Manage user consent

This article is for website or app owners who use a cookie consent banner or consent widget, or other consent management solution.

Learn why you might need to manage user consent for Analytics on your website or app and how to manage it.

Why manage user consent

Websites and apps that use Google Analytics gather and store information about website visitor and app user behavior. People increasingly expect to control the data they share about themselves online, and Google provides tools for you to respect your users’ choices.

Many countries and regions have laws that require websites and apps to get their users’ consent to store information about them. These laws vary by jurisdiction and change over time. It is your responsibility to understand the laws that affect you and to implement consent management solutions on your website or app that meet their requirements.

Websites use cookies to store information, while apps use app identifiers rather than cookies. However, many people refer to all stored information as cookies. Hence, you might see the shorthand term cookie consent to talk about getting user consent for both websites and apps. Similarly, the term cookie banner is often used to refer to all consent management solutions.

How to manage consent

Managing user consent requires the following:

Obtain the user’s choice to grant or deny consent for storing information about their behavior.
Communicate the user’s consent choice to Google.
Ensure that Google tags that store or read cookies comply with the user’s choice.

Obtain consent

It is your responsibility to obtain users’ consent on your website or app. You can implement a consent banner or other custom consent solution, or use a Consent Management Platform (CMP).

Communicate consent

You must then communicate users’ choices, or consent state, to Google. Many CMPs handle sending the consent state to Google. If you implement a custom consent solution, you must implement a method to send the consent state to Google.

To communicate consent state to Google, you can use either:

Each can be implemented in a number of ways.

Ensure that tags honor consent status

When you send the consent state to Google, Google’s tags adjust how they behave based on your users’ choices. The mechanism and integration varies depending on whether your consent solution uses consent mode or TCF to communicate consent state. Both options allow Google tags to honor the user choices you send to Google.

Choose a framework to manage consent

Google consent mode and the IAB Transparency & Consent Framework are two separate frameworks that allow you to communicate consent signals.

Consent mode

Consent mode enables measurement customers to set a default consent state for each type of storage they use. When a website visitor or app user indicates their consent choices, consent mode preserves the choices across their interaction with the website or app.

For websites, consent mode causes tags with consent checks to adjust storage behavior. If a user denies consent, tags no longer store cookies but instead send pings to the Google Server as described in Consent mode behavior. This means that not all information about visitors who deny consent is lost. Pings allow Google Analytics 4 properties to model data, as described in About modeled conversions and Behavioral modeling for consent mode.

To learn how to enable consent mode, see Consent mode on websites and mobile apps.

IAB Europe Transparency & Consent Framework (TCF)

The IAB Europe Transparency & Consent Framework (TCF) is an alternative way of obtaining and tracking consent state. If your custom implementation or CMP uses the TCF to obtain consent, it passes the consent state to Google as a special TCF string. The Google tag or Tag Manager can read this string and set measurement behavior for tags with consent checks. See IAB Transparency and Consent Framework v2 and Google Analytics for more details. For those who use TCF v2.0 but are not yet registered on the IAB Europe Global Vendor List (GVL), Google provides Additional Consent Mode as described in Google’s Additional Consent Mode technical specification.

When your users deny consent with a consent solution that uses the TCF, GA4 properties can’t model data to fill in the missing information.

Other customer privacy controls

Regardless of how you manage user consent, you can also control the following:

How to share collected data with Google. See Data sharing settings for details.
Whether Google masks IP addresses. See IP masking in Google Analytics for details.
The amount of time before user-level and event-level data stored by Google Analytics is automatically deleted from Analytics servers. See Data retention for details.
Manual deletion of data from Google Analytics servers. See [GA4] Data-deletion requests or Data deletion requests (Universal Analytics) for details.
Which accounts, products, and services an account administrator links together. Everyone with account view permissions will have access to the data from all linked accounts. See Google Analytics linking overview for details.

Was this helpful?

How can we improve it?