies.
Equally significant is the ad_personalization parameter. It defines the scope for using collected data in audience segmentation, crucial for tailoring marketing efforts to the individual preferences of users. Advertisers must heed this development; failure to implement Consent Mode by the deadline means EEA user data will be excluded from Google Ads, Floodlight, or GA4 audiences. This exclusion could have a detrimental impact on campaign performance, as a segment of the audience would be unreachable by personalized marketing initiatives.
Key Actions for Advertisers before March, 2024
These changes will require action for all advertisers using Google products in their marketing mix to ensure that you will preserve GMP’s audience features:
- Review your current measurement implementation and work with a CMP to ensure you are collecting valid user consent for users in the European Economic Area (EEA).
- Implement Consent Mode to automatically communicate consent signals for online data to Google’s advertising platforms
- Migrate to GA4 to maintain remarketing, audiences & conversion export , and bidding optimization.
- Upgrade Google APIs and SDKs to pass content signals for offline data to Google’s advertising platforms (e.g., Google Ads and DV360)
Navigating the Changes in Digital Advertising Compliance
As the digital landscape evolves with the enforcement of the Digital Markets Act in March 2024, it’s mandatory that advertisers using Google’s platforms must adapt to new standards and expectations. The updates to Google Consent Mode and the shift to GA4 represent steps toward compliance with the EU’s stringent data protection and privacy regulations.
For advertisers, the key to navigating these changes lies in understanding and integrating the new requirements into their digital strategies. This involves not only technical adjustments, like implementing Consent Mode v2 and transitioning from UA360 to GA4, but also a shift in how user data is handled, emphasizing transparency and user consent.
As we approach the March 2024 deadline, it’s essential for advertisers to audit their current practices, utilize Consent Management Platforms (CMPs), and ensure that their data collection and advertising strategies are in full compliance with the EU’s regulations. This transition period offers an opportunity for businesses to reinforce their commitment to user privacy and trust, which are increasingly becoming the cornerstone of successful digital marketing.
For those seeking guidance and support in navigating these changes, IIH Nordic stands ready to assist. Our expertise in digital marketing and compliance can help your business adapt smoothly to the new regulatory environment.