Privacy laws like GDPR and CCPA require businesses to get user consent before collecting or sharing personal data, including for analytics and marketing. To comply and avoid fines, companies use tools like Consent Management Platforms (CMPs) and Google Consent Mode to track user preferences while still gathering essential data.
The goal is to protect privacy, follow the law, and maintain customer trust, which is just as important as the data itself.
Analyzify integrates seamlessly with your consent management tool to respect user privacy choices. For optimal performance, we recommend using a tool that supports Google Consent Mode V2.
What is Consent Mode?
Consent Mode is a feature that allows you to adjust how your Analyzify integration collects and processes user data based on the consent status of your visitors. This is particularly important for compliance with privacy regulations such as GDPR in Europe.
Choosing Your Consent Mode Setting
When to Choose Active Consent Mode
Select Active Consent Mode if:
- You run ads targeting audiences in Europe
- You receive significant traffic from European countries
- You need to comply with GDPR regulations
Effects of Active Consent Mode:
- Ensures compliance with GDPR for European users
- May limit data collection and affect some advertising features
When to Choose Passive Consent Mode
Select Passive Consent Mode if:
- You don't run ads targeting European audiences
- You receive minimal traffic from European countries
- Your primary market is outside of Europe
Effects of Passive Consent Mode:
- Allows full data collection and use of all advertising features
- Suitable for businesses operating primarily in regions where GDPR-like consent is not required
- Maximizes data collection for analytics and advertising purposes
When Consent Mode is active, Google states the following potential impacts:
- Audience building and remarketing might be significantly restricted or unavailable for online data.
- This may impact connections with Google Analytics 4 and ad services. (User-provided data)
- Conversion tracking's effectiveness is uncertain, yet it may continue in part.
- Attribution model and landing page dimensions can be interrupted.
For Google destinations (GA4, Google Ads...), you should update your custom pixel code, and for others, adjust the relevant settings. Otherwise, it may result in interruptions to your data flow. If you need assistance, feel free to contact us through the support section in the app.
You can update your Consent Mode setting at any time through the Analyzify dashboard . Consider reviewing your setting periodically, especially if your target markets or advertising strategies change.
Google Consent Mode
Google added two new parameters to the Consent Mode arguments in March 2024, and imposed certain restrictions on Google Ads accounts targeting EU citizens if they do not include these parameters.
- Audience building and remarketing might be significantly restricted or unavailable for online data.
- This may impact connections with Google Analytics 4 and ad services. (User-provided data)
- Conversion tracking's effectiveness is uncertain, yet it may continue in part.
- Attribution model and landing page dimensions can be interrupted.
Furthermore, starting from this, Google officially divided Consent Mode setups into two categories:
- Basic Consent Mode: Only Google hits from users who have accepted the consent banner are sent.
- Advanced Consent Mode: All Google hits are sent without waiting for the user to accept the consent banner, but the relevant consent status is included.
For more information, please refer to Google's support document .
If you want a consent-compliant setup, the Google Consent Mode arguments are pushed to the dataLayer using the gtag() command (API) and must be synchronized with the hits sent to Google.
Google Consent Mode Arguments
Below, we see a default Google Consent Mode argument where all preferences are pushed to the dataLayer as "denied."
<!-- Google Consent Mode -->
window.dataLayer = window.dataLayer || [];
function gtag() {
dataLayer.push(arguments);
}
gtag("consent", "default", {
ad_storage:"denied",
ad_user_data:"denied",
ad_storage: "denied",
analytics_storage: "denied",
functionality_storage: "denied",
personalization_storage: "denied",
security_storage: "granted",
region: ['DE', 'FI']
wait_for_update: 2000,
});
</script>
<!-- End Google Consent Mode -->
The meanings of the parameters that may be included in this argument are explained as follows:
- ad_storage : Determines whether advertising data will be stored.
- ad_user_data : Controls the storage of user-specific advertising data.
- analytics_storage : Regulates whether analytical data will be stored.
- functionality_storage : Determines whether data necessary for site functionality will be stored.
- personalization_storage : Controls the storage of data for personalized content.
