What is Google Consent Mode v2?

Consent Mode v2 is Google's framework for adjusting how Google tags behave based on user consent choices. It communicates consent status to Google services (Analytics, Ads, Tag Manager) so they can operate in a privacy-compliant manner. v2 adds two new parameters: ad_user_data and ad_personalization, required for sending data to Google Ads.

Is Consent Mode v2 required for UK Shopify stores?

While Consent Mode itself is not legally required, GDPR and PECR require that you obtain consent before setting non-essential cookies or tracking users for advertising. Consent Mode v2 is the mechanism Google provides to respect those consent choices. Without it, Google Ads remarketing audiences and conversion tracking will not function correctly for users in the EEA and UK.

How does Shopify's Customer Privacy API work with Consent Mode?

Shopify's Customer Privacy API provides a standardised way to manage consent on Shopify stores. It integrates with consent banner apps and communicates consent status to Shopify's built-in tracking. For Google Consent Mode, you need to bridge the Customer Privacy API's consent signals to Google's consent parameters via GTM or direct implementation.

Does Consent Mode v2 affect my Google Analytics data?

Yes. When users deny consent, Google Analytics operates in cookieless mode, using modelled data to fill gaps. You will see a mix of observed and modelled data in your reports. The accuracy of modelling depends on the proportion of users who consent — stores with higher consent rates get more accurate modelled data.

Can I use server-side GTM with Consent Mode v2 on Shopify?

Yes, and it is the recommended approach for better data accuracy. Server-side GTM processes tags on your server rather than the user's browser, providing better control over data flow. Combined with Consent Mode v2, server-side GTM can improve measurement accuracy while maintaining privacy compliance. See our server-side GTM guide for implementation details.

Consent Mode v2 on Shopify: What UK Brands Need to Know

Google Consent Mode v2 is no longer optional for UK ecommerce stores running Google Ads or Google Analytics. Since March 2024, Google requires Consent Mode for stores targeting users in the EEA and UK to maintain full advertising functionality. Without it, your remarketing audiences shrink, conversion tracking degrades, and Google Ads optimisation suffers.

For Shopify stores, implementation involves coordinating three systems: your consent banner, Shopify’s Customer Privacy API, and Google Tag Manager. Getting this right is critical for both legal compliance and marketing effectiveness. This guide covers the technical implementation as part of our SEO and Shopify development services.

Consent Mode is Google’s framework for adjusting how Google tags behave based on user consent. When a user declines cookies, Google tags switch to cookieless operation — they still send pings to Google’s servers (for modelling purposes) but without setting cookies or storing identifiers.

Version 2 introduced two additional consent parameters that are required for Google Ads functionality:

ad_user_data — controls whether user data can be sent to Google for advertising purposes.
ad_personalization — controls whether personalised advertising (remarketing) is allowed.

The consent parameters

// Consent Mode v2 default state (before user interaction)
gtag('consent', 'default', {
  'analytics_storage': 'denied',
  'ad_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied',
  'functionality_storage': 'denied',
  'personalization_storage': 'denied',
  'security_storage': 'granted',  // Always granted (essential)
  'wait_for_update': 500  // Wait 500ms for consent banner
});

// After user grants consent
gtag('consent', 'update', {
  'analytics_storage': 'granted',
  'ad_storage': 'granted',
  'ad_user_data': 'granted',
  'ad_personalization': 'granted',
  'functionality_storage': 'granted',
  'personalization_storage': 'granted'
});

Consent Mode v2 parameter flow showing default and update states — Consent Mode v2 starts with all non-essential consent denied, then updates based on user choices from the consent banner.

UK legal context: GDPR and PECR

In the UK, two regulations govern cookie consent: the UK GDPR (for personal data processing) and PECR (the Privacy and Electronic Communications Regulations, for setting cookies and similar technologies). PECR is the more specific regulation — it requires consent before placing any non-essential cookie, regardless of whether the cookie contains personal data.

This has practical implications for Shopify stores:

Google Analytics cookies require consent (they are not “strictly necessary”).
Google Ads tracking pixels require consent.
Facebook/Meta pixels require consent.
Klaviyo tracking cookies require consent.
Session cookies and cart cookies are “strictly necessary” and do not require consent.

Consent Mode v2 does not replace the need for a consent banner. It is the mechanism by which Google tags respond to the consent choices your banner collects. Your GDPR compliance strategy must include both a consent banner and Consent Mode implementation.

Shopify Customer Privacy API

Shopify provides the Customer Privacy API for managing consent on Shopify stores. It integrates with Shopify’s built-in cookie banner and third-party consent management platforms:

// Check current consent status
const customerPrivacy = window.Shopify.customerPrivacy;

// Get current consent
const consent = customerPrivacy.currentVisitorConsent();
// Returns: { marketing: 'yes'|'no', analytics: 'yes'|'no', preferences: 'yes'|'no', sale_of_data: 'yes'|'no' }

// Listen for consent changes
customerPrivacy.setTrackingConsent({
  marketing: true,
  analytics: true,
  preferences: true,
  sale_of_data: false
}, function() {
  // Consent updated — trigger Consent Mode update
  gtag('consent', 'update', {
    'analytics_storage': 'granted',
    'ad_storage': 'granted',
    'ad_user_data': 'granted',
    'ad_personalization': 'granted'
  });
});

