AttriModel
BlogCookie Consent & GA4: GDPR Compliance Without Destroying Your Data Quality
Analytics8 min read·June 1, 2026

Cookie Consent & GA4: GDPR Compliance Without Destroying Your Data Quality

Collecting GA4 data without proper consent isn't a grey area — it's a fine. But blanket blocking destroys your analytics. This guide covers Consent Mode v2, CMP setup in GTM, and how to maintain useful data even when 30% of users decline.

A

AttriModel Team

AttriModel Team

The Compliance Reality

Many marketing teams treat cookie consent as a UX annoyance rather than a legal requirement. Under GDPR (EU) and similar laws in the UK, Brazil, California, and elsewhere, collecting analytics data without proper consent can result in significant fines. The risk is real.

What Requires Consent?

No consent required: Strictly necessary cookies (session IDs, authentication, shopping cart). First-party analytics used strictly for site operation in some interpretations.

Consent required: Google Analytics (it uses cookies tied to a Google ID), Meta Pixel, Google Ads, any retargeting pixels, and in most interpretations, any third-party analytics tool.

Consent Mode v2 (Google's Solution)

Google introduced Consent Mode to allow Analytics and Ads tags to run in a "reduced data" mode when users decline cookies. With Consent Mode v2:

  • Users who consent: normal tracking
  • Users who decline: events are still sent but without identifiers, using statistical modeling to estimate conversions

This is a significant improvement over not collecting any data, but it is NOT a substitute for proper consent — you must still ask and respect user choices.

Setting Up Consent Mode in GTM

`javascript

// Place BEFORE GTM snippet loads

window.dataLayer = window.dataLayer || [];

function gtag(){dataLayer.push(arguments);}

// Default state: denied until user interacts

gtag('consent', 'default', {

'analytics_storage': 'denied',

'ad_storage': 'denied',

'ad_user_data': 'denied',

'ad_personalization': 'denied',

'wait_for_update': 500

});

`

Then after user accepts:

`javascript

gtag('consent', 'update', {

'analytics_storage': 'granted',

'ad_storage': 'granted'

});

`

Choosing a CMP

Consent Management Platforms (CMPs) handle the UI and consent storage:

  • Cookiebot: Popular in EU, comprehensive scanning, ~$14/month for small sites
  • OneTrust: Enterprise-grade, expensive
  • Usercentrics: Good Consent Mode v2 support
  • Axeptio: French option, GDPR-focused

Most CMPs have native GTM integrations — install their GTM template and it handles the consent signaling automatically.

Impact on Data Quality

Expect 20-40% of users to decline in markets with high privacy awareness (Germany, France). Your GA4 data will show lower numbers than reality. Plan your benchmarks accordingly and use Consent Mode's modeled data to estimate the gap.

GDPRConsentCookie ConsentComplianceAnalytics