Google disabled conversion tracking for thousands of websites on 21 July 2025. No warning email. No grace period. Sites that had not implemented Consent Mode v2 saw their advertising data vanish overnight - some reporting drops of 90-95% in their EEA and UK metrics.
The trigger was enforcement of Google's EU User Consent Policy (EU UCP), a set of rules that has existed since 2015 but only recently acquired real teeth. Every website using Google Ads, Analytics, AdSense, Ad Manager, Tag Manager, or even reCAPTCHA with visitors from the European Economic Area, the United Kingdom, or Switzerland must now comply - or lose access to the tools that drive their advertising and measurement.
What Google's EU User Consent Policy Actually Requires
The policy sits on top of two existing laws: the GDPR and the ePrivacy Directive. Google is not creating new legal obligations - it is enforcing the ones that already exist, but through platform access rather than fines.
The core requirements boil down to three obligations for any site or app using Google products with EEA, UK, or Swiss users:
| Obligation | What It Means in Practice |
|---|---|
| Consent for cookies and local storage | No non-essential cookies may be set before the user actively agrees. Pre-ticked boxes, scrolling, or continued browsing do not count as valid consent. |
| Consent for personal data collection and ad personalisation | The user must agree to the collection, sharing, and use of personal data for ads - including remarketing, audience building, and conversion measurement. |
| Transparent disclosure of all parties | Every ad technology provider that may receive user data must be clearly identified in the consent notice or linked from it. |
That third point is often overlooked. If your site uses Google Ads alongside Meta Pixel, LinkedIn Insight, or any other advertising SDK, each vendor must be named or linked for users to review.
Why July 2025 Changed Everything
Google introduced Consent Mode v2 in late 2023 with two new parameters: ad_user_data and ad_personalization. The initial enforcement date of March 2024 passed with warnings but limited consequences.
Starting 21 July 2025, Google began automatically restricting data collection from sites without properly configured consent signals. For non-compliant EEA and UK traffic, the platform disabled conversion tracking, remarketing audiences, and demographic reporting in GA4. Data from the non-compliant period is permanently lost - there is no backfill option.
Consent Mode v2: The Technical Backbone
Consent Mode adjusts how Google tags behave depending on whether a visitor has accepted or declined tracking. Version 2 requires four parameters to be signalled to Google tags:
| Parameter | Controls | Default |
|---|---|---|
ad_storage | Whether advertising cookies can be read or written | denied |
analytics_storage | Whether analytics cookies can be read or written | denied |
ad_user_data | Whether user data can be sent to Google for advertising | denied |
ad_personalization | Whether data can be used for remarketing and personalised ads | denied |
If these signals are not sent - or are sent incorrectly - Google treats your traffic as non-compliant and restricts features accordingly.
Basic Mode vs Advanced Mode
Basic Consent Mode blocks all Google tags until the user accepts. If the user declines, zero data reaches Google. Advanced Consent Mode loads tags immediately with default denied settings. When users decline, the tags send cookieless pings - anonymised signals that feed Google's conversion modelling, recovering an estimated 15-25% of otherwise lost data. For most businesses relying on Google's advertising ecosystem, Advanced Mode is the practical choice.
Step-by-Step: Getting Your Website Compliant
1. Audit Your Google Product Usage
List every Google service active on your site: Google Ads tags, GA4, Google Tag Manager, AdSense, Ad Manager, reCAPTCHA, Google Maps, Firebase. Each falls under the EU UCP. Check your tag setup for any Google scripts loading before consent is granted.
2. Implement a Consent Management Platform
A CMP handles the consent banner, collects user choices, and transmits consent signals to your tags. Google operates a CMP Partner Programme with certified partners tiered into Bronze, Silver, and Gold levels based on IAB TCF compliance and integration quality.
For publishers using AdSense, Ad Manager, or AdMob, a Google-certified CMP integrated with the IAB Transparency and Consent Framework has been mandatory since January 2024. Advertisers using Google Ads have more flexibility - any CMP supporting Consent Mode v2 works, whether or not it appears on Google's partner list.
Displaying a consent banner is not enough. The banner must transmit consent signals to your Google tags. Many WordPress cookie plugins show compliant-looking banners that do not connect to anything - the user clicks "Accept", but no ad_storage=granted signal reaches Google Tag Manager. This silent failure was the largest cause of data loss after July 2025.
3. Configure Consent Mode v2 Signals
If your CMP is a Google-certified partner, it should handle signal transmission automatically once enabled. For custom banners or non-certified CMPs, implement Consent Mode manually through gtag.js or Google Tag Manager by setting default consent states (all denied) before tags load, then updating when the user makes a choice.
