You have a cookie banner on your website. It pops up, visitors click “Accept” or “Reject,” and you assume everything is handled.
But here is what is actually happening: every time someone clicks “Reject,” your Google Analytics and Google Ads stop collecting meaningful data from that visitor.
For a small business with low traffic, this might not matter much. But for a mid-sized or enterprise organisation, the math is brutal.
If 40% of your visitors decline cookies, you are blind to nearly half your potential customers.
Google Consent Mode V2 solves this problem.
It allows your tags to keep working—even when someone says “no”—by sending anonymous signals instead of cookies.
You stay compliant with privacy laws like POPIA without sacrificing your marketing data.
What Is Google Consent Mode V2?
Before we go any further, let us clear up a common confusion. Google Consent Mode V2 is not a cookie banner.
It does not replace the pop-up that asks visitors for permission.
Instead, it works underneath that banner, telling your Google tags how to behave based on what your visitors choose.
Think of it as a dimmer switch rather than an on/off button.
Before Consent Mode existed, a visitor clicking “Reject” meant your Google tags simply stopped working. No data. No insights. Just a black hole where customer information used to be.
Consent Mode V2 changes this completely. It introduces a smarter way of handling consent, allowing your tags to operate in a limited, privacy-safe mode even when someone says “no.”
The Four Signals That Control Your Data
Your Google tags look for four specific signals to understand what they are allowed to do:
| Signal | What It Controls |
|---|---|
| Analytics storage | Whether GA4 can store cookies for counting visitors and sessions |
| Ad storage | Whether Google Ads can store cookies for advertising and remarketing |
| Ad user data | Whether user data can be sent to Google for advertising purposes |
| Ad personalisation | Whether Google can show personalised ads or build remarketing audiences |
If a visitor accepts all cookies, all four signals are set to “granted,” and your tags work normally.
If a visitor rejects cookies, these signals switch to “denied,” and your tags move into a cookieless mode.
What Happens in “Denied” Mode
Here is the clever part. Even when signals are denied, your Google tags can still send anonymous “pings” back to Google.
These pings contain only non-identifiable information like country, device type, and which page the visitor came from. No personal data. Nothing that breaks privacy laws.
But those small pings are enough for Google’s machine learning models to estimate missing conversion data.
In plain terms, you respect user privacy while still recovering up to two-thirds of the conversion data you would otherwise lose entirely.
Why South African Enterprises Need Consent Mode V2
You might be thinking: “I run a South African business. My customers are mostly local. Do I really need to worry about this European privacy stuff?”
The short answer is yes. Here is why.
Google Now Requires It for European Traffic
Since March 2024, Consent Mode V2 has been mandatory for any website serving users in the European Economic Area while running Google Ads or GA4.
If you have even a handful of visitors from countries like Germany, France, or the UK, this applies to you.
What happens if you ignore this requirement?
- Your Google Ads remarketing audiences stop building for those users
- Your conversion tracking becomes unreliable
- Google may suspend conversion tracking features for your entire account
So if your business sells products online, offers services to international clients, or simply gets random traffic from Europe, you need Consent Mode V2.
It Protects Your Marketing Performance
Beyond compliance, Consent Mode V2 helps you keep your data clean and your campaigns profitable.
- Conversion modelling: Google’s AI fills the gaps when users decline cookies. It looks at patterns from people who said “yes” and uses those patterns to estimate what the “no” crowd probably did. This is not guesswork; it is sophisticated machine learning.
- Behavioural modelling: GA4 keeps your reports accurate even with partial data. Without this, your dashboards start showing nonsense numbers.
- Campaign optimisation: Google’s Smart Bidding needs data to work. Without enough signal, your automated campaigns will underperform and waste your budget.
It Helps With POPIA Compliance
South Africa’s Protection of Personal Information Act (POPIA) requires you to get proper consent before collecting and processing personal data.
It also requires you to practice data minimisation—only collecting what you actually need.
Consent Mode V2 gives you a practical, technical way to demonstrate both.
When a visitor says “no,” you stop collecting personal data but still gather anonymous signals.
This shows regulators that you have implemented reasonable measures to protect user privacy while running your business.
It Builds Trust With Your Customers
South Africans are becoming more privacy-conscious every year. People want control over their data. They notice when a website respects their choices versus when it ignores them.
Giving users clear, granular control is not just a legal checkbox. It is good business.
Customers trust companies that handle their data responsibly. And trust leads to loyalty, repeat purchases, and word-of-mouth referrals.
