Implement Google Consent Mode v2 for GA4 in WooCommerce using GTM. Ensure GDPR/DMA compliance while preserving analytics and ad performance.

As privacy regulations like the GDPR and DMA continue to tighten, website owners must evolve to stay compliant. One of Google’s latest responses is Consent Mode v2, a framework that allows Google tags (e.g., GA4, Ads) to function based on a user’s consent choices. If you run a WooCommerce store and use Google Analytics 4 via GTM, implementing Consent Mode v2 is now critical—not only for legal compliance but also for maintaining meaningful analytics and ad performance.

✅ Why Consent Mode v2 Matters

Introduced in late 2023, Consent Mode v2 expands on the original Consent Mode by introducing two new consent signals:

• ad_user_data: Consent to send user data to Google for advertising.
• ad_personalization: Consent for personalized ads.

These build on the original two:

• analytics_storage: Controls analytics cookies.
• ad_storage: Controls advertising cookies.

If you're running Google Ads remarketing, enhanced conversions, or GA4, these four signals need to be configured based on user consent.

🧱 Key Components Required

Before we jump in, make sure you’ve got the following:

• ✅ WordPress site with WooCommerce
• ✅ Google Tag Manager installed via code or plugin
• ✅ GA4 tag already set up via GTM
• ✅ A CMP that supports Consent Mode v2 (e.g., Cookiebot, OneTrust, Complianz)
• ✅ Developer or GTM access for customization

🛠️ Step-by-Step Implementation

1. Configure GTM for Consent Initialization

Consent Mode v2 needs to be initialized before any tracking fires. In GTM:

a. Create a New Tag: Consent Initialization

• Tag Type: Tag Configuration → Consent Initialization - Google tag (gtag.js)
• Tag ID: Your GA4 Measurement ID
• Consent Defaults:

{
  "ad_storage": "denied",
  "analytics_storage": "denied",
  "ad_user_data": "denied",
  "ad_personalization": "denied"
}        

• Trigger: Initialization - All Pages

This ensures no cookies are dropped until user preferences are recorded.

2. Connect Your CMP to GTM

Most modern CMPs offer native GTM integrations. Here's what to do:

a. Configure your CMP (example: Cookiebot)

• Enable Consent Mode v2
• Sync consent categories with GTM (usually done via dataLayer or GTM events)

Cookiebot, for example, pushes consent states to dataLayer like so:

window.dataLayer.push({
  event: "cookie_consent_update",
  analytics_storage: "granted",
  ad_storage: "denied",
  ad_user_data: "denied",
  ad_personalization: "denied"
});        

b. Create Variables in GTM

Use Data Layer Variables to capture consent values:

• Variable Name: analytics_storage
• Data Layer Variable Name: analytics_storage
• Repeat for all four consent types

3. Set Up Consent Triggers in GTM

Ensure GA4 and other marketing tags fire only when appropriate consent is granted.

a. Edit your GA4 Configuration Tag:

• Consent Settings:
• Check “Require additional consent for tag to fire”
• Add:analytics_storage: granted

b. Optional: Configure Google Ads Tags Similarly

If you’re running remarketing or conversion tracking:

Require:

• ad_storage: granted
• ad_user_data: granted
• ad_personalization: granted (if you do audience targeting)

4. Validate the Consent Behavior

a. Use Google Tag Assistant

• Check whether your GA4 tags respect consent settings
• Look at consent statuses and debug if firing too early

b. Chrome DevTools

• Inspect cookies – GA4 (_ga) and Ads (gcl*) should not drop if denied
• Use dataLayer tab to monitor consent updates

c. Test CMP behavior

• Accept all / decline all / granular choice
• Confirm that tags fire or not accordingly

5. WooCommerce-Specific Considerations

In WooCommerce, user actions like Add to Cart, Checkout, and Purchase are often tracked as custom GA4 events. If you’re using GTM for this:

• Ensure event tags (e.g., purchase) also respect consent
• Wrap event pushes (e.g., dataLayer.push({event: "purchase"})) in CMP-aware conditions
• Optionally disable Enhanced Measurement in GA4 if you need full manual control

💡 Advanced Tip: Consent Mode with Server-Side GTM

If you're using Server-Side GTM, Consent Mode v2 is even more powerful:

• Client-side consent signals can be passed to the server container
• Server container can enrich and anonymize data before forwarding to GA4 or Ads
• Better data governance and control, especially for EU traffic

📈 Final Thoughts

Implementing Consent Mode v2 in a WooCommerce store using GTM and GA4 is no longer optional—it’s essential. Done right, it allows you to maintain tracking fidelity while staying compliant with the latest data privacy laws.

By taking a granular, signal-based approach, you can align with legal requirements without completely sacrificing ad performance or analytics depth. Whether you're using Cookiebot, OneTrust, or another CMP, integrating it cleanly with GTM and WooCommerce ensures future-proof compliance and better trust with your users.

I’m passionate about empowering organizations with data-driven decision-making while respecting user privacy.

Here’s how you can connect with me or view my work:

Upwork Profile: Upwork

Freelancer Profile: Freelancer

My Blog on GTM & Website Analytics: Google Tag Manager Solution

If you or someone in your network is looking for an experienced professional in this space, I’d love to connect and chat further!