GTM implementation

The recommended approach for Shopify stores uses Google Tag Manager with the Consent Mode built-in template. This is closely related to our server-side GTM and GA4 tracking implementations:

// In GTM: Create a Consent Initialization tag
// Tag type: Google tag (gtag.js)
// Trigger: Consent Initialization - All Pages

// Configure default consent state
// analytics_storage: Denied
// ad_storage: Denied
// ad_user_data: Denied
// ad_personalization: Denied
// wait_for_update: 500

// Create a Custom HTML tag for consent update
// Trigger: Custom Event - consent_updated
<script>
  function updateConsent() {
    var consent = window.Shopify.customerPrivacy.currentVisitorConsent();
    gtag('consent', 'update', {
      'analytics_storage': consent.analytics === 'yes' ? 'granted' : 'denied',
      'ad_storage': consent.marketing === 'yes' ? 'granted' : 'denied',
      'ad_user_data': consent.marketing === 'yes' ? 'granted' : 'denied',
      'ad_personalization': consent.marketing === 'yes' ? 'granted' : 'denied'
    });
  }

  document.addEventListener('visitorConsentCollected', updateConsent);
  // Also check on page load for returning visitors
  if (window.Shopify && window.Shopify.customerPrivacy) {
    updateConsent();
  }
</script>

GTM consent mode implementation flow for Shopify — GTM handles the consent flow: default denied on page load, then updated based on user choices from the consent banner.

The consent banner must clearly explain what data is collected and for what purpose. Under PECR, it must obtain active consent (not pre-ticked boxes) for non-essential cookies. Shopify’s built-in cookie banner handles basic compliance, but for stores running Google Ads, a more granular banner is typically needed.

Banner requirements

Clear explanation of cookie categories (analytics, marketing, functional).
Ability to accept or reject each category individually.
An “Accept All” option must not be more prominent than “Reject All”.
The banner must not use dark patterns to manipulate consent.
Consent must be as easy to withdraw as it is to give.
A link to the full cookie policy must be visible.

Server-side GTM integration

For better data accuracy, combine Consent Mode v2 with server-side Google Tag Manager. Server-side GTM processes tags on your server rather than the user’s browser, providing:

First-party cookie setting for improved measurement accuracy.
Reduced impact of ad blockers on analytics data.
Better control over data sent to third parties.
Improved page performance (fewer client-side scripts).

Data modelling and accuracy

When users deny consent, Google uses behavioural modelling to estimate conversions and user behaviour. The accuracy of this modelling depends on:

Consent rate — higher consent rates provide more observed data for better models.
Traffic volume — Google requires a minimum daily threshold for modelling to activate.
Implementation correctness — misconfigured consent mode produces unreliable models.

Expect to see “modelled” annotations in your GA4 reports. This is normal and indicates that Google is filling gaps from consented user behaviour patterns.

Data modelling accuracy based on consent rates — Higher consent rates provide more observed data, which improves the accuracy of Google’s behavioural modelling for users who decline cookies.

Testing and verification

// Verify Consent Mode is working in the browser console
// After page load (before consent):
// Check the dataLayer for consent default
console.log(dataLayer.filter(e => e[0] === 'consent'));

// In Chrome DevTools > Network tab:
// Filter for google-analytics.com or googleads.g.doubleclick.net
// Check the 'gcs' parameter in the request URL:
// gcs=G100 means all denied
// gcs=G111 means all granted

// Use Google Tag Assistant to verify consent state:
// Install Tag Assistant Companion Chrome extension
// Navigate to your store and check the consent overlay

Common implementation mistakes

Missing default consent state — if you do not set default consent before Google tags fire, tags run without consent restrictions on the first page load.
Forgetting ad_user_data and ad_personalization — these v2 parameters are required for Google Ads functionality. Omitting them degrades advertising measurement.
Consent banner loading too late — use the wait_for_update parameter to give the consent banner time to load before tags fire.
Not testing the denied state — always test what happens when users reject all cookies. Your store must function correctly in denied mode.
Ignoring returning visitors — consent must persist across sessions. Check consent state on every page load, not just when the banner appears.

Consent Mode testing checklist — Test both granted and denied states thoroughly. The most common issues arise from tags firing before the consent default is set.

Consent Mode v2 is now a foundational part of any Shopify store’s analytics and advertising infrastructure. Getting it right protects your legal compliance, maintains your advertising effectiveness, and ensures your analytics data remains as accurate as possible. If you need help implementing Consent Mode on your Shopify store, get in touch — we handle this as part of our SEO and Shopify development services.

Consent Mode v2 on Shopify: What UK Brands Need to Know

The consent parameters

UK legal context: GDPR and PECR

Shopify Customer Privacy API

GTM implementation

Banner requirements

Server-side GTM integration

Data modelling and accuracy

Testing and verification

Common implementation mistakes

Frequently asked questions

Need Consent Mode
set up on Shopify?

What is Consent Mode v2

The consent parameters

UK legal context: GDPR and PECR

Shopify Customer Privacy API

GTM implementation

Consent banner configuration

Banner requirements

Server-side GTM integration

Data modelling and accuracy

Testing and verification

Common implementation mistakes

Frequently asked questions

Related articles.

Server-Side GTM on Shopify

GA4 Ecommerce Tracking on Shopify

GDPR Technical Compliance for Shopify

Need Consent Modeset up on Shopify?

Need Consent Mode
set up on Shopify?