Skip to content

Consent Mode v2: how to recover consent-lost conversions, compliantly

Mandatory across the EEA/UK since March 2024. The four signals, the myth that server-side exempts you from consent, and why a correct implementation plus modeling recovers 30-50% of lost conversions — up to 60-70% with server-side.

Dan Cristian Alexandrescu10 min read

Most people treat the cookie banner as a compliance tax: something you bolt on to avoid a fine, that ruins your data when people refuse. Wrong on both counts. Implemented correctly, Consent Mode v2 doesn't just make you compliant — it recovers 30-50% of the conversions you'd otherwise lose to consent refusals.

Most companies lose that slice because they treat consent as an obstacle rather than as measurement infrastructure. This article shows how Consent Mode v2 works, why it's mandatory, and how you turn a legal requirement into a data advantage that careless competitors don't have.

TL;DR · what to take away
05
  • Mandatory since 6 March 2024 for EEA/UK traffic using Google Ads, GA4 or Floodlight. Without it, you lose remarketing and measurement in Europe.
  • Four boolean signals: ad_storage, analytics_storage, ad_user_data, ad_personalization. The last two, added in v2, are why it became mandatory.
  • It recovers conversions, it doesn't just tick the compliance box. Done right: 30-50% of conversions lost to refusals, recovered through modeling. With server-side: 60-70%.
  • Server-side does NOT exempt you. A dangerous myth. GDPR and Consent Mode v2 apply regardless. The two work together, not as alternatives.
  • Not implementing it costs twice: in legal risk and in blind data — the 30-50% slice a compliant competitor sees and you don't.

What Consent Mode v2 does, beyond the banner

The cookie banner collects the user's choice. Consent Mode v2 is what happens to that choice next: the mechanism through which Google tags adjust their behavior according to it. It isn't the banner itself (that's the CMP) but the layer that translates “yes” or “no” into compliant technical behavior.

It became mandatory on 6 March 2024 for any EEA/UK traffic that uses Google Ads, GA4 or Floodlight. The reason v2 replaced v1 is the two new signals — ad_user_data and ad_personalization — which explicitly govern sending data to Google and using it for personalization. Without implementing them, you lose access to remarketing and to audiences for European users.

How it recovers conversions from “no”s

This is the part most people miss. When a user refuses, Google can no longer set cookies or measure directly. But with Consent Mode v2 implemented correctly, the browser still sends aggregated, anonymous signals (cookieless). Google uses these signals to model the lost conversions statistically. A correct implementation thus recovers 30-50% of the conversions lost to refusals. Combined with server-side tracking, Google can model and recover 60-70% of them. Without Consent Mode, that slice is simply invisible — to you, but not to the competitor who implemented it correctly.

— The four signals

What each Consent Mode v2 signal controls

04
  1. 01

    ad_storage

    Controls the storage of cookies and identifiers for advertising (e.g. remarketing). On “denied”, these cookies are not set.

  2. 02

    analytics_storage

    Controls the storage of cookies and identifiers for analytics (GA4). On “denied”, GA4 switches to cookieless measurement and modeling.

  3. 03

    ad_user_data

    Governs sending user data to Google for advertising purposes. One of the two new signals that made v2 mandatory.

  4. 04

    ad_personalization

    Governs using data for personalized advertising and remarketing. On “denied”, remarketing audiences no longer populate with that user.

“But we have server-side, so we don't need consent” — false

This is one of the most widespread and dangerous misunderstandings. Because the data passes through your server, some assume they've escaped the consent requirements. They haven't. Consent Mode v2 and GDPR apply whether tracking is client-side or server-side. You're still processing personal data; you still need a legal basis.

The correct 2026 setup combines them: server-side GTM on top of a Consent Mode v2 layer. In practice, the consent state has to reach the payload of every event sent to the server, and the server honors it when forwarding the data onward. The best implementations also add GPC detection and correct regional defaults. Server-side doesn't replace consent — it makes it more powerful, because on top of correct consent it can model and recover more.

Related · Pillar

The collection layer that works together with Consent Mode v2: Server-side tracking — why you move measurement to your own server. For terminology, see also the Tracking & Data glossary.

— Anti-patterns

The mistakes that leave you non-compliant and without data

05
  • A banner with no Consent Mode behind it

    A pretty banner that collects choices but doesn't pass them to the tags through Consent Mode v2 is compliance theater. You're legally exposed and you lose modeling.

