Consent mode allows you to adjust how your Google tags behave based on the consent status of your users. You can indicate whether consent has been granted for Analytics and Ads cookies. Google's tags will dynamically adapt, only utilizing cookies for the specified purposes when consent has been given by the user.
Terms and Conditions
Consent mode is available in Google Tag Manager, Google Analytics, Google Marketing Platform, and Google Ads. Since consent mode is a feature of the Google product in which you implement it for, the underlying product’s terms, including the respective data processing terms, also apply to consent mode. Please refer to the Terms & Conditions for Google Tag Manager, Google Analytics, Floodlight, and Google Ads conversion tracking and Google Ads Processing terms for additional information.
The underlying product’s respective processor or controller GDPR terms are not affected by consent mode. You can review the controller/processor statuses of each Google product.
What data is collected
For a detailed overview of what data consent mode enables your tags to collect by setting configuration, you can read about consent mode in Google Analytics and Google Ads. Below is an overview of key questions early customers have asked us:
- How will my tags behave when users do not consent? Google receives a ping when a user does not consent and a ping when an unconsented user converts.
- What is a GCLID? GCLIDs are “Google Click Identifiers,” generated and assigned when a user clicks on an ad. Sometimes the GCLID is created at the time of an impression, rather than a click. In those cases, if a user clicks the same ad again, the same GCLID will be used. When we receive conversion pings from unconsented users, it is an anonymous ping that will have no GCLID in the URL if the data is redacted. For more details read, How Google Ads tracks website conversions.
Configure your use of Google Ads and/or Google Analytics based on the cookie consent choices you provide to your end users.
How we handle your data
As with any other data from our tags, Google will keep your data confidential and secure using the same industry-leading standards used to protect our own users’ data. Here is how we handle your data:
- Limited data access. Google uses encryption and employee access controls to protect your data from unauthorized access both inside and outside Google.
- Limited data sharing. Unless we have the advertiser's permission, we don't share advertiser-specific conversion event data with other advertisers. Where required, we may share this data to meet any applicable law, regulation, legal process or enforceable governmental request.
- Data Security. Google is committed to ensuring that the systems we use to store your data remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems, and we store all your data in an encrypted format to protect against unauthorized access.
Data security certifications - ISO 27001
Google has earned ISO 27001 certification for the systems, applications, people, technology, processes, and data centers serving a number of Google products, including Consent mode. Download the Google Ads/Analytics Scope Expansion Certificate — ISO27001 (PDF)