Consent Mode V2 is not just about avoiding fines. It is about running a modern, trustworthy, data-driven business that respects its customers.
Basic vs. Advanced Consent Mode – Which One Do You Need?
Now we get to the most important decision you will make.
Google offers two ways to implement Consent Mode. One is simple but limited. The other takes more effort but gives you real results.
Let us break them down so you can choose the right path for your organisation.
Basic Consent Mode – The Simple Approach
Think of Basic Consent Mode as a straight on/off switch.
Your Google tags are blocked by default. Nothing happens until the visitor clicks “Accept” on your cookie banner.
How it works:
- Default state: all tags blocked
- Visitor clicks “Accept”: tags load and work normally
- Visitor clicks “Reject”: absolutely no data sent to Google
The pros:
- Very simple to set up
- Low technical effort
- No risk of accidentally sending data you should not
The cons:
- You lose all data from users who say “no”
- GA4’s behavioural modelling does not work
- Conversion modelling uses generic Google patterns, not your own customer data
Best for: Smaller businesses, low-traffic websites, or organisations that barely use Google Ads.
Advanced Consent Mode – The Enterprise Choice
Advanced Consent Mode is a dimmer switch. Your tags load immediately when the page opens, but they start in a limited “cookieless” mode. Then they adjust based on what the visitor chooses.
How it works:
- Default state: all parameters set to “denied”
- Tags load immediately in cookieless mode
- Visitor clicks “Accept”: tags switch to full cookie mode
- Visitor clicks “Reject”: tags stay in cookieless mode but still send anonymous pings
What those anonymous pings contain:
- Country
- Device type (mobile, desktop, tablet)
- Browser type
- Which page the visitor came from (referrer)
- Indications of ad clicks
No personal data. No names. No email addresses. Just enough information for Google’s models to work.
The pros:
- You recover significant lost conversion data
- GA4’s behavioural modelling stays active
- Conversion modelling uses your actual customer patterns
- Your remarketing audiences keep building (for consented users)
The cons:
- More technical setup required
- Takes longer to implement properly
Best for: Mid-sized businesses, enterprises, and any organisation that relies on Google Ads for leads or sales.
How Consent Mode Works with GA4 and Google Tag Manager
Now that you understand what Consent Mode is and why you need it, let us talk about how it actually works with your existing setup.
Do not worry—this sounds more technical than it really is.
The Flow – Step by Step
Think of Consent Mode as a conversation between your website, your cookie banner, and your Google tags.
Here is how that conversation plays out:
Step 1: Before the page even loads
Your website sets a default consent state. In most cases, you will set all four parameters to “denied” by default.
This happens before any Google tag fires. It is your safety net.
Step 2: Your cookie banner appears
Visitors see their options. They can accept all cookies, reject all, or customise their preferences.
Step 3: The visitor makes a choice
When they click a button, an update signal is sent to your Google tags. This happens instantly.
Step 4: Your tags adjust their behaviour
- If the visitor said “Accept”: tags work normally with full cookies
- If the visitor said “Reject”: tags switch to cookieless mode, sending only anonymous pings
Why Google Tag Manager Is the Right Tool for the Job
You could technically implement Consent Mode without Google Tag Manager by adding code directly to your website.
But that gets messy fast, especially for enterprise websites with multiple pages and complex setups.
Google Tag Manager makes your life easier in several ways:
- Centralised control: You manage all your consent settings from one place, not scattered across your codebase
- Built-in consent trigger: GTM has a special “Consent Initialisation” trigger that fires before any other tags. This is critical—if another tag fires before consent is set, you break the spec
- Preview and debug mode: You can test your consent flows before publishing, making sure everything works correctly
- Version control: If something breaks, you can roll back to a previous version with one click
Implementation Roadmap for South African Enterprises
Rolling out Consent Mode V2 does not have to be overwhelming.
Break it into small, manageable phases. Here is a practical roadmap designed for South African mid-sized and enterprise organisations.
Phase 1: Choose Your Implementation Path
You have two options. Pick the one that fits your budget and technical resources.
Option A: Use a certified CMP (easier, costs money)
- Services like CookieYes, OneTrust, or Cookiebot handle everything for you
- They provide ready-made templates for Google Tag Manager
- Monthly fees apply, usually based on website traffic
- Best for teams with limited development resources
Option B: Implement manually (more work, free)
- You build your own cookie banner or use a simple open-source solution
- You write the consent update code yourself
- No monthly fees, but you need developer time upfront
- Best for teams with in-house development capacity
Either approach works. Certified CMPs save time and reduce risk.
