This article is for Google tag users who receive user data from end users in the European Economic Area (EEA) through websites, apps, or offline resources.
Important: If either the ad_storage or analytics_storage consent parameter is set to denied, through a default consent state or the setConsent method, the analytics data associated with a particular app instance is permanently reset going forward. For example, if analytics data is reset for all app instances, user counts may be inflated.
If you use the Google Analytics for Firebase iOS SDK, you can prevent this issue by updating the iOS SDK to version 10.23.0. If you use the Android SDK, you can prevent this issue by following these steps:
- Don't set default values for ad_storage and analytics_storage in your app's manifest.
- Disable Analytics collection before setting the app instance’s ad_storage and analytics_storage consent state.
- After you have affirmative consent, re-enable Analytics collection, which won't reset Analytics data.
If you want to reset analytics for an app instance, use the purpose-built API. See here for an Android example.
We will release an update for the Google Analytics for Firebase Android SDK in the coming weeks to adjust this behavior, after which you can update your SDK and consider whether further consent mode changes are appropriate for your app.
Overview: Consent mode parameters
| Consent Type |
Description |
| ad_storage |
Enables storage (such as cookies) related to advertising. |
| ad_user_data |
Sets consent for sending user data related to advertising to Google. |
| ad_personalization |
Sets consent for personalized advertising. |
| analytics_storage |
Enables storage (such as cookies) related to analytics e.g. visit duration. |
In addition to the consent mode parameters, there are the following privacy parameters:
| Storage Type |
Description |
| functionality_storage |
Enables storage that supports the functionality of the website or app e.g. language settings. |
| personalization_storage |
Enables storage related to personalization e.g. video recommendations |
| security_storage |
Enables storage related to security such as authentication functionality, fraud prevention, and other user protection. |
Tag behavior with consent mode
If all consent options are granted, tags behave as follows:
|
Web
|
Mobile apps
|
- Cookies pertaining to advertising may be read and written.
- IP addresses are collected.
- The full web page URL, including ad-click information in URL parameters (e.g., GCLID / DCLID) is collected.
- Third-party web cookies previously set on google.com and doubleclick.net, and first-party conversion cookies (e.g.,
_gcl_*) are accessible.
|
- Advertising identifiers (e.g., Advertising ID/IDFA) may be collected.
- The app-instance ID generated by the Google Analytics for Firebase SDK is collected.
|
When one or more forms of consent are not granted (not set or denied), there are additional behaviors to consider:
|
ad_personalization='denied'
|
|
Web & Mobile apps
|
|
Personalized advertising is disabled, the following features won't receive data:
- Remarketing in Google Ads, Display & Video 360, Search Ads 360
- Personalized advertising with Google's advertising products
|
|
ad_user_data='denied'
|
|
Web & Mobile apps
|
|
Personal data collection for online advertising is disabled, including:
- user_id
- Enhanced conversions: Hashed first party data
|
|
ad_storage='denied'
|
|
Web
|
Mobile apps
|
- No new cookies pertaining to advertising may be written.
- No existing first-party advertising cookies may be read.
- Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
- Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
- Full page URL is collected, may include ad-click information in URL parameters (e.g., GCLID / DCLID). Ad-click information will only be used to approximate accurate traffic measurement.
- IP addresses are used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications. Learn more about IP masking in Google Analytics.
|
- No Advertising ID/IDFA may be collected.
- Google Signals features will not accumulate data for this traffic.
- IP addresses are used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications. Learn more about IP masking in Google Analytics.
|
|
analytics_storage='denied'
|
|
Web
|
Mobile apps
|
- Will not read or write first-party analytics cookies.
- Cookieless pings will be sent to Google Analytics for future measurement. Google Analytics 4 will use cookieless pings for modeling.
|
- No IDFV may be collected.
- Events without device or user identifiers will be sent to Google Analytics for future measurement. Google Analytics 4 will use these events for modeling.
|
|
Web & Mobile apps
When analytics_storage='denied', cookieless pings are sent to Google Analytics. No Analytics cookies are set, accessed, or read from the device. Consequently, cookieless pings are anonymized and non-identifiable Google Analytics events.
Cookieless pings, as part of regular HTTP/browser communication, may include the following information: user agent, screen resolution, IP address. Note that Google Analytics 4 does not store or log IP addresses.
If an advertiser sets other fields, such as user_id and custom dimensions, they will be sent normally. The data collected in the cookieless ping is used for behavioral and conversion modeling, to fill the gaps in your data.
|
|
ad_storage='denied' and ads_data_redaction='true'
|
|
Web
|
- No new cookies pertaining to advertising may be written.
- No existing advertising cookies may be read.
- Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
- Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
- In Google Analytics full page URL is collected, may include ad-click information in URL parameters (e.g., GCLID / DCLID). Ad-click information will only be used to approximate accurate traffic measurement. In Google Ads, ad-click identifiers (e.g., GCLID / DCLID) in consent and conversion pings are redacted.
- IP addresses used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications. Learn more about IP masking in Google Analytics.
|
Related resources