- security_storage : Allows for the storage of data for security purposes.
- region : For example, in the case above, all arguments are pushed as "denied" for users from DE (Germany) and FI (Finland). When accessed from outside these regions, Google will default to "granted." (Instead of using this method, we recommend utilizing the setting found in almost all CMPs, which controls in which regions the banner will be displayed. For example, by showing the banner only to EU citizens, the relevant CMP can push the consent as "granted" for users visiting your site from outside these regions.)
- wait_for_update : Determines how long Google Tags reading the default argument will be blocked before sending data.
What Is "gcm" Parameter?
When the Google Consent Mode argument is correctly pushed to the dataLayer, you will observe the "gcm" query parameter in the hits sent to Google.
This query parameter allows Google to identify whether the hit should be processed within or outside of consent.
If this parameter does not appear (N/D), Google will process the hit directly, meaning it will interpret the setup as being outside of consent.
On the other hand, when this query parameter is added to the hits then Google process this data within consent, it can take the following values:
- G100: No consent has been granted.
- G110: Google Ads has consent, Google Analytics does not.
- G101: Google Analytics has consent, Google Ads does not.
- G111: Both Google Ads and Google Analytics have consent.
As you can see above, the "gcm" parameter corresponds only to "ad" and "analytics." However, the parameters expected to be pushed to the dataLayer divide "ad" into three different sections.
Google uses another query parameter called "gcd," which contains information about the preferences expected to be pushed to the dataLayer. However, we will not discuss this parameter in detail, as there is no official documentation about it, and it is not necessary to understand the general concept.
What is Google Consent Advanced Mode?
If you have Advanced Mode, the relevant hits will be sent to Google destinations as G100 without waiting for the user to interact with the banner. If the user interacts with and accepts the banner, the "user_engagement" event will be triggered, and you will observe that this event’s gcm parameter is updated or set to G111.
Google will update all previous hits for users transitioning from G100 to G111 as G111. This prevents events triggered with different gcm parameters on the same page from causing the user to lose their acquisition source and other event data.
Google “Consent Mode” Modeling
If the requirements for Advanced Consent Mode are properly defined in your store and your accounts meet the following minimum data quantities, you allow Google to model conversions, key events, and other data.
- The property collects at least 1,000 events per day with analytics_storage='denied' for at least 7 days.
- The property has at least 1,000 daily users sending events with analytics_storage='granted' for at least 7 of the previous 28 days.
- It may take more than 7 days of meeting the data threshold within those 28 days to train the model successfully; however it's possible that even the additional data won't be sufficient for Analytics to train the model.
- You have a daily ad click threshold of 700 ad clicks over a 7 day period, per country and domain grouping.
If you would like to learn more about how Google models your data, you can review the following official documents:
- Google Ads consent mode modeling
- Google Ads online conversion modeling
- Google Analytics conversion modeling
- Google Analytics behavioral modeling
If the Google Consent Mode arguments are not pushed to the dataLayer in synchronization with the relevant Google hits, you may encounter issues in your reports and conversions, and you may not have a legally consent-compliant setup.
Therefore, for stores that want to send data to Google with proper consent, it is essential to ensure that Google Consent Mode arguments are correctly pushed to the dataLayer on every page load.
Shopify Customer Privacy
Shopify Native Banner
Shopify offers a free banner option. Below is a comparison of the Native banner with Pandectes and Cookiebot.
|
Feature |
Shopify Native Banner |
Pandectes |
Cookiebot |
|
Shopify Privacy API |
Yes |
Yes |
No |
|
Google Consent Mode |
No |
Yes |
Yes |
|
Multilingual Support |
No |
Yes |
Yes |
|
Data Subject Requests |
No |
Yes |
Yes |
|
Customizable Design |
Basic |
Advanced |
Advanced |
|
Cookie Scanner |
No |
Yes |
Yes |
|
Cookies & HTML Storage |
No |
Yes |
Yes |
|
Automated Cookie Policy |
No |
Yes |
Yes |
|
Script Blocker |
No |
Yes |
Yes |
|
Third-Party Integrations |
Limited |
Extensive |
Extensive |
|
Compliance with GDPR & CCPA |
Basic (GDPR only) |
Yes (GDPR, CCPA, others) |
Yes (GDPR, CCPA, others) |
Native vs. Other Integrations
The Shopify native banner has quite limited features compared to other banners and only provides solutions for issues related to Shopify.