Manual implementation gives you full control and saves money. Choose based on your situation.
Phase 2: Set Up Default Consent in GTM
Open Google Tag Manager and create a new tag. Set the trigger to “Consent Initialisation – All Pages.” This tag must fire before any other tag on your website.
Set all four parameters to “denied” by default:
- Analytics storage: denied
- Ad storage: denied
- Ad user data: denied
- Ad personalisation: denied
This is your baseline. Nothing happens until a visitor makes a choice.
Phase 3: Add Consent Update Logic
When a visitor clicks “Accept” or “Reject” on your cookie banner, you need to push an update to your Google tags.
If using a certified CMP: The CMP handles this automatically through its GTM template. You just configure the settings.
If implementing manually: You write a simple function that calls gtag(‘consent’, ‘update’, {…}) with the appropriate granted or denied values based on what the visitor chose.
Your developer can handle this.
Phase 4: Test and Verify
Before you publish anything, test thoroughly.
Your verification checklist:
- Open GTM Preview mode. Confirm the consent initialisation tag fires first
- Check that consent status indicators appear on your Google tags
- Test the “Accept” flow. Tags should switch to full cookie mode
- Test the “Reject” flow. Tags should send only cookieless pings
- Run all tests in incognito mode (not logged into your website admin)
Phase 5: Go Live and Monitor (Ongoing)
Publish your GTM container. Then monitor two places regularly:
- GA4: Admin > Data Streams > Consent Mode Status
- Google Ads: Diagnostics > Consent Mode
Allow two to three weeks for Google’s modelling to activate.
You need enough traffic volume for the machine learning to work properly.
If you have low traffic, modelling may never kick in. In that case, focus on getting more visitors before worrying about advanced modelling.
5 Common Mistakes That Break Consent Mode
You have done the work. You set up Consent Mode. But something is not working.
Your data still looks wrong. Do not stress—these are common problems with simple fixes.
Mistake 1: No Default State Before Tags Fire
This is the most common mistake. A Google tag fires before your consent initialisation tag has set the default state.
When that happens, you are outside Google’s specification and your setup will not work properly.
Fix: Use GTM’s “Consent Initialisation – All Pages” trigger.
Make sure this is the very first tag on your page. Check preview mode to confirm nothing fires before it.
Mistake 2: Caching Plugins Freeze the Consent State
Performance caching tools like WP Rocket or W3 Total Cache can save a copy of your page including the “denied” consent state.
Then, when a visitor clicks “Accept,” the update gets ignored because the page is stuck in its cached version.
Fix: Exclude your CMP scripts from caching. Also, bypass “Delay JavaScript Execution” for your GTM and CMP scripts.
Your caching plugin’s documentation will show you how.
Mistake 3: Testing While Logged Into Your Website Admin
WordPress, Shopify, and other platforms add extra code to your page when you are logged in as an admin.
Those extra scripts and cookies corrupt your consent state. You end up testing something completely different from what your real visitors experience.
Fix: Always test in incognito or private browsing mode. Never test while logged into your website backend.
Mistake 4: Assuming Consent Flows to Non-Google Platforms
Consent Mode V2 only governs Google channels like GA4 and Google Ads. It does nothing for Meta (Facebook), TikTok, or LinkedIn pixels.
Fix: Each platform has its own consent framework. For Meta, you need to set up Facebook CAPI with consent parameters.
For TikTok, you need their Events API. Do not assume one setup covers everything.
Mistake 5: Forgetting to Update Both GA4 and Google Ads
Your GA4 tag and your Google Ads tag both need to receive the consent signals. Sometimes people update one but forget the other.
Fix: In GTM preview mode, check both tags. Both should show the correct consent status indicators. If one is missing, review your tag configurations.
Conclusion
Your cookie banner is not working as hard as you think.
Every time a visitor clicks “Reject,” you lose valuable data.
For South African enterprises running Google Ads, that lost data means wasted budget and poor campaign performance.
Google Consent Mode V2 fixes this problem.
It lets you respect user privacy while still recovering conversion data through anonymous cookieless pings.
Advanced Consent Mode gives you the best of both worlds: POPIA compliance and accurate marketing measurement.
The technical work is manageable. Choose a certified CMP or implement manually. Set your default state to denied. Test thoroughly. Go live.
Ready to stop losing data? Book a free Consent Mode Assessment.
We will audit your current setup and give you a clear implementation roadmap tailored to your South African enterprise.
