How to Implement Consent Mode v2 and Not Die Trying
The European digital market regulation legislation came into effect this month, triggering a domino effect that has impacted both national regulations and the way large
The coming months will pose a great challenge for digital advertisers in Europe. The European Digital Markets Act (DMA) came into effect on March 6, 2024, forcing large digital platforms like Google or Meta to take steps to comply with the new regulations within their role as “gatekeepers.”
The DMA establishes a list of dos and don’ts that these large companies will need to implement in their daily operations with the goal of ensuring fair and open digital markets. These obligations aim to open up opportunities for all companies to compete in the markets based on the merits of their products and services, giving them more room to innovate against the big tech giants that have enjoyed a dominant position so far.
To comply with the new legislation, Google is enforcing the implementation of Consent Mode v2, an updated framework for managing user consent for online advertising within the European Economic Area (EEA) and applicable in the Google environment. The reality is that in its first weeks, the new European legislation and the implementation of Consent Mode v2 are generating a seismic event whose scope is still unpredictable, where advertisers are facing a significant loss of data whether they comply or not with the new rules of the game.
From now on, if you do not send consent information through Google’s Consent Mode v2, Google will block the capture of new data from European Union users in your Google audiences. You will not be able to store new user data in your Google Analytics 4 audience lists, nor share it with Google Ads. This could have a massive impact on your ability to convert new customers.
In Google’s words:
“To continue using the features of measurement, ad personalization, and remarketing, you must obtain consent for the use of personal data from end users located in the European Economic Area (EEA) and share consent signals with Google. […] If you use Analytics data with a Google service (such as Google Ads, Google Play, or Display & Video 360, among others) and take no action, only end users who are outside the EEA will be included in the audiences using your linked advertising products starting in early March 2024.” Source
But there’s more, because it’s not enough for Google that you set up your own cookie banner, or that you use a consent management platform of your choice (commonly known as CMPs, for Consent Management Platforms), but you must use a CMP certified by Google… or face the consequences:
“Starting January 16, 2024, if a partner does not adopt a CMP certified by Google, only limited ads will be eligible to be shown in EEA and UK traffic. Traffic from a Google-certified CMP will continue to be eligible for personalized ads.” Source
“Limited ads disable the collection, sharing, and use of personal data for ad personalization. […] This means that some features are not available for limited ads [including] any ad personalization, audience targeting, Remarketing, interest-based categories […]” Source
The impact of the DMA coming into force at the beginning of March, and the ripple effect caused by the mandatory use of Consent Mode v2 across various Google services, has been felt among CMPs, which have started a frantic race in recent days to (1) appear on the lists of CMPs certified by Google, and (2) adapt their software and documentation to the new legal and operational framework.
The fact is that figuring out which CMPs are certified by Google as of today is quite a challenge. The Google Analytics help provides a list of 16 CMPs, among which are some of the most used, such as Cookiebot, CookieYes, Complianz, or Iubenda, with links to the web pages of these CMPs where instructions on how to implement Consent Mode v2 are given.
On the other hand, the Google CMP Partner Program provides a slightly more extensive list that includes 18 CMPs. But the most complete list can be found on the help pages of Google Ad Manager, which at the time of writing this blog entry already included 125 CMPs certified by Google. This last list is probably the most complete and reliable of all.
But having your cookie banner with a Google certified CMP does not automatically imply compliance with European legislation, nor with Google’s Consent Mode v2. The configuration of the CMP and its connection with Google is not trivial at all, neither from a technical point of view nor from a legal and operational one. If you need help configuring Consent Mode v2, you can contact us or read this other blog post where we discuss purely technical issues. In any case, if a significant portion of the traffic to your website comes from Spain, the first step is to understand what the Spanish regulations say about the use of cookies, which is what I proceed to describe below.
In January 2024, the Spanish Data Protection Agency (AEPD) updated the Guide on the Use of Cookies, where it specifies that the cookie acceptance banner must explicitly offer the possibility to reject cookies. This regulation came into force on January 11, 2024, leaving websites that have not yet adapted to the new legal framework vulnerable to sanctions in the event of complaints by third parties.
Examples of “acceptable” Cookie Banner configurations, with the explicit option to reject cookies. Source: AEPD 2024.
Implementing the new regulations will (logically) lead to a substantial increase in the number of users who reject cookies, making the task of media buyers more difficult, as it will blind us in one eye. But my recommendation is to adapt to the new framework without delay if you haven’t already, as this is a prerequisite for the normal operation of Google Analytics and Google Ads to resume. Moreover, regardless of whether you use the services of any of Google’s platforms or not, any of your competitors could report you, resulting in a significant financial penalty.
The new guide from the AEPD also includes the following considerations:
The new guide from the AEPD, however, has some ambiguous points, such as the one about “Users must not be clearly pushed to accept cookies.” What does “clearly” mean? Is it valid for the option to reject cookies to be a button with text that can be perfectly read but offers less contrast than the accept cookies button? We understand that it is, but we are not legal experts, and our opinion does not have legal validity. What we can say is that some companies like Amazon also interpret it this way, while other large companies like El Corte Inglés have opted for a more conservative option, making the accept and reject cookies buttons exactly the same.
Amazon Spain Cookie Banner
El Corte Inglés Cookie Banner
It is expected that in the short term, the AEPD will clarify the landscape regarding this and other doubts about the implementation of the new regulations. In any case, this will not be the only major change awaiting us in the near future, once the privacy of information shared online has become a priority within the European Union. Google has already announced that third-party cookies will be completely eliminated by the end of 2024. It is estimated that 1% of Google Chrome users are already testing this cookie-less approach in January 2024.
Although the new regulations currently only affect the EEA, it’s only a matter of time before they extend to other countries. On the other hand, the transformation in cookie management will soon be universal. This is a huge challenge but also a great opportunity for those who first adapt to the new scenario.
The European digital market regulation legislation came into effect this month, triggering a domino effect that has impacted both national regulations and the way large
The coming months will pose a great challenge for digital advertisers in Europe. The European Digital Markets Act (DMA) came into effect on March 6,
Microsoft Ads Scripts:A Hidden Gem of Digital Marketing Microsoft Advertising offers an attractive option in digital marketing that extends beyond its own search engine, Bing.
Can We Help You?
Can We Help You?
Email: info@faktica.com
Calle Núñez de Balboa, 35A
28001 Madrid
Spain
Email: info@faktica.com
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Email: info@faktica.com
Calle Núñez de Balboa, 35A
28001 Madrid
Email: info@faktica.com
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Subsidized by the CDTI in 2022-2024.
Project title: Lead Management Technology based on
mathematical models and predictive algorithms
Subsidized by the CDTI in 2022-2024. Project title: Lead Management Technology based on mathematical models and predictive algorithms
FÁKTICA ANALYTICS
Calle Núñez de Balboa, 35A
28001 Madrid
Spain
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Ask Us for a No-Obligation Quote
Request a Traffic, Cost, and Potential Conversions Estimate
Ask About Our Pay-for-Performance Pricing
Get a Free Opportunities Analysis
Can We Help You?
Don’t hesitate to reach out to us