For example,
While it can manage native integrations activated through Shopify with consent-compliant setups, such as:
- Google & YouTube Sales Channel → Google Analytics 4 or
- Facebook Sales Channel → Facebook Pixel,
It does not block requests sending data to platforms like Google Analytics 4, Facebook, or others integrated through your theme files or Google Tag Manager (GTM).
Google Consent Mode
If the Google & YouTube Sales Channel is installed on a Shopify store, the Google Consent Argument is pushed into the dataLayer. This feature is managed by the Google & YouTube Sales Channel but uses Shopify Customer Privacy information
However, this argument is only pushed when the banner is accepted so that the native Google Analytics 4 integration will work in Basic Mode. On the other hand, Google Analytics hits activated from any other source (hard-coded or GTM) can not properly work because of not receiving the Google Consent Default argument.
At this point, as Analyzify, we use the Shopify Customer Privacy API to push Google Consent Mode arguments into the dataLayer in a way compatible with Advanced Mode (both denied and granted).
Note: This will not make the native Google Analytics 4 integration an Advanced setup, because the Google & YouTube Sales Channel only sends data when the banner is accepted.
This feature can be activated for all other CMPs that are unable to properly push the Google Consent Mode argument to the dataLayer but use the Shopify Customer Privacy API correctly.
On the other hand, since Cookiebot is not a direct app in Shopify, it does not support the Shopify Customer Privacy API. Due to the popularity of the relevant app, for Analyzify users, we activate the Shopify Customer Privacy API integration directly through Analyzify codes.
Shopify Customer Privacy API
The consent information of customers visiting your store can be transmitted to Shopify using the Shopify Customer Privacy API.
With this setup, you can ensure that your user's data is processed under consent in the following key areas:
- Shopify Analytics
- Shopify Apps and Sales Channels (Klaviyo, Google Analytics, Facebook Pixels, and any other marketing apps)
- Shopify Customer Events
You can choose a CMP that already has the Shopify Customer Privacy API set up, or if you prefer another CMP, you can use the API by adding the provided code snippets to your store.
To ensure that the Shopify Customer Privacy banner is working properly, you can use
Shopify.customerPrivacy.userCanBeTracked();
in Chrome Dev Tools to check the value it returns before and after the banner is displayed.
For more information on the Shopify Customer Privacy API, you can review the official documentation .
Activating Shopify Customer Privacy
After the API is integrated, to activate Shopify Customer Privacy, you must first select the regions where you want to be consent-compliant from Shopify Settings > Customer Privacy > Cookie Banner .
If you haven't selected any regions before, Shopify may automatically activate the native Customer Privacy banner. If you are managing your banner through a different CMP, this could result in two banners appearing in your store.
In this case, you can ensure that only the regions are preserved by deactivating the Banner feature: Cookie Banner > More Actions > Remove Cookie Banner > Remove.
You can confirm that the regions are retained and the banner is set to invisible, as shown in the screenshot.
If you have limited the regions where the banner is displayed in your CMP, we recommend selecting the same regions in this area as well. Otherwise, discrepancies in your data may arise.
Implement Consent Mode with Analyzify v4
Analyzify does not block any data requests to Google destinations by default. If you want to ensure compliance with consent regulations, you need to push the relevant Google Consent Mode parameters into the dataLayer.
As mentioned in the article above, if your Google Consent Mode arguments are not properly activated, you can activate the Google Consent Mode feature offered by Analyzify.
If you want a consent-compliant setup for non-Google destinations that you have activated through Analyzify, simply enable the toggle in the Consent Mode tab in Settings. After that, your data will be sent according to the Shopify Customer Privacy API.
Additional Resources
For more detailed information about Consent Mode and its implications, please refer to the following resources:
For further assistance or questions about Consent Mode, please contact Analyzify support.
