How to make your website GDPR compliant without affecting its functionality

Request FREE audit Check your website

Contents:

I won’t make an introduction about Cookies, GDPR, Consent Mode V1 and Consent Mode V2. This is boring information and nobody has the patience to read it. If you’re still interested in these topics, you’ll find the necessary information on the internet.

Instead, I offer you a tool that helps you find out if your website has implemented one of the Google Consent Mode variants and I will answer some questions that my clients ask me.

Check the implementation of Google Consent Mode on your website

  • Enter the complete address of the website (make sure it includes http:// or https://).
  • Press the “Check” button.

Limitations and Recommendations

Because the implementation analysis can be complex and depends on numerous variables, it’s possible that the estimates are not always correct. In such cases, we recommend you contact Webage for assistance and a detailed evaluation of the Google Consent Mode implementation on your website.

Contact Webage:

Use this application to get a quick idea about the state of Consent Mode implementation and contact us for additional support.

Important note

This is version 1 of our application and we are constantly working to improve it. We apologize for any malfunctions and thank you for your understanding. Use this application to get a quick idea about the state of Google Consent Mode implementation and contact us for additional support.

Does my website use cookies?

If it’s not a very old website, then YES, your website uses cookies.

Most websites made in the last 27 years use cookies. Although cookies appeared in 1993, they have been used more widely since 1997, when the first standard for cookies, P3P, was created, published by the World Wide Web Consortium (W3C).

Why doesn’t the EU “want” cookies on websites?

You should know that there are 2 main types of cookies:
 
A) Technical cookies, which are indispensable for the correct functioning of the website. If you deactivate them, the website no longer works correctly.
 
B) Cookies that track visitors’ behavior.
The EU has not agreed with cookies from category B) since around 2002 and they should not be used without the visitor’s consent.

If the EU doesn’t want those from category B), then why are they used?

Because they are essential for website owners, who can thus see statistics related to the website’s traffic with the help of applications like Google Analytics.
 
Having access to Google Analytics, owners:
– can see how many visitors come to their website daily;
– from which geographical areas they come;
– what pages they view;
– if they read the information on the pages or scroll quickly and then left;
– etc.
 
If they didn’t have these statistics, they wouldn’t know if their website is visited or not and they wouldn’t know how to improve the website. So for certain website owners, a Google Analytics service is essential.
See below an example of a Google Analytics graph with the website’s traffic in 2 variants: with “cookies deactivated” and with “cookies activated”. It’s obvious that if you totally deactivate cookies, you will no longer have data about the website’s traffic.
 

Do all websites use Google Analytics?

Not all. A statistic published by W3Techs says that in 2023, 50.9% of websites used Google Analytics. To me, the percentage seems a bit high, but … if that’s the case, 1 in 2 websites use Google Analytics.
 
Most popular traffic analysis tools (1)
 
Many people simply have a website and that’s about it. They know absolutely nothing about what’s happening with their website even if the web designer who made their website connected it to a Google Analytics account. They believe that people come, visit their website, read their articles, but in fact they have very little traffic, the website having 10 visitors a day and out of those 10, probably 5 are bots (robots that browse the internet). Their website is just a business card and that’s about it. Sometimes that’s enough, but with a website, you can do much more.
 

What do you do if you’re not allowed to use cookies from category B)?

Nobody said you’re not allowed to use cookies. You’re allowed if you receive the visitor’s consent. So, you should implement a consent system, namely the so-called “Consent Mode V2“.

Types of “Consent Mode” implementation – GDPR

 
On the internet, you will find websites in the following situations:
 

1: Websites that have not implemented any consent mode

These are websites that don’t warn you in any way that they would use cookies.
What do these websites risk? If they collect data about visitors’ behavior, they risk a serious fine.
 
 

2: Websites that only inform you that they use cookies

When you reach the pages of such a website, you are informed through a pop-up window that the website uses cookies and that’s about it. In some situations, you are asked if you agree with their use or not. Regardless of your answer, nothing happens.
From a legal point of view, these websites are in the same situation as those from point 1.
What do these websites risk? If they collect data about visitors’ behavior, they risk a fine. Read about the first fine given in Romania, amounting to €130,000.
 
 

3: Websites that inform you that they use cookies with the possibility of deactivation

When you reach the pages of such a website, you are informed through a pop-up window that the website uses cookies and you can choose whether you agree with their use or not.
 
And this moment is very important for the website owner!!!!!
 
If the visitor:
– ignores the message;
– closes the window with the message;
– clicks on “I do not agree”;
all cookies are deactivated, except those related to the functioning of the website. In fact, all cookies are deactivated by default and are only activated if the visitor clicks on “I agree”!
 
