Consent Mode v2: 67% of Implementations Are Non-Compliant
Two thirds of Consent Mode v2 implementations contain critical errors. Audit checklist and verification methods.
An Alarming Failure Rate
Field audits reveal a concerning finding: roughly two thirds of Consent Mode v2 implementations contain errors that compromise either GDPR compliance, data quality, or both. These failures often go unnoticed because Consent Mode operates silently in the background, with no visible error for the user.
The consequences are real: skewed conversion data, ineffective modeling, and underestimated legal risk.
The Most Common Errors
The first error concerns the default state. Consent Mode v2 requires that the signals ad_storage, analytics_storage, ad_user_data, and ad_personalization be declared with a default state (denied in most European countries) before any tags load. Many implementations omit this initial declaration, leaving the signals in an undefined state.
The second error is the absence of the ad_user_data and ad_personalization signals, introduced with v2. These two parameters are mandatory for compliance with the Digital Markets Act (DMA). Without them, Google Ads cannot use the data for remarketing or lookalike audiences. Conversion modeling is also degraded.
The third error is poor synchronization between the CMP and Consent Mode. Consent is collected by the CMP but not correctly transmitted to the Consent Mode layer. The user accepts cookies, but the signals remain on denied in GTM.
Finally, there is a complete absence of testing. Many teams deploy Consent Mode without ever verifying that the signals correctly change state after consent is given.
How to Audit Your Implementation
Start with GTM Preview Mode. Load the page, deny consent, then accept it. Check in the “Consent” tab that all four signals transition from denied to granted after acceptance.
In Chrome DevTools, Network tab, filter requests to google-analytics.com/g/collect. The gcs= parameter in the URL encodes the consent state. The value G111 indicates all signals are on granted. Any other combination warrants investigation.
For a thorough verification, consult the Consent Mode v2 FAQ which details each parameter and its expected value.
Consequences of a Faulty Implementation
On the data side, a non-compliant implementation degrades conversion modeling. Google uses Consent Mode signals to estimate missing conversions. If the signals are incorrect, the models produce biased estimates.
On the legal side, a CMP displayed without Consent Mode properly connected creates a false impression of compliance. Data is collected without consent being technically respected.
On the advertising performance side, the absence of v2 signals prevents Google Ads from exploiting remarketing audiences in Europe — a direct hit on ROAS.
Taking Action
A full audit of your Consent Mode and CMP implementation takes a few hours and can reveal issues significantly impacting your performance and compliance. It is a minimal investment relative to the risks.