  • Assuming server-side exempts you from consent

    The most expensive mistake. GDPR and Consent Mode v2 apply regardless. Server-side without a correct consent layer is a risk, not a solution.

  • Wrong defaults (everything “granted”)

    Setting consent to “granted” by default in the EEA, before the user chooses, breaches GDPR. Correct regional defaults, with wait_for_update, are essential.

  • Not passing the state in the payload (server-side)

    If the server doesn't receive the consent state in every event, it can't honor it. The 2026 setup requires consent in the payload, always.

  • Ignoring GPC and US signals

    In 2026, a correct setup orchestrates Consent Mode v2 with GPC and TCF so that they all reflect the same user decision. Ignoring them creates inconsistencies.

— Framework

How to implement it correctly: a four-step framework

04
  1. 01

    A CMP that talks to Consent Mode v2

    Choose a Consent Management Platform that natively passes the four signals. A banner with no Consent Mode integration solves nothing.

  2. 02

    Regional defaults + wait_for_update

    Set correct per-region defaults (denied in the EEA before the choice), inline in the header, with wait_for_update so the tags wait for the decision.

  3. 03

    Pass the state to server-side

    If you run server-side, make sure the consent state reaches the payload of every event. Add GPC detection for the US.

  4. 04

    Validate modeling and measure the recovery

    Check in GA4 and Google Ads that conversion modeling is active. Measure the recovered slice — proof that you turned compliance into data.

— FAQ

Frequently asked questions

05
  • What is Consent Mode v2, and is it mandatory?

    Consent Mode v2 is Google's mechanism through which tags adjust their behavior based on the user's consent. It has been mandatory since 6 March 2024 for any EEA/UK traffic that uses Google Ads, GA4 or Floodlight. Without it, you lose access to remarketing and to part of the measurement features for European users. It passes four boolean consent signals to Google.

  • What are the four signals?

    ad_storage (storing cookies and identifiers for advertising), analytics_storage (storing cookies for analytics / GA4), ad_user_data (sending user data to Google for advertising purposes) and ad_personalization (using data for personalized advertising and remarketing). The last two were added in v2 — precisely why v2 became mandatory rather than optional. Each can be “granted” or “denied” based on the user's choice.

  • How does Consent Mode v2 recover conversions if the user refused?

    Through modeling. When a user refuses consent, Google can no longer measure directly, but — if you have Consent Mode v2 implemented correctly — it can use aggregated, anonymous signals (cookieless “pings”) to statistically estimate the lost conversions. A correct implementation recovers 30-50% of the conversions lost to refusals; combined with server-side, Google can model and recover 60-70% of them. Without Consent Mode, those conversions are simply invisible.

  • Does server-side tracking exempt me from Consent Mode v2?

    No. It's a widespread and dangerous misconception. Consent Mode v2 and GDPR obligations apply whether tracking is client-side or server-side. Moving collection to the server doesn't remove the need to obtain consent before tracking. In fact, the recommended 2026 setup combines server-side GTM with Consent Mode v2 — the consent state must be passed with every event sent to the server, and the server honors it.

  • What happens if I don't implement Consent Mode v2?

    Three consequences. Legally: you stay non-compliant with Google's requirements and exposed under GDPR. Functionally: you lose remarketing and audiences for EEA users, who can't be tracked without it. In measurement terms: you lose modeled conversions entirely — that 30-50% slice a competitor with a correct implementation sees and you don't. In short, you pay twice: once in risk, once in blind data.

Conclusions

Most people treat consent as a cost — the banner that ruins the data. Seen correctly, it's the opposite: a well-implemented Consent Mode v2 is the infrastructure that recovers 30-50% (up to 60-70% with server-side) of the conversions careless competitors lose entirely. Compliance isn't the tax; it's the advantage.

And you can't hide behind server-side — GDPR and Consent Mode v2 apply regardless. The two layers work together: server-side collection, on top of correctly orchestrated consent. The question for your business isn't “how do we get rid of the banner?” but “does our banner recover our lost conversions, or does it just tick a box?”

About the author

Dan Cristian Alexandrescu is the founder of Websem, an agency that builds AI platforms and systems for serious business. The Websem team implements compliant measurement infrastructures — Consent Mode v2, server-side tracking and first-party data — for brands in pharma, retail, automotive and services.

Your next step

Does your banner recover conversions, or just tick a box?

30 minutes in which we check whether Consent Mode v2 is implemented correctly and what conversions you could recover — plus 3 concrete actions. No obligations.

See the service →