4. Verify and Disclose
Google added Tag Diagnostics to the Analytics consent settings hub in June 2025. In GA4, navigate to Admin, then Data Collection and Modification, then Consent Settings to confirm signals are reaching Google. Test from an EEA location to verify the banner appears before non-essential cookies load, and that clicking "Reject" actually blocks tracking.
The EU UCP also requires clear identification of every ad technology provider that receives user data. Link to Google's Business Data Responsibility site from your consent notice or privacy policy, and list any third-party vendors alongside it.
What Happens If You Do Not Comply
On the Google side, non-compliance means suspension of ad-serving features, disabled conversion tracking, and loss of remarketing capabilities. Google conducts periodic audits of websites using its services, and while the first step is a notification, persistent non-compliance leads to account restrictions or full suspension.
On the regulatory side, the underlying laws carry their own penalties. The CNIL (France's data protection authority) issued fines totalling nearly 487 million euros in 2025, with 21 entities sanctioned specifically for cookie violations. The 325-million-euro fine against Google in September 2025 for invalid cookie consent in Gmail and the 750,000-euro fine against the publisher of vanityfair.fr in November 2025 for ignoring "Refuse all" clicks both follow the same pattern: cookies firing before consent, asymmetric banner design, and consent withdrawal not being technically effective.
Common Mistakes to Avoid
Cookie walls that block content entirely unless the user accepts tracking are problematic under GDPR. Consent must be freely given, and making access conditional on accepting advertising cookies raises serious questions about voluntariness.
Pre-selecting consent options violates both the GDPR and the EU UCP. The GDPR's data processing principles require a deliberate act - an explicit click or toggle by the user.
Using Google's "Non-personalised ads" option does not eliminate the need for consent. Even non-personalised ads use cookies for frequency capping and fraud prevention. Consent for those cookies is still required under the ePrivacy Directive.
Running legacy tag types like analytics.js instead of gtag.js or GTM means Consent Mode signals cannot be transmitted. Upgrading your tag infrastructure is the necessary first step.
Recovering Lost Data with Conversion Modelling
Consent rates vary significantly across Europe. Research suggests only about 31% of users globally accept tracking cookies. Advanced Consent Mode with conversion modelling is the primary recovery mechanism - Google's machine learning uses consented data to estimate conversions from users who declined.
Modelling requires minimum thresholds: at least 1,000 daily events with analytics_storage=granted and another 1,000 with analytics_storage=denied, each for at least 7 of the previous 28 days. Smaller sites may not qualify. Enhanced Conversions and server-side tagging through GTM's server container offer additional recovery layers for sites with sufficient traffic.
Frequently Asked Questions
Does the EU User Consent Policy apply if my business is outside the EU?
Yes. The policy applies to any website or app using Google products that has visitors from the EEA, UK, or Switzerland - regardless of where the business is located.
Can I use any CMP or does it have to be Google-certified?
Advertisers using Google Ads can use any CMP that supports Consent Mode v2. Publishers using AdSense, Ad Manager, or AdMob must use a Google-certified CMP integrated with the IAB TCF.
What is the difference between Consent Mode v1 and v2?
Version 2 added two parameters: ad_user_data (controls whether user data is sent to Google for advertising) and ad_personalization (controls remarketing). Without these signals, Google restricts advertising features for EEA and UK traffic.
Will switching to non-personalised ads avoid the need for consent?
No. Non-personalised ads still use cookies for frequency capping, fraud prevention, and aggregated reporting. Under the ePrivacy Directive, consent is required for those cookies in most EU jurisdictions.
How do I check if my Consent Mode v2 setup is working?
In GA4, go to Admin, then Data Collection and Modification, then Consent Settings. The Tag Diagnostics panel shows whether consent signals are being received. You can also inspect the dataLayer in browser developer tools for consent update events.
Can I recover data lost before I fixed my Consent Mode setup?
No. Data from the non-compliant period is permanently lost. Google did not collect it, so there is nothing to backfill or estimate retroactively.
Is Google Consent Mode required by law?
Consent Mode is a Google product requirement, not a legal obligation. The GDPR does not mandate any specific technical standard. But without it, you lose access to Google's advertising and measurement features for EEA and UK traffic.
Get Your Consent Setup Right
If your Google Ads conversions dropped unexpectedly or your GA4 reports show gaps in European traffic, a misconfigured consent setup is the most likely cause. Kukie.io scans your site for cookies, integrates with Google Consent Mode v2, and transmits consent signals to your tags automatically.
