Consent Mode v2 & CMP Setup — GDPR-Compliant Tracking
Consent Mode v2 implementation (Basic & Advanced), CMP setup (Axeptio, Didomi, Cookiebot). Stay compliant without losing data.
Legal obligations: GDPR and ePrivacy
The regulatory framework is clear: the ePrivacy directive requires consent before setting any non-essential cookie, and GDPR governs personal data processing. In France, the CNIL has strengthened its requirements with 2020 guidelines and 2022 recommendations. Continuing to set advertising cookies without explicit consent exposes organizations to fines of up to 4% of global annual turnover.
In practice, your consent banner must offer a genuine choice (no deceptive design), store proof of consent, and actually block tags before acceptance. Granularity by purpose (analytics, advertising, personalization) is required. Too many sites display a banner that blocks nothing in reality, which constitutes a blatant non-compliance easily detectable during a regulatory audit.
Consent Mode v2: basic and advanced
Google’s Consent Mode communicates consent status to its tags (GA4, Google Ads, Floodlight). In basic mode, Google tags do not load at all until the user consents. In advanced mode, tags load with anonymized pings (without cookies) that allow Google to model missing conversions. Since March 2024, Consent Mode v2 is mandatory to continue using audiences and remarketing in the European Economic Area.
Configuration involves mapping your CMP signals (acceptance, refusal, by purpose) to Consent Mode parameters (ad_storage, analytics_storage, ad_user_data, ad_personalization). This mapping must be precise: an error sends contradictory signals to Google and corrupts the modeling. We systematically test every scenario (accept all, refuse all, accept analytics only) to verify that the emitted signals match the actual user choice.
CMP selection and configuration
The CMP choice depends on your context: Axeptio for elegant integration and good French support, Didomi for multi-site organizations with governance needs, Cookiebot for automated cookie scanning with good value for money. Each solution has its own technical specifics for GTM integration.
Configuration goes beyond the banner’s appearance. We set up cookie categorization, default behavior (strict opt-in in Europe), consent storage duration, and JavaScript callbacks that feed the GTM data layer. A post-implementation audit verifies that each tag respects the user’s choice, using GTM debug tools and third-party tools like CookieBot Scanner or OneTrust Cookie Compliance.