MMeasure Copilot
Run free audit
Back to resources
ConsentApr 202610 min read

Consent Mode v2 Checklist for GA4, GTM, and Google Ads

A practical Consent Mode v2 checklist covering default denied state, consent updates, CMP integration, tag gating, and evidence limits.

Audience: Marketing, legal, analytics, and implementation teams.

Key takeaways

  • Consent defaults should run before tags that depend on consent.
  • Consent updates should reflect a real CMP choice, not a static page load assumption.
  • Region-specific consent behavior needs region testing before it can be confirmed.

What Consent Mode v2 needs

Consent Mode v2 implementations commonly involve analytics_storage, ad_storage, ad_user_data, and ad_personalization signals. The exact setup depends on your CMP, regions, and advertising stack.

A measurement audit should identify whether signals are present, whether tags appear consent-aware, and which parts need more evidence.

Default before update

The default consent state should be available before measurement tags fire. After the user interacts with the CMP, the consent update should reflect the user's choice.

If the default is late, tags can fire before consent state is known. If the update is missing, ad and analytics behavior may be incomplete.

Compliance-safe reporting

Measure Copilot is not legal advice and does not certify compliance. It helps implementation teams find technical consent risks and evidence gaps.

Legal or privacy teams should review final policy, regional behavior, and CMP configuration.

How to use Measure Copilot for this audit

Run a URL audit first, then upload the relevant evidence files. The report separates confirmed findings from high-risk signals and missing-data gaps, so you can decide what to fix now and what needs more proof.

Run a trust audit

FAQ

Does Consent Mode v2 guarantee GDPR compliance?

No. Consent Mode is a technical signaling framework. Legal compliance depends on your CMP, notices, regional rules, data use, and implementation.

Can a URL crawl confirm regional consent behavior?

Usually not. Region behavior should be marked Needs More Data unless the audit includes region-specific testing evidence.