And here comes the big problem for website owners. From a legal point of view, not all cookies should be deactivated by default. But because they are all deactivated, the website no longer sends data to Google Analytics, and the website owner will no longer have statistical data about the site or will only have from those who clicked on “I agree”.
 
Even more and worse, it is for owners who promote their website through Google Ads (GADS) campaigns. For correct and high-performance operation, GADS campaigns intensively use data from Google Analytics. If they no longer have access to this data, GADS campaigns will not function correctly. That means inefficiently spent money.
 
 

4: Websites that inform you that they use cookies according to “Consent Mode 2”

These websites implicitly allow sending to Google Analytics the permitted and essential cookies (those in green) and only block the forbidden ones (those in red)
 
If the visitor gives you consent for the use of all cookies, then all data is transmitted to Google Analytics.
 
 

Consequences of non-implementation

And if your website is not compliant with “Consent Mode 2” what can happen to you?

Nothing, as long as no one reports the problem. Indeed, there are so many websites on the internet that at first glance “nobody” will start checking them.

But upon closer inspection, we see that Google is warning all those who run Google Ads campaigns. See the message below, which my clients who run Google Ads campaigns received:

Google Consent Mode v2 is an important update that affects all Google Ads users targeting audiences in the European Economic Area (EEA) and the United Kingdom. Its implementation is essential to continue measuring ad performance and delivering personalized ads to users in those regions.

Importance:

There are several major reasons why installing the Consent Mode is crucial:

  • Regulatory compliance: The Consent Mode is necessary to comply with data privacy legislation such as GDPR and the Digital Markets Act. Failure to comply with these regulations can lead to significant fines.

  • Performance measurement: Without Consent Mode, data on ad performance from the EEA and UK will be incomplete or unavailable. This will prevent advertisers from optimizing their campaigns and making informed decisions about ad spending.

  • Ad personalization: Consent Mode allows advertisers to display personalized ads to users in the EEA and UK, which are more relevant and more likely to convert.

  • Access to advanced features: Consent Mode is necessary to access advanced Google Ads features such as custom audiences and remarketing.

Consequences of non-implementation:

Failure to activate Google Consent Mode v2 can have significant consequences for advertisers, including:

  • Data loss: Data on ad performance from the EEA and UK will be incomplete or unavailable.

  • Decreased campaign performance: Advertising campaigns will not be able to be optimized efficiently, leading to a decrease in conversions and return on investment.

  • Limited access to features: Advanced Google Ads features such as custom audiences and remarketing will not be available.

  • Potential fines: Failure to comply with data privacy regulations can lead to significant fines.

 

Conclusion:

Installing Google Consent Mode v2 is essential for all Google Ads advertisers targeting audiences in the EEA and UK. It allows for regulatory compliance, provides a complete picture of campaign performance, enables ad personalization, and provides access to advanced features. Failure to activate the module can lead to significant negative consequences.

And one more thing. It’s not that difficult for someone to make a bot that automatically visits EU websites and checks whether they have implemented “Consent Mode 2” or not.

Only for the very technical 😀

Google Analytics and Google Ads

To check if Consent Mode is propagating correctly to Google services, you can inspect network calls in the browser’s developer tools. The query parameters you need to look for are gcs and gcd.

  • gsc contains the consent category summary
    • G100: No consent was given.
    • G110: Google Ads has consent, but Google Analytics does not.
    • G101: Google Analytics has consent, but Google Ads does not.
    • G111: Both Google Ads and Google Analytics have consent.
  • gcd contains the per-category consent compared to the default consent (consent settings before the user makes a choice) &gcd=13<ad_storage>3<analytics_storage>3<ad_user_data>3<ad_personalization>5 The string starts with 1<x>, uses <x> to separate the different categories and ends with a number like 5 (or sometimes something else) to mark the end.
    • l: Lowercase L means the signal wasn’t set with Consent Mode.
    • p: denied* by default (no update).*
    • q: denied* both by default and after update.*
    • t: granted by default (no update).
    • r: denied by default and granted after update.
    • m: denied* after update (no default).*
    • n: granted* after update (no default).*
    • u: granted* by default and denied after update.*

If you want me to help you with checking the implementation of “Consent Mode 2” on your website, fill out the form below. The check is free. Or contact me at tel: +40799560470 or email: contact@webage.ro

Request a free audit

Fill out the form below, and you will find out if your website is in compliance with “Consent Mode V2” – GDPR – EU.

See service prices

Prices

Why choose Webage?

Details

Transparent costs

Details